| @@ -884,1484 +884,1484 @@ read_compressed(pgpv_t *pgp, pgpv_compre | | | @@ -884,1484 +884,1484 @@ read_compressed(pgpv_t *pgp, pgpv_compre |
884 | return 0; | | 884 | return 0; |
885 | } | | 885 | } |
886 | switch(compressed->compalg) { | | 886 | switch(compressed->compalg) { |
887 | case UNCOMPRESSED: | | 887 | case UNCOMPRESSED: |
888 | printf("not implemented %d compression yet\n", compressed->compalg); | | 888 | printf("not implemented %d compression yet\n", compressed->compalg); |
889 | return 0; | | 889 | return 0; |
890 | default: | | 890 | default: |
891 | break; | | 891 | break; |
892 | } | | 892 | } |
893 | ARRAY_EXPAND(pgp->areas); | | 893 | ARRAY_EXPAND(pgp->areas); |
894 | ARRAY_COUNT(pgp->areas) += 1; | | 894 | ARRAY_COUNT(pgp->areas) += 1; |
895 | unzmem = &ARRAY_LAST(pgp->areas); | | 895 | unzmem = &ARRAY_LAST(pgp->areas); |
896 | unzmem->size = len * 10; | | 896 | unzmem->size = len * 10; |
897 | unzmem->dealloc = FREE_MEM; | | 897 | unzmem->dealloc = FREE_MEM; |
898 | if ((unzmem->mem = calloc(1, unzmem->size)) == NULL) { | | 898 | if ((unzmem->mem = calloc(1, unzmem->size)) == NULL) { |
899 | printf("read_compressed: calloc failed!\n"); | | 899 | printf("read_compressed: calloc failed!\n"); |
900 | return 0; | | 900 | return 0; |
901 | } | | 901 | } |
902 | switch(compressed->compalg) { | | 902 | switch(compressed->compalg) { |
903 | case ZIP_COMPRESSION: | | 903 | case ZIP_COMPRESSION: |
904 | case ZLIB_COMPRESSION: | | 904 | case ZLIB_COMPRESSION: |
905 | memset(&z, 0x0, sizeof(z)); | | 905 | memset(&z, 0x0, sizeof(z)); |
906 | z.next_in = p + 1; | | 906 | z.next_in = p + 1; |
907 | z.avail_in = (unsigned)(len - 1); | | 907 | z.avail_in = (unsigned)(len - 1); |
908 | z.total_in = (unsigned)(len - 1); | | 908 | z.total_in = (unsigned)(len - 1); |
909 | z.next_out = unzmem->mem; | | 909 | z.next_out = unzmem->mem; |
910 | z.avail_out = (unsigned)unzmem->size; | | 910 | z.avail_out = (unsigned)unzmem->size; |
911 | z.total_out = (unsigned)unzmem->size; | | 911 | z.total_out = (unsigned)unzmem->size; |
912 | break; | | 912 | break; |
913 | case BZIP2_COMPRESSION: | | 913 | case BZIP2_COMPRESSION: |
914 | memset(&bz, 0x0, sizeof(bz)); | | 914 | memset(&bz, 0x0, sizeof(bz)); |
915 | bz.avail_in = (unsigned)(len - 1); | | 915 | bz.avail_in = (unsigned)(len - 1); |
916 | bz.next_in = (char *)(void *)p + 1; | | 916 | bz.next_in = (char *)(void *)p + 1; |
917 | bz.next_out = (char *)(void *)unzmem->mem; | | 917 | bz.next_out = (char *)(void *)unzmem->mem; |
918 | bz.avail_out = (unsigned)unzmem->size; | | 918 | bz.avail_out = (unsigned)unzmem->size; |
919 | break; | | 919 | break; |
920 | } | | 920 | } |
921 | switch(compressed->compalg) { | | 921 | switch(compressed->compalg) { |
922 | case ZIP_COMPRESSION: | | 922 | case ZIP_COMPRESSION: |
923 | ok = (inflateInit2(&z, -15) == Z_OK); | | 923 | ok = (inflateInit2(&z, -15) == Z_OK); |
924 | break; | | 924 | break; |
925 | case ZLIB_COMPRESSION: | | 925 | case ZLIB_COMPRESSION: |
926 | ok = (inflateInit(&z) == Z_OK); | | 926 | ok = (inflateInit(&z) == Z_OK); |
927 | break; | | 927 | break; |
928 | case BZIP2_COMPRESSION: | | 928 | case BZIP2_COMPRESSION: |
929 | ok = (BZ2_bzDecompressInit(&bz, 1, 0) == BZ_OK); | | 929 | ok = (BZ2_bzDecompressInit(&bz, 1, 0) == BZ_OK); |
930 | break; | | 930 | break; |
931 | } | | 931 | } |
932 | if (!ok) { | | 932 | if (!ok) { |
933 | printf("read_compressed: initialisation failed!\n"); | | 933 | printf("read_compressed: initialisation failed!\n"); |
934 | return 0; | | 934 | return 0; |
935 | } | | 935 | } |
936 | switch(compressed->compalg) { | | 936 | switch(compressed->compalg) { |
937 | case ZIP_COMPRESSION: | | 937 | case ZIP_COMPRESSION: |
938 | case ZLIB_COMPRESSION: | | 938 | case ZLIB_COMPRESSION: |
939 | ok = (inflate(&z, Z_FINISH) == Z_STREAM_END); | | 939 | ok = (inflate(&z, Z_FINISH) == Z_STREAM_END); |
940 | unzmem->size = z.total_out; | | 940 | unzmem->size = z.total_out; |
941 | break; | | 941 | break; |
942 | case BZIP2_COMPRESSION: | | 942 | case BZIP2_COMPRESSION: |
943 | ok = (BZ2_bzDecompress(&bz) == BZ_STREAM_END); | | 943 | ok = (BZ2_bzDecompress(&bz) == BZ_STREAM_END); |
944 | unzmem->size = ((uint64_t)bz.total_out_hi32 << 32) | bz.total_out_lo32; | | 944 | unzmem->size = ((uint64_t)bz.total_out_hi32 << 32) | bz.total_out_lo32; |
945 | break; | | 945 | break; |
946 | } | | 946 | } |
947 | if (!ok) { | | 947 | if (!ok) { |
948 | printf("read_compressed: inflate failed!\n"); | | 948 | printf("read_compressed: inflate failed!\n"); |
949 | return 0; | | 949 | return 0; |
950 | } | | 950 | } |
951 | return 1; | | 951 | return 1; |
952 | } | | 952 | } |
953 | | | 953 | |
954 | /* parse one pass signature packet */ | | 954 | /* parse one pass signature packet */ |
955 | static int | | 955 | static int |
956 | read_onepass_sig(pgpv_onepass_t *onepasspkt, uint8_t *mem) | | 956 | read_onepass_sig(pgpv_onepass_t *onepasspkt, uint8_t *mem) |
957 | { | | 957 | { |
958 | onepasspkt->version = mem[0]; | | 958 | onepasspkt->version = mem[0]; |
959 | onepasspkt->type = mem[1]; | | 959 | onepasspkt->type = mem[1]; |
960 | onepasspkt->hashalg = mem[2]; | | 960 | onepasspkt->hashalg = mem[2]; |
961 | onepasspkt->keyalg = mem[3]; | | 961 | onepasspkt->keyalg = mem[3]; |
962 | memcpy(onepasspkt->keyid, &mem[4], sizeof(onepasspkt->keyid)); | | 962 | memcpy(onepasspkt->keyid, &mem[4], sizeof(onepasspkt->keyid)); |
963 | onepasspkt->nested = mem[12]; | | 963 | onepasspkt->nested = mem[12]; |
964 | return 1; | | 964 | return 1; |
965 | } | | 965 | } |
966 | | | 966 | |
967 | /* parse public key packet */ | | 967 | /* parse public key packet */ |
968 | static int | | 968 | static int |
969 | read_pubkey(pgpv_pubkey_t *pubkey, uint8_t *mem, size_t pktlen, int pbn) | | 969 | read_pubkey(pgpv_pubkey_t *pubkey, uint8_t *mem, size_t pktlen, int pbn) |
970 | { | | 970 | { |
971 | size_t off; | | 971 | size_t off; |
972 | | | 972 | |
973 | off = 0; | | 973 | off = 0; |
974 | pubkey->version = mem[off++]; | | 974 | pubkey->version = mem[off++]; |
975 | pubkey->birth = get_32(&mem[off]); | | 975 | pubkey->birth = get_32(&mem[off]); |
976 | off += 4; | | 976 | off += 4; |
977 | if (pubkey->version == 2 || pubkey->version == 3) { | | 977 | if (pubkey->version == 2 || pubkey->version == 3) { |
978 | pubkey->expiry = get_16(&mem[off]) * DAYSECS; | | 978 | pubkey->expiry = get_16(&mem[off]) * DAYSECS; |
979 | off += 2; | | 979 | off += 2; |
980 | } | | 980 | } |
981 | if ((pubkey->keyalg = mem[off++]) == 0) { | | 981 | if ((pubkey->keyalg = mem[off++]) == 0) { |
982 | pubkey->keyalg = PUBKEY_RSA_ENCRYPT_OR_SIGN; | | 982 | pubkey->keyalg = PUBKEY_RSA_ENCRYPT_OR_SIGN; |
983 | printf("got unusual pubkey keyalg %u\n", mem[off - 1]); | | 983 | printf("got unusual pubkey keyalg %u\n", mem[off - 1]); |
984 | } | | 984 | } |
985 | switch(pubkey->keyalg) { | | 985 | switch(pubkey->keyalg) { |
986 | case PUBKEY_RSA_ENCRYPT_OR_SIGN: | | 986 | case PUBKEY_RSA_ENCRYPT_OR_SIGN: |
987 | case PUBKEY_RSA_ENCRYPT: | | 987 | case PUBKEY_RSA_ENCRYPT: |
988 | case PUBKEY_RSA_SIGN: | | 988 | case PUBKEY_RSA_SIGN: |
989 | if (!get_mpi(&pubkey->bn[RSA_N], &mem[off], pktlen, &off) || | | 989 | if (!get_mpi(&pubkey->bn[RSA_N], &mem[off], pktlen, &off) || |
990 | !get_mpi(&pubkey->bn[RSA_E], &mem[off], pktlen, &off)) { | | 990 | !get_mpi(&pubkey->bn[RSA_E], &mem[off], pktlen, &off)) { |
991 | return 0; | | 991 | return 0; |
992 | } | | 992 | } |
993 | break; | | 993 | break; |
994 | case PUBKEY_ELGAMAL_ENCRYPT: | | 994 | case PUBKEY_ELGAMAL_ENCRYPT: |
995 | case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: | | 995 | case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: |
996 | if (!get_mpi(&pubkey->bn[ELGAMAL_P], &mem[off], pktlen, &off) || | | 996 | if (!get_mpi(&pubkey->bn[ELGAMAL_P], &mem[off], pktlen, &off) || |
997 | !get_mpi(&pubkey->bn[ELGAMAL_Y], &mem[off], pktlen, &off)) { | | 997 | !get_mpi(&pubkey->bn[ELGAMAL_Y], &mem[off], pktlen, &off)) { |
998 | return 0; | | 998 | return 0; |
999 | } | | 999 | } |
1000 | break; | | 1000 | break; |
1001 | case PUBKEY_DSA: | | 1001 | case PUBKEY_DSA: |
1002 | if (!get_mpi(&pubkey->bn[DSA_P], &mem[off], pktlen, &off) || | | 1002 | if (!get_mpi(&pubkey->bn[DSA_P], &mem[off], pktlen, &off) || |
1003 | !get_mpi(&pubkey->bn[DSA_Q], &mem[off], pktlen, &off) || | | 1003 | !get_mpi(&pubkey->bn[DSA_Q], &mem[off], pktlen, &off) || |
1004 | !get_mpi(&pubkey->bn[DSA_G], &mem[off], pktlen, &off) || | | 1004 | !get_mpi(&pubkey->bn[DSA_G], &mem[off], pktlen, &off) || |
1005 | !get_mpi(&pubkey->bn[DSA_Y], &mem[off], pktlen, &off)) { | | 1005 | !get_mpi(&pubkey->bn[DSA_Y], &mem[off], pktlen, &off)) { |
1006 | return 0; | | 1006 | return 0; |
1007 | } | | 1007 | } |
1008 | break; | | 1008 | break; |
1009 | default: | | 1009 | default: |
1010 | printf("hi, different type of pubkey here %u\n", pubkey->keyalg); | | 1010 | printf("hi, different type of pubkey here %u\n", pubkey->keyalg); |
1011 | break; | | 1011 | break; |
1012 | } | | 1012 | } |
1013 | if (pbn) { | | 1013 | if (pbn) { |
1014 | print_key_mpis(pubkey->bn, pubkey->keyalg); | | 1014 | print_key_mpis(pubkey->bn, pubkey->keyalg); |
1015 | } | | 1015 | } |
1016 | return 1; | | 1016 | return 1; |
1017 | } | | 1017 | } |
1018 | | | 1018 | |
1019 | /* parse a user attribute */ | | 1019 | /* parse a user attribute */ |
1020 | static int | | 1020 | static int |
1021 | read_userattr(pgpv_userattr_t *userattr, uint8_t *p, size_t pktlen) | | 1021 | read_userattr(pgpv_userattr_t *userattr, uint8_t *p, size_t pktlen) |
1022 | { | | 1022 | { |
1023 | pgpv_string_t subattr; | | 1023 | pgpv_string_t subattr; |
1024 | const int is_subpkt = 0; | | 1024 | const int is_subpkt = 0; |
1025 | const int indian = 1; | | 1025 | const int indian = 1; |
1026 | unsigned lenlen; | | 1026 | unsigned lenlen; |
1027 | uint16_t imagelen; | | 1027 | uint16_t imagelen; |
1028 | size_t cc; | | 1028 | size_t cc; |
1029 | | | 1029 | |
1030 | userattr->len = pktlen; | | 1030 | userattr->len = pktlen; |
1031 | for (cc = 0 ; cc < pktlen ; cc += subattr.size + lenlen + 1) { | | 1031 | for (cc = 0 ; cc < pktlen ; cc += subattr.size + lenlen + 1) { |
1032 | subattr.size = get_pkt_len(1, p, 0, is_subpkt); | | 1032 | subattr.size = get_pkt_len(1, p, 0, is_subpkt); |
1033 | lenlen = get_pkt_len_len(1, p, is_subpkt); | | 1033 | lenlen = get_pkt_len_len(1, p, is_subpkt); |
1034 | if (lenlen > pktlen) { | | 1034 | if (lenlen > pktlen) { |
1035 | printf("weird lenlen %u\n", lenlen); | | 1035 | printf("weird lenlen %u\n", lenlen); |
1036 | return 0; | | 1036 | return 0; |
1037 | } | | 1037 | } |
1038 | p += lenlen; | | 1038 | p += lenlen; |
1039 | if (*p++ != 1) { | | 1039 | if (*p++ != 1) { |
1040 | printf("image type (%u) != 1. weird packet\n", *(p - 1)); | | 1040 | printf("image type (%u) != 1. weird packet\n", *(p - 1)); |
1041 | } | | 1041 | } |
1042 | memcpy(&imagelen, p, sizeof(imagelen)); | | 1042 | memcpy(&imagelen, p, sizeof(imagelen)); |
1043 | if (!*(const char *)(const void *)&indian) { | | 1043 | if (!*(const char *)(const void *)&indian) { |
1044 | /* big endian - byteswap length */ | | 1044 | /* big endian - byteswap length */ |
1045 | imagelen = (((unsigned)imagelen & 0xff) << 8) | (((unsigned)imagelen >> 8) & 0xff); | | 1045 | imagelen = (((unsigned)imagelen & 0xff) << 8) | (((unsigned)imagelen >> 8) & 0xff); |
1046 | } | | 1046 | } |
1047 | subattr.data = p + 3; | | 1047 | subattr.data = p + 3; |
1048 | p += subattr.size; | | 1048 | p += subattr.size; |
1049 | ARRAY_APPEND(userattr->subattrs, subattr); | | 1049 | ARRAY_APPEND(userattr->subattrs, subattr); |
1050 | } | | 1050 | } |
1051 | return 1; | | 1051 | return 1; |
1052 | } | | 1052 | } |
1053 | | | 1053 | |
1054 | #define LITDATA_BINARY 'b' | | 1054 | #define LITDATA_BINARY 'b' |
1055 | #define LITDATA_TEXT 't' | | 1055 | #define LITDATA_TEXT 't' |
1056 | #define LITDATA_UTF8 'u' | | 1056 | #define LITDATA_UTF8 'u' |
1057 | | | 1057 | |
1058 | /* parse literal packet */ | | 1058 | /* parse literal packet */ |
1059 | static int | | 1059 | static int |
1060 | read_litdata(pgpv_t *pgp, pgpv_litdata_t *litdata, uint8_t *p, size_t size) | | 1060 | read_litdata(pgpv_t *pgp, pgpv_litdata_t *litdata, uint8_t *p, size_t size) |
1061 | { | | 1061 | { |
1062 | size_t cc; | | 1062 | size_t cc; |
1063 | | | 1063 | |
1064 | cc = 0; | | 1064 | cc = 0; |
1065 | switch(litdata->format = p[cc++]) { | | 1065 | switch(litdata->format = p[cc++]) { |
1066 | case LITDATA_BINARY: | | 1066 | case LITDATA_BINARY: |
1067 | case LITDATA_TEXT: | | 1067 | case LITDATA_TEXT: |
1068 | case LITDATA_UTF8: | | 1068 | case LITDATA_UTF8: |
1069 | litdata->namelen = 0; | | 1069 | litdata->namelen = 0; |
1070 | break; | | 1070 | break; |
1071 | default: | | 1071 | default: |
1072 | printf("weird litdata format %u\n", litdata->format); | | 1072 | printf("weird litdata format %u\n", litdata->format); |
1073 | break; | | 1073 | break; |
1074 | } | | 1074 | } |
1075 | litdata->namelen = p[cc++]; | | 1075 | litdata->namelen = p[cc++]; |
1076 | litdata->filename = &p[cc]; | | 1076 | litdata->filename = &p[cc]; |
1077 | cc += litdata->namelen; | | 1077 | cc += litdata->namelen; |
1078 | litdata->secs = get_32(&p[cc]); | | 1078 | litdata->secs = get_32(&p[cc]); |
1079 | cc += 4; | | 1079 | cc += 4; |
