Update netpgpverify and libnetpgpverify to 20160626 + make the pgpv_t and pgpv_cursor_t structures opaque + add new accessor functions for fields in the pgpv_cursor_t struct + add new creation functions for the pgpv_t and pgpv_cursor_t structsdiff -r1.2 -r1.3 pkgsrc/security/netpgpverify/files/libnetpgpverify.3
(agc)
@@ -1,49 +1,57 @@ | @@ -1,49 +1,57 @@ | |||
1 | .\" $NetBSD: libnetpgpverify.3,v 1.2 2015/01/30 18:47:51 agc Exp $ | 1 | .\" $NetBSD: libnetpgpverify.3,v 1.3 2016/07/05 20:18:03 agc Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 2014 Alistair Crooks <agc@NetBSD.org> | 3 | .\" Copyright (c) 2014,2015,2016 Alistair Crooks <agc@NetBSD.org> | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" Redistribution and use in source and binary forms, with or without | 6 | .\" Redistribution and use in source and binary forms, with or without | |
7 | .\" modification, are permitted provided that the following conditions | 7 | .\" modification, are permitted provided that the following conditions | |
8 | .\" are met: | 8 | .\" are met: | |
9 | .\" 1. Redistributions of source code must retain the above copyright | 9 | .\" 1. Redistributions of source code must retain the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer. | 10 | .\" notice, this list of conditions and the following disclaimer. | |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer in the | 12 | .\" notice, this list of conditions and the following disclaimer in the | |
13 | .\" documentation and/or other materials provided with the distribution. | 13 | .\" documentation and/or other materials provided with the distribution. | |
14 | .\" | 14 | .\" | |
15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
16 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 16 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
17 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | .\" | 25 | .\" | |
26 | .Dd January 15, 2015 | 26 | .Dd June 26, 2016 | |
27 | .Dt LIBNETPGPVERIFY 3 | 27 | .Dt LIBNETPGPVERIFY 3 | |
28 | .Os | 28 | .Os | |
29 | .Sh NAME | 29 | .Sh NAME | |
30 | .Nm libnetpgpverify | 30 | .Nm libnetpgpverify | |
31 | .Nd library to verify digital signatures | 31 | .Nd library to verify digital signatures | |
32 | .Sh LIBRARY | 32 | .Sh LIBRARY | |
33 | .Lb libnetpgpverify | 33 | .Lb libnetpgpverify | |
34 | .Sh SYNOPSIS | 34 | .Sh SYNOPSIS | |
35 | .In netpgp/verify.h | 35 | .In netpgp/verify.h | |
36 | .Ft int | 36 | .Ft int | |
37 | .Fo pgpv_new | |||
38 | .Fa "void" | |||
39 | .Fc | |||
40 | .Ft int | |||
41 | .Fo pgpv_new_cursor | |||
42 | .Fa "void" | |||
43 | .Fc | |||
44 | .Ft int | |||
37 | .Fo pgpv_read_pubring | 45 | .Fo pgpv_read_pubring | |
38 | .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size" | 46 | .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size" | |
39 | .Fc | 47 | .Fc | |
40 | .Ft int | 48 | .Ft int | |
41 | .Fo pgpv_read_ssh_pubkeys | 49 | .Fo pgpv_read_ssh_pubkeys | |
42 | .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size" | 50 | .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size" | |
43 | .Fc | 51 | .Fc | |
44 | .Ft size_t | 52 | .Ft size_t | |
45 | .Fo pgpv_verify | 53 | .Fo pgpv_verify | |
46 | .Fa "pgpv_cursor_t *cursor" "pgpv_t *pgp" "const void *ptr" "ssize_t size" | 54 | .Fa "pgpv_cursor_t *cursor" "pgpv_t *pgp" "const void *ptr" "ssize_t size" | |
47 | .Fc | 55 | .Fc | |
48 | .Ft size_t | 56 | .Ft size_t | |
49 | .Fo pgpv_get_verified | 57 | .Fo pgpv_get_verified | |
@@ -51,26 +59,34 @@ | @@ -51,26 +59,34 @@ | |||
51 | .Fc | 59 | .Fc | |
52 | .Ft size_t | 60 | .Ft size_t | |
53 | .Fo pgpv_get_cursor_element | 61 | .Fo pgpv_get_cursor_element | |
54 | .Fa "pgpv_cursor_t *cursor" "size_t element" | 62 | .Fa "pgpv_cursor_t *cursor" "size_t element" | |
55 | .Fc | 63 | .Fc | |
56 | .Ft size_t | 64 | .Ft size_t | |
57 | .Fo pgpv_dump | 65 | .Fo pgpv_dump | |
58 | .Fa "pgpv_t *pgp" "char **data" | 66 | .Fa "pgpv_t *pgp" "char **data" | |
59 | .Fc | 67 | .Fc | |
60 | .Ft size_t | 68 | .Ft size_t | |
61 | .Fo pgpv_get_entry | 69 | .Fo pgpv_get_entry | |
62 | .Fa "pgpv_t *pgp" "unsigned ent" "char **ret" "const char *modifiers" | 70 | .Fa "pgpv_t *pgp" "unsigned ent" "char **ret" "const char *modifiers" | |
63 | .Fc | 71 | .Fc | |
72 | .Ft int64_t | |||
73 | .Fo pgpv_get_cursor_num | |||
74 | .Fa "pgpv_t *pgp" "const char *field" | |||
75 | .Fc | |||
76 | .Ft char * | |||
77 | .Fo pgpv_get_cursor_str | |||
78 | .Fa "pgpv_t *pgp" "const char *field" | |||
79 | .Fc | |||
64 | .Ft int | 80 | .Ft int | |
65 | .Fo pgpv_close | 81 | .Fo pgpv_close | |
66 | .Fa "pgpv_t *pgp" | 82 | .Fa "pgpv_t *pgp" | |
67 | .Fc | 83 | .Fc | |
