Mon Jan 6 23:23:10 2014 UTC ()
Fix build (cast to const char *).


(htodd)
diff -r1.6 -r1.7 src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
cvs diff -r1.6 -r1.7 src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c (switch to unified diff)

--- src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c 2014/01/06 22:59:10 1.6
+++ src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c 2014/01/06 23:23:10 1.7
@@ -884,1484 +884,1484 @@ read_compressed(pgpv_t *pgp, pgpv_compre @@ -884,1484 +884,1484 @@ read_compressed(pgpv_t *pgp, pgpv_compre
884 return 0; 884 return 0;
885 } 885 }
886 switch(compressed->compalg) { 886 switch(compressed->compalg) {
887 case UNCOMPRESSED: 887 case UNCOMPRESSED:
888 printf("not implemented %d compression yet\n", compressed->compalg); 888 printf("not implemented %d compression yet\n", compressed->compalg);
889 return 0; 889 return 0;
890 default: 890 default:
891 break; 891 break;
892 } 892 }
893 ARRAY_EXPAND(pgp->areas); 893 ARRAY_EXPAND(pgp->areas);
894 ARRAY_COUNT(pgp->areas) += 1; 894 ARRAY_COUNT(pgp->areas) += 1;
895 unzmem = &ARRAY_LAST(pgp->areas); 895 unzmem = &ARRAY_LAST(pgp->areas);
896 unzmem->size = len * 10; 896 unzmem->size = len * 10;
897 unzmem->dealloc = FREE_MEM; 897 unzmem->dealloc = FREE_MEM;
898 if ((unzmem->mem = calloc(1, unzmem->size)) == NULL) { 898 if ((unzmem->mem = calloc(1, unzmem->size)) == NULL) {
899 printf("read_compressed: calloc failed!\n"); 899 printf("read_compressed: calloc failed!\n");
900 return 0; 900 return 0;
901 } 901 }
902 switch(compressed->compalg) { 902 switch(compressed->compalg) {
903 case ZIP_COMPRESSION: 903 case ZIP_COMPRESSION:
904 case ZLIB_COMPRESSION: 904 case ZLIB_COMPRESSION:
905 memset(&z, 0x0, sizeof(z)); 905 memset(&z, 0x0, sizeof(z));
906 z.next_in = p + 1; 906 z.next_in = p + 1;
907 z.avail_in = (unsigned)(len - 1); 907 z.avail_in = (unsigned)(len - 1);
908 z.total_in = (unsigned)(len - 1); 908 z.total_in = (unsigned)(len - 1);
909 z.next_out = unzmem->mem; 909 z.next_out = unzmem->mem;
910 z.avail_out = (unsigned)unzmem->size; 910 z.avail_out = (unsigned)unzmem->size;
911 z.total_out = (unsigned)unzmem->size; 911 z.total_out = (unsigned)unzmem->size;
912 break; 912 break;
913 case BZIP2_COMPRESSION: 913 case BZIP2_COMPRESSION:
914 memset(&bz, 0x0, sizeof(bz)); 914 memset(&bz, 0x0, sizeof(bz));
915 bz.avail_in = (unsigned)(len - 1); 915 bz.avail_in = (unsigned)(len - 1);
916 bz.next_in = (char *)(void *)p + 1; 916 bz.next_in = (char *)(void *)p + 1;
917 bz.next_out = (char *)(void *)unzmem->mem; 917 bz.next_out = (char *)(void *)unzmem->mem;
918 bz.avail_out = (unsigned)unzmem->size; 918 bz.avail_out = (unsigned)unzmem->size;
919 break; 919 break;
920 } 920 }
921 switch(compressed->compalg) { 921 switch(compressed->compalg) {
922 case ZIP_COMPRESSION: 922 case ZIP_COMPRESSION:
923 ok = (inflateInit2(&z, -15) == Z_OK); 923 ok = (inflateInit2(&z, -15) == Z_OK);
924 break; 924 break;
925 case ZLIB_COMPRESSION: 925 case ZLIB_COMPRESSION:
926 ok = (inflateInit(&z) == Z_OK); 926 ok = (inflateInit(&z) == Z_OK);
927 break; 927 break;
928 case BZIP2_COMPRESSION: 928 case BZIP2_COMPRESSION:
929 ok = (BZ2_bzDecompressInit(&bz, 1, 0) == BZ_OK); 929 ok = (BZ2_bzDecompressInit(&bz, 1, 0) == BZ_OK);
930 break; 930 break;
931 } 931 }
932 if (!ok) { 932 if (!ok) {
933 printf("read_compressed: initialisation failed!\n"); 933 printf("read_compressed: initialisation failed!\n");
934 return 0; 934 return 0;
935 } 935 }
936 switch(compressed->compalg) { 936 switch(compressed->compalg) {
937 case ZIP_COMPRESSION: 937 case ZIP_COMPRESSION:
938 case ZLIB_COMPRESSION: 938 case ZLIB_COMPRESSION:
939 ok = (inflate(&z, Z_FINISH) == Z_STREAM_END); 939 ok = (inflate(&z, Z_FINISH) == Z_STREAM_END);
940 unzmem->size = z.total_out; 940 unzmem->size = z.total_out;
941 break; 941 break;
942 case BZIP2_COMPRESSION: 942 case BZIP2_COMPRESSION:
943 ok = (BZ2_bzDecompress(&bz) == BZ_STREAM_END); 943 ok = (BZ2_bzDecompress(&bz) == BZ_STREAM_END);
944 unzmem->size = ((uint64_t)bz.total_out_hi32 << 32) | bz.total_out_lo32; 944 unzmem->size = ((uint64_t)bz.total_out_hi32 << 32) | bz.total_out_lo32;
945 break; 945 break;
946 } 946 }
947 if (!ok) { 947 if (!ok) {
948 printf("read_compressed: inflate failed!\n"); 948 printf("read_compressed: inflate failed!\n");
949 return 0; 949 return 0;
950 } 950 }
951 return 1; 951 return 1;
952} 952}
953 953
954/* parse one pass signature packet */ 954/* parse one pass signature packet */
955static int 955static int
956read_onepass_sig(pgpv_onepass_t *onepasspkt, uint8_t *mem) 956read_onepass_sig(pgpv_onepass_t *onepasspkt, uint8_t *mem)
957{ 957{
958 onepasspkt->version = mem[0]; 958 onepasspkt->version = mem[0];
959 onepasspkt->type = mem[1]; 959 onepasspkt->type = mem[1];
960 onepasspkt->hashalg = mem[2]; 960 onepasspkt->hashalg = mem[2];
961 onepasspkt->keyalg = mem[3]; 961 onepasspkt->keyalg = mem[3];
962 memcpy(onepasspkt->keyid, &mem[4], sizeof(onepasspkt->keyid)); 962 memcpy(onepasspkt->keyid, &mem[4], sizeof(onepasspkt->keyid));
963 onepasspkt->nested = mem[12]; 963 onepasspkt->nested = mem[12];
964 return 1; 964 return 1;
965} 965}
966 966
967/* parse public key packet */ 967/* parse public key packet */
968static int 968static int
969read_pubkey(pgpv_pubkey_t *pubkey, uint8_t *mem, size_t pktlen, int pbn) 969read_pubkey(pgpv_pubkey_t *pubkey, uint8_t *mem, size_t pktlen, int pbn)
970{ 970{
971 size_t off; 971 size_t off;
972 972
973 off = 0; 973 off = 0;
974 pubkey->version = mem[off++]; 974 pubkey->version = mem[off++];
975 pubkey->birth = get_32(&mem[off]); 975 pubkey->birth = get_32(&mem[off]);
976 off += 4; 976 off += 4;
977 if (pubkey->version == 2 || pubkey->version == 3) { 977 if (pubkey->version == 2 || pubkey->version == 3) {
978 pubkey->expiry = get_16(&mem[off]) * DAYSECS; 978 pubkey->expiry = get_16(&mem[off]) * DAYSECS;
979 off += 2; 979 off += 2;
980 } 980 }
981 if ((pubkey->keyalg = mem[off++]) == 0) { 981 if ((pubkey->keyalg = mem[off++]) == 0) {
982 pubkey->keyalg = PUBKEY_RSA_ENCRYPT_OR_SIGN; 982 pubkey->keyalg = PUBKEY_RSA_ENCRYPT_OR_SIGN;
983 printf("got unusual pubkey keyalg %u\n", mem[off - 1]); 983 printf("got unusual pubkey keyalg %u\n", mem[off - 1]);
984 } 984 }
985 switch(pubkey->keyalg) { 985 switch(pubkey->keyalg) {
986 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 986 case PUBKEY_RSA_ENCRYPT_OR_SIGN:
987 case PUBKEY_RSA_ENCRYPT: 987 case PUBKEY_RSA_ENCRYPT:
988 case PUBKEY_RSA_SIGN: 988 case PUBKEY_RSA_SIGN:
989 if (!get_mpi(&pubkey->bn[RSA_N], &mem[off], pktlen, &off) || 989 if (!get_mpi(&pubkey->bn[RSA_N], &mem[off], pktlen, &off) ||
990 !get_mpi(&pubkey->bn[RSA_E], &mem[off], pktlen, &off)) { 990 !get_mpi(&pubkey->bn[RSA_E], &mem[off], pktlen, &off)) {
991 return 0; 991 return 0;
992 } 992 }
993 break; 993 break;
994 case PUBKEY_ELGAMAL_ENCRYPT: 994 case PUBKEY_ELGAMAL_ENCRYPT:
995 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: 995 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN:
996 if (!get_mpi(&pubkey->bn[ELGAMAL_P], &mem[off], pktlen, &off) || 996 if (!get_mpi(&pubkey->bn[ELGAMAL_P], &mem[off], pktlen, &off) ||
997 !get_mpi(&pubkey->bn[ELGAMAL_Y], &mem[off], pktlen, &off)) { 997 !get_mpi(&pubkey->bn[ELGAMAL_Y], &mem[off], pktlen, &off)) {
998 return 0; 998 return 0;
999 } 999 }
1000 break; 1000 break;
1001 case PUBKEY_DSA: 1001 case PUBKEY_DSA:
1002 if (!get_mpi(&pubkey->bn[DSA_P], &mem[off], pktlen, &off) || 1002 if (!get_mpi(&pubkey->bn[DSA_P], &mem[off], pktlen, &off) ||
1003 !get_mpi(&pubkey->bn[DSA_Q], &mem[off], pktlen, &off) || 1003 !get_mpi(&pubkey->bn[DSA_Q], &mem[off], pktlen, &off) ||
1004 !get_mpi(&pubkey->bn[DSA_G], &mem[off], pktlen, &off) || 1004 !get_mpi(&pubkey->bn[DSA_G], &mem[off], pktlen, &off) ||
1005 !get_mpi(&pubkey->bn[DSA_Y], &mem[off], pktlen, &off)) { 1005 !get_mpi(&pubkey->bn[DSA_Y], &mem[off], pktlen, &off)) {
1006 return 0; 1006 return 0;
1007 } 1007 }
1008 break; 1008 break;
1009 default: 1009 default:
1010 printf("hi, different type of pubkey here %u\n", pubkey->keyalg); 1010 printf("hi, different type of pubkey here %u\n", pubkey->keyalg);
1011 break; 1011 break;
1012 } 1012 }
1013 if (pbn) { 1013 if (pbn) {
1014 print_key_mpis(pubkey->bn, pubkey->keyalg); 1014 print_key_mpis(pubkey->bn, pubkey->keyalg);
1015 } 1015 }
1016 return 1; 1016 return 1;
1017} 1017}
1018 1018
1019/* parse a user attribute */ 1019/* parse a user attribute */
1020static int 1020static int
1021read_userattr(pgpv_userattr_t *userattr, uint8_t *p, size_t pktlen) 1021read_userattr(pgpv_userattr_t *userattr, uint8_t *p, size_t pktlen)
1022{ 1022{
1023 pgpv_string_t subattr; 1023 pgpv_string_t subattr;
1024 const int is_subpkt = 0; 1024 const int is_subpkt = 0;
1025 const int indian = 1; 1025 const int indian = 1;
1026 unsigned lenlen; 1026 unsigned lenlen;
1027 uint16_t imagelen; 1027 uint16_t imagelen;
1028 size_t cc; 1028 size_t cc;
1029 1029
1030 userattr->len = pktlen; 1030 userattr->len = pktlen;
1031 for (cc = 0 ; cc < pktlen ; cc += subattr.size + lenlen + 1) { 1031 for (cc = 0 ; cc < pktlen ; cc += subattr.size + lenlen + 1) {
1032 subattr.size = get_pkt_len(1, p, 0, is_subpkt); 1032 subattr.size = get_pkt_len(1, p, 0, is_subpkt);
1033 lenlen = get_pkt_len_len(1, p, is_subpkt); 1033 lenlen = get_pkt_len_len(1, p, is_subpkt);
1034 if (lenlen > pktlen) { 1034 if (lenlen > pktlen) {
1035 printf("weird lenlen %u\n", lenlen); 1035 printf("weird lenlen %u\n", lenlen);
1036 return 0; 1036 return 0;
1037 } 1037 }
1038 p += lenlen; 1038 p += lenlen;
1039 if (*p++ != 1) { 1039 if (*p++ != 1) {
1040 printf("image type (%u) != 1. weird packet\n", *(p - 1)); 1040 printf("image type (%u) != 1. weird packet\n", *(p - 1));
1041 } 1041 }
1042 memcpy(&imagelen, p, sizeof(imagelen)); 1042 memcpy(&imagelen, p, sizeof(imagelen));
1043 if (!*(const char *)(const void *)&indian) { 1043 if (!*(const char *)(const void *)&indian) {
1044 /* big endian - byteswap length */ 1044 /* big endian - byteswap length */
1045 imagelen = (((unsigned)imagelen & 0xff) << 8) | (((unsigned)imagelen >> 8) & 0xff); 1045 imagelen = (((unsigned)imagelen & 0xff) << 8) | (((unsigned)imagelen >> 8) & 0xff);
1046 } 1046 }
1047 subattr.data = p + 3; 1047 subattr.data = p + 3;
1048 p += subattr.size; 1048 p += subattr.size;
1049 ARRAY_APPEND(userattr->subattrs, subattr); 1049 ARRAY_APPEND(userattr->subattrs, subattr);
1050 } 1050 }
1051 return 1; 1051 return 1;
1052} 1052}
1053 1053
1054#define LITDATA_BINARY 'b' 1054#define LITDATA_BINARY 'b'
1055#define LITDATA_TEXT 't' 1055#define LITDATA_TEXT 't'
1056#define LITDATA_UTF8 'u' 1056#define LITDATA_UTF8 'u'
1057 1057
1058/* parse literal packet */ 1058/* parse literal packet */
1059static int 1059static int
1060read_litdata(pgpv_t *pgp, pgpv_litdata_t *litdata, uint8_t *p, size_t size) 1060read_litdata(pgpv_t *pgp, pgpv_litdata_t *litdata, uint8_t *p, size_t size)
1061{ 1061{
1062 size_t cc; 1062 size_t cc;
1063 1063
1064 cc = 0; 1064 cc = 0;
1065 switch(litdata->format = p[cc++]) { 1065 switch(litdata->format = p[cc++]) {
1066 case LITDATA_BINARY: 1066 case LITDATA_BINARY:
1067 case LITDATA_TEXT: 1067 case LITDATA_TEXT:
1068 case LITDATA_UTF8: 1068 case LITDATA_UTF8:
1069 litdata->namelen = 0; 1069 litdata->namelen = 0;
1070 break; 1070 break;
1071 default: 1071 default:
1072 printf("weird litdata format %u\n", litdata->format); 1072 printf("weird litdata format %u\n", litdata->format);
1073 break; 1073 break;
1074 } 1074 }
1075 litdata->namelen = p[cc++]; 1075 litdata->namelen = p[cc++];
1076 litdata->filename = &p[cc]; 1076 litdata->filename = &p[cc];
1077 cc += litdata->namelen; 1077 cc += litdata->namelen;
1078 litdata->secs = get_32(&p[cc]); 1078 litdata->secs = get_32(&p[cc]);
1079 cc += 4; 1079 cc += 4;
1080 litdata->s.data = &p[cc]; 1080 litdata->s.data = &p[cc];
1081 litdata->len = litdata->s.size = size - cc; 1081 litdata->len = litdata->s.size = size - cc;
1082 litdata->mem = ARRAY_COUNT(pgp->areas) - 1; 1082 litdata->mem = ARRAY_COUNT(pgp->areas) - 1;
1083 litdata->offset = cc; 1083 litdata->offset = cc;
1084 return 1; 1084 return 1;
1085} 1085}
1086 1086
1087/* parse a single packet */ 1087/* parse a single packet */
1088static int 1088static int
1089read_pkt(pgpv_t *pgp, pgpv_mem_t *mem) 1089read_pkt(pgpv_t *pgp, pgpv_mem_t *mem)
1090{ 1090{
1091 const int isprimary = 1; 1091 const int isprimary = 1;
1092 pgpv_pkt_t pkt; 1092 pgpv_pkt_t pkt;
1093 pgpv_mem_t *newmem; 1093 pgpv_mem_t *newmem;
1094 unsigned lenlen; 1094 unsigned lenlen;
1095 uint8_t ispartial; 1095 uint8_t ispartial;
1096 size_t size; 1096 size_t size;
1097 1097
1098 memset(&pkt, 0x0, sizeof(pkt)); 1098 memset(&pkt, 0x0, sizeof(pkt));
1099 pkt.tag = mem->mem[mem->cc++]; 1099 pkt.tag = mem->mem[mem->cc++];
1100 if (!(pkt.tag & PKT_ALWAYS_ON)) { 1100 if (!(pkt.tag & PKT_ALWAYS_ON)) {
1101 printf("BAD PACKET - bit 7 not 1, offset %zu!\n", mem->cc - 1); 1101 printf("BAD PACKET - bit 7 not 1, offset %zu!\n", mem->cc - 1);
1102 } 1102 }
1103 pkt.newfmt = (pkt.tag & PKT_NEWFMT_MASK); 1103 pkt.newfmt = (pkt.tag & PKT_NEWFMT_MASK);
1104 pkt.tag = (pkt.newfmt) ? 1104 pkt.tag = (pkt.newfmt) ?