1080 | litdata->s.data = &p[cc]; | | 1080 | litdata->s.data = &p[cc]; |
1081 | litdata->len = litdata->s.size = size - cc; | | 1081 | litdata->len = litdata->s.size = size - cc; |
1082 | litdata->mem = ARRAY_COUNT(pgp->areas) - 1; | | 1082 | litdata->mem = ARRAY_COUNT(pgp->areas) - 1; |
1083 | litdata->offset = cc; | | 1083 | litdata->offset = cc; |
1084 | return 1; | | 1084 | return 1; |
1085 | } | | 1085 | } |
1086 | | | 1086 | |
1087 | /* parse a single packet */ | | 1087 | /* parse a single packet */ |
1088 | static int | | 1088 | static int |
1089 | read_pkt(pgpv_t *pgp, pgpv_mem_t *mem) | | 1089 | read_pkt(pgpv_t *pgp, pgpv_mem_t *mem) |
1090 | { | | 1090 | { |
1091 | const int isprimary = 1; | | 1091 | const int isprimary = 1; |
1092 | pgpv_pkt_t pkt; | | 1092 | pgpv_pkt_t pkt; |
1093 | pgpv_mem_t *newmem; | | 1093 | pgpv_mem_t *newmem; |
1094 | unsigned lenlen; | | 1094 | unsigned lenlen; |
1095 | uint8_t ispartial; | | 1095 | uint8_t ispartial; |
1096 | size_t size; | | 1096 | size_t size; |
1097 | | | 1097 | |
1098 | memset(&pkt, 0x0, sizeof(pkt)); | | 1098 | memset(&pkt, 0x0, sizeof(pkt)); |
1099 | pkt.tag = mem->mem[mem->cc++]; | | 1099 | pkt.tag = mem->mem[mem->cc++]; |
1100 | if (!(pkt.tag & PKT_ALWAYS_ON)) { | | 1100 | if (!(pkt.tag & PKT_ALWAYS_ON)) { |
1101 | printf("BAD PACKET - bit 7 not 1, offset %zu!\n", mem->cc - 1); | | 1101 | printf("BAD PACKET - bit 7 not 1, offset %zu!\n", mem->cc - 1); |
1102 | } | | 1102 | } |
1103 | pkt.newfmt = (pkt.tag & PKT_NEWFMT_MASK); | | 1103 | pkt.newfmt = (pkt.tag & PKT_NEWFMT_MASK); |
1104 | pkt.tag = (pkt.newfmt) ? | | 1104 | pkt.tag = (pkt.newfmt) ? |
1105 | (pkt.tag & PKT_NEWFMT_TAG_MASK) : | | 1105 | (pkt.tag & PKT_NEWFMT_TAG_MASK) : |
1106 | (((unsigned)pkt.tag & PKT_OLDFMT_TAG_MASK) >> 2); | | 1106 | (((unsigned)pkt.tag & PKT_OLDFMT_TAG_MASK) >> 2); |
1107 | ispartial = (pkt.newfmt && IS_PARTIAL(mem->mem[mem->cc])); | | 1107 | ispartial = (pkt.newfmt && IS_PARTIAL(mem->mem[mem->cc])); |
1108 | pkt.s.size = get_pkt_len(pkt.newfmt, &mem->mem[mem->cc], mem->size - mem->cc, isprimary); | | 1108 | pkt.s.size = get_pkt_len(pkt.newfmt, &mem->mem[mem->cc], mem->size - mem->cc, isprimary); |
1109 | lenlen = get_pkt_len_len(pkt.newfmt, &mem->mem[mem->cc], isprimary); | | 1109 | lenlen = get_pkt_len_len(pkt.newfmt, &mem->mem[mem->cc], isprimary); |
1110 | pkt.offset = mem->cc; | | 1110 | pkt.offset = mem->cc; |
1111 | mem->cc += lenlen; | | 1111 | mem->cc += lenlen; |
1112 | pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas)); | | 1112 | pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas)); |
1113 | pkt.s.data = &mem->mem[mem->cc]; | | 1113 | pkt.s.data = &mem->mem[mem->cc]; |
1114 | if (strchr(mem->allowed, pkt.tag) == NULL) { | | 1114 | if (strchr(mem->allowed, pkt.tag) == NULL) { |
1115 | printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op); | | 1115 | printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op); |
1116 | return 0; | | 1116 | return 0; |
1117 | } | | 1117 | } |
1118 | size = pkt.s.size; | | 1118 | size = pkt.s.size; |
1119 | if (ispartial) { | | 1119 | if (ispartial) { |
1120 | pkt.s.size = fixup_partials(pgp, &mem->mem[mem->cc - lenlen], pkt.s.size, mem->size, &size); | | 1120 | pkt.s.size = fixup_partials(pgp, &mem->mem[mem->cc - lenlen], pkt.s.size, mem->size, &size); |
1121 | newmem = &ARRAY_LAST(pgp->areas); | | 1121 | newmem = &ARRAY_LAST(pgp->areas); |
1122 | pkt.mement = (uint8_t)(newmem - ARRAY_ARRAY(pgp->areas)); | | 1122 | pkt.mement = (uint8_t)(newmem - ARRAY_ARRAY(pgp->areas)); |
1123 | pkt.s.data = newmem->mem; | | 1123 | pkt.s.data = newmem->mem; |
1124 | size -= 1; | | 1124 | size -= 1; |
1125 | } | | 1125 | } |
1126 | switch(pkt.tag) { | | 1126 | switch(pkt.tag) { |
1127 | case SIGNATURE_PKT: | | 1127 | case SIGNATURE_PKT: |
1128 | if (!read_sigpkt(pgp, pkt.mement, &pkt.u.sigpkt, pkt.s.data, pkt.s.size)) { | | 1128 | if (!read_sigpkt(pgp, pkt.mement, &pkt.u.sigpkt, pkt.s.data, pkt.s.size)) { |
1129 | return 0; | | 1129 | return 0; |
1130 | } | | 1130 | } |
1131 | break; | | 1131 | break; |
1132 | case ONEPASS_SIGNATURE_PKT: | | 1132 | case ONEPASS_SIGNATURE_PKT: |
1133 | read_onepass_sig(&pkt.u.onepass, pkt.s.data); | | 1133 | read_onepass_sig(&pkt.u.onepass, pkt.s.data); |
1134 | break; | | 1134 | break; |
1135 | case PUBKEY_PKT: | | 1135 | case PUBKEY_PKT: |
1136 | case PUB_SUBKEY_PKT: | | 1136 | case PUB_SUBKEY_PKT: |
1137 | break; | | 1137 | break; |
1138 | case LITDATA_PKT: | | 1138 | case LITDATA_PKT: |
1139 | read_litdata(pgp, &pkt.u.litdata, pkt.s.data, pkt.s.size); | | 1139 | read_litdata(pgp, &pkt.u.litdata, pkt.s.data, pkt.s.size); |
1140 | break; | | 1140 | break; |
1141 | case TRUST_PKT: | | 1141 | case TRUST_PKT: |
1142 | pkt.u.trust.level = pkt.s.data[0]; | | 1142 | pkt.u.trust.level = pkt.s.data[0]; |
1143 | pkt.u.trust.amount = pkt.s.data[1]; | | 1143 | pkt.u.trust.amount = pkt.s.data[1]; |
1144 | break; | | 1144 | break; |
1145 | case USERID_PKT: | | 1145 | case USERID_PKT: |
1146 | pkt.u.userid.size = pkt.s.size; | | 1146 | pkt.u.userid.size = pkt.s.size; |
1147 | pkt.u.userid.data = pkt.s.data; | | 1147 | pkt.u.userid.data = pkt.s.data; |
1148 | break; | | 1148 | break; |
1149 | case COMPRESSED_DATA_PKT: | | 1149 | case COMPRESSED_DATA_PKT: |
1150 | read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size); | | 1150 | read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size); |
1151 | ARRAY_APPEND(pgp->pkts, pkt); | | 1151 | ARRAY_APPEND(pgp->pkts, pkt); |
1152 | read_all_packets(pgp, &ARRAY_LAST(pgp->areas), pgp->op); | | 1152 | read_all_packets(pgp, &ARRAY_LAST(pgp->areas), pgp->op); |
1153 | break; | | 1153 | break; |
1154 | case USER_ATTRIBUTE_PKT: | | 1154 | case USER_ATTRIBUTE_PKT: |
1155 | read_userattr(&pkt.u.userattr, pkt.s.data, pkt.s.size); | | 1155 | read_userattr(&pkt.u.userattr, pkt.s.data, pkt.s.size); |
1156 | break; | | 1156 | break; |
1157 | default: | | 1157 | default: |
1158 | printf("hi, need to implement %d, offset %zu\n", pkt.tag, mem->cc); | | 1158 | printf("hi, need to implement %d, offset %zu\n", pkt.tag, mem->cc); |
1159 | break; | | 1159 | break; |
1160 | } | | 1160 | } |
1161 | mem->cc += size; | | 1161 | mem->cc += size; |
1162 | if (pkt.tag != COMPRESSED_DATA_PKT) { | | 1162 | if (pkt.tag != COMPRESSED_DATA_PKT) { |
1163 | /* compressed was added earlier to preserve pkt ordering */ | | 1163 | /* compressed was added earlier to preserve pkt ordering */ |
1164 | ARRAY_APPEND(pgp->pkts, pkt); | | 1164 | ARRAY_APPEND(pgp->pkts, pkt); |
1165 | } | | 1165 | } |
1166 | return 1; | | 1166 | return 1; |
1167 | } | | 1167 | } |
1168 | | | 1168 | |
1169 | /* checks the tag type of a packet */ | | 1169 | /* checks the tag type of a packet */ |
1170 | static int | | 1170 | static int |
1171 | pkt_is(pgpv_t *pgp, int wanted) | | 1171 | pkt_is(pgpv_t *pgp, int wanted) |
1172 | { | | 1172 | { |
1173 | return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag == wanted); | | 1173 | return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag == wanted); |
1174 | } | | 1174 | } |
1175 | | | 1175 | |
1176 | /* checks the packet is a signature packet, and the signature type is the expected one */ | | 1176 | /* checks the packet is a signature packet, and the signature type is the expected one */ |
1177 | static int | | 1177 | static int |
1178 | pkt_sigtype_is(pgpv_t *pgp, int wanted) | | 1178 | pkt_sigtype_is(pgpv_t *pgp, int wanted) |
1179 | { | | 1179 | { |
1180 | if (!pkt_is(pgp, SIGNATURE_PKT)) { | | 1180 | if (!pkt_is(pgp, SIGNATURE_PKT)) { |
1181 | return 0; | | 1181 | return 0; |
1182 | } | | 1182 | } |
1183 | return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig.type == wanted); | | 1183 | return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig.type == wanted); |
1184 | } | | 1184 | } |
1185 | | | 1185 | |
1186 | /* check for expected type of packet, and move to the next */ | | 1186 | /* check for expected type of packet, and move to the next */ |
1187 | static int | | 1187 | static int |
1188 | pkt_accept(pgpv_t *pgp, int expected) | | 1188 | pkt_accept(pgpv_t *pgp, int expected) |
1189 | { | | 1189 | { |
1190 | int got; | | 1190 | int got; |
1191 | | | 1191 | |
1192 | if ((got = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag) == expected) { | | 1192 | if ((got = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag) == expected) { |
1193 | pgp->pkt += 1; | | 1193 | pgp->pkt += 1; |
1194 | return 1; | | 1194 | return 1; |
1195 | } | | 1195 | } |
1196 | printf("problem at token %zu, expcted %d, got %d\n", pgp->pkt, expected, got); | | 1196 | printf("problem at token %zu, expcted %d, got %d\n", pgp->pkt, expected, got); |
1197 | return 0; | | 1197 | return 0; |
1198 | } | | 1198 | } |
1199 | | | 1199 | |
1200 | /* recognise signature (and trust) packet */ | | 1200 | /* recognise signature (and trust) packet */ |
1201 | static int | | 1201 | static int |
1202 | recog_signature(pgpv_t *pgp, pgpv_signature_t *signature) | | 1202 | recog_signature(pgpv_t *pgp, pgpv_signature_t *signature) |
1203 | { | | 1203 | { |
1204 | if (!pkt_is(pgp, SIGNATURE_PKT)) { | | 1204 | if (!pkt_is(pgp, SIGNATURE_PKT)) { |
1205 | printf("recog_signature: not a signature packet\n"); | | 1205 | printf("recog_signature: not a signature packet\n"); |
1206 | return 0; | | 1206 | return 0; |
1207 | } | | 1207 | } |
1208 | memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature)); | | 1208 | memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature)); |
1209 | pgp->pkt += 1; | | 1209 | pgp->pkt += 1; |
1210 | if (pkt_is(pgp, TRUST_PKT)) { | | 1210 | if (pkt_is(pgp, TRUST_PKT)) { |
1211 | pkt_accept(pgp, TRUST_PKT); | | 1211 | pkt_accept(pgp, TRUST_PKT); |
1212 | } | | 1212 | } |
1213 | return 1; | | 1213 | return 1; |
1214 | } | | 1214 | } |
1215 | | | 1215 | |
1216 | /* recognise user id packet */ | | 1216 | /* recognise user id packet */ |
1217 | static int | | 1217 | static int |
1218 | recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid) | | 1218 | recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid) |
1219 | { | | 1219 | { |
1220 | pgpv_signature_t signature; | | 1220 | pgpv_signature_t signature; |
1221 | pgpv_pkt_t *pkt; | | 1221 | pgpv_pkt_t *pkt; |
1222 | | | 1222 | |
1223 | memset(userid, 0x0, sizeof(*userid)); | | 1223 | memset(userid, 0x0, sizeof(*userid)); |
1224 | if (!pkt_is(pgp, USERID_PKT)) { | | 1224 | if (!pkt_is(pgp, USERID_PKT)) { |
1225 | printf("recog_userid: not %d\n", USERID_PKT); | | 1225 | printf("recog_userid: not %d\n", USERID_PKT); |
1226 | return 0; | | 1226 | return 0; |
1227 | } | | 1227 | } |
1228 | pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); | | 1228 | pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); |
1229 | userid->userid.size = pkt->s.size; | | 1229 | userid->userid.size = pkt->s.size; |
1230 | userid->userid.data = pkt->s.data; | | 1230 | userid->userid.data = pkt->s.data; |
1231 | pgp->pkt += 1; | | 1231 | pgp->pkt += 1; |
1232 | while (pkt_is(pgp, SIGNATURE_PKT)) { | | 1232 | while (pkt_is(pgp, SIGNATURE_PKT)) { |
1233 | if (!recog_signature(pgp, &signature)) { | | 1233 | if (!recog_signature(pgp, &signature)) { |
1234 | printf("recog_userid: can't recognise signature/trust\n"); | | 1234 | printf("recog_userid: can't recognise signature/trust\n"); |
1235 | return 0; | | 1235 | return 0; |
1236 | } | | 1236 | } |
1237 | ARRAY_APPEND(userid->sigs, signature); | | 1237 | ARRAY_APPEND(userid->sigs, signature); |
1238 | if (signature.primary_userid) { | | 1238 | if (signature.primary_userid) { |
1239 | userid->primary_userid = signature.primary_userid; | | 1239 | userid->primary_userid = signature.primary_userid; |
1240 | } | | 1240 | } |
1241 | if (signature.revoked) { | | 1241 | if (signature.revoked) { |
1242 | userid->revoked = signature.revoked; | | 1242 | userid->revoked = signature.revoked; |
1243 | } | | 1243 | } |
1244 | } | | 1244 | } |
1245 | return 1; | | 1245 | return 1; |
1246 | } | | 1246 | } |
1247 | | | 1247 | |
1248 | /* recognise user attributes packet */ | | 1248 | /* recognise user attributes packet */ |
1249 | static int | | 1249 | static int |
1250 | recog_userattr(pgpv_t *pgp, pgpv_signed_userattr_t *userattr) | | 1250 | recog_userattr(pgpv_t *pgp, pgpv_signed_userattr_t *userattr) |
1251 | { | | 1251 | { |
1252 | pgpv_signature_t signature; | | 1252 | pgpv_signature_t signature; |
1253 | | | 1253 | |
1254 | memset(userattr, 0x0, sizeof(*userattr)); | | 1254 | memset(userattr, 0x0, sizeof(*userattr)); |
1255 | if (!pkt_is(pgp, USER_ATTRIBUTE_PKT)) { | | 1255 | if (!pkt_is(pgp, USER_ATTRIBUTE_PKT)) { |
1256 | printf("recog_userattr: not %d\n", USER_ATTRIBUTE_PKT); | | 1256 | printf("recog_userattr: not %d\n", USER_ATTRIBUTE_PKT); |
1257 | return 0; | | 1257 | return 0; |
1258 | } | | 1258 | } |
1259 | userattr->userattr = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.userattr; | | 1259 | userattr->userattr = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.userattr; |
1260 | pgp->pkt += 1; | | 1260 | pgp->pkt += 1; |
1261 | while (pkt_is(pgp, SIGNATURE_PKT)) { | | 1261 | while (pkt_is(pgp, SIGNATURE_PKT)) { |
1262 | if (!recog_signature(pgp, &signature)) { | | 1262 | if (!recog_signature(pgp, &signature)) { |