68 | .Sh DESCRIPTION | 84 | .Sh DESCRIPTION | |
69 | .Nm | 85 | .Nm | |
70 | is a small library which will verify a digital signature on a text or | 86 | is a small library which will verify a digital signature on a text or | |
71 | binary document. | 87 | binary document. | |
72 | It has been kept deliberately small and only uses compression libraries | 88 | It has been kept deliberately small and only uses compression libraries | |
73 | to function. | 89 | to function. | |
74 | .Pp | 90 | .Pp | |
75 | PGP messages, including key rings, are made up of PGP packets, defined | 91 | PGP messages, including key rings, are made up of PGP packets, defined | |
76 | in RFC 4880. | 92 | in RFC 4880. |
@@ -43,26 +43,263 @@ | @@ -43,26 +43,263 @@ | |||
43 | #include "bzlib.h" | 43 | #include "bzlib.h" | |
44 | #include "zlib.h" | 44 | #include "zlib.h" | |
45 | 45 | |||
46 | #include "array.h" | 46 | #include "array.h" | |
47 | #include "b64.h" | 47 | #include "b64.h" | |
48 | #include "bn.h" | 48 | #include "bn.h" | |
49 | #include "bufgap.h" | 49 | #include "bufgap.h" | |
50 | #include "digest.h" | 50 | #include "digest.h" | |
51 | #include "misc.h" | 51 | #include "misc.h" | |
52 | #include "pgpsum.h" | 52 | #include "pgpsum.h" | |
53 | #include "rsa.h" | 53 | #include "rsa.h" | |
54 | #include "verify.h" | 54 | #include "verify.h" | |
55 | 55 | |||
56 | #ifndef PGPV_ARRAY | |||
57 | /* creates 2 unsigned vars called "name"c and "name"size in current scope */ | |||
58 | /* also creates an array called "name"s in current scope */ | |||
59 | #define PGPV_ARRAY(type, name) \ | |||
60 | unsigned name##c; unsigned name##vsize; type *name##s | |||
61 | #endif | |||
62 | ||||
63 | /* 64bit key ids */ | |||
64 | #define PGPV_KEYID_LEN 8 | |||
65 | #define PGPV_STR_KEYID_LEN (PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1) | |||
66 | ||||
67 | /* bignum structure */ | |||
68 | typedef struct pgpv_bignum_t { | |||
69 | void *bn; /* hide the implementation details */ | |||
70 | uint16_t bits; /* cached number of bits */ | |||
71 | } pgpv_bignum_t; | |||
72 | ||||
73 | /* right now, our max binary digest length is 20 bytes */ | |||
74 | #define PGPV_MAX_HASH_LEN 64 | |||
75 | ||||
76 | /* fingerprint */ | |||
77 | typedef struct pgpv_fingerprint_t { | |||
78 | uint8_t hashalg; /* algorithm for digest */ | |||
79 | uint8_t v[PGPV_MAX_HASH_LEN]; /* the digest */ | |||
80 | uint32_t len; /* its length */ | |||
81 | } pgpv_fingerprint_t; | |||
82 | ||||
83 | /* specify size for array of bignums */ | |||
84 | #define PGPV_MAX_PUBKEY_BN 4 | |||
85 | ||||
86 | /* public key */ | |||
87 | typedef struct pgpv_pubkey_t { | |||
88 | pgpv_fingerprint_t fingerprint; /* key fingerprint i.e. digest */ | |||
89 | uint8_t keyid[PGPV_KEYID_LEN]; /* last 8 bytes of v4 keys */ | |||
90 | int64_t birth; /* creation time */ | |||
91 | int64_t expiry; /* expiry time */ | |||
92 | pgpv_bignum_t bn[PGPV_MAX_PUBKEY_BN]; /* bignums */ | |||
93 | uint8_t keyalg; /* key algorithm */ | |||
94 | uint8_t hashalg; /* hash algorithm */ | |||
95 | uint8_t version; /* key version */ | |||
96 | } pgpv_pubkey_t; | |||
97 | ||||
98 | #define PGPV_MAX_SESSKEY_BN 2 | |||
99 | ||||
100 | /* a (size, byte array) string */ | |||
101 | typedef struct pgpv_string_t { | |||
102 | size_t size; | |||
103 | uint8_t *data; | |||
104 | } pgpv_string_t; | |||
105 | ||||
106 | typedef struct pgpv_ref_t { | |||
107 | void *vp; | |||
108 | size_t offset; | |||
109 | unsigned mem; | |||
110 | } pgpv_ref_t; | |||
111 | ||||
112 | #define PGPV_MAX_SECKEY_BN 4 | |||
113 | ||||
114 | typedef struct pgpv_compress_t { | |||
115 | pgpv_string_t s; | |||
116 | uint8_t compalg; | |||
117 | } pgpv_compress_t; | |||
118 | ||||
119 | /* a packet dealing with trust */ | |||
120 | typedef struct pgpv_trust_t { | |||
121 | uint8_t level; | |||
122 | uint8_t amount; | |||
123 | } pgpv_trust_t; | |||
124 | ||||
125 | /* a signature sub packet */ | |||
126 | typedef struct pgpv_sigsubpkt_t { | |||
127 | pgpv_string_t s; | |||
128 | uint8_t tag; | |||
129 | uint8_t critical; | |||
130 | } pgpv_sigsubpkt_t; | |||
131 | ||||
132 | #define PGPV_MAX_SIG_BN 2 | |||
133 | ||||
134 | typedef struct pgpv_signature_t { | |||
135 | uint8_t *signer; /* key id of signer */ | |||
136 | pgpv_ref_t hashstart; | |||
137 | uint8_t *hash2; | |||
138 | uint8_t *mpi; | |||
139 | int64_t birth; | |||
140 | int64_t keyexpiry; | |||
141 | int64_t expiry; | |||
142 | uint32_t hashlen; | |||
143 | uint8_t version; | |||
144 | uint8_t type; | |||
145 | uint8_t keyalg; | |||
146 | uint8_t hashalg; | |||
147 | uint8_t trustlevel; | |||
148 | uint8_t trustamount; | |||
149 | pgpv_bignum_t bn[PGPV_MAX_SIG_BN]; | |||