1105 (pkt.tag & PKT_NEWFMT_TAG_MASK) : 1105 (pkt.tag & PKT_NEWFMT_TAG_MASK) :
1106 (((unsigned)pkt.tag & PKT_OLDFMT_TAG_MASK) >> 2); 1106 (((unsigned)pkt.tag & PKT_OLDFMT_TAG_MASK) >> 2);
1107 ispartial = (pkt.newfmt && IS_PARTIAL(mem->mem[mem->cc])); 1107 ispartial = (pkt.newfmt && IS_PARTIAL(mem->mem[mem->cc]));
1108 pkt.s.size = get_pkt_len(pkt.newfmt, &mem->mem[mem->cc], mem->size - mem->cc, isprimary); 1108 pkt.s.size = get_pkt_len(pkt.newfmt, &mem->mem[mem->cc], mem->size - mem->cc, isprimary);
1109 lenlen = get_pkt_len_len(pkt.newfmt, &mem->mem[mem->cc], isprimary); 1109 lenlen = get_pkt_len_len(pkt.newfmt, &mem->mem[mem->cc], isprimary);
1110 pkt.offset = mem->cc; 1110 pkt.offset = mem->cc;
1111 mem->cc += lenlen; 1111 mem->cc += lenlen;
1112 pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas)); 1112 pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas));
1113 pkt.s.data = &mem->mem[mem->cc]; 1113 pkt.s.data = &mem->mem[mem->cc];
1114 if (strchr(mem->allowed, pkt.tag) == NULL) { 1114 if (strchr(mem->allowed, pkt.tag) == NULL) {
1115 printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op); 1115 printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op);
1116 return 0; 1116 return 0;
1117 } 1117 }
1118 size = pkt.s.size; 1118 size = pkt.s.size;
1119 if (ispartial) { 1119 if (ispartial) {
1120 pkt.s.size = fixup_partials(pgp, &mem->mem[mem->cc - lenlen], pkt.s.size, mem->size, &size); 1120 pkt.s.size = fixup_partials(pgp, &mem->mem[mem->cc - lenlen], pkt.s.size, mem->size, &size);
1121 newmem = &ARRAY_LAST(pgp->areas); 1121 newmem = &ARRAY_LAST(pgp->areas);
1122 pkt.mement = (uint8_t)(newmem - ARRAY_ARRAY(pgp->areas)); 1122 pkt.mement = (uint8_t)(newmem - ARRAY_ARRAY(pgp->areas));
1123 pkt.s.data = newmem->mem; 1123 pkt.s.data = newmem->mem;
1124 size -= 1; 1124 size -= 1;
1125 } 1125 }
1126 switch(pkt.tag) { 1126 switch(pkt.tag) {
1127 case SIGNATURE_PKT: 1127 case SIGNATURE_PKT:
1128 if (!read_sigpkt(pgp, pkt.mement, &pkt.u.sigpkt, pkt.s.data, pkt.s.size)) { 1128 if (!read_sigpkt(pgp, pkt.mement, &pkt.u.sigpkt, pkt.s.data, pkt.s.size)) {
1129 return 0; 1129 return 0;
1130 } 1130 }
1131 break; 1131 break;
1132 case ONEPASS_SIGNATURE_PKT: 1132 case ONEPASS_SIGNATURE_PKT:
1133 read_onepass_sig(&pkt.u.onepass, pkt.s.data); 1133 read_onepass_sig(&pkt.u.onepass, pkt.s.data);
1134 break; 1134 break;
1135 case PUBKEY_PKT: 1135 case PUBKEY_PKT:
1136 case PUB_SUBKEY_PKT: 1136 case PUB_SUBKEY_PKT:
1137 break; 1137 break;
1138 case LITDATA_PKT: 1138 case LITDATA_PKT:
1139 read_litdata(pgp, &pkt.u.litdata, pkt.s.data, pkt.s.size); 1139 read_litdata(pgp, &pkt.u.litdata, pkt.s.data, pkt.s.size);
1140 break; 1140 break;
1141 case TRUST_PKT: 1141 case TRUST_PKT:
1142 pkt.u.trust.level = pkt.s.data[0]; 1142 pkt.u.trust.level = pkt.s.data[0];
1143 pkt.u.trust.amount = pkt.s.data[1]; 1143 pkt.u.trust.amount = pkt.s.data[1];
1144 break; 1144 break;
1145 case USERID_PKT: 1145 case USERID_PKT:
1146 pkt.u.userid.size = pkt.s.size; 1146 pkt.u.userid.size = pkt.s.size;
1147 pkt.u.userid.data = pkt.s.data; 1147 pkt.u.userid.data = pkt.s.data;
1148 break; 1148 break;
1149 case COMPRESSED_DATA_PKT: 1149 case COMPRESSED_DATA_PKT:
1150 read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size); 1150 read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size);
1151 ARRAY_APPEND(pgp->pkts, pkt); 1151 ARRAY_APPEND(pgp->pkts, pkt);
1152 read_all_packets(pgp, &ARRAY_LAST(pgp->areas), pgp->op); 1152 read_all_packets(pgp, &ARRAY_LAST(pgp->areas), pgp->op);
1153 break; 1153 break;
1154 case USER_ATTRIBUTE_PKT: 1154 case USER_ATTRIBUTE_PKT:
1155 read_userattr(&pkt.u.userattr, pkt.s.data, pkt.s.size); 1155 read_userattr(&pkt.u.userattr, pkt.s.data, pkt.s.size);
1156 break; 1156 break;
1157 default: 1157 default:
1158 printf("hi, need to implement %d, offset %zu\n", pkt.tag, mem->cc); 1158 printf("hi, need to implement %d, offset %zu\n", pkt.tag, mem->cc);
1159 break; 1159 break;
1160 } 1160 }
1161 mem->cc += size; 1161 mem->cc += size;
1162 if (pkt.tag != COMPRESSED_DATA_PKT) { 1162 if (pkt.tag != COMPRESSED_DATA_PKT) {
1163 /* compressed was added earlier to preserve pkt ordering */ 1163 /* compressed was added earlier to preserve pkt ordering */
1164 ARRAY_APPEND(pgp->pkts, pkt); 1164 ARRAY_APPEND(pgp->pkts, pkt);
1165 } 1165 }
1166 return 1; 1166 return 1;
1167} 1167}
1168 1168
1169/* checks the tag type of a packet */ 1169/* checks the tag type of a packet */
1170static int 1170static int
1171pkt_is(pgpv_t *pgp, int wanted) 1171pkt_is(pgpv_t *pgp, int wanted)
1172{ 1172{
1173 return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag == wanted); 1173 return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag == wanted);
1174} 1174}
1175 1175
1176/* checks the packet is a signature packet, and the signature type is the expected one */ 1176/* checks the packet is a signature packet, and the signature type is the expected one */
1177static int 1177static int
1178pkt_sigtype_is(pgpv_t *pgp, int wanted) 1178pkt_sigtype_is(pgpv_t *pgp, int wanted)
1179{ 1179{
1180 if (!pkt_is(pgp, SIGNATURE_PKT)) { 1180 if (!pkt_is(pgp, SIGNATURE_PKT)) {
1181 return 0; 1181 return 0;
1182 } 1182 }
1183 return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig.type == wanted); 1183 return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig.type == wanted);
1184} 1184}
1185 1185
1186/* check for expected type of packet, and move to the next */ 1186/* check for expected type of packet, and move to the next */
1187static int 1187static int
1188pkt_accept(pgpv_t *pgp, int expected) 1188pkt_accept(pgpv_t *pgp, int expected)
1189{ 1189{
1190 int got; 1190 int got;
1191 1191
1192 if ((got = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag) == expected) { 1192 if ((got = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag) == expected) {
1193 pgp->pkt += 1; 1193 pgp->pkt += 1;
1194 return 1; 1194 return 1;
1195 } 1195 }
1196 printf("problem at token %zu, expcted %d, got %d\n", pgp->pkt, expected, got); 1196 printf("problem at token %zu, expcted %d, got %d\n", pgp->pkt, expected, got);
1197 return 0; 1197 return 0;
1198} 1198}
1199 1199
1200/* recognise signature (and trust) packet */ 1200/* recognise signature (and trust) packet */
1201static int 1201static int
1202recog_signature(pgpv_t *pgp, pgpv_signature_t *signature) 1202recog_signature(pgpv_t *pgp, pgpv_signature_t *signature)
1203{ 1203{
1204 if (!pkt_is(pgp, SIGNATURE_PKT)) { 1204 if (!pkt_is(pgp, SIGNATURE_PKT)) {
1205 printf("recog_signature: not a signature packet\n"); 1205 printf("recog_signature: not a signature packet\n");
1206 return 0; 1206 return 0;
1207 } 1207 }
1208 memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature)); 1208 memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature));
1209 pgp->pkt += 1; 1209 pgp->pkt += 1;
1210 if (pkt_is(pgp, TRUST_PKT)) { 1210 if (pkt_is(pgp, TRUST_PKT)) {
1211 pkt_accept(pgp, TRUST_PKT); 1211 pkt_accept(pgp, TRUST_PKT);
1212 } 1212 }
1213 return 1; 1213 return 1;
1214} 1214}
1215 1215
1216/* recognise user id packet */ 1216/* recognise user id packet */
1217static int 1217static int
1218recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid) 1218recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid)
1219{ 1219{
1220 pgpv_signature_t signature; 1220 pgpv_signature_t signature;
1221 pgpv_pkt_t *pkt; 1221 pgpv_pkt_t *pkt;
1222 1222
1223 memset(userid, 0x0, sizeof(*userid)); 1223 memset(userid, 0x0, sizeof(*userid));
1224 if (!pkt_is(pgp, USERID_PKT)) { 1224 if (!pkt_is(pgp, USERID_PKT)) {
1225 printf("recog_userid: not %d\n", USERID_PKT); 1225 printf("recog_userid: not %d\n", USERID_PKT);
1226 return 0; 1226 return 0;
1227 } 1227 }
1228 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); 1228 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt);
1229 userid->userid.size = pkt->s.size; 1229 userid->userid.size = pkt->s.size;
1230 userid->userid.data = pkt->s.data; 1230 userid->userid.data = pkt->s.data;
1231 pgp->pkt += 1; 1231 pgp->pkt += 1;
1232 while (pkt_is(pgp, SIGNATURE_PKT)) { 1232 while (pkt_is(pgp, SIGNATURE_PKT)) {
1233 if (!recog_signature(pgp, &signature)) { 1233 if (!recog_signature(pgp, &signature)) {
1234 printf("recog_userid: can't recognise signature/trust\n"); 1234 printf("recog_userid: can't recognise signature/trust\n");
1235 return 0; 1235 return 0;
1236 } 1236 }
1237 ARRAY_APPEND(userid->sigs, signature); 1237 ARRAY_APPEND(userid->sigs, signature);
1238 if (signature.primary_userid) { 1238 if (signature.primary_userid) {
1239 userid->primary_userid = signature.primary_userid; 1239 userid->primary_userid = signature.primary_userid;
1240 } 1240 }
1241 if (signature.revoked) { 1241 if (signature.revoked) {
1242 userid->revoked = signature.revoked; 1242 userid->revoked = signature.revoked;
1243 } 1243 }
1244 } 1244 }
1245 return 1; 1245 return 1;
1246} 1246}
1247 1247
1248/* recognise user attributes packet */ 1248/* recognise user attributes packet */
1249static int 1249static int
1250recog_userattr(pgpv_t *pgp, pgpv_signed_userattr_t *userattr) 1250recog_userattr(pgpv_t *pgp, pgpv_signed_userattr_t *userattr)
1251{ 1251{
1252 pgpv_signature_t signature; 1252 pgpv_signature_t signature;
1253 1253
1254 memset(userattr, 0x0, sizeof(*userattr)); 1254 memset(userattr, 0x0, sizeof(*userattr));
1255 if (!pkt_is(pgp, USER_ATTRIBUTE_PKT)) { 1255 if (!pkt_is(pgp, USER_ATTRIBUTE_PKT)) {
1256 printf("recog_userattr: not %d\n", USER_ATTRIBUTE_PKT); 1256 printf("recog_userattr: not %d\n", USER_ATTRIBUTE_PKT);
1257 return 0; 1257 return 0;
1258 } 1258 }
1259 userattr->userattr = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.userattr; 1259 userattr->userattr = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.userattr;
1260 pgp->pkt += 1; 1260 pgp->pkt += 1;
1261 while (pkt_is(pgp, SIGNATURE_PKT)) { 1261 while (pkt_is(pgp, SIGNATURE_PKT)) {
1262 if (!recog_signature(pgp, &signature)) { 1262 if (!recog_signature(pgp, &signature)) {
1263 printf("recog_userattr: can't recognise signature/trust\n"); 1263 printf("recog_userattr: can't recognise signature/trust\n");
1264 return 0; 1264 return 0;
1265 } 1265 }
1266 ARRAY_APPEND(userattr->sigs, signature); 1266 ARRAY_APPEND(userattr->sigs, signature);
1267 if (signature.revoked) { 1267 if (signature.revoked) {
1268 userattr->revoked = signature.revoked; 1268 userattr->revoked = signature.revoked;
1269 } 1269 }
1270 } 1270 }
1271 return 1; 1271 return 1;
1272} 1272}
1273 1273
1274/* recognise a sub key */ 1274/* recognise a sub key */
1275static int 1275static int
1276recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey) 1276recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey)
1277{ 1277{
1278 pgpv_signature_t signature; 1278 pgpv_signature_t signature;
1279 pgpv_pkt_t *pkt; 1279 pgpv_pkt_t *pkt;
1280 1280
1281 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); 1281 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt);
1282 memset(subkey, 0x0, sizeof(*subkey)); 1282 memset(subkey, 0x0, sizeof(*subkey));
1283 read_pubkey(&subkey->subkey, pkt->s.data, pkt->s.size, 0); 1283 read_pubkey(&subkey->subkey, pkt->s.data, pkt->s.size, 0);
1284 pgp->pkt += 1; 1284 pgp->pkt += 1;