1263 | printf("recog_userattr: can't recognise signature/trust\n"); | | 1263 | printf("recog_userattr: can't recognise signature/trust\n"); |
1264 | return 0; | | 1264 | return 0; |
1265 | } | | 1265 | } |
1266 | ARRAY_APPEND(userattr->sigs, signature); | | 1266 | ARRAY_APPEND(userattr->sigs, signature); |
1267 | if (signature.revoked) { | | 1267 | if (signature.revoked) { |
1268 | userattr->revoked = signature.revoked; | | 1268 | userattr->revoked = signature.revoked; |
1269 | } | | 1269 | } |
1270 | } | | 1270 | } |
1271 | return 1; | | 1271 | return 1; |
1272 | } | | 1272 | } |
1273 | | | 1273 | |
1274 | /* recognise a sub key */ | | 1274 | /* recognise a sub key */ |
1275 | static int | | 1275 | static int |
1276 | recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey) | | 1276 | recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey) |
1277 | { | | 1277 | { |
1278 | pgpv_signature_t signature; | | 1278 | pgpv_signature_t signature; |
1279 | pgpv_pkt_t *pkt; | | 1279 | pgpv_pkt_t *pkt; |
1280 | | | 1280 | |
1281 | pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); | | 1281 | pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); |
1282 | memset(subkey, 0x0, sizeof(*subkey)); | | 1282 | memset(subkey, 0x0, sizeof(*subkey)); |
1283 | read_pubkey(&subkey->subkey, pkt->s.data, pkt->s.size, 0); | | 1283 | read_pubkey(&subkey->subkey, pkt->s.data, pkt->s.size, 0); |
1284 | pgp->pkt += 1; | | 1284 | pgp->pkt += 1; |
1285 | if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION) || | | 1285 | if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION) || |
1286 | pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_REVOCATION) || | | 1286 | pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_REVOCATION) || |
1287 | pkt_sigtype_is(pgp, SIGTYPE_CERT_REVOCATION)) { | | 1287 | pkt_sigtype_is(pgp, SIGTYPE_CERT_REVOCATION)) { |
1288 | recog_signature(pgp, &signature); | | 1288 | recog_signature(pgp, &signature); |
1289 | subkey->revoc_self_sig = signature; | | 1289 | subkey->revoc_self_sig = signature; |
1290 | } | | 1290 | } |
1291 | do { | | 1291 | do { |
1292 | if (!pkt_is(pgp, SIGNATURE_PKT)) { | | 1292 | if (!pkt_is(pgp, SIGNATURE_PKT)) { |
1293 | printf("recog_subkey: not signature packet at %zu\n", pgp->pkt); | | 1293 | printf("recog_subkey: not signature packet at %zu\n", pgp->pkt); |
1294 | return 0; | | 1294 | return 0; |
1295 | } | | 1295 | } |
1296 | if (!recog_signature(pgp, &signature)) { | | 1296 | if (!recog_signature(pgp, &signature)) { |
1297 | printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt); | | 1297 | printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt); |
1298 | return 0; | | 1298 | return 0; |
1299 | } | | 1299 | } |
1300 | ARRAY_APPEND(subkey->sigs, signature); | | 1300 | ARRAY_APPEND(subkey->sigs, signature); |
1301 | if (signature.keyexpiry) { | | 1301 | if (signature.keyexpiry) { |
1302 | /* XXX - check it's a good key expiry */ | | 1302 | /* XXX - check it's a good key expiry */ |
1303 | subkey->subkey.expiry = signature.keyexpiry; | | 1303 | subkey->subkey.expiry = signature.keyexpiry; |
1304 | } | | 1304 | } |
1305 | } while (pkt_is(pgp, SIGNATURE_PKT)); | | 1305 | } while (pkt_is(pgp, SIGNATURE_PKT)); |
1306 | return 1; | | 1306 | return 1; |
1307 | } | | 1307 | } |
1308 | | | 1308 | |
1309 | /* use a sparse map for the text strings here to save space */ | | 1309 | /* use a sparse map for the text strings here to save space */ |
1310 | static const char *keyalgs[] = { | | 1310 | static const char *keyalgs[] = { |
1311 | "[Unknown]", | | 1311 | "[Unknown]", |
1312 | "RSA (Encrypt or Sign)", | | 1312 | "RSA (Encrypt or Sign)", |
1313 | "RSA (Encrypt Only)", | | 1313 | "RSA (Encrypt Only)", |
1314 | "RSA (Sign Only)", | | 1314 | "RSA (Sign Only)", |
1315 | "Elgamal (Encrypt Only)", | | 1315 | "Elgamal (Encrypt Only)", |
1316 | "DSA", | | 1316 | "DSA", |
1317 | "Elliptic Curve", | | 1317 | "Elliptic Curve", |
1318 | "ECDSA", | | 1318 | "ECDSA", |
1319 | "Elgamal (Encrypt or Sign)" | | 1319 | "Elgamal (Encrypt or Sign)" |
1320 | }; | | 1320 | }; |
1321 | | | 1321 | |
1322 | #define MAX_KEYALG 21 | | 1322 | #define MAX_KEYALG 21 |
1323 | | | 1323 | |
1324 | static const char *keyalgmap = "\0\01\02\03\0\0\0\0\0\0\0\0\0\0\0\0\04\05\06\07\010\011"; | | 1324 | static const char *keyalgmap = "\0\01\02\03\0\0\0\0\0\0\0\0\0\0\0\0\04\05\06\07\010\011"; |
1325 | | | 1325 | |
1326 | /* return human readable name for key algorithm */ | | 1326 | /* return human readable name for key algorithm */ |
1327 | static const char * | | 1327 | static const char * |
1328 | fmtkeyalg(uint8_t keyalg) | | 1328 | fmtkeyalg(uint8_t keyalg) |
1329 | { | | 1329 | { |
1330 | return keyalgs[(uint8_t)keyalgmap[(keyalg >= MAX_KEYALG) ? 0 : keyalg]]; | | 1330 | return keyalgs[(uint8_t)keyalgmap[(keyalg >= MAX_KEYALG) ? 0 : keyalg]]; |
1331 | } | | 1331 | } |
1332 | | | 1332 | |
1333 | /* return the number of bits in the public key */ | | 1333 | /* return the number of bits in the public key */ |
1334 | static unsigned | | 1334 | static unsigned |
1335 | numkeybits(const pgpv_pubkey_t *pubkey) | | 1335 | numkeybits(const pgpv_pubkey_t *pubkey) |
1336 | { | | 1336 | { |
1337 | switch(pubkey->keyalg) { | | 1337 | switch(pubkey->keyalg) { |
1338 | case PUBKEY_RSA_ENCRYPT_OR_SIGN: | | 1338 | case PUBKEY_RSA_ENCRYPT_OR_SIGN: |
1339 | case PUBKEY_RSA_ENCRYPT: | | 1339 | case PUBKEY_RSA_ENCRYPT: |
1340 | case PUBKEY_RSA_SIGN: | | 1340 | case PUBKEY_RSA_SIGN: |
1341 | return pubkey->bn[RSA_N].bits; | | 1341 | return pubkey->bn[RSA_N].bits; |
1342 | case PUBKEY_DSA: | | 1342 | case PUBKEY_DSA: |
1343 | case PUBKEY_ECDSA: | | 1343 | case PUBKEY_ECDSA: |
1344 | return BITS_TO_BYTES(pubkey->bn[DSA_Q].bits) * 64; | | 1344 | return BITS_TO_BYTES(pubkey->bn[DSA_Q].bits) * 64; |
1345 | case PUBKEY_ELGAMAL_ENCRYPT: | | 1345 | case PUBKEY_ELGAMAL_ENCRYPT: |
1346 | case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: | | 1346 | case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: |
1347 | return pubkey->bn[ELGAMAL_P].bits; | | 1347 | return pubkey->bn[ELGAMAL_P].bits; |
1348 | default: | | 1348 | default: |
1349 | return 0; | | 1349 | return 0; |
1350 | } | | 1350 | } |
1351 | } | | 1351 | } |
1352 | | | 1352 | |
1353 | /* print a public key */ | | 1353 | /* print a public key */ |
1354 | static size_t | | 1354 | static size_t |
1355 | fmt_pubkey(char *s, size_t size, pgpv_pubkey_t *pubkey, const char *leader) | | 1355 | fmt_pubkey(char *s, size_t size, pgpv_pubkey_t *pubkey, const char *leader) |
1356 | { | | 1356 | { |
1357 | size_t cc; | | 1357 | size_t cc; |
1358 | | | 1358 | |
1359 | cc = snprintf(s, size, "%s %u/%s ", leader, numkeybits(pubkey), fmtkeyalg(pubkey->keyalg)); | | 1359 | cc = snprintf(s, size, "%s %u/%s ", leader, numkeybits(pubkey), fmtkeyalg(pubkey->keyalg)); |
1360 | cc += fmt_binary(&s[cc], size - cc, pubkey->keyid, PGPV_KEYID_LEN); | | 1360 | cc += fmt_binary(&s[cc], size - cc, pubkey->keyid, PGPV_KEYID_LEN); |
1361 | cc += fmt_time(&s[cc], size - cc, " ", pubkey->birth, "", 0); | | 1361 | cc += fmt_time(&s[cc], size - cc, " ", pubkey->birth, "", 0); |
1362 | if (pubkey->expiry) { | | 1362 | if (pubkey->expiry) { |
1363 | cc += fmt_time(&s[cc], size - cc, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0); | | 1363 | cc += fmt_time(&s[cc], size - cc, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0); |
1364 | } | | 1364 | } |
1365 | cc += snprintf(&s[cc], size - cc, "\n"); | | 1365 | cc += snprintf(&s[cc], size - cc, "\n"); |
1366 | cc += fmt_fingerprint(&s[cc], size - cc, &pubkey->fingerprint, "fingerprint: "); | | 1366 | cc += fmt_fingerprint(&s[cc], size - cc, &pubkey->fingerprint, "fingerprint: "); |
1367 | return cc; | | 1367 | return cc; |
1368 | } | | 1368 | } |
1369 | | | 1369 | |
1370 | /* we add 1 to revocation value to denote compromised */ | | 1370 | /* we add 1 to revocation value to denote compromised */ |
1371 | #define COMPROMISED (0x02 + 1) | | 1371 | #define COMPROMISED (0x02 + 1) |
1372 | | | 1372 | |
1373 | /* format a userid - used to order the userids when formatting */ | | 1373 | /* format a userid - used to order the userids when formatting */ |
1374 | static size_t | | 1374 | static size_t |
1375 | fmt_userid(char *s, size_t size, pgpv_primarykey_t *primary, uint8_t u) | | 1375 | fmt_userid(char *s, size_t size, pgpv_primarykey_t *primary, uint8_t u) |
1376 | { | | 1376 | { |
1377 | pgpv_signed_userid_t *userid; | | 1377 | pgpv_signed_userid_t *userid; |
1378 | | | 1378 | |
1379 | userid = &ARRAY_ELEMENT(primary->signed_userids, u); | | 1379 | userid = &ARRAY_ELEMENT(primary->signed_userids, u); |
1380 | return snprintf(s, size, "uid %.*s%s\n", | | 1380 | return snprintf(s, size, "uid %.*s%s\n", |
1381 | (int)userid->userid.size, userid->userid.data, | | 1381 | (int)userid->userid.size, userid->userid.data, |
1382 | (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]" : | | 1382 | (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]" : |
1383 | (userid->revoked) ? " [REVOKED]" : ""); | | 1383 | (userid->revoked) ? " [REVOKED]" : ""); |
1384 | } | | 1384 | } |
1385 | | | 1385 | |
1386 | /* print a primary key, per RFC 4880 */ | | 1386 | /* print a primary key, per RFC 4880 */ |
1387 | static size_t | | 1387 | static size_t |
1388 | fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary) | | 1388 | fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary) |
1389 | { | | 1389 | { |
1390 | unsigned i; | | 1390 | unsigned i; |
1391 | size_t cc; | | 1391 | size_t cc; |
1392 | | | 1392 | |
1393 | cc = fmt_pubkey(s, size, &primary->primary, "signature "); | | 1393 | cc = fmt_pubkey(s, size, &primary->primary, "signature "); |
1394 | cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid); | | 1394 | cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid); |
1395 | for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) { | | 1395 | for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) { |
1396 | if (i != primary->primary_userid) { | | 1396 | if (i != primary->primary_userid) { |
1397 | cc += fmt_userid(&s[cc], size - cc, primary, i); | | 1397 | cc += fmt_userid(&s[cc], size - cc, primary, i); |
1398 | } | | 1398 | } |
1399 | } | | 1399 | } |
1400 | for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) { | | 1400 | for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) { |
1401 | cc += fmt_pubkey(&s[cc], size - cc, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption"); | | 1401 | cc += fmt_pubkey(&s[cc], size - cc, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption"); |
1402 | } | | 1402 | } |
1403 | cc += snprintf(&s[cc], size - cc, "\n"); | | 1403 | cc += snprintf(&s[cc], size - cc, "\n"); |
1404 | return cc; | | 1404 | return cc; |
1405 | } | | 1405 | } |
1406 | | | 1406 | |
1407 | | | 1407 | |
1408 | /* check the padding on the signature */ | | 1408 | /* check the padding on the signature */ |
1409 | static int | | 1409 | static int |
1410 | rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) | | 1410 | rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) |
1411 | { | | 1411 | { |
1412 | USE_ARG(num); | | 1412 | USE_ARG(num); |
1413 | if (flen > tlen) { | | 1413 | if (flen > tlen) { |
1414 | printf("from length larger than to length\n"); | | 1414 | printf("from length larger than to length\n"); |
1415 | return -1; | | 1415 | return -1; |
1416 | } | | 1416 | } |
1417 | (void) memset(to, 0x0, tlen - flen); | | 1417 | (void) memset(to, 0x0, tlen - flen); |
1418 | (void) memcpy(to + tlen - flen, from, flen); | | 1418 | (void) memcpy(to + tlen - flen, from, flen); |
1419 | return tlen; | | 1419 | return tlen; |
1420 | } | | 1420 | } |
1421 | | | 1421 | |
1422 | #define RSA_MAX_MODULUS_BITS 16384 | | 1422 | #define RSA_MAX_MODULUS_BITS 16384 |
1423 | #define RSA_SMALL_MODULUS_BITS 3072 | | 1423 | #define RSA_SMALL_MODULUS_BITS 3072 |
1424 | #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ | | 1424 | #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ |
1425 | | | 1425 | |
1426 | /* check against the exponent/moudulo operation */ | | 1426 | /* check against the exponent/moudulo operation */ |
1427 | static int | | 1427 | static int |
1428 | lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) | | 1428 | lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) |
1429 | { | | 1429 | { |
1430 | uint8_t *decbuf; | | 1430 | uint8_t *decbuf; |
1431 | BIGNUM *decbn; | | 1431 | BIGNUM *decbn; |
1432 | BIGNUM *encbn; | | 1432 | BIGNUM *encbn; |
1433 | int decbytes; | | 1433 | int decbytes; |
1434 | int nbytes; | | 1434 | int nbytes; |
1435 | int r; | | 1435 | int r; |
1436 | | | 1436 | |
1437 | nbytes = 0; | | 1437 | nbytes = 0; |
1438 | r = -1; | | 1438 | r = -1; |
1439 | decbuf = NULL; | | 1439 | decbuf = NULL; |
1440 | decbn = encbn = NULL; | | 1440 | decbn = encbn = NULL; |
1441 | if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { | | 1441 | if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { |
1442 | printf("rsa r modulus too large\n"); | | 1442 | printf("rsa r modulus too large\n"); |
1443 | goto err; | | 1443 | goto err; |
1444 | } | | 1444 | } |
1445 | if (BN_cmp(rsa->n, rsa->e) <= 0) { | | 1445 | if (BN_cmp(rsa->n, rsa->e) <= 0) { |
1446 | printf("rsa r bad n value\n"); | | 1446 | printf("rsa r bad n value\n"); |