150 | char *regexp; | |||
151 | char *pref_key_server; | |||
152 | char *policy; | |||
153 | char *features; | |||
154 | char *why_revoked; | |||
155 | uint8_t *revoke_fingerprint; | |||
156 | uint8_t revoke_alg; | |||
157 | uint8_t revoke_sensitive; | |||
158 | uint8_t trustsig; | |||
159 | uint8_t revocable; | |||
160 | uint8_t pref_symm_alg; | |||
161 | uint8_t pref_hash_alg; | |||
162 | uint8_t pref_compress_alg; | |||
163 | uint8_t key_server_modify; | |||
164 | uint8_t notation; | |||
165 | uint8_t type_key; | |||
166 | uint8_t primary_userid; | |||
167 | uint8_t revoked; /* subtract 1 to get real reason, 0 == not revoked */ | |||
168 | } pgpv_signature_t; | |||
169 | ||||
170 | /* a signature packet */ | |||
171 | typedef struct pgpv_sigpkt_t { | |||
172 | pgpv_signature_t sig; | |||
173 | uint16_t subslen; | |||
174 | uint16_t unhashlen; | |||
175 | PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts); | |||
176 | } pgpv_sigpkt_t; | |||
177 | ||||
178 | /* a one-pass signature packet */ | |||
179 | typedef struct pgpv_onepass_t { | |||
180 | uint8_t keyid[PGPV_KEYID_LEN]; | |||
181 | uint8_t version; | |||
182 | uint8_t type; | |||
183 | uint8_t hashalg; | |||
184 | uint8_t keyalg; | |||
185 | uint8_t nested; | |||
186 | } pgpv_onepass_t; | |||
187 | ||||
188 | /* a literal data packet */ | |||
189 | typedef struct pgpv_litdata_t { | |||
190 | uint8_t *filename; | |||
191 | pgpv_string_t s; | |||
192 | uint32_t secs; | |||
193 | uint8_t namelen; | |||
194 | char format; | |||
195 | unsigned mem; | |||
196 | size_t offset; | |||
197 | size_t len; | |||
198 | } pgpv_litdata_t; | |||
199 | ||||
200 | /* user attributes - images */ | |||
201 | typedef struct pgpv_userattr_t { | |||
202 | size_t len; | |||
203 | PGPV_ARRAY(pgpv_string_t, subattrs); | |||
204 | } pgpv_userattr_t; | |||
205 | ||||
206 | /* a general PGP packet */ | |||
207 | typedef struct pgpv_pkt_t { | |||
208 | uint8_t tag; | |||
209 | uint8_t newfmt; | |||
210 | uint8_t allocated; | |||
211 | uint8_t mement; | |||
212 | size_t offset; | |||
213 | pgpv_string_t s; | |||
214 | union { | |||
215 | pgpv_sigpkt_t sigpkt; | |||
216 | pgpv_onepass_t onepass; | |||
217 | pgpv_litdata_t litdata; | |||
218 | pgpv_compress_t compressed; | |||
219 | pgpv_trust_t trust; | |||
220 | pgpv_pubkey_t pubkey; | |||
221 | pgpv_string_t userid; | |||
222 | pgpv_userattr_t userattr; | |||
223 | } u; | |||
224 | } pgpv_pkt_t; | |||
225 | ||||
226 | /* a memory structure */ | |||
227 | typedef struct pgpv_mem_t { | |||
228 | size_t size; | |||
229 | size_t cc; | |||
230 | uint8_t *mem; | |||
231 | FILE *fp; | |||
232 | uint8_t dealloc; | |||
233 | const char *allowed; /* the types of packet that are allowed */ | |||
234 | } pgpv_mem_t; | |||
235 | ||||
236 | /* packet parser */ | |||
237 | ||||
238 | typedef struct pgpv_signed_userid_t { | |||
239 | pgpv_string_t userid; | |||
240 | PGPV_ARRAY(pgpv_signature_t, sigs); | |||
241 | uint8_t primary_userid; | |||
242 | uint8_t revoked; | |||
243 | } pgpv_signed_userid_t; | |||
244 | ||||
245 | typedef struct pgpv_signed_userattr_t { | |||
246 | pgpv_userattr_t userattr; | |||
247 | PGPV_ARRAY(pgpv_signature_t, sigs); | |||
248 | uint8_t revoked; | |||
249 | } pgpv_signed_userattr_t; | |||
250 | ||||
251 | typedef struct pgpv_signed_subkey_t { | |||
252 | pgpv_pubkey_t subkey; | |||
253 | pgpv_signature_t revoc_self_sig; | |||
254 | PGPV_ARRAY(pgpv_signature_t, sigs); | |||
255 | } pgpv_signed_subkey_t; | |||
256 | ||||
257 | typedef struct pgpv_primarykey_t { | |||
258 | pgpv_pubkey_t primary; | |||
259 | pgpv_signature_t revoc_self_sig; | |||
260 | PGPV_ARRAY(pgpv_signature_t, direct_sigs); | |||
261 | PGPV_ARRAY(pgpv_signed_userid_t, signed_userids); | |||
262 | PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs); | |||
263 | PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys); | |||
264 | size_t fmtsize; | |||
265 | uint8_t primary_userid; | |||
266 | } pgpv_primarykey_t; | |||
267 | ||||
268 | /* everything stems from this structure */ | |||
269 | typedef struct pgpv_t { | |||
270 | PGPV_ARRAY(pgpv_pkt_t, pkts); /* packet array */ | |||
271 | PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */ | |||
272 | PGPV_ARRAY(pgpv_mem_t, areas); /* areas we read packets from */ | |||
273 | PGPV_ARRAY(size_t, datastarts); /* starts of data packets */ | |||
274 | size_t pkt; /* when parsing, current pkt number */ | |||
275 | const char *op; /* the operation we're doing */ | |||
276 | unsigned ssh; /* using ssh keys */ | |||
277 | } pgpv_t; | |||
278 | ||||
279 | #define PGPV_REASON_LEN 128 | |||
280 | ||||
281 | /* when searching, we define a cursor, and fill in an array of subscripts */ | |||