1285 if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION) || 1285 if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION) ||
1286 pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_REVOCATION) || 1286 pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_REVOCATION) ||
1287 pkt_sigtype_is(pgp, SIGTYPE_CERT_REVOCATION)) { 1287 pkt_sigtype_is(pgp, SIGTYPE_CERT_REVOCATION)) {
1288 recog_signature(pgp, &signature); 1288 recog_signature(pgp, &signature);
1289 subkey->revoc_self_sig = signature; 1289 subkey->revoc_self_sig = signature;
1290 } 1290 }
1291 do { 1291 do {
1292 if (!pkt_is(pgp, SIGNATURE_PKT)) { 1292 if (!pkt_is(pgp, SIGNATURE_PKT)) {
1293 printf("recog_subkey: not signature packet at %zu\n", pgp->pkt); 1293 printf("recog_subkey: not signature packet at %zu\n", pgp->pkt);
1294 return 0; 1294 return 0;
1295 } 1295 }
1296 if (!recog_signature(pgp, &signature)) { 1296 if (!recog_signature(pgp, &signature)) {
1297 printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt); 1297 printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt);
1298 return 0; 1298 return 0;
1299 } 1299 }
1300 ARRAY_APPEND(subkey->sigs, signature); 1300 ARRAY_APPEND(subkey->sigs, signature);
1301 if (signature.keyexpiry) { 1301 if (signature.keyexpiry) {
1302 /* XXX - check it's a good key expiry */ 1302 /* XXX - check it's a good key expiry */
1303 subkey->subkey.expiry = signature.keyexpiry; 1303 subkey->subkey.expiry = signature.keyexpiry;
1304 } 1304 }
1305 } while (pkt_is(pgp, SIGNATURE_PKT)); 1305 } while (pkt_is(pgp, SIGNATURE_PKT));
1306 return 1; 1306 return 1;
1307} 1307}
1308 1308
1309/* use a sparse map for the text strings here to save space */ 1309/* use a sparse map for the text strings here to save space */
1310static const char *keyalgs[] = { 1310static const char *keyalgs[] = {
1311 "[Unknown]", 1311 "[Unknown]",
1312 "RSA (Encrypt or Sign)", 1312 "RSA (Encrypt or Sign)",
1313 "RSA (Encrypt Only)", 1313 "RSA (Encrypt Only)",
1314 "RSA (Sign Only)", 1314 "RSA (Sign Only)",
1315 "Elgamal (Encrypt Only)", 1315 "Elgamal (Encrypt Only)",
1316 "DSA", 1316 "DSA",
1317 "Elliptic Curve", 1317 "Elliptic Curve",
1318 "ECDSA", 1318 "ECDSA",
1319 "Elgamal (Encrypt or Sign)" 1319 "Elgamal (Encrypt or Sign)"
1320}; 1320};
1321 1321
1322#define MAX_KEYALG 21 1322#define MAX_KEYALG 21
1323 1323
1324static const char *keyalgmap = "\0\01\02\03\0\0\0\0\0\0\0\0\0\0\0\0\04\05\06\07\010\011"; 1324static const char *keyalgmap = "\0\01\02\03\0\0\0\0\0\0\0\0\0\0\0\0\04\05\06\07\010\011";
1325 1325
1326/* return human readable name for key algorithm */ 1326/* return human readable name for key algorithm */
1327static const char * 1327static const char *
1328fmtkeyalg(uint8_t keyalg) 1328fmtkeyalg(uint8_t keyalg)
1329{ 1329{
1330 return keyalgs[(uint8_t)keyalgmap[(keyalg >= MAX_KEYALG) ? 0 : keyalg]]; 1330 return keyalgs[(uint8_t)keyalgmap[(keyalg >= MAX_KEYALG) ? 0 : keyalg]];
1331} 1331}
1332 1332
1333/* return the number of bits in the public key */ 1333/* return the number of bits in the public key */
1334static unsigned 1334static unsigned
1335numkeybits(const pgpv_pubkey_t *pubkey) 1335numkeybits(const pgpv_pubkey_t *pubkey)
1336{ 1336{
1337 switch(pubkey->keyalg) { 1337 switch(pubkey->keyalg) {
1338 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 1338 case PUBKEY_RSA_ENCRYPT_OR_SIGN:
1339 case PUBKEY_RSA_ENCRYPT: 1339 case PUBKEY_RSA_ENCRYPT:
1340 case PUBKEY_RSA_SIGN: 1340 case PUBKEY_RSA_SIGN:
1341 return pubkey->bn[RSA_N].bits; 1341 return pubkey->bn[RSA_N].bits;
1342 case PUBKEY_DSA: 1342 case PUBKEY_DSA:
1343 case PUBKEY_ECDSA: 1343 case PUBKEY_ECDSA:
1344 return BITS_TO_BYTES(pubkey->bn[DSA_Q].bits) * 64; 1344 return BITS_TO_BYTES(pubkey->bn[DSA_Q].bits) * 64;
1345 case PUBKEY_ELGAMAL_ENCRYPT: 1345 case PUBKEY_ELGAMAL_ENCRYPT:
1346 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: 1346 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN:
1347 return pubkey->bn[ELGAMAL_P].bits; 1347 return pubkey->bn[ELGAMAL_P].bits;
1348 default: 1348 default:
1349 return 0; 1349 return 0;
1350 } 1350 }
1351} 1351}
1352 1352
1353/* print a public key */ 1353/* print a public key */
1354static size_t 1354static size_t
1355fmt_pubkey(char *s, size_t size, pgpv_pubkey_t *pubkey, const char *leader) 1355fmt_pubkey(char *s, size_t size, pgpv_pubkey_t *pubkey, const char *leader)
1356{ 1356{
1357 size_t cc; 1357 size_t cc;
1358 1358
1359 cc = snprintf(s, size, "%s %u/%s ", leader, numkeybits(pubkey), fmtkeyalg(pubkey->keyalg)); 1359 cc = snprintf(s, size, "%s %u/%s ", leader, numkeybits(pubkey), fmtkeyalg(pubkey->keyalg));
1360 cc += fmt_binary(&s[cc], size - cc, pubkey->keyid, PGPV_KEYID_LEN); 1360 cc += fmt_binary(&s[cc], size - cc, pubkey->keyid, PGPV_KEYID_LEN);
1361 cc += fmt_time(&s[cc], size - cc, " ", pubkey->birth, "", 0); 1361 cc += fmt_time(&s[cc], size - cc, " ", pubkey->birth, "", 0);
1362 if (pubkey->expiry) { 1362 if (pubkey->expiry) {
1363 cc += fmt_time(&s[cc], size - cc, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0); 1363 cc += fmt_time(&s[cc], size - cc, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0);
1364 } 1364 }
1365 cc += snprintf(&s[cc], size - cc, "\n"); 1365 cc += snprintf(&s[cc], size - cc, "\n");
1366 cc += fmt_fingerprint(&s[cc], size - cc, &pubkey->fingerprint, "fingerprint: "); 1366 cc += fmt_fingerprint(&s[cc], size - cc, &pubkey->fingerprint, "fingerprint: ");
1367 return cc; 1367 return cc;
1368} 1368}
1369 1369
1370/* we add 1 to revocation value to denote compromised */ 1370/* we add 1 to revocation value to denote compromised */
1371#define COMPROMISED (0x02 + 1) 1371#define COMPROMISED (0x02 + 1)
1372 1372
1373/* format a userid - used to order the userids when formatting */ 1373/* format a userid - used to order the userids when formatting */
1374static size_t 1374static size_t
1375fmt_userid(char *s, size_t size, pgpv_primarykey_t *primary, uint8_t u) 1375fmt_userid(char *s, size_t size, pgpv_primarykey_t *primary, uint8_t u)
1376{ 1376{
1377 pgpv_signed_userid_t *userid; 1377 pgpv_signed_userid_t *userid;
1378 1378
1379 userid = &ARRAY_ELEMENT(primary->signed_userids, u); 1379 userid = &ARRAY_ELEMENT(primary->signed_userids, u);
1380 return snprintf(s, size, "uid %.*s%s\n", 1380 return snprintf(s, size, "uid %.*s%s\n",
1381 (int)userid->userid.size, userid->userid.data, 1381 (int)userid->userid.size, userid->userid.data,
1382 (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]" : 1382 (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]" :
1383 (userid->revoked) ? " [REVOKED]" : ""); 1383 (userid->revoked) ? " [REVOKED]" : "");
1384} 1384}
1385 1385
1386/* print a primary key, per RFC 4880 */ 1386/* print a primary key, per RFC 4880 */
1387static size_t 1387static size_t
1388fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary) 1388fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary)
1389{ 1389{
1390 unsigned i; 1390 unsigned i;
1391 size_t cc; 1391 size_t cc;
1392 1392
1393 cc = fmt_pubkey(s, size, &primary->primary, "signature "); 1393 cc = fmt_pubkey(s, size, &primary->primary, "signature ");
1394 cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid); 1394 cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid);
1395 for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) { 1395 for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) {
1396 if (i != primary->primary_userid) { 1396 if (i != primary->primary_userid) {
1397 cc += fmt_userid(&s[cc], size - cc, primary, i); 1397 cc += fmt_userid(&s[cc], size - cc, primary, i);
1398 } 1398 }
1399 } 1399 }
1400 for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) { 1400 for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) {
1401 cc += fmt_pubkey(&s[cc], size - cc, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption"); 1401 cc += fmt_pubkey(&s[cc], size - cc, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption");
1402 } 1402 }
1403 cc += snprintf(&s[cc], size - cc, "\n"); 1403 cc += snprintf(&s[cc], size - cc, "\n");
1404 return cc; 1404 return cc;
1405} 1405}
1406 1406
1407 1407
1408/* check the padding on the signature */ 1408/* check the padding on the signature */
1409static int 1409static int
1410rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) 1410rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num)
1411{ 1411{
1412 USE_ARG(num); 1412 USE_ARG(num);
1413 if (flen > tlen) { 1413 if (flen > tlen) {
1414 printf("from length larger than to length\n"); 1414 printf("from length larger than to length\n");
1415 return -1; 1415 return -1;
1416 } 1416 }
1417 (void) memset(to, 0x0, tlen - flen); 1417 (void) memset(to, 0x0, tlen - flen);
1418 (void) memcpy(to + tlen - flen, from, flen); 1418 (void) memcpy(to + tlen - flen, from, flen);
1419 return tlen; 1419 return tlen;
1420} 1420}
1421 1421
1422#define RSA_MAX_MODULUS_BITS 16384 1422#define RSA_MAX_MODULUS_BITS 16384
1423#define RSA_SMALL_MODULUS_BITS 3072 1423#define RSA_SMALL_MODULUS_BITS 3072
1424#define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ 1424#define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
1425 1425
1426/* check against the exponent/moudulo operation */ 1426/* check against the exponent/moudulo operation */
1427static int 1427static int
1428lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) 1428lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa)
1429{ 1429{
1430 uint8_t *decbuf; 1430 uint8_t *decbuf;
1431 BIGNUM *decbn; 1431 BIGNUM *decbn;
1432 BIGNUM *encbn; 1432 BIGNUM *encbn;
1433 int decbytes; 1433 int decbytes;
1434 int nbytes; 1434 int nbytes;
1435 int r; 1435 int r;
1436 1436
1437 nbytes = 0; 1437 nbytes = 0;
1438 r = -1; 1438 r = -1;
1439 decbuf = NULL; 1439 decbuf = NULL;
1440 decbn = encbn = NULL; 1440 decbn = encbn = NULL;
1441 if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { 1441 if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
1442 printf("rsa r modulus too large\n"); 1442 printf("rsa r modulus too large\n");
1443 goto err; 1443 goto err;
1444 } 1444 }
1445 if (BN_cmp(rsa->n, rsa->e) <= 0) { 1445 if (BN_cmp(rsa->n, rsa->e) <= 0) {
1446 printf("rsa r bad n value\n"); 1446 printf("rsa r bad n value\n");
1447 goto err; 1447 goto err;
1448 } 1448 }
1449 if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && 1449 if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
1450 BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { 1450 BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
1451 printf("rsa r bad exponent limit\n"); 1451 printf("rsa r bad exponent limit\n");
1452 goto err; 1452 goto err;
1453 } 1453 }
1454 if ((encbn = BN_new()) == NULL || 1454 if ((encbn = BN_new()) == NULL ||
1455 (decbn = BN_new()) == NULL || 1455 (decbn = BN_new()) == NULL ||
1456 (decbuf = calloc(1, nbytes = BN_num_bytes(rsa->n))) == NULL) { 1456 (decbuf = calloc(1, nbytes = BN_num_bytes(rsa->n))) == NULL) {
1457 printf("allocation failure\n"); 1457 printf("allocation failure\n");
1458 goto err; 1458 goto err;
1459 } 1459 }
1460 if (enclen > nbytes) { 1460 if (enclen > nbytes) {
1461 printf("rsa r > mod len\n"); 1461 printf("rsa r > mod len\n");
1462 goto err; 1462 goto err;