1447 | goto err; | | 1447 | goto err; |
1448 | } | | 1448 | } |
1449 | if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && | | 1449 | if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && |
1450 | BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { | | 1450 | BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { |
1451 | printf("rsa r bad exponent limit\n"); | | 1451 | printf("rsa r bad exponent limit\n"); |
1452 | goto err; | | 1452 | goto err; |
1453 | } | | 1453 | } |
1454 | if ((encbn = BN_new()) == NULL || | | 1454 | if ((encbn = BN_new()) == NULL || |
1455 | (decbn = BN_new()) == NULL || | | 1455 | (decbn = BN_new()) == NULL || |
1456 | (decbuf = calloc(1, nbytes = BN_num_bytes(rsa->n))) == NULL) { | | 1456 | (decbuf = calloc(1, nbytes = BN_num_bytes(rsa->n))) == NULL) { |
1457 | printf("allocation failure\n"); | | 1457 | printf("allocation failure\n"); |
1458 | goto err; | | 1458 | goto err; |
1459 | } | | 1459 | } |
1460 | if (enclen > nbytes) { | | 1460 | if (enclen > nbytes) { |
1461 | printf("rsa r > mod len\n"); | | 1461 | printf("rsa r > mod len\n"); |
1462 | goto err; | | 1462 | goto err; |
1463 | } | | 1463 | } |
1464 | if (BN_bin2bn(encbuf, enclen, encbn) == NULL) { | | 1464 | if (BN_bin2bn(encbuf, enclen, encbn) == NULL) { |
1465 | printf("null encrypted BN\n"); | | 1465 | printf("null encrypted BN\n"); |
1466 | goto err; | | 1466 | goto err; |
1467 | } | | 1467 | } |
1468 | if (BN_cmp(encbn, rsa->n) >= 0) { | | 1468 | if (BN_cmp(encbn, rsa->n) >= 0) { |
1469 | printf("rsa r data too large for modulus\n"); | | 1469 | printf("rsa r data too large for modulus\n"); |
1470 | goto err; | | 1470 | goto err; |
1471 | } | | 1471 | } |
1472 | if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { | | 1472 | if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { |
1473 | printf("BN_mod_exp < 0\n"); | | 1473 | printf("BN_mod_exp < 0\n"); |
1474 | goto err; | | 1474 | goto err; |
1475 | } | | 1475 | } |
1476 | decbytes = BN_num_bytes(decbn); | | 1476 | decbytes = BN_num_bytes(decbn); |
1477 | (void) BN_bn2bin(decbn, decbuf); | | 1477 | (void) BN_bn2bin(decbn, decbuf); |
1478 | if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { | | 1478 | if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { |
1479 | printf("rsa r padding check failed\n"); | | 1479 | printf("rsa r padding check failed\n"); |
1480 | } | | 1480 | } |
1481 | err: | | 1481 | err: |
1482 | BN_free(encbn); | | 1482 | BN_free(encbn); |
1483 | BN_free(decbn); | | 1483 | BN_free(decbn); |
1484 | if (decbuf != NULL) { | | 1484 | if (decbuf != NULL) { |
1485 | (void) memset(decbuf, 0x0, nbytes); | | 1485 | (void) memset(decbuf, 0x0, nbytes); |
1486 | free(decbuf); | | 1486 | free(decbuf); |
1487 | } | | 1487 | } |
1488 | return r; | | 1488 | return r; |
1489 | } | | 1489 | } |
1490 | | | 1490 | |
1491 | /* verify */ | | 1491 | /* verify */ |
1492 | static int | | 1492 | static int |
1493 | rsa_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) | | 1493 | rsa_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) |
1494 | { | | 1494 | { |
1495 | rsa_pubkey_t pub; | | 1495 | rsa_pubkey_t pub; |
1496 | int ret; | | 1496 | int ret; |
1497 | | | 1497 | |
1498 | if (enc == NULL || dec == NULL || rsa == NULL) { | | 1498 | if (enc == NULL || dec == NULL || rsa == NULL) { |
1499 | return 0; | | 1499 | return 0; |
1500 | } | | 1500 | } |
1501 | USE_ARG(padding); | | 1501 | USE_ARG(padding); |
1502 | (void) memset(&pub, 0x0, sizeof(pub)); | | 1502 | (void) memset(&pub, 0x0, sizeof(pub)); |
1503 | pub.n = BN_dup(rsa->n); | | 1503 | pub.n = BN_dup(rsa->n); |
1504 | pub.e = BN_dup(rsa->e); | | 1504 | pub.e = BN_dup(rsa->e); |
1505 | ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub); | | 1505 | ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub); |
1506 | BN_free(pub.n); | | 1506 | BN_free(pub.n); |
1507 | BN_free(pub.e); | | 1507 | BN_free(pub.e); |
1508 | return ret; | | 1508 | return ret; |
1509 | } | | 1509 | } |
1510 | | | 1510 | |
1511 | #define SUBKEY_LEN(x) (80 + 80) | | 1511 | #define SUBKEY_LEN(x) (80 + 80) |
1512 | #define SIG_LEN 80 | | 1512 | #define SIG_LEN 80 |
1513 | #define UID_LEN 80 | | 1513 | #define UID_LEN 80 |
1514 | | | 1514 | |
1515 | /* return worst case number of bytes needed to format a primary key */ | | 1515 | /* return worst case number of bytes needed to format a primary key */ |
1516 | static size_t | | 1516 | static size_t |
1517 | estimate_primarykey_size(pgpv_primarykey_t *primary) | | 1517 | estimate_primarykey_size(pgpv_primarykey_t *primary) |
1518 | { | | 1518 | { |
1519 | size_t cc; | | 1519 | size_t cc; |
1520 | | | 1520 | |
1521 | cc = SUBKEY_LEN("signature") + | | 1521 | cc = SUBKEY_LEN("signature") + |
1522 | (ARRAY_COUNT(primary->signed_userids) * UID_LEN) + | | 1522 | (ARRAY_COUNT(primary->signed_userids) * UID_LEN) + |
1523 | (ARRAY_COUNT(primary->signed_subkeys) * SUBKEY_LEN("encrypt uids")); | | 1523 | (ARRAY_COUNT(primary->signed_subkeys) * SUBKEY_LEN("encrypt uids")); |
1524 | return cc; | | 1524 | return cc; |
1525 | } | | 1525 | } |
1526 | | | 1526 | |
1527 | /* use public decrypt to verify a signature */ | | 1527 | /* use public decrypt to verify a signature */ |
1528 | static int | | 1528 | static int |
1529 | pgpv_rsa_public_decrypt(uint8_t *out, const uint8_t *in, size_t length, const pgpv_pubkey_t *pubkey) | | 1529 | pgpv_rsa_public_decrypt(uint8_t *out, const uint8_t *in, size_t length, const pgpv_pubkey_t *pubkey) |
1530 | { | | 1530 | { |
1531 | RSA *orsa; | | 1531 | RSA *orsa; |
1532 | int n; | | 1532 | int n; |
1533 | | | 1533 | |
1534 | if ((orsa = calloc(1, sizeof(*orsa))) == NULL) { | | 1534 | if ((orsa = calloc(1, sizeof(*orsa))) == NULL) { |
1535 | return 0; | | 1535 | return 0; |
1536 | } | | 1536 | } |
1537 | orsa->n = pubkey->bn[RSA_N].bn; | | 1537 | orsa->n = pubkey->bn[RSA_N].bn; |
1538 | orsa->e = pubkey->bn[RSA_E].bn; | | 1538 | orsa->e = pubkey->bn[RSA_E].bn; |
1539 | n = rsa_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); | | 1539 | n = rsa_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); |
1540 | orsa->n = orsa->e = NULL; | | 1540 | orsa->n = orsa->e = NULL; |
1541 | free(orsa); | | 1541 | free(orsa); |
1542 | return n; | | 1542 | return n; |
1543 | } | | 1543 | } |
1544 | | | 1544 | |
1545 | /* verify rsa signature */ | | 1545 | /* verify rsa signature */ |
1546 | static int | | 1546 | static int |
1547 | rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t *bn, pgpv_pubkey_t *pubkey) | | 1547 | rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t *bn, pgpv_pubkey_t *pubkey) |
1548 | { | | 1548 | { |
1549 | unsigned prefixlen; | | 1549 | unsigned prefixlen; |
1550 | unsigned decryptc; | | 1550 | unsigned decryptc; |
1551 | unsigned i; | | 1551 | unsigned i; |
1552 | uint8_t decrypted[8192]; | | 1552 | uint8_t decrypted[8192]; |
1553 | uint8_t sigbn[8192]; | | 1553 | uint8_t sigbn[8192]; |
1554 | uint8_t prefix[64]; | | 1554 | uint8_t prefix[64]; |
1555 | size_t keysize; | | 1555 | size_t keysize; |
1556 | | | 1556 | |
1557 | keysize = BITS_TO_BYTES(pubkey->bn[RSA_N].bits); | | 1557 | keysize = BITS_TO_BYTES(pubkey->bn[RSA_N].bits); |
1558 | BN_bn2bin(bn[RSA_SIG].bn, sigbn); | | 1558 | BN_bn2bin(bn[RSA_SIG].bn, sigbn); |
1559 | decryptc = pgpv_rsa_public_decrypt(decrypted, sigbn, BITS_TO_BYTES(bn[RSA_SIG].bits), pubkey); | | 1559 | decryptc = pgpv_rsa_public_decrypt(decrypted, sigbn, BITS_TO_BYTES(bn[RSA_SIG].bits), pubkey); |
1560 | if (decryptc != keysize || (decrypted[0] != 0 || decrypted[1] != 1)) { | | 1560 | if (decryptc != keysize || (decrypted[0] != 0 || decrypted[1] != 1)) { |
1561 | return 0; | | 1561 | return 0; |
1562 | } | | 1562 | } |
1563 | if ((prefixlen = digest_get_prefix((unsigned)hashalg, prefix, sizeof(prefix))) == 0) { | | 1563 | if ((prefixlen = digest_get_prefix((unsigned)hashalg, prefix, sizeof(prefix))) == 0) { |
1564 | printf("rsa_verify: unknown hash algorithm: %d\n", hashalg); | | 1564 | printf("rsa_verify: unknown hash algorithm: %d\n", hashalg); |
1565 | return 0; | | 1565 | return 0; |
1566 | } | | 1566 | } |
1567 | for (i = 2 ; i < keysize - prefixlen - calclen - 1 ; i++) { | | 1567 | for (i = 2 ; i < keysize - prefixlen - calclen - 1 ; i++) { |
1568 | if (decrypted[i] != 0xff) { | | 1568 | if (decrypted[i] != 0xff) { |
1569 | return 0; | | 1569 | return 0; |
1570 | } | | 1570 | } |
1571 | } | | 1571 | } |
1572 | if (decrypted[i++] != 0x0) { | | 1572 | if (decrypted[i++] != 0x0) { |
1573 | return 0; | | 1573 | return 0; |
1574 | } | | 1574 | } |
1575 | if (memcmp(&decrypted[i], prefix, prefixlen) != 0) { | | 1575 | if (memcmp(&decrypted[i], prefix, prefixlen) != 0) { |
1576 | printf("rsa_verify: wrong hash algorithm\n"); | | 1576 | printf("rsa_verify: wrong hash algorithm\n"); |
1577 | return 0; | | 1577 | return 0; |
1578 | } | | 1578 | } |
1579 | return memcmp(&decrypted[i + prefixlen], calculated, calclen) == 0; | | 1579 | return memcmp(&decrypted[i + prefixlen], calculated, calclen) == 0; |
1580 | } | | 1580 | } |
1581 | | | 1581 | |
1582 | /* return 1 if bn <= 0 */ | | 1582 | /* return 1 if bn <= 0 */ |
1583 | static int | | 1583 | static int |
1584 | bignum_is_bad(BIGNUM *bn) | | 1584 | bignum_is_bad(BIGNUM *bn) |
1585 | { | | 1585 | { |
1586 | return BN_is_zero(bn) || BN_is_negative(bn); | | 1586 | return BN_is_zero(bn) || BN_is_negative(bn); |
1587 | } | | 1587 | } |
1588 | | | 1588 | |
1589 | #define BAD_BIGNUM(s, k) \ | | 1589 | #define BAD_BIGNUM(s, k) \ |
1590 | (bignum_is_bad((s)->bn) || BN_cmp((s)->bn, (k)->bn) >= 0) | | 1590 | (bignum_is_bad((s)->bn) || BN_cmp((s)->bn, (k)->bn) >= 0) |
1591 | | | 1591 | |
1592 | #ifndef DSA_MAX_MODULUS_BITS | | 1592 | #ifndef DSA_MAX_MODULUS_BITS |
1593 | #define DSA_MAX_MODULUS_BITS 10000 | | 1593 | #define DSA_MAX_MODULUS_BITS 10000 |
1594 | #endif | | 1594 | #endif |
1595 | | | 1595 | |
1596 | /* verify DSA signature */ | | 1596 | /* verify DSA signature */ |
1597 | static int | | 1597 | static int |
1598 | verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey) | | 1598 | verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey) |
1599 | { | | 1599 | { |
1600 | unsigned qbits; | | 1600 | unsigned qbits; |
1601 | uint8_t calcnum[128]; | | 1601 | uint8_t calcnum[128]; |
1602 | uint8_t signum[128]; | | 1602 | uint8_t signum[128]; |
1603 | BIGNUM *M; | | 1603 | BIGNUM *M; |
1604 | BIGNUM *W; | | 1604 | BIGNUM *W; |
1605 | BIGNUM *t1; | | 1605 | BIGNUM *t1; |
1606 | int ret; | | 1606 | int ret; |
1607 | | | 1607 | |
1608 | if (pubkey[DSA_P].bn == NULL || pubkey[DSA_Q].bn == NULL || pubkey[DSA_G].bn == NULL) { | | 1608 | if (pubkey[DSA_P].bn == NULL || pubkey[DSA_Q].bn == NULL || pubkey[DSA_G].bn == NULL) { |
1609 | return 0; | | 1609 | return 0; |
1610 | } | | 1610 | } |
1611 | M = W = t1 = NULL; | | 1611 | M = W = t1 = NULL; |
1612 | qbits = pubkey->bn[DSA_Q].bits; | | 1612 | qbits = pubkey->bn[DSA_Q].bits; |
1613 | switch(qbits) { | | 1613 | switch(qbits) { |
1614 | case 160: | | 1614 | case 160: |
1615 | case 224: | | 1615 | case 224: |
1616 | case 256: | | 1616 | case 256: |
1617 | break; | | 1617 | break; |
1618 | default: | | 1618 | default: |
1619 | printf("dsa: bad # of Q bits\n"); | | 1619 | printf("dsa: bad # of Q bits\n"); |
1620 | return 0; | | 1620 | return 0; |
1621 | } | | 1621 | } |
1622 | if (pubkey->bn[DSA_P].bits > DSA_MAX_MODULUS_BITS) { | | 1622 | if (pubkey->bn[DSA_P].bits > DSA_MAX_MODULUS_BITS) { |
1623 | printf("dsa: p too large\n"); | | 1623 | printf("dsa: p too large\n"); |
1624 | return 0; | | 1624 | return 0; |
1625 | } | | 1625 | } |
1626 | if (calclen > SHA256_DIGEST_LENGTH) { | | 1626 | if (calclen > SHA256_DIGEST_LENGTH) { |
1627 | printf("dsa: digest too long\n"); | | 1627 | printf("dsa: digest too long\n"); |
1628 | return 0; | | 1628 | return 0; |
1629 | } | | 1629 | } |
1630 | ret = 0; | | 1630 | ret = 0; |
1631 | if ((M = BN_new()) == NULL || (W = BN_new()) == NULL || (t1 = BN_new()) == NULL || | | 1631 | if ((M = BN_new()) == NULL || (W = BN_new()) == NULL || (t1 = BN_new()) == NULL || |
1632 | BAD_BIGNUM(&sig[DSA_R], &pubkey->bn[DSA_Q]) || | | 1632 | BAD_BIGNUM(&sig[DSA_R], &pubkey->bn[DSA_Q]) || |
1633 | BAD_BIGNUM(&sig[DSA_S], &pubkey->bn[DSA_Q]) || | | 1633 | BAD_BIGNUM(&sig[DSA_S], &pubkey->bn[DSA_Q]) || |
1634 | BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) { | | 1634 | BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) { |
1635 | goto done; | | 1635 | goto done; |
1636 | } | | 1636 | } |
1637 | if (calclen > qbits / 8) { | | 1637 | if (calclen > qbits / 8) { |
1638 | calclen = qbits / 8; | | 1638 | calclen = qbits / 8; |
1639 | } | | 1639 | } |
1640 | if (BN_bin2bn(calculated, (int)calclen, M) == NULL || | | 1640 | if (BN_bin2bn(calculated, (int)calclen, M) == NULL || |
1641 | !BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) || | | 1641 | !BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) || |
1642 | !BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) || | | 1642 | !BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) || |
1643 | !BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) || | | 1643 | !BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) || |
1644 | !BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) || | | 1644 | !BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) || |