282 | typedef struct pgpv_cursor_t { | |||
283 | pgpv_t *pgp; /* pointer to pgp tree */ | |||
284 | char *field; /* field we're searching on */ | |||
285 | char *op; /* operation we're doing */ | |||
286 | char *value; /* value we're searching for */ | |||
287 | void *ptr; /* for regexps etc */ | |||
288 | PGPV_ARRAY(uint32_t, found); /* array of matched pimary key subscripts */ | |||
289 | PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */ | |||
290 | int64_t sigtime; /* time of signature */ | |||
291 | char why[PGPV_REASON_LEN]; /* reason for bad signature */ | |||
292 | } pgpv_cursor_t; | |||
56 | #ifndef USE_ARG | 293 | #ifndef USE_ARG | |
57 | #define USE_ARG(x) /*LINTED*/(void)&(x) | 294 | #define USE_ARG(x) /*LINTED*/(void)&(x) | |
58 | #endif | 295 | #endif | |
59 | 296 | |||
60 | #ifndef __dead | 297 | #ifndef __dead | |
61 | #define __dead __attribute__((__noreturn__)) | 298 | #define __dead __attribute__((__noreturn__)) | |
62 | #endif | 299 | #endif | |
63 | 300 | |||
64 | #ifndef __printflike | 301 | #ifndef __printflike | |
65 | #define __printflike(n, m) __attribute__((format(printf,n,m))) | 302 | #define __printflike(n, m) __attribute__((format(printf,n,m))) | |
66 | #endif | 303 | #endif | |
67 | 304 | |||
68 | #ifndef MIN | 305 | #ifndef MIN | |
@@ -2738,26 +2975,42 @@ get_packet_type(uint8_t tag) | @@ -2738,26 +2975,42 @@ get_packet_type(uint8_t tag) | |||
2738 | case TRUST_PKT: | 2975 | case TRUST_PKT: | |
2739 | return "trust packet"; | 2976 | return "trust packet"; | |
2740 | case USERID_PKT: | 2977 | case USERID_PKT: | |
2741 | return "userid packet"; | 2978 | return "userid packet"; | |
2742 | case PUB_SUBKEY_PKT: | 2979 | case PUB_SUBKEY_PKT: | |
2743 | return "public subkey packet"; | 2980 | return "public subkey packet"; | |
2744 | case USER_ATTRIBUTE_PKT: | 2981 | case USER_ATTRIBUTE_PKT: | |
2745 | return "user attribute packet"; | 2982 | return "user attribute packet"; | |
2746 | default: | 2983 | default: | |
2747 | return "[UNKNOWN]"; | 2984 | return "[UNKNOWN]"; | |
2748 | } | 2985 | } | |
2749 | } | 2986 | } | |
2750 | 2987 | |||
2988 | /**************************************************************************/ | |||
2989 | ||||
2990 | /* make a new pgpv struct */ | |||
2991 | pgpv_t * | |||
2992 | pgpv_new(void) | |||
2993 | { | |||
2994 | return calloc(1, sizeof(pgpv_t)); | |||
2995 | } | |||
2996 | ||||
2997 | /* make a new pgpv_cursor struct */ | |||
2998 | pgpv_cursor_t * | |||
2999 | pgpv_new_cursor(void) | |||
3000 | { | |||
3001 | return calloc(1, sizeof(pgpv_cursor_t)); | |||
3002 | } | |||
3003 | ||||
2751 | /* get an element from the found array */ | 3004 | /* get an element from the found array */ | |
2752 | int | 3005 | int | |
2753 | pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element) | 3006 | pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element) | |
2754 | { | 3007 | { | |
2755 | if (cursor && element < ARRAY_COUNT(cursor->found)) { | 3008 | if (cursor && element < ARRAY_COUNT(cursor->found)) { | |
2756 | return (int)ARRAY_ELEMENT(cursor->found, element); | 3009 | return (int)ARRAY_ELEMENT(cursor->found, element); | |
2757 | } | 3010 | } | |
2758 | return -1; | 3011 | return -1; | |
2759 | } | 3012 | } | |
2760 | 3013 | |||
2761 | /* verify the signed packets we have */ | 3014 | /* verify the signed packets we have */ | |
2762 | size_t | 3015 | size_t | |
2763 | pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) | 3016 | pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) | |
@@ -2942,13 +3195,37 @@ pgpv_dump(pgpv_t *pgp, char **data) | @@ -2942,13 +3195,37 @@ pgpv_dump(pgpv_t *pgp, char **data) | |||
2942 | buf, sizeof(buf)); | 3195 | buf, sizeof(buf)); | |
2943 | n = snprintf(&(*data)[cc], alloc - cc, | 3196 | n = snprintf(&(*data)[cc], alloc - cc, | |
2944 | "[%zu] off %zu, len %zu, tag %u, %s\n%.*s", | 3197 | "[%zu] off %zu, len %zu, tag %u, %s\n%.*s", | |
2945 | pkt, | 3198 | pkt, | |
2946 | ARRAY_ELEMENT(pgp->pkts, pkt).offset, | 3199 | ARRAY_ELEMENT(pgp->pkts, pkt).offset, | |
2947 | ARRAY_ELEMENT(pgp->pkts, pkt).s.size, | 3200 | ARRAY_ELEMENT(pgp->pkts, pkt).s.size, | |
2948 | ARRAY_ELEMENT(pgp->pkts, pkt).tag, | 3201 | ARRAY_ELEMENT(pgp->pkts, pkt).tag, | |
2949 | get_packet_type(ARRAY_ELEMENT(pgp->pkts, pkt).tag), | 3202 | get_packet_type(ARRAY_ELEMENT(pgp->pkts, pkt).tag), | |
2950 | (int)dumpc, buf); | 3203 | (int)dumpc, buf); | |
2951 | cc += n; | 3204 | cc += n; | |
2952 | } | 3205 | } | |
2953 | return cc; | 3206 | return cc; | |
2954 | } | 3207 | } | |
3208 | ||||
3209 | /* return cursor field as a number */ | |||
3210 | int64_t | |||
3211 | pgpv_get_cursor_num(pgpv_cursor_t *cursor, const char *field) | |||