1463 } 1463 }
1464 if (BN_bin2bn(encbuf, enclen, encbn) == NULL) { 1464 if (BN_bin2bn(encbuf, enclen, encbn) == NULL) {
1465 printf("null encrypted BN\n"); 1465 printf("null encrypted BN\n");
1466 goto err; 1466 goto err;
1467 } 1467 }
1468 if (BN_cmp(encbn, rsa->n) >= 0) { 1468 if (BN_cmp(encbn, rsa->n) >= 0) {
1469 printf("rsa r data too large for modulus\n"); 1469 printf("rsa r data too large for modulus\n");
1470 goto err; 1470 goto err;
1471 } 1471 }
1472 if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { 1472 if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
1473 printf("BN_mod_exp < 0\n"); 1473 printf("BN_mod_exp < 0\n");
1474 goto err; 1474 goto err;
1475 } 1475 }
1476 decbytes = BN_num_bytes(decbn); 1476 decbytes = BN_num_bytes(decbn);
1477 (void) BN_bn2bin(decbn, decbuf); 1477 (void) BN_bn2bin(decbn, decbuf);
1478 if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { 1478 if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) {
1479 printf("rsa r padding check failed\n"); 1479 printf("rsa r padding check failed\n");
1480 } 1480 }
1481err: 1481err:
1482 BN_free(encbn); 1482 BN_free(encbn);
1483 BN_free(decbn); 1483 BN_free(decbn);
1484 if (decbuf != NULL) { 1484 if (decbuf != NULL) {
1485 (void) memset(decbuf, 0x0, nbytes); 1485 (void) memset(decbuf, 0x0, nbytes);
1486 free(decbuf); 1486 free(decbuf);
1487 } 1487 }
1488 return r; 1488 return r;
1489} 1489}
1490 1490
1491/* verify */ 1491/* verify */
1492static int 1492static int
1493rsa_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) 1493rsa_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding)
1494{ 1494{
1495 rsa_pubkey_t pub; 1495 rsa_pubkey_t pub;
1496 int ret; 1496 int ret;
1497 1497
1498 if (enc == NULL || dec == NULL || rsa == NULL) { 1498 if (enc == NULL || dec == NULL || rsa == NULL) {
1499 return 0; 1499 return 0;
1500 } 1500 }
1501 USE_ARG(padding); 1501 USE_ARG(padding);
1502 (void) memset(&pub, 0x0, sizeof(pub)); 1502 (void) memset(&pub, 0x0, sizeof(pub));
1503 pub.n = BN_dup(rsa->n); 1503 pub.n = BN_dup(rsa->n);
1504 pub.e = BN_dup(rsa->e); 1504 pub.e = BN_dup(rsa->e);
1505 ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub); 1505 ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub);
1506 BN_free(pub.n); 1506 BN_free(pub.n);
1507 BN_free(pub.e); 1507 BN_free(pub.e);
1508 return ret; 1508 return ret;
1509} 1509}
1510 1510
1511#define SUBKEY_LEN(x) (80 + 80) 1511#define SUBKEY_LEN(x) (80 + 80)
1512#define SIG_LEN 80 1512#define SIG_LEN 80
1513#define UID_LEN 80 1513#define UID_LEN 80
1514 1514
1515/* return worst case number of bytes needed to format a primary key */ 1515/* return worst case number of bytes needed to format a primary key */
1516static size_t 1516static size_t
1517estimate_primarykey_size(pgpv_primarykey_t *primary) 1517estimate_primarykey_size(pgpv_primarykey_t *primary)
1518{ 1518{
1519 size_t cc; 1519 size_t cc;
1520 1520
1521 cc = SUBKEY_LEN("signature") + 1521 cc = SUBKEY_LEN("signature") +
1522 (ARRAY_COUNT(primary->signed_userids) * UID_LEN) + 1522 (ARRAY_COUNT(primary->signed_userids) * UID_LEN) +
1523 (ARRAY_COUNT(primary->signed_subkeys) * SUBKEY_LEN("encrypt uids")); 1523 (ARRAY_COUNT(primary->signed_subkeys) * SUBKEY_LEN("encrypt uids"));
1524 return cc; 1524 return cc;
1525} 1525}
1526 1526
1527/* use public decrypt to verify a signature */ 1527/* use public decrypt to verify a signature */
1528static int  1528static int
1529pgpv_rsa_public_decrypt(uint8_t *out, const uint8_t *in, size_t length, const pgpv_pubkey_t *pubkey) 1529pgpv_rsa_public_decrypt(uint8_t *out, const uint8_t *in, size_t length, const pgpv_pubkey_t *pubkey)
1530{ 1530{
1531 RSA *orsa; 1531 RSA *orsa;
1532 int n; 1532 int n;
1533 1533
1534 if ((orsa = calloc(1, sizeof(*orsa))) == NULL) { 1534 if ((orsa = calloc(1, sizeof(*orsa))) == NULL) {
1535 return 0; 1535 return 0;
1536 } 1536 }
1537 orsa->n = pubkey->bn[RSA_N].bn; 1537 orsa->n = pubkey->bn[RSA_N].bn;
1538 orsa->e = pubkey->bn[RSA_E].bn; 1538 orsa->e = pubkey->bn[RSA_E].bn;
1539 n = rsa_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); 1539 n = rsa_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
1540 orsa->n = orsa->e = NULL; 1540 orsa->n = orsa->e = NULL;
1541 free(orsa); 1541 free(orsa);
1542 return n; 1542 return n;
1543} 1543}
1544 1544
1545/* verify rsa signature */ 1545/* verify rsa signature */
1546static int 1546static int
1547rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t *bn, pgpv_pubkey_t *pubkey) 1547rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t *bn, pgpv_pubkey_t *pubkey)
1548{ 1548{
1549 unsigned prefixlen; 1549 unsigned prefixlen;
1550 unsigned decryptc; 1550 unsigned decryptc;
1551 unsigned i; 1551 unsigned i;
1552 uint8_t decrypted[8192]; 1552 uint8_t decrypted[8192];
1553 uint8_t sigbn[8192]; 1553 uint8_t sigbn[8192];
1554 uint8_t prefix[64]; 1554 uint8_t prefix[64];
1555 size_t keysize; 1555 size_t keysize;
1556 1556
1557 keysize = BITS_TO_BYTES(pubkey->bn[RSA_N].bits); 1557 keysize = BITS_TO_BYTES(pubkey->bn[RSA_N].bits);
1558 BN_bn2bin(bn[RSA_SIG].bn, sigbn); 1558 BN_bn2bin(bn[RSA_SIG].bn, sigbn);
1559 decryptc = pgpv_rsa_public_decrypt(decrypted, sigbn, BITS_TO_BYTES(bn[RSA_SIG].bits), pubkey); 1559 decryptc = pgpv_rsa_public_decrypt(decrypted, sigbn, BITS_TO_BYTES(bn[RSA_SIG].bits), pubkey);
1560 if (decryptc != keysize || (decrypted[0] != 0 || decrypted[1] != 1)) { 1560 if (decryptc != keysize || (decrypted[0] != 0 || decrypted[1] != 1)) {
1561 return 0; 1561 return 0;
1562 } 1562 }
1563 if ((prefixlen = digest_get_prefix((unsigned)hashalg, prefix, sizeof(prefix))) == 0) { 1563 if ((prefixlen = digest_get_prefix((unsigned)hashalg, prefix, sizeof(prefix))) == 0) {
1564 printf("rsa_verify: unknown hash algorithm: %d\n", hashalg); 1564 printf("rsa_verify: unknown hash algorithm: %d\n", hashalg);
1565 return 0; 1565 return 0;
1566 } 1566 }
1567 for (i = 2 ; i < keysize - prefixlen - calclen - 1 ; i++) { 1567 for (i = 2 ; i < keysize - prefixlen - calclen - 1 ; i++) {
1568 if (decrypted[i] != 0xff) { 1568 if (decrypted[i] != 0xff) {
1569 return 0; 1569 return 0;
1570 } 1570 }
1571 } 1571 }
1572 if (decrypted[i++] != 0x0) { 1572 if (decrypted[i++] != 0x0) {
1573 return 0; 1573 return 0;
1574 } 1574 }
1575 if (memcmp(&decrypted[i], prefix, prefixlen) != 0) { 1575 if (memcmp(&decrypted[i], prefix, prefixlen) != 0) {
1576 printf("rsa_verify: wrong hash algorithm\n"); 1576 printf("rsa_verify: wrong hash algorithm\n");
1577 return 0; 1577 return 0;
1578 } 1578 }
1579 return memcmp(&decrypted[i + prefixlen], calculated, calclen) == 0; 1579 return memcmp(&decrypted[i + prefixlen], calculated, calclen) == 0;
1580} 1580}
1581 1581
1582/* return 1 if bn <= 0 */ 1582/* return 1 if bn <= 0 */
1583static int 1583static int
1584bignum_is_bad(BIGNUM *bn) 1584bignum_is_bad(BIGNUM *bn)
1585{ 1585{
1586 return BN_is_zero(bn) || BN_is_negative(bn); 1586 return BN_is_zero(bn) || BN_is_negative(bn);
1587} 1587}
1588 1588
1589#define BAD_BIGNUM(s, k) \ 1589#define BAD_BIGNUM(s, k) \
1590 (bignum_is_bad((s)->bn) || BN_cmp((s)->bn, (k)->bn) >= 0) 1590 (bignum_is_bad((s)->bn) || BN_cmp((s)->bn, (k)->bn) >= 0)
1591 1591
1592#ifndef DSA_MAX_MODULUS_BITS 1592#ifndef DSA_MAX_MODULUS_BITS
1593#define DSA_MAX_MODULUS_BITS 10000 1593#define DSA_MAX_MODULUS_BITS 10000
1594#endif 1594#endif
1595 1595
1596/* verify DSA signature */ 1596/* verify DSA signature */
1597static int 1597static int
1598verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey) 1598verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey)
1599{ 1599{
1600 unsigned qbits; 1600 unsigned qbits;
1601 uint8_t calcnum[128]; 1601 uint8_t calcnum[128];
1602 uint8_t signum[128]; 1602 uint8_t signum[128];
1603 BIGNUM *M; 1603 BIGNUM *M;
1604 BIGNUM *W; 1604 BIGNUM *W;
1605 BIGNUM *t1; 1605 BIGNUM *t1;
1606 int ret; 1606 int ret;
1607 1607
1608 if (pubkey[DSA_P].bn == NULL || pubkey[DSA_Q].bn == NULL || pubkey[DSA_G].bn == NULL) { 1608 if (pubkey[DSA_P].bn == NULL || pubkey[DSA_Q].bn == NULL || pubkey[DSA_G].bn == NULL) {
1609 return 0; 1609 return 0;
1610 } 1610 }
1611 M = W = t1 = NULL; 1611 M = W = t1 = NULL;
1612 qbits = pubkey->bn[DSA_Q].bits; 1612 qbits = pubkey->bn[DSA_Q].bits;
1613 switch(qbits) { 1613 switch(qbits) {
1614 case 160: 1614 case 160:
1615 case 224: 1615 case 224:
1616 case 256: 1616 case 256:
1617 break; 1617 break;
1618 default: 1618 default:
1619 printf("dsa: bad # of Q bits\n"); 1619 printf("dsa: bad # of Q bits\n");
1620 return 0; 1620 return 0;
1621 } 1621 }
1622 if (pubkey->bn[DSA_P].bits > DSA_MAX_MODULUS_BITS) { 1622 if (pubkey->bn[DSA_P].bits > DSA_MAX_MODULUS_BITS) {
1623 printf("dsa: p too large\n"); 1623 printf("dsa: p too large\n");
1624 return 0; 1624 return 0;
1625 } 1625 }
1626 if (calclen > SHA256_DIGEST_LENGTH) { 1626 if (calclen > SHA256_DIGEST_LENGTH) {
1627 printf("dsa: digest too long\n"); 1627 printf("dsa: digest too long\n");
1628 return 0; 1628 return 0;
1629 } 1629 }
1630 ret = 0; 1630 ret = 0;
1631 if ((M = BN_new()) == NULL || (W = BN_new()) == NULL || (t1 = BN_new()) == NULL || 1631 if ((M = BN_new()) == NULL || (W = BN_new()) == NULL || (t1 = BN_new()) == NULL ||
1632 BAD_BIGNUM(&sig[DSA_R], &pubkey->bn[DSA_Q]) || 1632 BAD_BIGNUM(&sig[DSA_R], &pubkey->bn[DSA_Q]) ||
1633 BAD_BIGNUM(&sig[DSA_S], &pubkey->bn[DSA_Q]) || 1633 BAD_BIGNUM(&sig[DSA_S], &pubkey->bn[DSA_Q]) ||
1634 BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) { 1634 BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) {
1635 goto done; 1635 goto done;
1636 } 1636 }
1637 if (calclen > qbits / 8) { 1637 if (calclen > qbits / 8) {
1638 calclen = qbits / 8; 1638 calclen = qbits / 8;
1639 } 1639 }
1640 if (BN_bin2bn(calculated, (int)calclen, M) == NULL || 1640 if (BN_bin2bn(calculated, (int)calclen, M) == NULL ||
1641 !BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) || 1641 !BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) ||
1642 !BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) || 1642 !BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) ||
1643 !BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) || 1643 !BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) ||
1644 !BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) || 1644 !BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) ||
1645 !BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) || 1645 !BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) ||
1646 !BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) { 1646 !BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) {
1647 goto done; 1647 goto done;
1648 } 1648 }
1649 /* only compare the first q bits */ 1649 /* only compare the first q bits */
1650 BN_bn2bin(t1, calcnum); 1650 BN_bn2bin(t1, calcnum);
1651 BN_bn2bin(sig[DSA_R].bn, signum); 1651 BN_bn2bin(sig[DSA_R].bn, signum);
1652 ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0; 1652 ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0;
1653done: 1653done:
1654 if (M) { 1654 if (M) {
1655 BN_free(M); 1655 BN_free(M);
1656 } 1656 }
1657 if (W) { 1657 if (W) {
1658 BN_free(W); 1658 BN_free(W);
1659 } 1659 }
1660 if (t1) { 1660 if (t1) {
1661 BN_free(t1); 1661 BN_free(t1);