1645 | !BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) || | | 1645 | !BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) || |
1646 | !BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) { | | 1646 | !BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) { |
1647 | goto done; | | 1647 | goto done; |
1648 | } | | 1648 | } |
1649 | /* only compare the first q bits */ | | 1649 | /* only compare the first q bits */ |
1650 | BN_bn2bin(t1, calcnum); | | 1650 | BN_bn2bin(t1, calcnum); |
1651 | BN_bn2bin(sig[DSA_R].bn, signum); | | 1651 | BN_bn2bin(sig[DSA_R].bn, signum); |
1652 | ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0; | | 1652 | ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0; |
1653 | done: | | 1653 | done: |
1654 | if (M) { | | 1654 | if (M) { |
1655 | BN_free(M); | | 1655 | BN_free(M); |
1656 | } | | 1656 | } |
1657 | if (W) { | | 1657 | if (W) { |
1658 | BN_free(W); | | 1658 | BN_free(W); |
1659 | } | | 1659 | } |
1660 | if (t1) { | | 1660 | if (t1) { |
1661 | BN_free(t1); | | 1661 | BN_free(t1); |
1662 | } | | 1662 | } |
1663 | return ret; | | 1663 | return ret; |
1664 | } | | 1664 | } |
1665 | | | 1665 | |
1666 | #define TIME_SNPRINTF(_cc, _buf, _size, _fmt, _val) do { \ | | 1666 | #define TIME_SNPRINTF(_cc, _buf, _size, _fmt, _val) do { \ |
1667 | time_t _t; \ | | 1667 | time_t _t; \ |
1668 | char *_s; \ | | 1668 | char *_s; \ |
1669 | \ | | 1669 | \ |
1670 | _t = _val; \ | | 1670 | _t = _val; \ |
1671 | _s = ctime(&_t); \ | | 1671 | _s = ctime(&_t); \ |
1672 | _cc += snprintf(_buf, _size, _fmt, _s); \ | | 1672 | _cc += snprintf(_buf, _size, _fmt, _s); \ |
1673 | } while(/*CONSTCOND*/0) | | 1673 | } while(/*CONSTCOND*/0) |
1674 | | | 1674 | |
1675 | /* check dates on signature and key are valid */ | | 1675 | /* check dates on signature and key are valid */ |
1676 | static size_t | | 1676 | static size_t |
1677 | valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size) | | 1677 | valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size) |
1678 | { | | 1678 | { |
1679 | time_t now; | | 1679 | time_t now; |
1680 | time_t t; | | 1680 | time_t t; |
1681 | size_t cc; | | 1681 | size_t cc; |
1682 | | | 1682 | |
1683 | cc = 0; | | 1683 | cc = 0; |
1684 | if (signature->birth < pubkey->birth) { | | 1684 | if (signature->birth < pubkey->birth) { |
1685 | TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth); | | 1685 | TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth); |
1686 | TIME_SNPRINTF(cc, &buf[cc], size - cc, "(%s)\n", pubkey->birth); | | 1686 | TIME_SNPRINTF(cc, &buf[cc], size - cc, "(%s)\n", pubkey->birth); |
1687 | return cc; | | 1687 | return cc; |
1688 | } | | 1688 | } |
1689 | now = time(NULL); | | 1689 | now = time(NULL); |
1690 | if (signature->expiry != 0) { | | 1690 | if (signature->expiry != 0) { |
1691 | if ((t = signature->birth + signature->expiry) < now) { | | 1691 | if ((t = signature->birth + signature->expiry) < now) { |
1692 | TIME_SNPRINTF(cc, buf, size, "Signature expired on %.24s\n", t); | | 1692 | TIME_SNPRINTF(cc, buf, size, "Signature expired on %.24s\n", t); |
1693 | return cc; | | 1693 | return cc; |
1694 | } | | 1694 | } |
1695 | } | | 1695 | } |
1696 | if (now < signature->birth) { | | 1696 | if (now < signature->birth) { |
1697 | TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s\n", signature->birth); | | 1697 | TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s\n", signature->birth); |
1698 | return cc; | | 1698 | return cc; |
1699 | } | | 1699 | } |
1700 | return 0; | | 1700 | return 0; |
1701 | } | | 1701 | } |
1702 | | | 1702 | |
1703 | /* check if the signing key has expired */ | | 1703 | /* check if the signing key has expired */ |
1704 | static int | | 1704 | static int |
1705 | key_expired(pgpv_pubkey_t *pubkey, char *buf, size_t size) | | 1705 | key_expired(pgpv_pubkey_t *pubkey, char *buf, size_t size) |
1706 | { | | 1706 | { |
1707 | time_t now; | | 1707 | time_t now; |
1708 | time_t t; | | 1708 | time_t t; |
1709 | size_t cc; | | 1709 | size_t cc; |
1710 | | | 1710 | |
1711 | now = time(NULL); | | 1711 | now = time(NULL); |
1712 | cc = 0; | | 1712 | cc = 0; |
1713 | if (pubkey->expiry != 0) { | | 1713 | if (pubkey->expiry != 0) { |
1714 | if ((t = pubkey->birth + pubkey->expiry) < now) { | | 1714 | if ((t = pubkey->birth + pubkey->expiry) < now) { |
1715 | TIME_SNPRINTF(cc, buf, size, "Pubkey expired on %.24s\n", t); | | 1715 | TIME_SNPRINTF(cc, buf, size, "Pubkey expired on %.24s\n", t); |
1716 | return (int)cc; | | 1716 | return (int)cc; |
1717 | } | | 1717 | } |
1718 | } | | 1718 | } |
1719 | if (now < pubkey->birth) { | | 1719 | if (now < pubkey->birth) { |
1720 | TIME_SNPRINTF(cc, buf, size, "Pubkey not valid before %.24s\n", pubkey->birth); | | 1720 | TIME_SNPRINTF(cc, buf, size, "Pubkey not valid before %.24s\n", pubkey->birth); |
1721 | return (int)cc; | | 1721 | return (int)cc; |
1722 | } | | 1722 | } |
1723 | return 0; | | 1723 | return 0; |
1724 | } | | 1724 | } |
1725 | | | 1725 | |
1726 | /* find the leading onepass packet */ | | 1726 | /* find the leading onepass packet */ |
1727 | static size_t | | 1727 | static size_t |
1728 | find_onepass(pgpv_cursor_t *cursor, size_t datastart) | | 1728 | find_onepass(pgpv_cursor_t *cursor, size_t datastart) |
1729 | { | | 1729 | { |
1730 | size_t pkt; | | 1730 | size_t pkt; |
1731 | | | 1731 | |
1732 | for (pkt = datastart ; pkt < ARRAY_COUNT(cursor->pgp->pkts) ; pkt++) { | | 1732 | for (pkt = datastart ; pkt < ARRAY_COUNT(cursor->pgp->pkts) ; pkt++) { |
1733 | if (ARRAY_ELEMENT(cursor->pgp->pkts, pkt).tag == ONEPASS_SIGNATURE_PKT) { | | 1733 | if (ARRAY_ELEMENT(cursor->pgp->pkts, pkt).tag == ONEPASS_SIGNATURE_PKT) { |
1734 | return pkt + 1; | | 1734 | return pkt + 1; |
1735 | } | | 1735 | } |
1736 | } | | 1736 | } |
1737 | snprintf(cursor->why, sizeof(cursor->why), "No signature to verify"); | | 1737 | snprintf(cursor->why, sizeof(cursor->why), "No signature to verify"); |
1738 | return 0; | | 1738 | return 0; |
1739 | } | | 1739 | } |
1740 | | | 1740 | |
1741 | static const char *armor_begins[] = { | | 1741 | static const char *armor_begins[] = { |
1742 | "-----BEGIN PGP SIGNED MESSAGE-----\n", | | 1742 | "-----BEGIN PGP SIGNED MESSAGE-----\n", |
1743 | "-----BEGIN PGP MESSAGE-----\n", | | 1743 | "-----BEGIN PGP MESSAGE-----\n", |
1744 | NULL | | 1744 | NULL |
1745 | }; | | 1745 | }; |
1746 | | | 1746 | |
1747 | /* return non-zero if the buf introduces an armored message */ | | 1747 | /* return non-zero if the buf introduces an armored message */ |
1748 | static int | | 1748 | static int |
1749 | is_armored(const char *buf, size_t size) | | 1749 | is_armored(const char *buf, size_t size) |
1750 | { | | 1750 | { |
1751 | const char **arm; | | 1751 | const char **arm; |
1752 | const char *nl; | | 1752 | const char *nl; |
1753 | size_t n; | | 1753 | size_t n; |
1754 | | | 1754 | |
1755 | if ((nl = memchr(buf, '\n', size)) == NULL) { | | 1755 | if ((nl = memchr(buf, '\n', size)) == NULL) { |
1756 | return 0; | | 1756 | return 0; |
1757 | } | | 1757 | } |
1758 | n = (size_t)(nl - buf); | | 1758 | n = (size_t)(nl - buf); |
1759 | for (arm = armor_begins ; *arm ; arm++) { | | 1759 | for (arm = armor_begins ; *arm ; arm++) { |
1760 | if (strncmp(buf, *arm, n) == 0) { | | 1760 | if (strncmp(buf, *arm, n) == 0) { |
1761 | return 1; | | 1761 | return 1; |
1762 | } | | 1762 | } |
1763 | } | | 1763 | } |
1764 | return 0; | | 1764 | return 0; |
1765 | } | | 1765 | } |
1766 | | | 1766 | |
1767 | #define SIGSTART "-----BEGIN PGP SIGNATURE-----\n" | | 1767 | #define SIGSTART "-----BEGIN PGP SIGNATURE-----\n" |
1768 | #define SIGEND "-----END PGP SIGNATURE-----\n" | | 1768 | #define SIGEND "-----END PGP SIGNATURE-----\n" |
1769 | | | 1769 | |
1770 | /* for ascii armor, we don't get a onepass packet - make one */ | | 1770 | /* for ascii armor, we don't get a onepass packet - make one */ |
1771 | static const char *cons_onepass = "\304\015\003\0\0\0\0\377\377\377\377\377\377\377\377\1"; | | 1771 | static const char *cons_onepass = "\304\015\003\0\0\0\0\377\377\377\377\377\377\377\377\1"; |
1772 | | | 1772 | |
1773 | /* read ascii armor */ | | 1773 | /* read ascii armor */ |
1774 | static int | | 1774 | static int |
1775 | read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename) | | 1775 | read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename) |
1776 | { | | 1776 | { |
1777 | pgpv_onepass_t *onepass; | | 1777 | pgpv_onepass_t *onepass; |
1778 | pgpv_sigpkt_t *sigpkt; | | 1778 | pgpv_sigpkt_t *sigpkt; |
1779 | pgpv_pkt_t litdata; | | 1779 | pgpv_pkt_t litdata; |
1780 | uint8_t binsig[8192]; | | 1780 | uint8_t binsig[8192]; |
1781 | uint8_t *datastart; | | 1781 | uint8_t *datastart; |
1782 | uint8_t *sigend; | | 1782 | uint8_t *sigend; |
1783 | uint8_t *p; | | 1783 | uint8_t *p; |
1784 | size_t binsigsize; | | 1784 | size_t binsigsize; |
1785 | | | 1785 | |
1786 | /* cons up litdata pkt */ | | 1786 | /* cons up litdata pkt */ |
1787 | memset(&litdata, 0x0, sizeof(litdata)); | | 1787 | memset(&litdata, 0x0, sizeof(litdata)); |
1788 | litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; | | 1788 | litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; |
1789 | p = mem->mem; | | 1789 | p = mem->mem; |
1790 | /* jump over signed message line */ | | 1790 | /* jump over signed message line */ |
1791 | if ((p = memmem(mem->mem, mem->size, "\n\n", 2)) == NULL) { | | 1791 | if ((p = memmem(mem->mem, mem->size, "\n\n", 2)) == NULL) { |
1792 | snprintf(cursor->why, sizeof(cursor->why), "malformed armor at offset 0"); | | 1792 | snprintf(cursor->why, sizeof(cursor->why), "malformed armor at offset 0"); |
1793 | return 0; | | 1793 | return 0; |
1794 | } | | 1794 | } |
1795 | p += 2; | | 1795 | p += 2; |
1796 | litdata.tag = LITDATA_PKT; | | 1796 | litdata.tag = LITDATA_PKT; |
1797 | litdata.s.data = p; | | 1797 | litdata.s.data = p; |
1798 | litdata.u.litdata.offset = (size_t)(p - mem->mem); | | 1798 | litdata.u.litdata.offset = (size_t)(p - mem->mem); |
1799 | litdata.u.litdata.filename = (uint8_t *)strdup(filename); | | 1799 | litdata.u.litdata.filename = (uint8_t *)strdup(filename); |
1800 | if ((p = memmem(datastart = p, mem->size - litdata.offset, SIGSTART, strlen(SIGSTART))) == NULL) { | | 1800 | if ((p = memmem(datastart = p, mem->size - litdata.offset, SIGSTART, strlen(SIGSTART))) == NULL) { |
1801 | snprintf(cursor->why, sizeof(cursor->why), | | 1801 | snprintf(cursor->why, sizeof(cursor->why), |
1802 | "malformed armor - no sig - at %zu", (size_t)(p - mem->mem)); | | 1802 | "malformed armor - no sig - at %zu", (size_t)(p - mem->mem)); |
1803 | return 0; | | 1803 | return 0; |
1804 | } | | 1804 | } |
1805 | litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart); | | 1805 | litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart); |
1806 | p += strlen(SIGSTART); | | 1806 | p += strlen(SIGSTART); |
1807 | if ((p = memmem(p, mem->size, "\n\n", 2)) == NULL) { | | 1807 | if ((p = memmem(p, mem->size, "\n\n", 2)) == NULL) { |
1808 | snprintf(cursor->why, sizeof(cursor->why), | | 1808 | snprintf(cursor->why, sizeof(cursor->why), |
1809 | "malformed armed signature at %zu", (size_t)(p - mem->mem)); | | 1809 | "malformed armed signature at %zu", (size_t)(p - mem->mem)); |
1810 | return 0; | | 1810 | return 0; |
1811 | } | | 1811 | } |
1812 | p += 2; | | 1812 | p += 2; |
1813 | sigend = memmem(p, mem->size, SIGEND, strlen(SIGEND)); | | 1813 | sigend = memmem(p, mem->size, SIGEND, strlen(SIGEND)); |
1814 | binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig)); | | 1814 | binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig)); |
1815 | | | 1815 | |
1816 | read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); | | 1816 | read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); |
1817 | ARRAY_APPEND(cursor->pgp->pkts, litdata); | | 1817 | ARRAY_APPEND(cursor->pgp->pkts, litdata); |
1818 | read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3); | | 1818 | read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3); |
1819 | /* XXX - hardwired - 3 is format and length */ | | 1819 | /* XXX - hardwired - 3 is format and length */ |
1820 | | | 1820 | |
1821 | /* fix up packets in the packet array now we have them there */ | | 1821 | /* fix up packets in the packet array now we have them there */ |
1822 | onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, ARRAY_COUNT(cursor->pgp->pkts) - 1 - 2).u.onepass; | | 1822 | onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, ARRAY_COUNT(cursor->pgp->pkts) - 1 - 2).u.onepass; |
1823 | sigpkt = &ARRAY_LAST(cursor->pgp->pkts).u.sigpkt; | | 1823 | sigpkt = &ARRAY_LAST(cursor->pgp->pkts).u.sigpkt; |
1824 | memcpy(onepass->keyid, sigpkt->sig.signer, sizeof(onepass->keyid)); | | 1824 | memcpy(onepass->keyid, sigpkt->sig.signer, sizeof(onepass->keyid)); |
1825 | onepass->hashalg = sigpkt->sig.hashalg; | | 1825 | onepass->hashalg = sigpkt->sig.hashalg; |
1826 | onepass->keyalg = sigpkt->sig.keyalg; | | 1826 | onepass->keyalg = sigpkt->sig.keyalg; |
1827 | return 1; | | 1827 | return 1; |
1828 | } | | 1828 | } |
1829 | | | 1829 | |
1830 | /* read ascii armor from a file */ | | 1830 | /* read ascii armor from a file */ |
1831 | static int | | 1831 | static int |