3212 | { | |||
3213 | if (cursor && field) { | |||
3214 | if (strcmp(field, "sigtime") == 0) { | |||
3215 | return cursor->sigtime; | |||
3216 | } | |||
3217 | } | |||
3218 | return 0; | |||
3219 | } | |||
3220 | ||||
3221 | /* return cursor field as a string */ | |||
3222 | char * | |||
3223 | pgpv_get_cursor_str(pgpv_cursor_t *cursor, const char *field) | |||
3224 | { | |||
3225 | if (cursor && field) { | |||
3226 | if (strcmp(field, "why") == 0) { | |||
3227 | return cursor->why; | |||
3228 | } | |||
3229 | } | |||
3230 | return 0; | |||
3231 | } |
@@ -79,109 +79,110 @@ getstdin(ssize_t *cc, size_t *size) | @@ -79,109 +79,110 @@ getstdin(ssize_t *cc, size_t *size) | |||
79 | in = newin; | 79 | in = newin; | |
80 | *size = newsize; | 80 | *size = newsize; | |
81 | if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) { | 81 | if ((rc = read(STDIN_FILENO, &in[*cc], newsize - *cc)) > 0) { | |
82 | *cc += rc; | 82 | *cc += rc; | |
83 | } | 83 | } | |
84 | } while (rc > 0); | 84 | } while (rc > 0); | |
85 | return in; | 85 | return in; | |
86 | } | 86 | } | |
87 | 87 | |||
88 | /* verify memory or file */ | 88 | /* verify memory or file */ | |
89 | static int | 89 | static int | |
90 | verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc) | 90 | verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc) | |
91 | { | 91 | { | |
92 | pgpv_cursor_t cursor; | 92 | pgpv_cursor_t *cursor; | |
93 | const char *modifiers; | 93 | const char *modifiers; | |
94 | size_t size; | 94 | size_t size; | |
95 | size_t cookie; | 95 | size_t cookie; | |
96 | char *data; | 96 | char *data; | |
97 | int el; | 97 | int el; | |
98 | 98 | |||
99 | memset(&cursor, 0x0, sizeof(cursor)); | 99 | cursor = pgpv_new_cursor(); | |
100 | if (strcasecmp(cmd, "cat") == 0) { | 100 | if (strcasecmp(cmd, "cat") == 0) { | |
101 | if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) { | 101 | if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) { | |
102 | if ((size = pgpv_get_verified(&cursor, cookie, &data)) > 0) { | 102 | if ((size = pgpv_get_verified(cursor, cookie, &data)) > 0) { | |
103 | write(STDOUT_FILENO, data, size); | 103 | write(STDOUT_FILENO, data, size); | |
104 | } | 104 | } | |
105 | return 1; | 105 | return 1; | |
106 | } | 106 | } | |
107 | } else if (strcasecmp(cmd, "dump") == 0) { | 107 | } else if (strcasecmp(cmd, "dump") == 0) { | |
108 | if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) { | 108 | if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) { | |
109 | size = pgpv_dump(pgp, &data); | 109 | size = pgpv_dump(pgp, &data); | |
110 | write(STDOUT_FILENO, data, size); | 110 | write(STDOUT_FILENO, data, size); | |
111 | return 1; | 111 | return 1; | |
112 | } | 112 | } | |
113 | } else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) { | 113 | } else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) { | |
114 | modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL; | 114 | modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL; | |
115 | if (pgpv_verify(&cursor, pgp, in, cc)) { | 115 | if (pgpv_verify(cursor, pgp, in, cc)) { | |
116 | printf("Good signature for %s made ", inname); | 116 | printf("Good signature for %s made ", inname); | |
117 | ptime(cursor.sigtime); | 117 | ptime(pgpv_get_cursor_num(cursor, "sigtime")); | |
118 | el = pgpv_get_cursor_element(&cursor, 0); | 118 | el = pgpv_get_cursor_element(cursor, 0); | |
119 | pentry(pgp, el, modifiers); | 119 | pentry(pgp, el, modifiers); | |
120 | return 1; | 120 | return 1; | |
121 | } | 121 | } | |
122 | fprintf(stderr, "Signature did not match contents -- %s\n", cursor.why); | 122 | fprintf(stderr, "Signature did not match contents -- %s\n", | |
123 | pgpv_get_cursor_str(cursor, "why")); | |||
123 | } else { | 124 | } else { | |
124 | fprintf(stderr, "unrecognised command \"%s\"\n", cmd); | 125 | fprintf(stderr, "unrecognised command \"%s\"\n", cmd); | |
125 | } | 126 | } | |
126 | return 0; | 127 | return 0; | |
127 | } | 128 | } | |
128 | 129 | |||
129 | int | 130 | int | |
130 | main(int argc, char **argv) | 131 | main(int argc, char **argv) | |
131 | { | 132 | { | |
132 | const char *keyring; | 133 | const char *keyring; | |
133 | const char *cmd; | 134 | const char *cmd; | |
134 | ssize_t cc; | 135 | ssize_t cc; | |
135 | size_t size; | 136 | size_t size; | |
136 | pgpv_t pgp; | 137 | pgpv_t *pgp; | |
137 | char *in; | 138 | char *in; | |
138 | int ssh; | 139 | int ssh; | |
139 | int ok; | 140 | int ok; | |
140 | int i; | 141 | int i; | |
141 | 142 | |||
142 | memset(&pgp, 0x0, sizeof(pgp)); | 143 | pgp = pgpv_new(); | |
143 | keyring = NULL; | 144 | keyring = NULL; | |