1662 } 1662 }
1663 return ret; 1663 return ret;
1664} 1664}
1665 1665
1666#define TIME_SNPRINTF(_cc, _buf, _size, _fmt, _val) do { \ 1666#define TIME_SNPRINTF(_cc, _buf, _size, _fmt, _val) do { \
1667 time_t _t; \ 1667 time_t _t; \
1668 char *_s; \ 1668 char *_s; \
1669 \ 1669 \
1670 _t = _val; \ 1670 _t = _val; \
1671 _s = ctime(&_t); \ 1671 _s = ctime(&_t); \
1672 _cc += snprintf(_buf, _size, _fmt, _s); \ 1672 _cc += snprintf(_buf, _size, _fmt, _s); \
1673} while(/*CONSTCOND*/0) 1673} while(/*CONSTCOND*/0)
1674 1674
1675/* check dates on signature and key are valid */ 1675/* check dates on signature and key are valid */
1676static size_t 1676static size_t
1677valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size) 1677valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size)
1678{ 1678{
1679 time_t now; 1679 time_t now;
1680 time_t t; 1680 time_t t;
1681 size_t cc; 1681 size_t cc;
1682 1682
1683 cc = 0; 1683 cc = 0;
1684 if (signature->birth < pubkey->birth) { 1684 if (signature->birth < pubkey->birth) {
1685 TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth); 1685 TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth);
1686 TIME_SNPRINTF(cc, &buf[cc], size - cc, "(%s)\n", pubkey->birth); 1686 TIME_SNPRINTF(cc, &buf[cc], size - cc, "(%s)\n", pubkey->birth);
1687 return cc; 1687 return cc;
1688 } 1688 }
1689 now = time(NULL); 1689 now = time(NULL);
1690 if (signature->expiry != 0) { 1690 if (signature->expiry != 0) {
1691 if ((t = signature->birth + signature->expiry) < now) { 1691 if ((t = signature->birth + signature->expiry) < now) {
1692 TIME_SNPRINTF(cc, buf, size, "Signature expired on %.24s\n", t); 1692 TIME_SNPRINTF(cc, buf, size, "Signature expired on %.24s\n", t);
1693 return cc; 1693 return cc;
1694 } 1694 }
1695 } 1695 }
1696 if (now < signature->birth) { 1696 if (now < signature->birth) {
1697 TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s\n", signature->birth); 1697 TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s\n", signature->birth);
1698 return cc; 1698 return cc;
1699 } 1699 }
1700 return 0; 1700 return 0;
1701} 1701}
1702 1702
1703/* check if the signing key has expired */ 1703/* check if the signing key has expired */
1704static int 1704static int
1705key_expired(pgpv_pubkey_t *pubkey, char *buf, size_t size) 1705key_expired(pgpv_pubkey_t *pubkey, char *buf, size_t size)
1706{ 1706{
1707 time_t now; 1707 time_t now;
1708 time_t t; 1708 time_t t;
1709 size_t cc; 1709 size_t cc;
1710 1710
1711 now = time(NULL); 1711 now = time(NULL);
1712 cc = 0; 1712 cc = 0;
1713 if (pubkey->expiry != 0) { 1713 if (pubkey->expiry != 0) {
1714 if ((t = pubkey->birth + pubkey->expiry) < now) { 1714 if ((t = pubkey->birth + pubkey->expiry) < now) {
1715 TIME_SNPRINTF(cc, buf, size, "Pubkey expired on %.24s\n", t); 1715 TIME_SNPRINTF(cc, buf, size, "Pubkey expired on %.24s\n", t);
1716 return (int)cc; 1716 return (int)cc;
1717 } 1717 }
1718 } 1718 }
1719 if (now < pubkey->birth) { 1719 if (now < pubkey->birth) {
1720 TIME_SNPRINTF(cc, buf, size, "Pubkey not valid before %.24s\n", pubkey->birth); 1720 TIME_SNPRINTF(cc, buf, size, "Pubkey not valid before %.24s\n", pubkey->birth);
1721 return (int)cc; 1721 return (int)cc;
1722 } 1722 }
1723 return 0; 1723 return 0;
1724} 1724}
1725 1725
1726/* find the leading onepass packet */ 1726/* find the leading onepass packet */
1727static size_t 1727static size_t
1728find_onepass(pgpv_cursor_t *cursor, size_t datastart) 1728find_onepass(pgpv_cursor_t *cursor, size_t datastart)
1729{ 1729{
1730 size_t pkt; 1730 size_t pkt;
1731 1731
1732 for (pkt = datastart ; pkt < ARRAY_COUNT(cursor->pgp->pkts) ; pkt++) { 1732 for (pkt = datastart ; pkt < ARRAY_COUNT(cursor->pgp->pkts) ; pkt++) {
1733 if (ARRAY_ELEMENT(cursor->pgp->pkts, pkt).tag == ONEPASS_SIGNATURE_PKT) { 1733 if (ARRAY_ELEMENT(cursor->pgp->pkts, pkt).tag == ONEPASS_SIGNATURE_PKT) {
1734 return pkt + 1; 1734 return pkt + 1;
1735 } 1735 }
1736 } 1736 }
1737 snprintf(cursor->why, sizeof(cursor->why), "No signature to verify"); 1737 snprintf(cursor->why, sizeof(cursor->why), "No signature to verify");
1738 return 0; 1738 return 0;
1739} 1739}
1740 1740
1741static const char *armor_begins[] = { 1741static const char *armor_begins[] = {
1742 "-----BEGIN PGP SIGNED MESSAGE-----\n", 1742 "-----BEGIN PGP SIGNED MESSAGE-----\n",
1743 "-----BEGIN PGP MESSAGE-----\n", 1743 "-----BEGIN PGP MESSAGE-----\n",
1744 NULL 1744 NULL
1745}; 1745};
1746 1746
1747/* return non-zero if the buf introduces an armored message */ 1747/* return non-zero if the buf introduces an armored message */
1748static int 1748static int
1749is_armored(const char *buf, size_t size) 1749is_armored(const char *buf, size_t size)
1750{ 1750{
1751 const char **arm; 1751 const char **arm;
1752 const char *nl; 1752 const char *nl;
1753 size_t n; 1753 size_t n;
1754 1754
1755 if ((nl = memchr(buf, '\n', size)) == NULL) { 1755 if ((nl = memchr(buf, '\n', size)) == NULL) {
1756 return 0; 1756 return 0;
1757 } 1757 }
1758 n = (size_t)(nl - buf); 1758 n = (size_t)(nl - buf);
1759 for (arm = armor_begins ; *arm ; arm++) { 1759 for (arm = armor_begins ; *arm ; arm++) {
1760 if (strncmp(buf, *arm, n) == 0) { 1760 if (strncmp(buf, *arm, n) == 0) {
1761 return 1; 1761 return 1;
1762 } 1762 }
1763 } 1763 }
1764 return 0; 1764 return 0;
1765} 1765}
1766 1766
1767#define SIGSTART "-----BEGIN PGP SIGNATURE-----\n" 1767#define SIGSTART "-----BEGIN PGP SIGNATURE-----\n"
1768#define SIGEND "-----END PGP SIGNATURE-----\n" 1768#define SIGEND "-----END PGP SIGNATURE-----\n"
1769 1769
1770/* for ascii armor, we don't get a onepass packet - make one */ 1770/* for ascii armor, we don't get a onepass packet - make one */
1771static const char *cons_onepass = "\304\015\003\0\0\0\0\377\377\377\377\377\377\377\377\1"; 1771static const char *cons_onepass = "\304\015\003\0\0\0\0\377\377\377\377\377\377\377\377\1";
1772 1772
1773/* read ascii armor */ 1773/* read ascii armor */
1774static int 1774static int
1775read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename) 1775read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename)
1776{ 1776{
1777 pgpv_onepass_t *onepass; 1777 pgpv_onepass_t *onepass;
1778 pgpv_sigpkt_t *sigpkt; 1778 pgpv_sigpkt_t *sigpkt;
1779 pgpv_pkt_t litdata; 1779 pgpv_pkt_t litdata;
1780 uint8_t binsig[8192]; 1780 uint8_t binsig[8192];
1781 uint8_t *datastart; 1781 uint8_t *datastart;
1782 uint8_t *sigend; 1782 uint8_t *sigend;
1783 uint8_t *p; 1783 uint8_t *p;
1784 size_t binsigsize; 1784 size_t binsigsize;
1785 1785
1786 /* cons up litdata pkt */ 1786 /* cons up litdata pkt */
1787 memset(&litdata, 0x0, sizeof(litdata)); 1787 memset(&litdata, 0x0, sizeof(litdata));
1788 litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; 1788 litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1;
1789 p = mem->mem; 1789 p = mem->mem;
1790 /* jump over signed message line */ 1790 /* jump over signed message line */
1791 if ((p = memmem(mem->mem, mem->size, "\n\n", 2)) == NULL) { 1791 if ((p = memmem(mem->mem, mem->size, "\n\n", 2)) == NULL) {
1792 snprintf(cursor->why, sizeof(cursor->why), "malformed armor at offset 0"); 1792 snprintf(cursor->why, sizeof(cursor->why), "malformed armor at offset 0");
1793 return 0; 1793 return 0;
1794 } 1794 }
1795 p += 2; 1795 p += 2;
1796 litdata.tag = LITDATA_PKT; 1796 litdata.tag = LITDATA_PKT;
1797 litdata.s.data = p; 1797 litdata.s.data = p;
1798 litdata.u.litdata.offset = (size_t)(p - mem->mem); 1798 litdata.u.litdata.offset = (size_t)(p - mem->mem);
1799 litdata.u.litdata.filename = (uint8_t *)strdup(filename); 1799 litdata.u.litdata.filename = (uint8_t *)strdup(filename);
1800 if ((p = memmem(datastart = p, mem->size - litdata.offset, SIGSTART, strlen(SIGSTART))) == NULL) { 1800 if ((p = memmem(datastart = p, mem->size - litdata.offset, SIGSTART, strlen(SIGSTART))) == NULL) {
1801 snprintf(cursor->why, sizeof(cursor->why), 1801 snprintf(cursor->why, sizeof(cursor->why),
1802 "malformed armor - no sig - at %zu", (size_t)(p - mem->mem)); 1802 "malformed armor - no sig - at %zu", (size_t)(p - mem->mem));
1803 return 0; 1803 return 0;
1804 } 1804 }
1805 litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart); 1805 litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart);
1806 p += strlen(SIGSTART); 1806 p += strlen(SIGSTART);
1807 if ((p = memmem(p, mem->size, "\n\n", 2)) == NULL) { 1807 if ((p = memmem(p, mem->size, "\n\n", 2)) == NULL) {
1808 snprintf(cursor->why, sizeof(cursor->why), 1808 snprintf(cursor->why, sizeof(cursor->why),
1809 "malformed armed signature at %zu", (size_t)(p - mem->mem)); 1809 "malformed armed signature at %zu", (size_t)(p - mem->mem));
1810 return 0; 1810 return 0;
1811 } 1811 }
1812 p += 2; 1812 p += 2;
1813 sigend = memmem(p, mem->size, SIGEND, strlen(SIGEND)); 1813 sigend = memmem(p, mem->size, SIGEND, strlen(SIGEND));
1814 binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig)); 1814 binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig));
1815 1815
1816 read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); 1816 read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
1817 ARRAY_APPEND(cursor->pgp->pkts, litdata); 1817 ARRAY_APPEND(cursor->pgp->pkts, litdata);
1818 read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3); 1818 read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3);
1819 /* XXX - hardwired - 3 is format and length */ 1819 /* XXX - hardwired - 3 is format and length */
1820 1820
1821 /* fix up packets in the packet array now we have them there */ 1821 /* fix up packets in the packet array now we have them there */
1822 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, ARRAY_COUNT(cursor->pgp->pkts) - 1 - 2).u.onepass; 1822 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, ARRAY_COUNT(cursor->pgp->pkts) - 1 - 2).u.onepass;
1823 sigpkt = &ARRAY_LAST(cursor->pgp->pkts).u.sigpkt; 1823 sigpkt = &ARRAY_LAST(cursor->pgp->pkts).u.sigpkt;
1824 memcpy(onepass->keyid, sigpkt->sig.signer, sizeof(onepass->keyid)); 1824 memcpy(onepass->keyid, sigpkt->sig.signer, sizeof(onepass->keyid));
1825 onepass->hashalg = sigpkt->sig.hashalg; 1825 onepass->hashalg = sigpkt->sig.hashalg;
1826 onepass->keyalg = sigpkt->sig.keyalg; 1826 onepass->keyalg = sigpkt->sig.keyalg;
1827 return 1; 1827 return 1;
1828} 1828}
1829 1829
1830/* read ascii armor from a file */ 1830/* read ascii armor from a file */
1831static int 1831static int
1832read_ascii_armor_file(pgpv_cursor_t *cursor, const char *filename) 1832read_ascii_armor_file(pgpv_cursor_t *cursor, const char *filename)
1833{ 1833{
1834 /* cons up litdata pkt */ 1834 /* cons up litdata pkt */
1835 read_file(cursor->pgp, filename); 1835 read_file(cursor->pgp, filename);
1836 return read_ascii_armor(cursor, &ARRAY_LAST(cursor->pgp->areas), filename); 1836 return read_ascii_armor(cursor, &ARRAY_LAST(cursor->pgp->areas), filename);
1837} 1837}
1838 1838
1839/* read ascii armor from memory */ 1839/* read ascii armor from memory */
1840static int 1840static int
1841read_ascii_armor_memory(pgpv_cursor_t *cursor, const void *p, size_t size) 1841read_ascii_armor_memory(pgpv_cursor_t *cursor, const void *p, size_t size)
1842{ 1842{