1832 | read_ascii_armor_file(pgpv_cursor_t *cursor, const char *filename) | | 1832 | read_ascii_armor_file(pgpv_cursor_t *cursor, const char *filename) |
1833 | { | | 1833 | { |
1834 | /* cons up litdata pkt */ | | 1834 | /* cons up litdata pkt */ |
1835 | read_file(cursor->pgp, filename); | | 1835 | read_file(cursor->pgp, filename); |
1836 | return read_ascii_armor(cursor, &ARRAY_LAST(cursor->pgp->areas), filename); | | 1836 | return read_ascii_armor(cursor, &ARRAY_LAST(cursor->pgp->areas), filename); |
1837 | } | | 1837 | } |
1838 | | | 1838 | |
1839 | /* read ascii armor from memory */ | | 1839 | /* read ascii armor from memory */ |
1840 | static int | | 1840 | static int |
1841 | read_ascii_armor_memory(pgpv_cursor_t *cursor, const void *p, size_t size) | | 1841 | read_ascii_armor_memory(pgpv_cursor_t *cursor, const void *p, size_t size) |
1842 | { | | 1842 | { |
1843 | pgpv_mem_t *mem; | | 1843 | pgpv_mem_t *mem; |
1844 | | | 1844 | |
1845 | /* cons up litdata pkt */ | | 1845 | /* cons up litdata pkt */ |
1846 | ARRAY_EXPAND(cursor->pgp->areas); | | 1846 | ARRAY_EXPAND(cursor->pgp->areas); |
1847 | ARRAY_COUNT(cursor->pgp->areas) += 1; | | 1847 | ARRAY_COUNT(cursor->pgp->areas) += 1; |
1848 | mem = &ARRAY_LAST(cursor->pgp->areas); | | 1848 | mem = &ARRAY_LAST(cursor->pgp->areas); |
1849 | memset(mem, 0x0, sizeof(*mem)); | | 1849 | memset(mem, 0x0, sizeof(*mem)); |
1850 | mem->size = size; | | 1850 | mem->size = size; |
1851 | mem->mem = __UNCONST(p); | | 1851 | mem->mem = __UNCONST(p); |
1852 | mem->dealloc = 0; | | 1852 | mem->dealloc = 0; |
1853 | return read_ascii_armor(cursor, mem, "[stdin]"); | | 1853 | return read_ascii_armor(cursor, mem, "[stdin]"); |
1854 | } | | 1854 | } |
1855 | | | 1855 | |
1856 | /* set up the data to verify */ | | 1856 | /* set up the data to verify */ |
1857 | static int | | 1857 | static int |
1858 | setup_data(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) | | 1858 | setup_data(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) |
1859 | { | | 1859 | { |
1860 | FILE *fp; | | 1860 | FILE *fp; |
1861 | char buf[BUFSIZ]; | | 1861 | char buf[BUFSIZ]; |
1862 | | | 1862 | |
1863 | if (cursor == NULL || pgp == NULL || p == NULL) { | | 1863 | if (cursor == NULL || pgp == NULL || p == NULL) { |
1864 | return 0; | | 1864 | return 0; |
1865 | } | | 1865 | } |
1866 | memset(cursor, 0x0, sizeof(*cursor)); | | 1866 | memset(cursor, 0x0, sizeof(*cursor)); |
1867 | ARRAY_APPEND(pgp->datastarts, pgp->pkt); | | 1867 | ARRAY_APPEND(pgp->datastarts, pgp->pkt); |
1868 | cursor->pgp = pgp; | | 1868 | cursor->pgp = pgp; |
1869 | if (size < 0) { | | 1869 | if (size < 0) { |
1870 | /* we have a file name in p */ | | 1870 | /* we have a file name in p */ |
1871 | if ((fp = fopen(p, "r")) == NULL) { | | 1871 | if ((fp = fopen(p, "r")) == NULL) { |
1872 | snprintf(cursor->why, sizeof(cursor->why), "No such file '%s'", (const char *)p); | | 1872 | snprintf(cursor->why, sizeof(cursor->why), "No such file '%s'", (const char *)p); |
1873 | return 0; | | 1873 | return 0; |
1874 | } | | 1874 | } |
1875 | if (fgets(buf, (int)sizeof(buf), fp) == NULL) { | | 1875 | if (fgets(buf, (int)sizeof(buf), fp) == NULL) { |
1876 | fclose(fp); | | 1876 | fclose(fp); |
1877 | snprintf(cursor->why, sizeof(cursor->why), "can't read file '%s'", (const char *)p); | | 1877 | snprintf(cursor->why, sizeof(cursor->why), "can't read file '%s'", (const char *)p); |
1878 | return 0; | | 1878 | return 0; |
1879 | } | | 1879 | } |
1880 | if (is_armored(buf, sizeof(buf))) { | | 1880 | if (is_armored(buf, sizeof(buf))) { |
1881 | read_ascii_armor_file(cursor, p); | | 1881 | read_ascii_armor_file(cursor, p); |
1882 | } else { | | 1882 | } else { |
1883 | read_binary_file(pgp, "signature", "%s", p); | | 1883 | read_binary_file(pgp, "signature", "%s", (const char *)p); |
1884 | } | | 1884 | } |
1885 | fclose(fp); | | 1885 | fclose(fp); |
1886 | } else { | | 1886 | } else { |
1887 | if (is_armored(p, (size_t)size)) { | | 1887 | if (is_armored(p, (size_t)size)) { |
1888 | read_ascii_armor_memory(cursor, p, (size_t)size); | | 1888 | read_ascii_armor_memory(cursor, p, (size_t)size); |
1889 | } else { | | 1889 | } else { |
1890 | read_binary_memory(pgp, "signature", p, (size_t)size); | | 1890 | read_binary_memory(pgp, "signature", p, (size_t)size); |
1891 | } | | 1891 | } |
1892 | } | | 1892 | } |
1893 | return 1; | | 1893 | return 1; |
1894 | } | | 1894 | } |
1895 | | | 1895 | |
1896 | /* get the data and size from litdata packet */ | | 1896 | /* get the data and size from litdata packet */ |
1897 | static uint8_t * | | 1897 | static uint8_t * |
1898 | get_literal_data(pgpv_cursor_t *cursor, pgpv_litdata_t *litdata, size_t *size) | | 1898 | get_literal_data(pgpv_cursor_t *cursor, pgpv_litdata_t *litdata, size_t *size) |
1899 | { | | 1899 | { |
1900 | pgpv_mem_t *mem; | | 1900 | pgpv_mem_t *mem; |
1901 | | | 1901 | |
1902 | if (litdata->s.data == NULL && litdata->s.size == 0) { | | 1902 | if (litdata->s.data == NULL && litdata->s.size == 0) { |
1903 | mem = &ARRAY_ELEMENT(cursor->pgp->areas, litdata->mem); | | 1903 | mem = &ARRAY_ELEMENT(cursor->pgp->areas, litdata->mem); |
1904 | *size = litdata->len; | | 1904 | *size = litdata->len; |
1905 | return &mem->mem[litdata->offset]; | | 1905 | return &mem->mem[litdata->offset]; |
1906 | } | | 1906 | } |
1907 | *size = litdata->s.size; | | 1907 | *size = litdata->s.size; |
1908 | return litdata->s.data; | | 1908 | return litdata->s.data; |
1909 | } | | 1909 | } |
1910 | | | 1910 | |
1911 | /* | | 1911 | /* |
1912 | RFC 4880 describes the structure of v4 keys as: | | 1912 | RFC 4880 describes the structure of v4 keys as: |
1913 | | | 1913 | |
1914 | Primary-Key | | 1914 | Primary-Key |
1915 | [Revocation Self Signature] | | 1915 | [Revocation Self Signature] |
1916 | [Direct Key Signature...] | | 1916 | [Direct Key Signature...] |
1917 | User ID [Signature ...] | | 1917 | User ID [Signature ...] |
1918 | [User ID [Signature ...] ...] | | 1918 | [User ID [Signature ...] ...] |
1919 | [User Attribute [Signature ...] ...] | | 1919 | [User Attribute [Signature ...] ...] |
1920 | [[Subkey [Binding-Signature-Revocation] | | 1920 | [[Subkey [Binding-Signature-Revocation] |
1921 | Primary-Key-Binding-Signature] ...] | | 1921 | Primary-Key-Binding-Signature] ...] |
1922 | | | 1922 | |
1923 | and that's implemented below as a recursive descent parser. | | 1923 | and that's implemented below as a recursive descent parser. |
1924 | It has had to be modified, though: see the comment | | 1924 | It has had to be modified, though: see the comment |
1925 | | | 1925 | |
1926 | some keys out there have user ids where they shouldn't | | 1926 | some keys out there have user ids where they shouldn't |
1927 | | | 1927 | |
1928 | to look like: | | 1928 | to look like: |
1929 | | | 1929 | |
1930 | Primary-Key | | 1930 | Primary-Key |
1931 | [Revocation Self Signature] | | 1931 | [Revocation Self Signature] |
1932 | [Direct Key Signature...] | | 1932 | [Direct Key Signature...] |
1933 | [User ID [Signature ...] | | 1933 | [User ID [Signature ...] |
1934 | [User ID [Signature ...] ...] | | 1934 | [User ID [Signature ...] ...] |
1935 | [User Attribute [Signature ...] ...] | | 1935 | [User Attribute [Signature ...] ...] |
1936 | [Subkey [Binding-Signature-Revocation] | | 1936 | [Subkey [Binding-Signature-Revocation] |
1937 | Primary-Key-Binding-Signature] ...] | | 1937 | Primary-Key-Binding-Signature] ...] |
1938 | | | 1938 | |
1939 | to accommodate keyrings set up by gpg | | 1939 | to accommodate keyrings set up by gpg |
1940 | */ | | 1940 | */ |
1941 | | | 1941 | |
1942 | /* recognise a primary key */ | | 1942 | /* recognise a primary key */ |
1943 | static int | | 1943 | static int |
1944 | recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary) | | 1944 | recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary) |
1945 | { | | 1945 | { |
1946 | pgpv_signed_userattr_t userattr; | | 1946 | pgpv_signed_userattr_t userattr; |
1947 | pgpv_signed_userid_t userid; | | 1947 | pgpv_signed_userid_t userid; |
1948 | pgpv_signed_subkey_t subkey; | | 1948 | pgpv_signed_subkey_t subkey; |
1949 | pgpv_signature_t signature; | | 1949 | pgpv_signature_t signature; |
1950 | pgpv_pkt_t *pkt; | | 1950 | pgpv_pkt_t *pkt; |
1951 | | | 1951 | |
1952 | pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); | | 1952 | pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); |
1953 | memset(primary, 0x0, sizeof(*primary)); | | 1953 | memset(primary, 0x0, sizeof(*primary)); |
1954 | read_pubkey(&primary->primary, pkt->s.data, pkt->s.size, 0); | | 1954 | read_pubkey(&primary->primary, pkt->s.data, pkt->s.size, 0); |
1955 | pgp->pkt += 1; | | 1955 | pgp->pkt += 1; |
1956 | if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION)) { | | 1956 | if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION)) { |
1957 | if (!recog_signature(pgp, &primary->revoc_self_sig)) { | | 1957 | if (!recog_signature(pgp, &primary->revoc_self_sig)) { |
1958 | printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n"); | | 1958 | printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n"); |
1959 | return 0; | | 1959 | return 0; |
1960 | } | | 1960 | } |
1961 | } | | 1961 | } |
1962 | while (pkt_sigtype_is(pgp, SIGTYPE_DIRECT_KEY)) { | | 1962 | while (pkt_sigtype_is(pgp, SIGTYPE_DIRECT_KEY)) { |
1963 | if (!recog_signature(pgp, &signature)) { | | 1963 | if (!recog_signature(pgp, &signature)) { |
1964 | printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n"); | | 1964 | printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n"); |
1965 | return 0; | | 1965 | return 0; |
1966 | } | | 1966 | } |
1967 | if (signature.keyexpiry) { | | 1967 | if (signature.keyexpiry) { |
1968 | /* XXX - check it's a good key expiry */ | | 1968 | /* XXX - check it's a good key expiry */ |
1969 | primary->primary.expiry = signature.keyexpiry; | | 1969 | primary->primary.expiry = signature.keyexpiry; |
1970 | } | | 1970 | } |
1971 | ARRAY_APPEND(primary->direct_sigs, signature); | | 1971 | ARRAY_APPEND(primary->direct_sigs, signature); |
1972 | } | | 1972 | } |
1973 | /* some keys out there have user ids where they shouldn't */ | | 1973 | /* some keys out there have user ids where they shouldn't */ |
1974 | do { | | 1974 | do { |
1975 | if (!recog_userid(pgp, &userid)) { | | 1975 | if (!recog_userid(pgp, &userid)) { |
1976 | printf("recog_primary_key: not userid\n"); | | 1976 | printf("recog_primary_key: not userid\n"); |
1977 | return 0; | | 1977 | return 0; |
1978 | } | | 1978 | } |
1979 | ARRAY_APPEND(primary->signed_userids, userid); | | 1979 | ARRAY_APPEND(primary->signed_userids, userid); |
1980 | if (userid.primary_userid) { | | 1980 | if (userid.primary_userid) { |
1981 | primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; | | 1981 | primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; |
1982 | } | | 1982 | } |
1983 | while (pkt_is(pgp, USERID_PKT)) { | | 1983 | while (pkt_is(pgp, USERID_PKT)) { |
1984 | if (!recog_userid(pgp, &userid)) { | | 1984 | if (!recog_userid(pgp, &userid)) { |
1985 | printf("recog_primary_key: not signed secondary userid\n"); | | 1985 | printf("recog_primary_key: not signed secondary userid\n"); |
1986 | return 0; | | 1986 | return 0; |
1987 | } | | 1987 | } |
1988 | ARRAY_APPEND(primary->signed_userids, userid); | | 1988 | ARRAY_APPEND(primary->signed_userids, userid); |
1989 | if (userid.primary_userid) { | | 1989 | if (userid.primary_userid) { |
1990 | primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; | | 1990 | primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; |
1991 | } | | 1991 | } |
1992 | } | | 1992 | } |
1993 | while (pkt_is(pgp, USER_ATTRIBUTE_PKT)) { | | 1993 | while (pkt_is(pgp, USER_ATTRIBUTE_PKT)) { |
1994 | if (!recog_userattr(pgp, &userattr)) { | | 1994 | if (!recog_userattr(pgp, &userattr)) { |
1995 | printf("recog_primary_key: not signed user attribute\n"); | | 1995 | printf("recog_primary_key: not signed user attribute\n"); |
1996 | return 0; | | 1996 | return 0; |
1997 | } | | 1997 | } |
1998 | ARRAY_APPEND(primary->signed_userattrs, userattr); | | 1998 | ARRAY_APPEND(primary->signed_userattrs, userattr); |
1999 | } | | 1999 | } |
2000 | while (pkt_is(pgp, PUB_SUBKEY_PKT)) { | | 2000 | while (pkt_is(pgp, PUB_SUBKEY_PKT)) { |
2001 | if (!recog_subkey(pgp, &subkey)) { | | 2001 | if (!recog_subkey(pgp, &subkey)) { |
2002 | printf("recog_primary_key: not signed public subkey\n"); | | 2002 | printf("recog_primary_key: not signed public subkey\n"); |
2003 | return 0; | | 2003 | return 0; |
2004 | } | | 2004 | } |
2005 | pgpv_calc_keyid(&subkey.subkey); | | 2005 | pgpv_calc_keyid(&subkey.subkey); |
2006 | ARRAY_APPEND(primary->signed_subkeys, subkey); | | 2006 | ARRAY_APPEND(primary->signed_subkeys, subkey); |
2007 | } | | 2007 | } |
2008 | } while (pgp->pkt < ARRAY_COUNT(pgp->pkts) && pkt_is(pgp, USERID_PKT)); | | 2008 | } while (pgp->pkt < ARRAY_COUNT(pgp->pkts) && pkt_is(pgp, USERID_PKT)); |
2009 | primary->fmtsize = estimate_primarykey_size(primary); | | 2009 | primary->fmtsize = estimate_primarykey_size(primary); |
2010 | return 1; | | 2010 | return 1; |
2011 | } | | 2011 | } |
2012 | | | 2012 | |
2013 | /* parse all of the packets for a given operation */ | | 2013 | /* parse all of the packets for a given operation */ |