144 | ssh = 0; | 145 | ssh = 0; | |
145 | ok = 1; | 146 | ok = 1; | |
146 | cmd = "verify"; | 147 | cmd = "verify"; | |
147 | while ((i = getopt(argc, argv, "S:c:k:v")) != -1) { | 148 | while ((i = getopt(argc, argv, "S:c:k:v")) != -1) { | |
148 | switch(i) { | 149 | switch(i) { | |
149 | case 'S': | 150 | case 'S': | |
150 | ssh = 1; | 151 | ssh = 1; | |
151 | keyring = optarg; | 152 | keyring = optarg; | |
152 | break; | 153 | break; | |
153 | case 'c': | 154 | case 'c': | |
154 | cmd = optarg; | 155 | cmd = optarg; | |
155 | break; | 156 | break; | |
156 | case 'k': | 157 | case 'k': | |
157 | keyring = optarg; | 158 | keyring = optarg; | |
158 | break; | 159 | break; | |
159 | case 'v': | 160 | case 'v': | |
160 | printf("%s\n", NETPGPVERIFY_VERSION); | 161 | printf("%s\n", NETPGPVERIFY_VERSION); | |
161 | exit(EXIT_SUCCESS); | 162 | exit(EXIT_SUCCESS); | |
162 | default: | 163 | default: | |
163 | break; | 164 | break; | |
164 | } | 165 | } | |
165 | } | 166 | } | |
166 | if (ssh) { | 167 | if (ssh) { | |
167 | if (!pgpv_read_ssh_pubkeys(&pgp, keyring, -1)) { | 168 | if (!pgpv_read_ssh_pubkeys(pgp, keyring, -1)) { | |
168 | fprintf(stderr, "can't read ssh keyring\n"); | 169 | fprintf(stderr, "can't read ssh keyring\n"); | |
169 | exit(EXIT_FAILURE); | 170 | exit(EXIT_FAILURE); | |
170 | } | 171 | } | |
171 | } else if (!pgpv_read_pubring(&pgp, keyring, -1)) { | 172 | } else if (!pgpv_read_pubring(pgp, keyring, -1)) { | |
172 | fprintf(stderr, "can't read keyring\n"); | 173 | fprintf(stderr, "can't read keyring\n"); | |
173 | exit(EXIT_FAILURE); | 174 | exit(EXIT_FAILURE); | |
174 | } | 175 | } | |
175 | if (optind == argc) { | 176 | if (optind == argc) { | |
176 | in = getstdin(&cc, &size); | 177 | in = getstdin(&cc, &size); | |
177 | ok = verify_data(&pgp, cmd, "[stdin]", in, cc); | 178 | ok = verify_data(pgp, cmd, "[stdin]", in, cc); | |
178 | } else { | 179 | } else { | |
179 | for (ok = 1, i = optind ; i < argc ; i++) { | 180 | for (ok = 1, i = optind ; i < argc ; i++) { | |
180 | if (!verify_data(&pgp, cmd, argv[i], argv[i], -1)) { | 181 | if (!verify_data(pgp, cmd, argv[i], argv[i], -1)) { | |
181 | ok = 0; | 182 | ok = 0; | |
182 | } | 183 | } | |
183 | } | 184 | } | |
184 | } | 185 | } | |
185 | pgpv_close(&pgp); | 186 | pgpv_close(pgp); | |
186 | exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE); | 187 | exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE); | |
187 | } | 188 | } |
@@ -13,286 +13,60 @@ | @@ -13,286 +13,60 @@ | |||
13 | * | 13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | 24 | */ | |
25 | #ifndef NETPGP_VERIFY_H_ | 25 | #ifndef NETPGP_VERIFY_H_ | |
26 | #define NETPGP_VERIFY_H_ 20160625 | 26 | #define NETPGP_VERIFY_H_ 20160626 | |
27 | 27 | |||
28 | #define NETPGPVERIFY_VERSION "netpgpverify portable 20160625" | 28 | #define NETPGPVERIFY_VERSION "netpgpverify portable 20160626" | |
29 | 29 | |||
30 | #include <sys/types.h> | 30 | #include <sys/types.h> | |
31 | 31 | |||
32 | #include <inttypes.h> | 32 | #include <inttypes.h> | |
33 | 33 | |||
34 | #ifndef PGPV_ARRAY | 34 | struct pgpv_t; | |
35 | /* creates 2 unsigned vars called "name"c and "name"size in current scope */ | 35 | typedef struct pgpv_t pgpv_t; | |
36 | /* also creates an array called "name"s in current scope */ | |||
37 | #define PGPV_ARRAY(type, name) \ | |||
38 | unsigned name##c; unsigned name##vsize; type *name##s | |||
39 | #endif | |||
40 | 36 | |||
41 | /* 64bit key ids */ | 37 | struct pgpv_cursor_t; | |
42 | #define PGPV_KEYID_LEN 8 | 38 | typedef struct pgpv_cursor_t pgpv_cursor_t; | |
43 | #define PGPV_STR_KEYID_LEN (PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1) | |||
44 | ||||
45 | /* bignum structure */ | |||
46 | typedef struct pgpv_bignum_t { | |||
47 | void *bn; /* hide the implementation details */ | |||
48 | uint16_t bits; /* cached number of bits */ | |||
49 | } pgpv_bignum_t; | |||
50 | ||||
51 | /* right now, our max binary digest length is 20 bytes */ | |||
52 | #define PGPV_MAX_HASH_LEN 64 | |||
53 | ||||
54 | /* fingerprint */ | |||
55 | typedef struct pgpv_fingerprint_t { | |||
56 | uint8_t hashalg; /* algorithm for digest */ | |||
57 | uint8_t v[PGPV_MAX_HASH_LEN]; /* the digest */ | |||
58 | uint32_t len; /* its length */ | |||
59 | } pgpv_fingerprint_t; | |||
60 | ||||
61 | /* specify size for array of bignums */ | |||
62 | #define PGPV_MAX_PUBKEY_BN 4 | |||
63 | ||||
64 | /* public key */ | |||
65 | typedef struct pgpv_pubkey_t { | |||
66 | pgpv_fingerprint_t fingerprint; /* key fingerprint i.e. digest */ | |||
67 | uint8_t keyid[PGPV_KEYID_LEN]; /* last 8 bytes of v4 keys */ | |||
68 | int64_t birth; /* creation time */ | |||