1843 pgpv_mem_t *mem; 1843 pgpv_mem_t *mem;
1844 1844
1845 /* cons up litdata pkt */ 1845 /* cons up litdata pkt */
1846 ARRAY_EXPAND(cursor->pgp->areas); 1846 ARRAY_EXPAND(cursor->pgp->areas);
1847 ARRAY_COUNT(cursor->pgp->areas) += 1; 1847 ARRAY_COUNT(cursor->pgp->areas) += 1;
1848 mem = &ARRAY_LAST(cursor->pgp->areas); 1848 mem = &ARRAY_LAST(cursor->pgp->areas);
1849 memset(mem, 0x0, sizeof(*mem)); 1849 memset(mem, 0x0, sizeof(*mem));
1850 mem->size = size; 1850 mem->size = size;
1851 mem->mem = __UNCONST(p); 1851 mem->mem = __UNCONST(p);
1852 mem->dealloc = 0; 1852 mem->dealloc = 0;
1853 return read_ascii_armor(cursor, mem, "[stdin]"); 1853 return read_ascii_armor(cursor, mem, "[stdin]");
1854} 1854}
1855 1855
1856/* set up the data to verify */ 1856/* set up the data to verify */
1857static int 1857static int
1858setup_data(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) 1858setup_data(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
1859{ 1859{
1860 FILE *fp; 1860 FILE *fp;
1861 char buf[BUFSIZ]; 1861 char buf[BUFSIZ];
1862 1862
1863 if (cursor == NULL || pgp == NULL || p == NULL) { 1863 if (cursor == NULL || pgp == NULL || p == NULL) {
1864 return 0; 1864 return 0;
1865 } 1865 }
1866 memset(cursor, 0x0, sizeof(*cursor)); 1866 memset(cursor, 0x0, sizeof(*cursor));
1867 ARRAY_APPEND(pgp->datastarts, pgp->pkt); 1867 ARRAY_APPEND(pgp->datastarts, pgp->pkt);
1868 cursor->pgp = pgp; 1868 cursor->pgp = pgp;
1869 if (size < 0) { 1869 if (size < 0) {
1870 /* we have a file name in p */ 1870 /* we have a file name in p */
1871 if ((fp = fopen(p, "r")) == NULL) { 1871 if ((fp = fopen(p, "r")) == NULL) {
1872 snprintf(cursor->why, sizeof(cursor->why), "No such file '%s'", (const char *)p); 1872 snprintf(cursor->why, sizeof(cursor->why), "No such file '%s'", (const char *)p);
1873 return 0; 1873 return 0;
1874 } 1874 }
1875 if (fgets(buf, (int)sizeof(buf), fp) == NULL) { 1875 if (fgets(buf, (int)sizeof(buf), fp) == NULL) {
1876 fclose(fp); 1876 fclose(fp);
1877 snprintf(cursor->why, sizeof(cursor->why), "can't read file '%s'", (const char *)p); 1877 snprintf(cursor->why, sizeof(cursor->why), "can't read file '%s'", (const char *)p);
1878 return 0; 1878 return 0;
1879 } 1879 }
1880 if (is_armored(buf, sizeof(buf))) { 1880 if (is_armored(buf, sizeof(buf))) {
1881 read_ascii_armor_file(cursor, p); 1881 read_ascii_armor_file(cursor, p);
1882 } else { 1882 } else {
1883 read_binary_file(pgp, "signature", "%s", p); 1883 read_binary_file(pgp, "signature", "%s", (const char *)p);
1884 } 1884 }
1885 fclose(fp); 1885 fclose(fp);
1886 } else { 1886 } else {
1887 if (is_armored(p, (size_t)size)) { 1887 if (is_armored(p, (size_t)size)) {
1888 read_ascii_armor_memory(cursor, p, (size_t)size); 1888 read_ascii_armor_memory(cursor, p, (size_t)size);
1889 } else { 1889 } else {
1890 read_binary_memory(pgp, "signature", p, (size_t)size); 1890 read_binary_memory(pgp, "signature", p, (size_t)size);
1891 } 1891 }
1892 } 1892 }
1893 return 1; 1893 return 1;
1894} 1894}
1895 1895
1896/* get the data and size from litdata packet */ 1896/* get the data and size from litdata packet */
1897static uint8_t * 1897static uint8_t *
1898get_literal_data(pgpv_cursor_t *cursor, pgpv_litdata_t *litdata, size_t *size) 1898get_literal_data(pgpv_cursor_t *cursor, pgpv_litdata_t *litdata, size_t *size)
1899{ 1899{
1900 pgpv_mem_t *mem; 1900 pgpv_mem_t *mem;
1901 1901
1902 if (litdata->s.data == NULL && litdata->s.size == 0) { 1902 if (litdata->s.data == NULL && litdata->s.size == 0) {
1903 mem = &ARRAY_ELEMENT(cursor->pgp->areas, litdata->mem); 1903 mem = &ARRAY_ELEMENT(cursor->pgp->areas, litdata->mem);
1904 *size = litdata->len; 1904 *size = litdata->len;
1905 return &mem->mem[litdata->offset];  1905 return &mem->mem[litdata->offset];
1906 } 1906 }
1907 *size = litdata->s.size; 1907 *size = litdata->s.size;
1908 return litdata->s.data; 1908 return litdata->s.data;
1909} 1909}
1910 1910
1911/* 1911/*
1912RFC 4880 describes the structure of v4 keys as: 1912RFC 4880 describes the structure of v4 keys as:
1913 1913
1914 Primary-Key 1914 Primary-Key
1915 [Revocation Self Signature] 1915 [Revocation Self Signature]
1916 [Direct Key Signature...] 1916 [Direct Key Signature...]
1917 User ID [Signature ...] 1917 User ID [Signature ...]
1918 [User ID [Signature ...] ...] 1918 [User ID [Signature ...] ...]
1919 [User Attribute [Signature ...] ...] 1919 [User Attribute [Signature ...] ...]
1920 [[Subkey [Binding-Signature-Revocation] 1920 [[Subkey [Binding-Signature-Revocation]
1921 Primary-Key-Binding-Signature] ...] 1921 Primary-Key-Binding-Signature] ...]
1922 1922
1923and that's implemented below as a recursive descent parser. 1923and that's implemented below as a recursive descent parser.
1924It has had to be modified, though: see the comment 1924It has had to be modified, though: see the comment
1925 1925
1926 some keys out there have user ids where they shouldn't 1926 some keys out there have user ids where they shouldn't
1927 1927
1928to look like: 1928to look like:
1929 1929
1930 Primary-Key 1930 Primary-Key
1931 [Revocation Self Signature] 1931 [Revocation Self Signature]
1932 [Direct Key Signature...] 1932 [Direct Key Signature...]
1933 [User ID [Signature ...] 1933 [User ID [Signature ...]
1934 [User ID [Signature ...] ...] 1934 [User ID [Signature ...] ...]
1935 [User Attribute [Signature ...] ...] 1935 [User Attribute [Signature ...] ...]
1936 [Subkey [Binding-Signature-Revocation] 1936 [Subkey [Binding-Signature-Revocation]
1937 Primary-Key-Binding-Signature] ...] 1937 Primary-Key-Binding-Signature] ...]
1938 1938
1939to accommodate keyrings set up by gpg 1939to accommodate keyrings set up by gpg
1940*/ 1940*/
1941 1941
1942/* recognise a primary key */ 1942/* recognise a primary key */
1943static int 1943static int
1944recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary) 1944recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
1945{ 1945{
1946 pgpv_signed_userattr_t userattr; 1946 pgpv_signed_userattr_t userattr;
1947 pgpv_signed_userid_t userid; 1947 pgpv_signed_userid_t userid;
1948 pgpv_signed_subkey_t subkey; 1948 pgpv_signed_subkey_t subkey;
1949 pgpv_signature_t signature; 1949 pgpv_signature_t signature;
1950 pgpv_pkt_t *pkt; 1950 pgpv_pkt_t *pkt;
1951 1951
1952 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); 1952 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt);
1953 memset(primary, 0x0, sizeof(*primary)); 1953 memset(primary, 0x0, sizeof(*primary));
1954 read_pubkey(&primary->primary, pkt->s.data, pkt->s.size, 0); 1954 read_pubkey(&primary->primary, pkt->s.data, pkt->s.size, 0);
1955 pgp->pkt += 1; 1955 pgp->pkt += 1;
1956 if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION)) { 1956 if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION)) {
1957 if (!recog_signature(pgp, &primary->revoc_self_sig)) { 1957 if (!recog_signature(pgp, &primary->revoc_self_sig)) {
1958 printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n"); 1958 printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n");
1959 return 0; 1959 return 0;
1960 } 1960 }
1961 } 1961 }
1962 while (pkt_sigtype_is(pgp, SIGTYPE_DIRECT_KEY)) { 1962 while (pkt_sigtype_is(pgp, SIGTYPE_DIRECT_KEY)) {
1963 if (!recog_signature(pgp, &signature)) { 1963 if (!recog_signature(pgp, &signature)) {
1964 printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n"); 1964 printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n");
1965 return 0; 1965 return 0;
1966 } 1966 }
1967 if (signature.keyexpiry) { 1967 if (signature.keyexpiry) {
1968 /* XXX - check it's a good key expiry */ 1968 /* XXX - check it's a good key expiry */
1969 primary->primary.expiry = signature.keyexpiry; 1969 primary->primary.expiry = signature.keyexpiry;
1970 } 1970 }
1971 ARRAY_APPEND(primary->direct_sigs, signature); 1971 ARRAY_APPEND(primary->direct_sigs, signature);
1972 } 1972 }
1973 /* some keys out there have user ids where they shouldn't */ 1973 /* some keys out there have user ids where they shouldn't */
1974 do { 1974 do {
1975 if (!recog_userid(pgp, &userid)) { 1975 if (!recog_userid(pgp, &userid)) {
1976 printf("recog_primary_key: not userid\n"); 1976 printf("recog_primary_key: not userid\n");
1977 return 0; 1977 return 0;
1978 } 1978 }
1979 ARRAY_APPEND(primary->signed_userids, userid); 1979 ARRAY_APPEND(primary->signed_userids, userid);
1980 if (userid.primary_userid) { 1980 if (userid.primary_userid) {
1981 primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; 1981 primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1;
1982 } 1982 }
1983 while (pkt_is(pgp, USERID_PKT)) { 1983 while (pkt_is(pgp, USERID_PKT)) {
1984 if (!recog_userid(pgp, &userid)) { 1984 if (!recog_userid(pgp, &userid)) {
1985 printf("recog_primary_key: not signed secondary userid\n"); 1985 printf("recog_primary_key: not signed secondary userid\n");
1986 return 0; 1986 return 0;
1987 } 1987 }
1988 ARRAY_APPEND(primary->signed_userids, userid); 1988 ARRAY_APPEND(primary->signed_userids, userid);
1989 if (userid.primary_userid) { 1989 if (userid.primary_userid) {
1990 primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; 1990 primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1;
1991 } 1991 }
1992 } 1992 }
1993 while (pkt_is(pgp, USER_ATTRIBUTE_PKT)) { 1993 while (pkt_is(pgp, USER_ATTRIBUTE_PKT)) {
1994 if (!recog_userattr(pgp, &userattr)) { 1994 if (!recog_userattr(pgp, &userattr)) {
1995 printf("recog_primary_key: not signed user attribute\n"); 1995 printf("recog_primary_key: not signed user attribute\n");
1996 return 0; 1996 return 0;
1997 } 1997 }
1998 ARRAY_APPEND(primary->signed_userattrs, userattr); 1998 ARRAY_APPEND(primary->signed_userattrs, userattr);
1999 } 1999 }
2000 while (pkt_is(pgp, PUB_SUBKEY_PKT)) { 2000 while (pkt_is(pgp, PUB_SUBKEY_PKT)) {
2001 if (!recog_subkey(pgp, &subkey)) { 2001 if (!recog_subkey(pgp, &subkey)) {
2002 printf("recog_primary_key: not signed public subkey\n"); 2002 printf("recog_primary_key: not signed public subkey\n");
2003 return 0; 2003 return 0;
2004 } 2004 }
2005 pgpv_calc_keyid(&subkey.subkey); 2005 pgpv_calc_keyid(&subkey.subkey);
2006 ARRAY_APPEND(primary->signed_subkeys, subkey); 2006 ARRAY_APPEND(primary->signed_subkeys, subkey);
2007 } 2007 }
2008 } while (pgp->pkt < ARRAY_COUNT(pgp->pkts) && pkt_is(pgp, USERID_PKT)); 2008 } while (pgp->pkt < ARRAY_COUNT(pgp->pkts) && pkt_is(pgp, USERID_PKT));
2009 primary->fmtsize = estimate_primarykey_size(primary); 2009 primary->fmtsize = estimate_primarykey_size(primary);
2010 return 1; 2010 return 1;
2011} 2011}
2012 2012
2013/* parse all of the packets for a given operation */ 2013/* parse all of the packets for a given operation */
2014static int 2014static int
2015read_all_packets(pgpv_t *pgp, pgpv_mem_t *mem, const char *op) 2015read_all_packets(pgpv_t *pgp, pgpv_mem_t *mem, const char *op)
2016{ 2016{
2017 pgpv_primarykey_t primary; 2017 pgpv_primarykey_t primary;
2018 2018
2019 if (op == NULL) { 2019 if (op == NULL) {
2020 return 0; 2020 return 0;
2021 } 2021 }
2022 if (strcmp(pgp->op = op, "pubring") == 0) { 2022 if (strcmp(pgp->op = op, "pubring") == 0) {
2023 mem->allowed = PUBRING_ALLOWED; 2023 mem->allowed = PUBRING_ALLOWED;