2014 | static int | | 2014 | static int |
2015 | read_all_packets(pgpv_t *pgp, pgpv_mem_t *mem, const char *op) | | 2015 | read_all_packets(pgpv_t *pgp, pgpv_mem_t *mem, const char *op) |
2016 | { | | 2016 | { |
2017 | pgpv_primarykey_t primary; | | 2017 | pgpv_primarykey_t primary; |
2018 | | | 2018 | |
2019 | if (op == NULL) { | | 2019 | if (op == NULL) { |
2020 | return 0; | | 2020 | return 0; |
2021 | } | | 2021 | } |
2022 | if (strcmp(pgp->op = op, "pubring") == 0) { | | 2022 | if (strcmp(pgp->op = op, "pubring") == 0) { |
2023 | mem->allowed = PUBRING_ALLOWED; | | 2023 | mem->allowed = PUBRING_ALLOWED; |
2024 | /* pubrings have thousands of small packets */ | | 2024 | /* pubrings have thousands of small packets */ |
2025 | ARRAY_EXPAND_SIZED(pgp->pkts, 0, 5000); | | 2025 | ARRAY_EXPAND_SIZED(pgp->pkts, 0, 5000); |
2026 | } else if (strcmp(op, "signature") == 0) { | | 2026 | } else if (strcmp(op, "signature") == 0) { |
2027 | mem->allowed = SIGNATURE_ALLOWED; | | 2027 | mem->allowed = SIGNATURE_ALLOWED; |
2028 | } else { | | 2028 | } else { |
2029 | mem->allowed = ""; | | 2029 | mem->allowed = ""; |
2030 | } | | 2030 | } |
2031 | for (mem->cc = 0; mem->cc < mem->size ; ) { | | 2031 | for (mem->cc = 0; mem->cc < mem->size ; ) { |
2032 | if (!read_pkt(pgp, mem)) { | | 2032 | if (!read_pkt(pgp, mem)) { |
2033 | return 0; | | 2033 | return 0; |
2034 | } | | 2034 | } |
2035 | } | | 2035 | } |
2036 | if (strcmp(op, "pubring") == 0) { | | 2036 | if (strcmp(op, "pubring") == 0) { |
2037 | for (pgp->pkt = 0; pgp->pkt < ARRAY_COUNT(pgp->pkts) && recog_primary_key(pgp, &primary) ; ) { | | 2037 | for (pgp->pkt = 0; pgp->pkt < ARRAY_COUNT(pgp->pkts) && recog_primary_key(pgp, &primary) ; ) { |
2038 | pgpv_calc_keyid(&primary.primary); | | 2038 | pgpv_calc_keyid(&primary.primary); |
2039 | ARRAY_APPEND(pgp->primaries, primary); | | 2039 | ARRAY_APPEND(pgp->primaries, primary); |
2040 | } | | 2040 | } |
2041 | if (pgp->pkt < ARRAY_COUNT(pgp->pkts)) { | | 2041 | if (pgp->pkt < ARRAY_COUNT(pgp->pkts)) { |
2042 | printf("short pubring recognition???\n"); | | 2042 | printf("short pubring recognition???\n"); |
2043 | } | | 2043 | } |
2044 | } | | 2044 | } |
2045 | pgp->pkt = ARRAY_COUNT(pgp->pkts); | | 2045 | pgp->pkt = ARRAY_COUNT(pgp->pkts); |
2046 | return 1; | | 2046 | return 1; |
2047 | } | | 2047 | } |
2048 | | | 2048 | |
2049 | /* create a filename, read it, and then parse according to "op" */ | | 2049 | /* create a filename, read it, and then parse according to "op" */ |
2050 | static int | | 2050 | static int |
2051 | read_binary_file(pgpv_t *pgp, const char *op, const char *fmt, ...) | | 2051 | read_binary_file(pgpv_t *pgp, const char *op, const char *fmt, ...) |
2052 | { | | 2052 | { |
2053 | va_list args; | | 2053 | va_list args; |
2054 | char buf[1024]; | | 2054 | char buf[1024]; |
2055 | | | 2055 | |
2056 | va_start(args, fmt); | | 2056 | va_start(args, fmt); |
2057 | vsnprintf(buf, sizeof(buf), fmt, args); | | 2057 | vsnprintf(buf, sizeof(buf), fmt, args); |
2058 | va_end(args); | | 2058 | va_end(args); |
2059 | if (!read_file(pgp, buf)) { | | 2059 | if (!read_file(pgp, buf)) { |
2060 | return 0; | | 2060 | return 0; |
2061 | } | | 2061 | } |
2062 | return read_all_packets(pgp, &ARRAY_LAST(pgp->areas), op); | | 2062 | return read_all_packets(pgp, &ARRAY_LAST(pgp->areas), op); |
2063 | } | | 2063 | } |
2064 | | | 2064 | |
2065 | /* parse memory according to "op" */ | | 2065 | /* parse memory according to "op" */ |
2066 | static int | | 2066 | static int |
2067 | read_binary_memory(pgpv_t *pgp, const char *op, const void *memory, size_t size) | | 2067 | read_binary_memory(pgpv_t *pgp, const char *op, const void *memory, size_t size) |
2068 | { | | 2068 | { |
2069 | pgpv_mem_t *mem; | | 2069 | pgpv_mem_t *mem; |
2070 | | | 2070 | |
2071 | ARRAY_EXPAND(pgp->areas); | | 2071 | ARRAY_EXPAND(pgp->areas); |
2072 | ARRAY_COUNT(pgp->areas) += 1; | | 2072 | ARRAY_COUNT(pgp->areas) += 1; |
2073 | mem = &ARRAY_LAST(pgp->areas); | | 2073 | mem = &ARRAY_LAST(pgp->areas); |
2074 | memset(mem, 0x0, sizeof(*mem)); | | 2074 | memset(mem, 0x0, sizeof(*mem)); |
2075 | mem->size = size; | | 2075 | mem->size = size; |
2076 | mem->mem = __UNCONST(memory); | | 2076 | mem->mem = __UNCONST(memory); |
2077 | mem->dealloc = 0; | | 2077 | mem->dealloc = 0; |
2078 | return read_all_packets(pgp, mem, op); | | 2078 | return read_all_packets(pgp, mem, op); |
2079 | } | | 2079 | } |
2080 | | | 2080 | |
2081 | /* fixup the detached signature packets */ | | 2081 | /* fixup the detached signature packets */ |
2082 | static int | | 2082 | static int |
2083 | fixup_detached(pgpv_cursor_t *cursor, const char *f) | | 2083 | fixup_detached(pgpv_cursor_t *cursor, const char *f) |
2084 | { | | 2084 | { |
2085 | pgpv_onepass_t *onepass; | | 2085 | pgpv_onepass_t *onepass; |
2086 | const char *dot; | | 2086 | const char *dot; |
2087 | pgpv_pkt_t sigpkt; | | 2087 | pgpv_pkt_t sigpkt; |
2088 | pgpv_pkt_t litdata; | | 2088 | pgpv_pkt_t litdata; |
2089 | pgpv_mem_t *mem; | | 2089 | pgpv_mem_t *mem; |
2090 | size_t el; | | 2090 | size_t el; |
2091 | char original[MAXPATHLEN]; | | 2091 | char original[MAXPATHLEN]; |
2092 | | | 2092 | |
2093 | /* cons up litdata pkt */ | | 2093 | /* cons up litdata pkt */ |
2094 | if ((dot = strrchr(f, '.')) == NULL || strcasecmp(dot, ".sig") != 0) { | | 2094 | if ((dot = strrchr(f, '.')) == NULL || strcasecmp(dot, ".sig") != 0) { |
2095 | printf("weird filename '%s'\n", f); | | 2095 | printf("weird filename '%s'\n", f); |
2096 | return 0; | | 2096 | return 0; |
2097 | } | | 2097 | } |
2098 | /* hold sigpkt in a temp var while we insert onepass and litdata */ | | 2098 | /* hold sigpkt in a temp var while we insert onepass and litdata */ |
2099 | el = ARRAY_COUNT(cursor->pgp->pkts) - 1; | | 2099 | el = ARRAY_COUNT(cursor->pgp->pkts) - 1; |
2100 | sigpkt = ARRAY_ELEMENT(cursor->pgp->pkts, el); | | 2100 | sigpkt = ARRAY_ELEMENT(cursor->pgp->pkts, el); |
2101 | ARRAY_DELETE(cursor->pgp->pkts, el); | | 2101 | ARRAY_DELETE(cursor->pgp->pkts, el); |
2102 | ARRAY_EXPAND(cursor->pgp->pkts); | | 2102 | ARRAY_EXPAND(cursor->pgp->pkts); |
2103 | /* get onepass packet, append to packets */ | | 2103 | /* get onepass packet, append to packets */ |
2104 | read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); | | 2104 | read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); |
2105 | onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, el).u.onepass; | | 2105 | onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, el).u.onepass; |
2106 | /* read the original file into litdata */ | | 2106 | /* read the original file into litdata */ |
2107 | snprintf(original, sizeof(original), "%.*s", (int)(dot - f), f); | | 2107 | snprintf(original, sizeof(original), "%.*s", (int)(dot - f), f); |
2108 | if (!read_file(cursor->pgp, original)) { | | 2108 | if (!read_file(cursor->pgp, original)) { |
2109 | printf("can't read file '%s'\n", original); | | 2109 | printf("can't read file '%s'\n", original); |
2110 | return 0; | | 2110 | return 0; |
2111 | } | | 2111 | } |
2112 | memset(&litdata, 0x0, sizeof(litdata)); | | 2112 | memset(&litdata, 0x0, sizeof(litdata)); |
2113 | mem = &ARRAY_LAST(cursor->pgp->areas); | | 2113 | mem = &ARRAY_LAST(cursor->pgp->areas); |
2114 | litdata.tag = LITDATA_PKT; | | 2114 | litdata.tag = LITDATA_PKT; |
2115 | litdata.s.data = mem->mem; | | 2115 | litdata.s.data = mem->mem; |
2116 | litdata.u.litdata.format = LITDATA_BINARY; | | 2116 | litdata.u.litdata.format = LITDATA_BINARY; |
2117 | litdata.u.litdata.offset = 0; | | 2117 | litdata.u.litdata.offset = 0; |
2118 | litdata.u.litdata.filename = (uint8_t *)strdup(original); | | 2118 | litdata.u.litdata.filename = (uint8_t *)strdup(original); |
2119 | litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; | | 2119 | litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; |
2120 | litdata.u.litdata.len = litdata.s.size = mem->size; | | 2120 | litdata.u.litdata.len = litdata.s.size = mem->size; |
2121 | ARRAY_APPEND(cursor->pgp->pkts, litdata); | | 2121 | ARRAY_APPEND(cursor->pgp->pkts, litdata); |
2122 | ARRAY_APPEND(cursor->pgp->pkts, sigpkt); | | 2122 | ARRAY_APPEND(cursor->pgp->pkts, sigpkt); |
2123 | memcpy(onepass->keyid, sigpkt.u.sigpkt.sig.signer, sizeof(onepass->keyid)); | | 2123 | memcpy(onepass->keyid, sigpkt.u.sigpkt.sig.signer, sizeof(onepass->keyid)); |
2124 | onepass->hashalg = sigpkt.u.sigpkt.sig.hashalg; | | 2124 | onepass->hashalg = sigpkt.u.sigpkt.sig.hashalg; |
2125 | onepass->keyalg = sigpkt.u.sigpkt.sig.keyalg; | | 2125 | onepass->keyalg = sigpkt.u.sigpkt.sig.keyalg; |
2126 | return 1; | | 2126 | return 1; |
2127 | } | | 2127 | } |
2128 | | | 2128 | |
2129 | /* match the calculated signature against the oen in the signature packet */ | | 2129 | /* match the calculated signature against the oen in the signature packet */ |
2130 | static int | | 2130 | static int |
2131 | match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size) | | 2131 | match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size) |
2132 | { | | 2132 | { |
2133 | unsigned calclen; | | 2133 | unsigned calclen; |
2134 | uint8_t calculated[64]; | | 2134 | uint8_t calculated[64]; |
2135 | int match; | | 2135 | int match; |
2136 | | | 2136 | |
2137 | calclen = pgpv_digest_memory(calculated, sizeof(calculated), | | 2137 | calclen = pgpv_digest_memory(calculated, sizeof(calculated), |
2138 | data, size, | | 2138 | data, size, |
2139 | get_ref(&signature->hashstart), signature->hashlen, | | 2139 | get_ref(&signature->hashstart), signature->hashlen, |
2140 | (signature->type == SIGTYPE_TEXT) ? 't' : 'b'); | | 2140 | (signature->type == SIGTYPE_TEXT) ? 't' : 'b'); |
2141 | if (ALG_IS_RSA(signature->keyalg)) { | | 2141 | if (ALG_IS_RSA(signature->keyalg)) { |
2142 | match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); | | 2142 | match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); |
2143 | } else if (ALG_IS_DSA(signature->keyalg)) { | | 2143 | } else if (ALG_IS_DSA(signature->keyalg)) { |
2144 | match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); | | 2144 | match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); |
2145 | } else { | | 2145 | } else { |
2146 | snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg); | | 2146 | snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg); |
2147 | return 0; | | 2147 | return 0; |
2148 | } | | 2148 | } |
2149 | if (!match && signature->type == SIGTYPE_TEXT) { | | 2149 | if (!match && signature->type == SIGTYPE_TEXT) { |
2150 | /* second try for cleartext data, ignoring trailing whitespace */ | | 2150 | /* second try for cleartext data, ignoring trailing whitespace */ |
2151 | calclen = pgpv_digest_memory(calculated, sizeof(calculated), | | 2151 | calclen = pgpv_digest_memory(calculated, sizeof(calculated), |
2152 | data, size, | | 2152 | data, size, |
2153 | get_ref(&signature->hashstart), signature->hashlen, 'w'); | | 2153 | get_ref(&signature->hashstart), signature->hashlen, 'w'); |
2154 | if (ALG_IS_RSA(signature->keyalg)) { | | 2154 | if (ALG_IS_RSA(signature->keyalg)) { |
2155 | match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); | | 2155 | match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); |
2156 | } else if (ALG_IS_DSA(signature->keyalg)) { | | 2156 | } else if (ALG_IS_DSA(signature->keyalg)) { |
2157 | match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); | | 2157 | match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); |
2158 | } | | 2158 | } |
2159 | } | | 2159 | } |
2160 | if (!match) { | | 2160 | if (!match) { |
2161 | snprintf(cursor->why, sizeof(cursor->why), "Signature on data did not match"); | | 2161 | snprintf(cursor->why, sizeof(cursor->why), "Signature on data did not match"); |
2162 | return 0; | | 2162 | return 0; |
2163 | } | | 2163 | } |
2164 | if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) { | | 2164 | if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) { |
2165 | return 0; | | 2165 | return 0; |
2166 | } | | 2166 | } |
2167 | if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) { | | 2167 | if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) { |
2168 | return 0; | | 2168 | return 0; |
2169 | } | | 2169 | } |
2170 | if (signature->revoked) { | | 2170 | if (signature->revoked) { |
2171 | snprintf(cursor->why, sizeof(cursor->why), "Signature was revoked"); | | 2171 | snprintf(cursor->why, sizeof(cursor->why), "Signature was revoked"); |
2172 | return 0; | | 2172 | return 0; |
2173 | } | | 2173 | } |
2174 | return 1; | | 2174 | return 1; |
2175 | } | | 2175 | } |
2176 | | | 2176 | |
2177 | /* check return value from getenv */ | | 2177 | /* check return value from getenv */ |
2178 | static const char * | | 2178 | static const char * |
2179 | nonnull_getenv(const char *key) | | 2179 | nonnull_getenv(const char *key) |
2180 | { | | 2180 | { |
2181 | char *value; | | 2181 | char *value; |
2182 | | | 2182 | |
2183 | return ((value = getenv(key)) == NULL) ? "" : value; | | 2183 | return ((value = getenv(key)) == NULL) ? "" : value; |
2184 | } | | 2184 | } |
2185 | | | 2185 | |
2186 | /************************************************************************/ | | 2186 | /************************************************************************/ |