69 | int64_t expiry; /* expiry time */ | |||
70 | pgpv_bignum_t bn[PGPV_MAX_PUBKEY_BN]; /* bignums */ | |||
71 | uint8_t keyalg; /* key algorithm */ | |||
72 | uint8_t hashalg; /* hash algorithm */ | |||
73 | uint8_t version; /* key version */ | |||
74 | } pgpv_pubkey_t; | |||
75 | ||||
76 | #define PGPV_MAX_SESSKEY_BN 2 | |||
77 | ||||
78 | /* a (size, byte array) string */ | |||
79 | typedef struct pgpv_string_t { | |||
80 | size_t size; | |||
81 | uint8_t *data; | |||
82 | } pgpv_string_t; | |||
83 | ||||
84 | typedef struct pgpv_ref_t { | |||
85 | void *vp; | |||
86 | size_t offset; | |||
87 | unsigned mem; | |||
88 | } pgpv_ref_t; | |||
89 | ||||
90 | #define PGPV_MAX_SECKEY_BN 4 | |||
91 | ||||
92 | typedef struct pgpv_compress_t { | |||
93 | pgpv_string_t s; | |||
94 | uint8_t compalg; | |||
95 | } pgpv_compress_t; | |||
96 | ||||
97 | /* a packet dealing with trust */ | |||
98 | typedef struct pgpv_trust_t { | |||
99 | uint8_t level; | |||
100 | uint8_t amount; | |||
101 | } pgpv_trust_t; | |||
102 | ||||
103 | /* a signature sub packet */ | |||
104 | typedef struct pgpv_sigsubpkt_t { | |||
105 | pgpv_string_t s; | |||
106 | uint8_t tag; | |||
107 | uint8_t critical; | |||
108 | } pgpv_sigsubpkt_t; | |||
109 | ||||
110 | #define PGPV_MAX_SIG_BN 2 | |||
111 | ||||
112 | typedef struct pgpv_signature_t { | |||
113 | uint8_t *signer; /* key id of signer */ | |||
114 | pgpv_ref_t hashstart; | |||
115 | uint8_t *hash2; | |||
116 | uint8_t *mpi; | |||
117 | int64_t birth; | |||
118 | int64_t keyexpiry; | |||
119 | int64_t expiry; | |||
120 | uint32_t hashlen; | |||
121 | uint8_t version; | |||
122 | uint8_t type; | |||
123 | uint8_t keyalg; | |||
124 | uint8_t hashalg; | |||
125 | uint8_t trustlevel; | |||
126 | uint8_t trustamount; | |||
127 | pgpv_bignum_t bn[PGPV_MAX_SIG_BN]; | |||
128 | char *regexp; | |||
129 | char *pref_key_server; | |||
130 | char *policy; | |||
131 | char *features; | |||
132 | char *why_revoked; | |||
133 | uint8_t *revoke_fingerprint; | |||
134 | uint8_t revoke_alg; | |||
135 | uint8_t revoke_sensitive; | |||
136 | uint8_t trustsig; | |||
137 | uint8_t revocable; | |||
138 | uint8_t pref_symm_alg; | |||
139 | uint8_t pref_hash_alg; | |||
140 | uint8_t pref_compress_alg; | |||
141 | uint8_t key_server_modify; | |||
142 | uint8_t notation; | |||
143 | uint8_t type_key; | |||
144 | uint8_t primary_userid; | |||
145 | uint8_t revoked; /* subtract 1 to get real reason, 0 == not revoked */ | |||
146 | } pgpv_signature_t; | |||
147 | ||||
148 | /* a signature packet */ | |||
149 | typedef struct pgpv_sigpkt_t { | |||
150 | pgpv_signature_t sig; | |||
151 | uint16_t subslen; | |||
152 | uint16_t unhashlen; | |||
153 | PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts); | |||
154 | } pgpv_sigpkt_t; | |||
155 | ||||
156 | /* a one-pass signature packet */ | |||
157 | typedef struct pgpv_onepass_t { | |||
158 | uint8_t keyid[PGPV_KEYID_LEN]; | |||
159 | uint8_t version; | |||
160 | uint8_t type; | |||
161 | uint8_t hashalg; | |||
162 | uint8_t keyalg; | |||
163 | uint8_t nested; | |||
164 | } pgpv_onepass_t; | |||
165 | ||||
166 | /* a literal data packet */ | |||
167 | typedef struct pgpv_litdata_t { | |||
168 | uint8_t *filename; | |||
169 | pgpv_string_t s; | |||
170 | uint32_t secs; | |||
171 | uint8_t namelen; | |||
172 | char format; | |||
173 | unsigned mem; | |||
174 | size_t offset; | |||
175 | size_t len; | |||
176 | } pgpv_litdata_t; | |||
177 | ||||
178 | /* user attributes - images */ | |||
179 | typedef struct pgpv_userattr_t { | |||
180 | size_t len; | |||
181 | PGPV_ARRAY(pgpv_string_t, subattrs); | |||
182 | } pgpv_userattr_t; | |||
183 | ||||
184 | /* a general PGP packet */ | |||
185 | typedef struct pgpv_pkt_t { | |||
186 | uint8_t tag; | |||
187 | uint8_t newfmt; | |||
188 | uint8_t allocated; | |||
189 | uint8_t mement; | |||
190 | size_t offset; | |||
191 | pgpv_string_t s; | |||
192 | union { | |||
193 | pgpv_sigpkt_t sigpkt; | |||
194 | pgpv_onepass_t onepass; | |||
195 | pgpv_litdata_t litdata; | |||
196 | pgpv_compress_t compressed; | |||
197 | pgpv_trust_t trust; | |||
198 | pgpv_pubkey_t pubkey; | |||
199 | pgpv_string_t userid; | |||
200 | pgpv_userattr_t userattr; | |||
201 | } u; | |||
202 | } pgpv_pkt_t; | |||
203 | ||||
204 | /* a memory structure */ | |||
205 | typedef struct pgpv_mem_t { | |||
206 | size_t size; | |||
207 | size_t cc; | |||
208 | uint8_t *mem; | |||
209 | FILE *fp; | |||
210 | uint8_t dealloc; | |||
211 | const char *allowed; /* the types of packet that are allowed */ | |||
212 | } pgpv_mem_t; | |||
213 | ||||
214 | /* packet parser */ | |||
215 | ||||
216 | typedef struct pgpv_signed_userid_t { | |||