2024 /* pubrings have thousands of small packets */ 2024 /* pubrings have thousands of small packets */
2025 ARRAY_EXPAND_SIZED(pgp->pkts, 0, 5000); 2025 ARRAY_EXPAND_SIZED(pgp->pkts, 0, 5000);
2026 } else if (strcmp(op, "signature") == 0) { 2026 } else if (strcmp(op, "signature") == 0) {
2027 mem->allowed = SIGNATURE_ALLOWED; 2027 mem->allowed = SIGNATURE_ALLOWED;
2028 } else { 2028 } else {
2029 mem->allowed = ""; 2029 mem->allowed = "";
2030 } 2030 }
2031 for (mem->cc = 0; mem->cc < mem->size ; ) { 2031 for (mem->cc = 0; mem->cc < mem->size ; ) {
2032 if (!read_pkt(pgp, mem)) { 2032 if (!read_pkt(pgp, mem)) {
2033 return 0; 2033 return 0;
2034 } 2034 }
2035 } 2035 }
2036 if (strcmp(op, "pubring") == 0) { 2036 if (strcmp(op, "pubring") == 0) {
2037 for (pgp->pkt = 0; pgp->pkt < ARRAY_COUNT(pgp->pkts) && recog_primary_key(pgp, &primary) ; ) { 2037 for (pgp->pkt = 0; pgp->pkt < ARRAY_COUNT(pgp->pkts) && recog_primary_key(pgp, &primary) ; ) {
2038 pgpv_calc_keyid(&primary.primary); 2038 pgpv_calc_keyid(&primary.primary);
2039 ARRAY_APPEND(pgp->primaries, primary); 2039 ARRAY_APPEND(pgp->primaries, primary);
2040 } 2040 }
2041 if (pgp->pkt < ARRAY_COUNT(pgp->pkts)) { 2041 if (pgp->pkt < ARRAY_COUNT(pgp->pkts)) {
2042 printf("short pubring recognition???\n"); 2042 printf("short pubring recognition???\n");
2043 } 2043 }
2044 } 2044 }
2045 pgp->pkt = ARRAY_COUNT(pgp->pkts); 2045 pgp->pkt = ARRAY_COUNT(pgp->pkts);
2046 return 1; 2046 return 1;
2047} 2047}
2048 2048
2049/* create a filename, read it, and then parse according to "op" */ 2049/* create a filename, read it, and then parse according to "op" */
2050static int 2050static int
2051read_binary_file(pgpv_t *pgp, const char *op, const char *fmt, ...) 2051read_binary_file(pgpv_t *pgp, const char *op, const char *fmt, ...)
2052{ 2052{
2053 va_list args; 2053 va_list args;
2054 char buf[1024]; 2054 char buf[1024];
2055 2055
2056 va_start(args, fmt); 2056 va_start(args, fmt);
2057 vsnprintf(buf, sizeof(buf), fmt, args); 2057 vsnprintf(buf, sizeof(buf), fmt, args);
2058 va_end(args); 2058 va_end(args);
2059 if (!read_file(pgp, buf)) { 2059 if (!read_file(pgp, buf)) {
2060 return 0; 2060 return 0;
2061 } 2061 }
2062 return read_all_packets(pgp, &ARRAY_LAST(pgp->areas), op); 2062 return read_all_packets(pgp, &ARRAY_LAST(pgp->areas), op);
2063} 2063}
2064 2064
2065/* parse memory according to "op" */ 2065/* parse memory according to "op" */
2066static int 2066static int
2067read_binary_memory(pgpv_t *pgp, const char *op, const void *memory, size_t size) 2067read_binary_memory(pgpv_t *pgp, const char *op, const void *memory, size_t size)
2068{ 2068{
2069 pgpv_mem_t *mem; 2069 pgpv_mem_t *mem;
2070 2070
2071 ARRAY_EXPAND(pgp->areas); 2071 ARRAY_EXPAND(pgp->areas);
2072 ARRAY_COUNT(pgp->areas) += 1; 2072 ARRAY_COUNT(pgp->areas) += 1;
2073 mem = &ARRAY_LAST(pgp->areas); 2073 mem = &ARRAY_LAST(pgp->areas);
2074 memset(mem, 0x0, sizeof(*mem)); 2074 memset(mem, 0x0, sizeof(*mem));
2075 mem->size = size; 2075 mem->size = size;
2076 mem->mem = __UNCONST(memory); 2076 mem->mem = __UNCONST(memory);
2077 mem->dealloc = 0; 2077 mem->dealloc = 0;
2078 return read_all_packets(pgp, mem, op); 2078 return read_all_packets(pgp, mem, op);
2079} 2079}
2080 2080
2081/* fixup the detached signature packets */ 2081/* fixup the detached signature packets */
2082static int 2082static int
2083fixup_detached(pgpv_cursor_t *cursor, const char *f) 2083fixup_detached(pgpv_cursor_t *cursor, const char *f)
2084{ 2084{
2085 pgpv_onepass_t *onepass; 2085 pgpv_onepass_t *onepass;
2086 const char *dot; 2086 const char *dot;
2087 pgpv_pkt_t sigpkt; 2087 pgpv_pkt_t sigpkt;
2088 pgpv_pkt_t litdata; 2088 pgpv_pkt_t litdata;
2089 pgpv_mem_t *mem; 2089 pgpv_mem_t *mem;
2090 size_t el; 2090 size_t el;
2091 char original[MAXPATHLEN]; 2091 char original[MAXPATHLEN];
2092 2092
2093 /* cons up litdata pkt */ 2093 /* cons up litdata pkt */
2094 if ((dot = strrchr(f, '.')) == NULL || strcasecmp(dot, ".sig") != 0) { 2094 if ((dot = strrchr(f, '.')) == NULL || strcasecmp(dot, ".sig") != 0) {
2095 printf("weird filename '%s'\n", f); 2095 printf("weird filename '%s'\n", f);
2096 return 0; 2096 return 0;
2097 } 2097 }
2098 /* hold sigpkt in a temp var while we insert onepass and litdata */ 2098 /* hold sigpkt in a temp var while we insert onepass and litdata */
2099 el = ARRAY_COUNT(cursor->pgp->pkts) - 1; 2099 el = ARRAY_COUNT(cursor->pgp->pkts) - 1;
2100 sigpkt = ARRAY_ELEMENT(cursor->pgp->pkts, el); 2100 sigpkt = ARRAY_ELEMENT(cursor->pgp->pkts, el);
2101 ARRAY_DELETE(cursor->pgp->pkts, el); 2101 ARRAY_DELETE(cursor->pgp->pkts, el);
2102 ARRAY_EXPAND(cursor->pgp->pkts); 2102 ARRAY_EXPAND(cursor->pgp->pkts);
2103 /* get onepass packet, append to packets */ 2103 /* get onepass packet, append to packets */
2104 read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); 2104 read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
2105 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, el).u.onepass; 2105 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, el).u.onepass;
2106 /* read the original file into litdata */ 2106 /* read the original file into litdata */
2107 snprintf(original, sizeof(original), "%.*s", (int)(dot - f), f); 2107 snprintf(original, sizeof(original), "%.*s", (int)(dot - f), f);
2108 if (!read_file(cursor->pgp, original)) { 2108 if (!read_file(cursor->pgp, original)) {
2109 printf("can't read file '%s'\n", original); 2109 printf("can't read file '%s'\n", original);
2110 return 0; 2110 return 0;
2111 } 2111 }
2112 memset(&litdata, 0x0, sizeof(litdata)); 2112 memset(&litdata, 0x0, sizeof(litdata));
2113 mem = &ARRAY_LAST(cursor->pgp->areas); 2113 mem = &ARRAY_LAST(cursor->pgp->areas);
2114 litdata.tag = LITDATA_PKT; 2114 litdata.tag = LITDATA_PKT;
2115 litdata.s.data = mem->mem; 2115 litdata.s.data = mem->mem;
2116 litdata.u.litdata.format = LITDATA_BINARY; 2116 litdata.u.litdata.format = LITDATA_BINARY;
2117 litdata.u.litdata.offset = 0; 2117 litdata.u.litdata.offset = 0;
2118 litdata.u.litdata.filename = (uint8_t *)strdup(original); 2118 litdata.u.litdata.filename = (uint8_t *)strdup(original);
2119 litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; 2119 litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1;
2120 litdata.u.litdata.len = litdata.s.size = mem->size; 2120 litdata.u.litdata.len = litdata.s.size = mem->size;
2121 ARRAY_APPEND(cursor->pgp->pkts, litdata); 2121 ARRAY_APPEND(cursor->pgp->pkts, litdata);
2122 ARRAY_APPEND(cursor->pgp->pkts, sigpkt); 2122 ARRAY_APPEND(cursor->pgp->pkts, sigpkt);
2123 memcpy(onepass->keyid, sigpkt.u.sigpkt.sig.signer, sizeof(onepass->keyid)); 2123 memcpy(onepass->keyid, sigpkt.u.sigpkt.sig.signer, sizeof(onepass->keyid));
2124 onepass->hashalg = sigpkt.u.sigpkt.sig.hashalg; 2124 onepass->hashalg = sigpkt.u.sigpkt.sig.hashalg;
2125 onepass->keyalg = sigpkt.u.sigpkt.sig.keyalg; 2125 onepass->keyalg = sigpkt.u.sigpkt.sig.keyalg;
2126 return 1; 2126 return 1;
2127} 2127}
2128 2128
2129/* match the calculated signature against the oen in the signature packet */ 2129/* match the calculated signature against the oen in the signature packet */
2130static int 2130static int
2131match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size) 2131match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size)
2132{ 2132{
2133 unsigned calclen; 2133 unsigned calclen;
2134 uint8_t calculated[64]; 2134 uint8_t calculated[64];
2135 int match; 2135 int match;
2136 2136
2137 calclen = pgpv_digest_memory(calculated, sizeof(calculated), 2137 calclen = pgpv_digest_memory(calculated, sizeof(calculated),
2138 data, size, 2138 data, size,
2139 get_ref(&signature->hashstart), signature->hashlen, 2139 get_ref(&signature->hashstart), signature->hashlen,
2140 (signature->type == SIGTYPE_TEXT) ? 't' : 'b'); 2140 (signature->type == SIGTYPE_TEXT) ? 't' : 'b');
2141 if (ALG_IS_RSA(signature->keyalg)) { 2141 if (ALG_IS_RSA(signature->keyalg)) {
2142 match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); 2142 match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey);
2143 } else if (ALG_IS_DSA(signature->keyalg)) { 2143 } else if (ALG_IS_DSA(signature->keyalg)) {
2144 match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); 2144 match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey);
2145 } else { 2145 } else {
2146 snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg); 2146 snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg);
2147 return 0; 2147 return 0;
2148 } 2148 }
2149 if (!match && signature->type == SIGTYPE_TEXT) { 2149 if (!match && signature->type == SIGTYPE_TEXT) {
2150 /* second try for cleartext data, ignoring trailing whitespace */ 2150 /* second try for cleartext data, ignoring trailing whitespace */
2151 calclen = pgpv_digest_memory(calculated, sizeof(calculated), 2151 calclen = pgpv_digest_memory(calculated, sizeof(calculated),
2152 data, size, 2152 data, size,
2153 get_ref(&signature->hashstart), signature->hashlen, 'w'); 2153 get_ref(&signature->hashstart), signature->hashlen, 'w');
2154 if (ALG_IS_RSA(signature->keyalg)) { 2154 if (ALG_IS_RSA(signature->keyalg)) {
2155 match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); 2155 match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey);
2156 } else if (ALG_IS_DSA(signature->keyalg)) { 2156 } else if (ALG_IS_DSA(signature->keyalg)) {
2157 match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); 2157 match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey);
2158 } 2158 }
2159 } 2159 }
2160 if (!match) { 2160 if (!match) {
2161 snprintf(cursor->why, sizeof(cursor->why), "Signature on data did not match"); 2161 snprintf(cursor->why, sizeof(cursor->why), "Signature on data did not match");
2162 return 0; 2162 return 0;
2163 } 2163 }
2164 if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) { 2164 if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) {
2165 return 0; 2165 return 0;
2166 } 2166 }
2167 if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) { 2167 if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) {
2168 return 0; 2168 return 0;
2169 } 2169 }
2170 if (signature->revoked) { 2170 if (signature->revoked) {
2171 snprintf(cursor->why, sizeof(cursor->why), "Signature was revoked"); 2171 snprintf(cursor->why, sizeof(cursor->why), "Signature was revoked");
2172 return 0; 2172 return 0;
2173 } 2173 }
2174 return 1; 2174 return 1;
2175} 2175}
2176 2176
2177/* check return value from getenv */ 2177/* check return value from getenv */
2178static const char * 2178static const char *
2179nonnull_getenv(const char *key) 2179nonnull_getenv(const char *key)
2180{ 2180{
2181 char *value; 2181 char *value;
2182 2182
2183 return ((value = getenv(key)) == NULL) ? "" : value; 2183 return ((value = getenv(key)) == NULL) ? "" : value;
2184} 2184}
2185 2185
2186/************************************************************************/ 2186/************************************************************************/
2187/* start of exported functions */ 2187/* start of exported functions */
2188/************************************************************************/ 2188/************************************************************************/