2187 | /* start of exported functions */ | | 2187 | /* start of exported functions */ |
2188 | /************************************************************************/ | | 2188 | /************************************************************************/ |
2189 | | | 2189 | |
2190 | /* close all stuff */ | | 2190 | /* close all stuff */ |
2191 | int | | 2191 | int |
2192 | pgpv_close(pgpv_t *pgp) | | 2192 | pgpv_close(pgpv_t *pgp) |
2193 | { | | 2193 | { |
2194 | unsigned i; | | 2194 | unsigned i; |
2195 | | | 2195 | |
2196 | if (pgp == NULL) { | | 2196 | if (pgp == NULL) { |
2197 | return 0; | | 2197 | return 0; |
2198 | } | | 2198 | } |
2199 | for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) { | | 2199 | for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) { |
2200 | if (ARRAY_ELEMENT(pgp->areas, i).size > 0) { | | 2200 | if (ARRAY_ELEMENT(pgp->areas, i).size > 0) { |
2201 | closemem(&ARRAY_ELEMENT(pgp->areas, i)); | | 2201 | closemem(&ARRAY_ELEMENT(pgp->areas, i)); |
2202 | } | | 2202 | } |
2203 | } | | 2203 | } |
2204 | return 1; | | 2204 | return 1; |
2205 | } | | 2205 | } |
2206 | | | 2206 | |
2207 | /* return the formatted entry for the primary key desired */ | | 2207 | /* return the formatted entry for the primary key desired */ |
2208 | size_t | | 2208 | size_t |
2209 | pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **ret) | | 2209 | pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **ret) |
2210 | { | | 2210 | { |
2211 | size_t cc; | | 2211 | size_t cc; |
2212 | | | 2212 | |
2213 | if (ret == NULL || pgp == NULL || ent >= ARRAY_COUNT(pgp->primaries)) { | | 2213 | if (ret == NULL || pgp == NULL || ent >= ARRAY_COUNT(pgp->primaries)) { |
2214 | return 0; | | 2214 | return 0; |
2215 | } | | 2215 | } |
2216 | *ret = NULL; | | 2216 | *ret = NULL; |
2217 | cc = ARRAY_ELEMENT(pgp->primaries, ent).fmtsize; | | 2217 | cc = ARRAY_ELEMENT(pgp->primaries, ent).fmtsize; |
2218 | if ((*ret = calloc(1, cc)) == NULL) { | | 2218 | if ((*ret = calloc(1, cc)) == NULL) { |
2219 | return 0; | | 2219 | return 0; |
2220 | } | | 2220 | } |
2221 | return fmt_primary(*ret, cc, &ARRAY_ELEMENT(pgp->primaries, ent)); | | 2221 | return fmt_primary(*ret, cc, &ARRAY_ELEMENT(pgp->primaries, ent)); |
2222 | } | | 2222 | } |
2223 | | | 2223 | |
2224 | /* find key id */ | | 2224 | /* find key id */ |
2225 | int | | 2225 | int |
2226 | pgpv_find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid) | | 2226 | pgpv_find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid) |
2227 | { | | 2227 | { |
2228 | unsigned i; | | 2228 | unsigned i; |
2229 | uint8_t binkeyid[PGPV_KEYID_LEN]; | | 2229 | uint8_t binkeyid[PGPV_KEYID_LEN]; |
2230 | size_t off; | | 2230 | size_t off; |
2231 | size_t cmp; | | 2231 | size_t cmp; |
2232 | | | 2232 | |
2233 | if (strkeyid == NULL && keyid == NULL) { | | 2233 | if (strkeyid == NULL && keyid == NULL) { |
2234 | return 0; | | 2234 | return 0; |
2235 | } | | 2235 | } |
2236 | if (strkeyid) { | | 2236 | if (strkeyid) { |
2237 | str_to_keyid(strkeyid, binkeyid); | | 2237 | str_to_keyid(strkeyid, binkeyid); |
2238 | cmp = strlen(strkeyid) / 2; | | 2238 | cmp = strlen(strkeyid) / 2; |
2239 | } else { | | 2239 | } else { |
2240 | memcpy(binkeyid, keyid, sizeof(binkeyid)); | | 2240 | memcpy(binkeyid, keyid, sizeof(binkeyid)); |
2241 | cmp = PGPV_KEYID_LEN; | | 2241 | cmp = PGPV_KEYID_LEN; |
2242 | } | | 2242 | } |
2243 | off = PGPV_KEYID_LEN - cmp; | | 2243 | off = PGPV_KEYID_LEN - cmp; |
2244 | for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) { | | 2244 | for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) { |
2245 | if (memcmp(&ARRAY_ELEMENT(pgp->primaries, i).primary.keyid[off], &binkeyid[off], cmp) == 0) { | | 2245 | if (memcmp(&ARRAY_ELEMENT(pgp->primaries, i).primary.keyid[off], &binkeyid[off], cmp) == 0) { |
2246 | return i; | | 2246 | return i; |
2247 | } | | 2247 | } |
2248 | } | | 2248 | } |
2249 | return -1; | | 2249 | return -1; |
2250 | } | | 2250 | } |
2251 | | | 2251 | |
2252 | /* verify the signed packets we have */ | | 2252 | /* verify the signed packets we have */ |
2253 | size_t | | 2253 | size_t |
2254 | pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) | | 2254 | pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) |
2255 | { | | 2255 | { |
2256 | pgpv_signature_t *signature; | | 2256 | pgpv_signature_t *signature; |
2257 | pgpv_onepass_t *onepass; | | 2257 | pgpv_onepass_t *onepass; |
2258 | pgpv_litdata_t *litdata; | | 2258 | pgpv_litdata_t *litdata; |
2259 | pgpv_pubkey_t *pubkey; | | 2259 | pgpv_pubkey_t *pubkey; |
2260 | unsigned primary; | | 2260 | unsigned primary; |
2261 | uint8_t *data; | | 2261 | uint8_t *data; |
2262 | size_t pkt; | | 2262 | size_t pkt; |
2263 | size_t insize; | | 2263 | size_t insize; |
2264 | char strkeyid[PGPV_STR_KEYID_LEN]; | | 2264 | char strkeyid[PGPV_STR_KEYID_LEN]; |
2265 | int j; | | 2265 | int j; |
2266 | | | 2266 | |
2267 | if (cursor == NULL || pgp == NULL || p == NULL) { | | 2267 | if (cursor == NULL || pgp == NULL || p == NULL) { |
2268 | return 0; | | 2268 | return 0; |
2269 | } | | 2269 | } |
2270 | if (!setup_data(cursor, pgp, p, size)) { | | 2270 | if (!setup_data(cursor, pgp, p, size)) { |
2271 | snprintf(cursor->why, sizeof(cursor->why), "No input data"); | | 2271 | snprintf(cursor->why, sizeof(cursor->why), "No input data"); |
2272 | return 0; | | 2272 | return 0; |
2273 | } | | 2273 | } |
2274 | if (ARRAY_COUNT(cursor->pgp->pkts) == ARRAY_LAST(cursor->pgp->datastarts) + 1) { | | 2274 | if (ARRAY_COUNT(cursor->pgp->pkts) == ARRAY_LAST(cursor->pgp->datastarts) + 1) { |
2275 | /* got detached signature here */ | | 2275 | /* got detached signature here */ |
2276 | if (!fixup_detached(cursor, p)) { | | 2276 | if (!fixup_detached(cursor, p)) { |
2277 | snprintf(cursor->why, sizeof(cursor->why), "Can't read signed file '%s'", (const char *)p); | | 2277 | snprintf(cursor->why, sizeof(cursor->why), "Can't read signed file '%s'", (const char *)p); |
2278 | return 0; | | 2278 | return 0; |
2279 | } | | 2279 | } |
2280 | } | | 2280 | } |
2281 | if ((pkt = find_onepass(cursor, ARRAY_LAST(cursor->pgp->datastarts))) == 0) { | | 2281 | if ((pkt = find_onepass(cursor, ARRAY_LAST(cursor->pgp->datastarts))) == 0) { |
2282 | snprintf(cursor->why, sizeof(cursor->why), "No signature found"); | | 2282 | snprintf(cursor->why, sizeof(cursor->why), "No signature found"); |
2283 | return 0; | | 2283 | return 0; |
2284 | } | | 2284 | } |
2285 | pkt -= 1; | | 2285 | pkt -= 1; |
2286 | onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.onepass; | | 2286 | onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.onepass; |
2287 | litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 1).u.litdata; | | 2287 | litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 1).u.litdata; |
2288 | signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig; | | 2288 | signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig; |
2289 | /* sanity check values in signature and onepass agree */ | | 2289 | /* sanity check values in signature and onepass agree */ |
2290 | if (signature->birth == 0) { | | 2290 | if (signature->birth == 0) { |
2291 | fmt_time(cursor->why, sizeof(cursor->why), "Signature creation time [", | | 2291 | fmt_time(cursor->why, sizeof(cursor->why), "Signature creation time [", |
2292 | signature->birth, "] out of range", 0); | | 2292 | signature->birth, "] out of range", 0); |
2293 | return 0; | | 2293 | return 0; |
2294 | } | | 2294 | } |
2295 | if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) { | | 2295 | if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) { |
2296 | fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid)); | | 2296 | fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid)); |
2297 | snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s does not match onepass keyid", | | 2297 | snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s does not match onepass keyid", |
2298 | strkeyid); | | 2298 | strkeyid); |
2299 | return 0; | | 2299 | return 0; |
2300 | } | | 2300 | } |
2301 | if (onepass->hashalg != signature->hashalg) { | | 2301 | if (onepass->hashalg != signature->hashalg) { |
2302 | snprintf(cursor->why, sizeof(cursor->why), "Signature hashalg %u does not match onepass hashalg %u", | | 2302 | snprintf(cursor->why, sizeof(cursor->why), "Signature hashalg %u does not match onepass hashalg %u", |
2303 | signature->hashalg, onepass->hashalg); | | 2303 | signature->hashalg, onepass->hashalg); |
2304 | return 0; | | 2304 | return 0; |
2305 | } | | 2305 | } |
2306 | if (onepass->keyalg != signature->keyalg) { | | 2306 | if (onepass->keyalg != signature->keyalg) { |
2307 | snprintf(cursor->why, sizeof(cursor->why), "Signature keyalg %u does not match onepass keyalg %u", | | 2307 | snprintf(cursor->why, sizeof(cursor->why), "Signature keyalg %u does not match onepass keyalg %u", |
2308 | signature->keyalg, onepass->keyalg); | | 2308 | signature->keyalg, onepass->keyalg); |
2309 | return 0; | | 2309 | return 0; |
2310 | } | | 2310 | } |
2311 | if ((j = pgpv_find_keyid(cursor->pgp, NULL, onepass->keyid)) < 0) { | | 2311 | if ((j = pgpv_find_keyid(cursor->pgp, NULL, onepass->keyid)) < 0) { |
2312 | fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid)); | | 2312 | fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid)); |
2313 | snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s not found ", strkeyid); | | 2313 | snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s not found ", strkeyid); |
2314 | return 0; | | 2314 | return 0; |
2315 | } | | 2315 | } |
2316 | primary = (unsigned)j; | | 2316 | primary = (unsigned)j; |
2317 | pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary; | | 2317 | pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary; |
2318 | cursor->sigtime = signature->birth; | | 2318 | cursor->sigtime = signature->birth; |
2319 | /* calc hash on data packet */ | | 2319 | /* calc hash on data packet */ |
2320 | data = get_literal_data(cursor, litdata, &insize); | | 2320 | data = get_literal_data(cursor, litdata, &insize); |
2321 | if (!match_sig(cursor, signature, pubkey, data, insize)) { | | 2321 | if (!match_sig(cursor, signature, pubkey, data, insize)) { |
2322 | return 0; | | 2322 | return 0; |
2323 | } | | 2323 | } |
2324 | ARRAY_APPEND(cursor->datacookies, pkt); | | 2324 | ARRAY_APPEND(cursor->datacookies, pkt); |
2325 | ARRAY_APPEND(cursor->found, primary); | | 2325 | ARRAY_APPEND(cursor->found, primary); |
2326 | return pkt + 1; | | 2326 | return pkt + 1; |
2327 | } | | 2327 | } |
2328 | | | 2328 | |
2329 | /* set up the pubkey keyring */ | | 2329 | /* set up the pubkey keyring */ |
2330 | int | | 2330 | int |
2331 | pgpv_read_pubring(pgpv_t *pgp, const void *keyring, ssize_t size) | | 2331 | pgpv_read_pubring(pgpv_t *pgp, const void *keyring, ssize_t size) |
2332 | { | | 2332 | { |
2333 | if (pgp == NULL) { | | 2333 | if (pgp == NULL) { |
2334 | return 0; | | 2334 | return 0; |
2335 | } | | 2335 | } |
2336 | if (keyring) { | | 2336 | if (keyring) { |
2337 | return (size > 0) ? | | 2337 | return (size > 0) ? |
2338 | read_binary_memory(pgp, "pubring", keyring, (size_t)size) : | | 2338 | read_binary_memory(pgp, "pubring", keyring, (size_t)size) : |
2339 | read_binary_file(pgp, "pubring", "%s", (const char *)keyring); | | 2339 | read_binary_file(pgp, "pubring", "%s", (const char *)keyring); |
2340 | } | | 2340 | } |
2341 | return read_binary_file(pgp, "pubring", "%s/%s", nonnull_getenv("HOME"), ".gnupg/pubring.gpg"); | | 2341 | return read_binary_file(pgp, "pubring", "%s/%s", nonnull_getenv("HOME"), ".gnupg/pubring.gpg"); |
2342 | } | | 2342 | } |
2343 | | | 2343 | |
2344 | /* get verified data as a string, return its size */ | | 2344 | /* get verified data as a string, return its size */ |
2345 | size_t | | 2345 | size_t |
2346 | pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret) | | 2346 | pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret) |
2347 | { | | 2347 | { |
2348 | pgpv_litdata_t *litdata; | | 2348 | pgpv_litdata_t *litdata; |
2349 | uint8_t *data; | | 2349 | uint8_t *data; |
2350 | size_t size; | | 2350 | size_t size; |
2351 | size_t pkt; | | 2351 | size_t pkt; |
2352 | | | 2352 | |
2353 | if (ret == NULL || cursor == NULL || cookie == 0) { | | 2353 | if (ret == NULL || cursor == NULL || cookie == 0) { |
2354 | return 0; | | 2354 | return 0; |
2355 | } | | 2355 | } |
2356 | *ret = NULL; | | 2356 | *ret = NULL; |
2357 | if ((pkt = find_onepass(cursor, cookie - 1)) == 0) { | | 2357 | if ((pkt = find_onepass(cursor, cookie - 1)) == 0) { |
2358 | return 0; | | 2358 | return 0; |
2359 | } | | 2359 | } |
2360 | litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata; | | 2360 | litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata; |
2361 | data = get_literal_data(cursor, litdata, &size); | | 2361 | data = get_literal_data(cursor, litdata, &size); |
2362 | if ((*ret = calloc(1, size)) == NULL) { | | 2362 | if ((*ret = calloc(1, size)) == NULL) { |
2363 | return 0; | | 2363 | return 0; |
2364 | } | | 2364 | } |
2365 | memcpy(*ret, data, size); | | 2365 | memcpy(*ret, data, size); |
2366 | return size; | | 2366 | return size; |
2367 | } | | 2367 | } |