217 | pgpv_string_t userid; | |||
218 | PGPV_ARRAY(pgpv_signature_t, sigs); | |||
219 | uint8_t primary_userid; | |||
220 | uint8_t revoked; | |||
221 | } pgpv_signed_userid_t; | |||
222 | ||||
223 | typedef struct pgpv_signed_userattr_t { | |||
224 | pgpv_userattr_t userattr; | |||
225 | PGPV_ARRAY(pgpv_signature_t, sigs); | |||
226 | uint8_t revoked; | |||
227 | } pgpv_signed_userattr_t; | |||
228 | ||||
229 | typedef struct pgpv_signed_subkey_t { | |||
230 | pgpv_pubkey_t subkey; | |||
231 | pgpv_signature_t revoc_self_sig; | |||
232 | PGPV_ARRAY(pgpv_signature_t, sigs); | |||
233 | } pgpv_signed_subkey_t; | |||
234 | ||||
235 | typedef struct pgpv_primarykey_t { | |||
236 | pgpv_pubkey_t primary; | |||
237 | pgpv_signature_t revoc_self_sig; | |||
238 | PGPV_ARRAY(pgpv_signature_t, direct_sigs); | |||
239 | PGPV_ARRAY(pgpv_signed_userid_t, signed_userids); | |||
240 | PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs); | |||
241 | PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys); | |||
242 | size_t fmtsize; | |||
243 | uint8_t primary_userid; | |||
244 | } pgpv_primarykey_t; | |||
245 | ||||
246 | /* everything stems from this structure */ | |||
247 | typedef struct pgpv_t { | |||
248 | PGPV_ARRAY(pgpv_pkt_t, pkts); /* packet array */ | |||
249 | PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */ | |||
250 | PGPV_ARRAY(pgpv_mem_t, areas); /* areas we read packets from */ | |||
251 | PGPV_ARRAY(size_t, datastarts); /* starts of data packets */ | |||
252 | size_t pkt; /* when parsing, current pkt number */ | |||
253 | const char *op; /* the operation we're doing */ | |||
254 | unsigned ssh; /* using ssh keys */ | |||
255 | } pgpv_t; | |||
256 | ||||
257 | #define PGPV_REASON_LEN 128 | |||
258 | ||||
259 | /* when searching, we define a cursor, and fill in an array of subscripts */ | |||
260 | typedef struct pgpv_cursor_t { | |||
261 | pgpv_t *pgp; /* pointer to pgp tree */ | |||
262 | char *field; /* field we're searching on */ | |||
263 | char *op; /* operation we're doing */ | |||
264 | char *value; /* value we're searching for */ | |||
265 | void *ptr; /* for regexps etc */ | |||
266 | PGPV_ARRAY(uint32_t, found); /* array of matched pimary key subscripts */ | |||
267 | PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */ | |||
268 | int64_t sigtime; /* time of signature */ | |||
269 | char why[PGPV_REASON_LEN]; /* reason for bad signature */ | |||
270 | } pgpv_cursor_t; | |||
271 | 39 | |||
272 | #ifndef __BEGIN_DECLS | 40 | #ifndef __BEGIN_DECLS | |
273 | # if defined(__cplusplus) | 41 | # if defined(__cplusplus) | |
274 | # define __BEGIN_DECLS extern "C" { | 42 | # define __BEGIN_DECLS extern "C" { | |
275 | # define __END_DECLS } | 43 | # define __END_DECLS } | |
276 | # else | 44 | # else | |
277 | # define __BEGIN_DECLS | 45 | # define __BEGIN_DECLS | |
278 | # define __END_DECLS | 46 | # define __END_DECLS | |
279 | # endif | 47 | # endif | |
280 | #endif | 48 | #endif | |
281 | 49 | |||
282 | __BEGIN_DECLS | 50 | __BEGIN_DECLS | |
283 | 51 | |||
52 | pgpv_t *pgpv_new(void); | |||
53 | pgpv_cursor_t *pgpv_new_cursor(void); | |||
54 | ||||
284 | int pgpv_read_pubring(pgpv_t */*pgp*/, const void */*keyringfile/mem*/, ssize_t /*size*/); | 55 | int pgpv_read_pubring(pgpv_t */*pgp*/, const void */*keyringfile/mem*/, ssize_t /*size*/); | |
285 | int pgpv_read_ssh_pubkeys(pgpv_t */*pgp*/, const void */*keyring*/, ssize_t /*size*/); | 56 | int pgpv_read_ssh_pubkeys(pgpv_t */*pgp*/, const void */*keyring*/, ssize_t /*size*/); | |
286 | 57 | |||
287 | size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/); | 58 | size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/); | |
288 | size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/); | 59 | size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/); | |
289 | int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/); | |||
290 | size_t pgpv_dump(pgpv_t */*pgp*/, char **/*data*/); | 60 | size_t pgpv_dump(pgpv_t */*pgp*/, char **/*data*/); | |
291 | 61 | |||
292 | size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/, const char */*modifiers*/); | 62 | size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/, const char */*modifiers*/); | |
293 | 63 | |||
64 | int64_t pgpv_get_cursor_num(pgpv_cursor_t */*cursor*/, const char */*field*/); | |||
65 | char *pgpv_get_cursor_str(pgpv_cursor_t */*cursor*/, const char */*field*/); | |||
66 | int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/); | |||
67 | ||||
294 | int pgpv_close(pgpv_t */*pgp*/); | 68 | int pgpv_close(pgpv_t */*pgp*/); | |
295 | 69 | |||
296 | __END_DECLS | 70 | __END_DECLS | |
297 | 71 | |||
298 | #endif | 72 | #endif |