2189 2189
2190/* close all stuff */ 2190/* close all stuff */
2191int 2191int
2192pgpv_close(pgpv_t *pgp) 2192pgpv_close(pgpv_t *pgp)
2193{ 2193{
2194 unsigned i; 2194 unsigned i;
2195 2195
2196 if (pgp == NULL) { 2196 if (pgp == NULL) {
2197 return 0; 2197 return 0;
2198 } 2198 }
2199 for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) { 2199 for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) {
2200 if (ARRAY_ELEMENT(pgp->areas, i).size > 0) { 2200 if (ARRAY_ELEMENT(pgp->areas, i).size > 0) {
2201 closemem(&ARRAY_ELEMENT(pgp->areas, i)); 2201 closemem(&ARRAY_ELEMENT(pgp->areas, i));
2202 } 2202 }
2203 } 2203 }
2204 return 1; 2204 return 1;
2205} 2205}
2206 2206
2207/* return the formatted entry for the primary key desired */ 2207/* return the formatted entry for the primary key desired */
2208size_t 2208size_t
2209pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **ret) 2209pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **ret)
2210{ 2210{
2211 size_t cc; 2211 size_t cc;
2212 2212
2213 if (ret == NULL || pgp == NULL || ent >= ARRAY_COUNT(pgp->primaries)) { 2213 if (ret == NULL || pgp == NULL || ent >= ARRAY_COUNT(pgp->primaries)) {
2214 return 0; 2214 return 0;
2215 } 2215 }
2216 *ret = NULL; 2216 *ret = NULL;
2217 cc = ARRAY_ELEMENT(pgp->primaries, ent).fmtsize; 2217 cc = ARRAY_ELEMENT(pgp->primaries, ent).fmtsize;
2218 if ((*ret = calloc(1, cc)) == NULL) { 2218 if ((*ret = calloc(1, cc)) == NULL) {
2219 return 0; 2219 return 0;
2220 } 2220 }
2221 return fmt_primary(*ret, cc, &ARRAY_ELEMENT(pgp->primaries, ent)); 2221 return fmt_primary(*ret, cc, &ARRAY_ELEMENT(pgp->primaries, ent));
2222} 2222}
2223 2223
2224/* find key id */ 2224/* find key id */
2225int 2225int
2226pgpv_find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid) 2226pgpv_find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid)
2227{ 2227{
2228 unsigned i; 2228 unsigned i;
2229 uint8_t binkeyid[PGPV_KEYID_LEN]; 2229 uint8_t binkeyid[PGPV_KEYID_LEN];
2230 size_t off; 2230 size_t off;
2231 size_t cmp; 2231 size_t cmp;
2232 2232
2233 if (strkeyid == NULL && keyid == NULL) { 2233 if (strkeyid == NULL && keyid == NULL) {
2234 return 0; 2234 return 0;
2235 } 2235 }
2236 if (strkeyid) { 2236 if (strkeyid) {
2237 str_to_keyid(strkeyid, binkeyid); 2237 str_to_keyid(strkeyid, binkeyid);
2238 cmp = strlen(strkeyid) / 2; 2238 cmp = strlen(strkeyid) / 2;
2239 } else { 2239 } else {
2240 memcpy(binkeyid, keyid, sizeof(binkeyid)); 2240 memcpy(binkeyid, keyid, sizeof(binkeyid));
2241 cmp = PGPV_KEYID_LEN; 2241 cmp = PGPV_KEYID_LEN;
2242 } 2242 }
2243 off = PGPV_KEYID_LEN - cmp; 2243 off = PGPV_KEYID_LEN - cmp;
2244 for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) { 2244 for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) {
2245 if (memcmp(&ARRAY_ELEMENT(pgp->primaries, i).primary.keyid[off], &binkeyid[off], cmp) == 0) { 2245 if (memcmp(&ARRAY_ELEMENT(pgp->primaries, i).primary.keyid[off], &binkeyid[off], cmp) == 0) {
2246 return i; 2246 return i;
2247 } 2247 }
2248 } 2248 }
2249 return -1; 2249 return -1;
2250} 2250}
2251 2251
2252/* verify the signed packets we have */ 2252/* verify the signed packets we have */
2253size_t 2253size_t
2254pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) 2254pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
2255{ 2255{
2256 pgpv_signature_t *signature; 2256 pgpv_signature_t *signature;
2257 pgpv_onepass_t *onepass; 2257 pgpv_onepass_t *onepass;
2258 pgpv_litdata_t *litdata; 2258 pgpv_litdata_t *litdata;
2259 pgpv_pubkey_t *pubkey; 2259 pgpv_pubkey_t *pubkey;
2260 unsigned primary; 2260 unsigned primary;
2261 uint8_t *data; 2261 uint8_t *data;
2262 size_t pkt; 2262 size_t pkt;
2263 size_t insize; 2263 size_t insize;
2264 char strkeyid[PGPV_STR_KEYID_LEN]; 2264 char strkeyid[PGPV_STR_KEYID_LEN];
2265 int j; 2265 int j;
2266 2266
2267 if (cursor == NULL || pgp == NULL || p == NULL) { 2267 if (cursor == NULL || pgp == NULL || p == NULL) {
2268 return 0; 2268 return 0;
2269 } 2269 }
2270 if (!setup_data(cursor, pgp, p, size)) { 2270 if (!setup_data(cursor, pgp, p, size)) {
2271 snprintf(cursor->why, sizeof(cursor->why), "No input data"); 2271 snprintf(cursor->why, sizeof(cursor->why), "No input data");
2272 return 0; 2272 return 0;
2273 } 2273 }
2274 if (ARRAY_COUNT(cursor->pgp->pkts) == ARRAY_LAST(cursor->pgp->datastarts) + 1) { 2274 if (ARRAY_COUNT(cursor->pgp->pkts) == ARRAY_LAST(cursor->pgp->datastarts) + 1) {
2275 /* got detached signature here */ 2275 /* got detached signature here */
2276 if (!fixup_detached(cursor, p)) { 2276 if (!fixup_detached(cursor, p)) {
2277 snprintf(cursor->why, sizeof(cursor->why), "Can't read signed file '%s'", (const char *)p); 2277 snprintf(cursor->why, sizeof(cursor->why), "Can't read signed file '%s'", (const char *)p);
2278 return 0; 2278 return 0;
2279 } 2279 }
2280 } 2280 }
2281 if ((pkt = find_onepass(cursor, ARRAY_LAST(cursor->pgp->datastarts))) == 0) { 2281 if ((pkt = find_onepass(cursor, ARRAY_LAST(cursor->pgp->datastarts))) == 0) {
2282 snprintf(cursor->why, sizeof(cursor->why), "No signature found"); 2282 snprintf(cursor->why, sizeof(cursor->why), "No signature found");
2283 return 0; 2283 return 0;
2284 } 2284 }
2285 pkt -= 1; 2285 pkt -= 1;
2286 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.onepass; 2286 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.onepass;
2287 litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 1).u.litdata; 2287 litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 1).u.litdata;
2288 signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig; 2288 signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig;
2289 /* sanity check values in signature and onepass agree */ 2289 /* sanity check values in signature and onepass agree */
2290 if (signature->birth == 0) { 2290 if (signature->birth == 0) {
2291 fmt_time(cursor->why, sizeof(cursor->why), "Signature creation time [", 2291 fmt_time(cursor->why, sizeof(cursor->why), "Signature creation time [",
2292 signature->birth, "] out of range", 0); 2292 signature->birth, "] out of range", 0);
2293 return 0; 2293 return 0;
2294 } 2294 }
2295 if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) { 2295 if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) {
2296 fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid)); 2296 fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid));
2297 snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s does not match onepass keyid", 2297 snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s does not match onepass keyid",
2298 strkeyid); 2298 strkeyid);
2299 return 0; 2299 return 0;
2300 } 2300 }
2301 if (onepass->hashalg != signature->hashalg) { 2301 if (onepass->hashalg != signature->hashalg) {
2302 snprintf(cursor->why, sizeof(cursor->why), "Signature hashalg %u does not match onepass hashalg %u", 2302 snprintf(cursor->why, sizeof(cursor->why), "Signature hashalg %u does not match onepass hashalg %u",
2303 signature->hashalg, onepass->hashalg); 2303 signature->hashalg, onepass->hashalg);
2304 return 0; 2304 return 0;
2305 } 2305 }
2306 if (onepass->keyalg != signature->keyalg) { 2306 if (onepass->keyalg != signature->keyalg) {
2307 snprintf(cursor->why, sizeof(cursor->why), "Signature keyalg %u does not match onepass keyalg %u", 2307 snprintf(cursor->why, sizeof(cursor->why), "Signature keyalg %u does not match onepass keyalg %u",
2308 signature->keyalg, onepass->keyalg); 2308 signature->keyalg, onepass->keyalg);
2309 return 0; 2309 return 0;
2310 } 2310 }
2311 if ((j = pgpv_find_keyid(cursor->pgp, NULL, onepass->keyid)) < 0) { 2311 if ((j = pgpv_find_keyid(cursor->pgp, NULL, onepass->keyid)) < 0) {
2312 fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid)); 2312 fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid));
2313 snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s not found ", strkeyid); 2313 snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s not found ", strkeyid);
2314 return 0; 2314 return 0;
2315 } 2315 }
2316 primary = (unsigned)j; 2316 primary = (unsigned)j;
2317 pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary; 2317 pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary;
2318 cursor->sigtime = signature->birth; 2318 cursor->sigtime = signature->birth;
2319 /* calc hash on data packet */ 2319 /* calc hash on data packet */
2320 data = get_literal_data(cursor, litdata, &insize); 2320 data = get_literal_data(cursor, litdata, &insize);
2321 if (!match_sig(cursor, signature, pubkey, data, insize)) { 2321 if (!match_sig(cursor, signature, pubkey, data, insize)) {
2322 return 0; 2322 return 0;
2323 } 2323 }
2324 ARRAY_APPEND(cursor->datacookies, pkt); 2324 ARRAY_APPEND(cursor->datacookies, pkt);
2325 ARRAY_APPEND(cursor->found, primary); 2325 ARRAY_APPEND(cursor->found, primary);
2326 return pkt + 1; 2326 return pkt + 1;
2327} 2327}
2328 2328
2329/* set up the pubkey keyring */ 2329/* set up the pubkey keyring */
2330int 2330int
2331pgpv_read_pubring(pgpv_t *pgp, const void *keyring, ssize_t size) 2331pgpv_read_pubring(pgpv_t *pgp, const void *keyring, ssize_t size)
2332{ 2332{
2333 if (pgp == NULL) { 2333 if (pgp == NULL) {
2334 return 0; 2334 return 0;
2335 } 2335 }
2336 if (keyring) { 2336 if (keyring) {
2337 return (size > 0) ? 2337 return (size > 0) ?
2338 read_binary_memory(pgp, "pubring", keyring, (size_t)size) : 2338 read_binary_memory(pgp, "pubring", keyring, (size_t)size) :
2339 read_binary_file(pgp, "pubring", "%s", (const char *)keyring); 2339 read_binary_file(pgp, "pubring", "%s", (const char *)keyring);
2340 } 2340 }
2341 return read_binary_file(pgp, "pubring", "%s/%s", nonnull_getenv("HOME"), ".gnupg/pubring.gpg"); 2341 return read_binary_file(pgp, "pubring", "%s/%s", nonnull_getenv("HOME"), ".gnupg/pubring.gpg");
2342} 2342}
2343 2343
2344/* get verified data as a string, return its size */ 2344/* get verified data as a string, return its size */
2345size_t 2345size_t
2346pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret) 2346pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret)
2347{ 2347{
2348 pgpv_litdata_t *litdata; 2348 pgpv_litdata_t *litdata;
2349 uint8_t *data; 2349 uint8_t *data;
2350 size_t size; 2350 size_t size;
2351 size_t pkt; 2351 size_t pkt;
2352 2352
2353 if (ret == NULL || cursor == NULL || cookie == 0) { 2353 if (ret == NULL || cursor == NULL || cookie == 0) {
2354 return 0; 2354 return 0;
2355 } 2355 }
2356 *ret = NULL; 2356 *ret = NULL;
2357 if ((pkt = find_onepass(cursor, cookie - 1)) == 0) { 2357 if ((pkt = find_onepass(cursor, cookie - 1)) == 0) {
2358 return 0; 2358 return 0;
2359 } 2359 }
2360 litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata; 2360 litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata;
2361 data = get_literal_data(cursor, litdata, &size); 2361 data = get_literal_data(cursor, litdata, &size);
2362 if ((*ret = calloc(1, size)) == NULL) { 2362 if ((*ret = calloc(1, size)) == NULL) {
2363 return 0; 2363 return 0;
2364 } 2364 }
2365 memcpy(*ret, data, size); 2365 memcpy(*ret, data, size);
2366 return size; 2366 return size;
2367} 2367}