/src/gnupg/kbx/keybox-openpgp.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* keybox-openpgp.c - OpenPGP key parsing |
2 | | * Copyright (C) 2001, 2003, 2011 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of GnuPG. |
5 | | * |
6 | | * GnuPG is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * GnuPG is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
18 | | */ |
19 | | |
20 | | /* This is a simple OpenPGP parser suitable for all OpenPGP key |
21 | | material. It just provides the functionality required to build and |
22 | | parse an KBX OpenPGP key blob. Thus it is not a complete parser. |
23 | | However it is self-contained and optimized for fast in-memory |
24 | | parsing. Note that we don't support old ElGamal v3 keys |
25 | | anymore. */ |
26 | | |
27 | | #include <config.h> |
28 | | #include <stdlib.h> |
29 | | #include <stdio.h> |
30 | | #include <string.h> |
31 | | #include <errno.h> |
32 | | #include <assert.h> |
33 | | |
34 | | #include "keybox-defs.h" |
35 | | |
36 | | #include <gcrypt.h> |
37 | | |
38 | | #include "../common/openpgpdefs.h" |
39 | | #include "../common/host2net.h" |
40 | | |
41 | | struct keyparm_s |
42 | | { |
43 | | const char *mpi; |
44 | | int len; /* int to avoid a cast in gcry_sexp_build. */ |
45 | | }; |
46 | | |
47 | | |
48 | | /* Assume a valid OpenPGP packet at the address pointed to by BUFBTR |
49 | | which has a maximum length as stored at BUFLEN. Return the header |
50 | | information of that packet and advance the pointer stored at BUFPTR |
51 | | to the next packet; also adjust the length stored at BUFLEN to |
52 | | match the remaining bytes. If there are no more packets, store NULL |
53 | | at BUFPTR. Return an non-zero error code on failure or the |
54 | | following data on success: |
55 | | |
56 | | R_DATAPKT = Pointer to the begin of the packet data. |
57 | | R_DATALEN = Length of this data. This has already been checked to fit |
58 | | into the buffer. |
59 | | R_PKTTYPE = The packet type. |
60 | | R_NTOTAL = The total number of bytes of this packet |
61 | | |
62 | | Note that these values are only updated on success. |
63 | | */ |
64 | | static gpg_error_t |
65 | | next_packet (unsigned char const **bufptr, size_t *buflen, |
66 | | unsigned char const **r_data, size_t *r_datalen, int *r_pkttype, |
67 | | size_t *r_ntotal) |
68 | 0 | { |
69 | 0 | const unsigned char *buf = *bufptr; |
70 | 0 | size_t len = *buflen; |
71 | 0 | int c, ctb, pkttype; |
72 | 0 | unsigned long pktlen; |
73 | |
|
74 | 0 | if (!len) |
75 | 0 | return gpg_error (GPG_ERR_NO_DATA); |
76 | | |
77 | 0 | ctb = *buf++; len--; |
78 | 0 | if ( !(ctb & 0x80) ) |
79 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */ |
80 | | |
81 | 0 | if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */ |
82 | 0 | { |
83 | 0 | pkttype = (ctb & 0x3f); |
84 | 0 | if (!len) |
85 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* No 1st length byte. */ |
86 | 0 | c = *buf++; len--; |
87 | 0 | if (pkttype == PKT_COMPRESSED) |
88 | 0 | return gpg_error (GPG_ERR_UNEXPECTED); /* ... packet in a keyblock. */ |
89 | 0 | if ( c < 192 ) |
90 | 0 | pktlen = c; |
91 | 0 | else if ( c < 224 ) |
92 | 0 | { |
93 | 0 | pktlen = (c - 192) * 256; |
94 | 0 | if (!len) |
95 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */ |
96 | 0 | c = *buf++; len--; |
97 | 0 | pktlen += c + 192; |
98 | 0 | } |
99 | 0 | else if (c == 255) |
100 | 0 | { |
101 | 0 | if (len <4 ) |
102 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* No length bytes. */ |
103 | 0 | pktlen = buf32_to_ulong (buf); |
104 | 0 | buf += 4; |
105 | 0 | len -= 4; |
106 | 0 | } |
107 | 0 | else /* Partial length encoding is not allowed for key packets. */ |
108 | 0 | return gpg_error (GPG_ERR_UNEXPECTED); |
109 | 0 | } |
110 | 0 | else /* Old style CTB. */ |
111 | 0 | { |
112 | 0 | int lenbytes; |
113 | |
|
114 | 0 | pktlen = 0; |
115 | 0 | pkttype = (ctb>>2)&0xf; |
116 | 0 | lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); |
117 | 0 | if (!lenbytes) /* Not allowed in key packets. */ |
118 | 0 | return gpg_error (GPG_ERR_UNEXPECTED); |
119 | 0 | if (len < lenbytes) |
120 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes. */ |
121 | 0 | for (; lenbytes; lenbytes--) |
122 | 0 | { |
123 | 0 | pktlen <<= 8; |
124 | 0 | pktlen |= *buf++; len--; |
125 | 0 | } |
126 | 0 | } |
127 | | |
128 | | /* Do some basic sanity check. */ |
129 | 0 | switch (pkttype) |
130 | 0 | { |
131 | 0 | case PKT_SIGNATURE: |
132 | 0 | case PKT_SECRET_KEY: |
133 | 0 | case PKT_PUBLIC_KEY: |
134 | 0 | case PKT_SECRET_SUBKEY: |
135 | 0 | case PKT_MARKER: |
136 | 0 | case PKT_RING_TRUST: |
137 | 0 | case PKT_USER_ID: |
138 | 0 | case PKT_PUBLIC_SUBKEY: |
139 | 0 | case PKT_OLD_COMMENT: |
140 | 0 | case PKT_ATTRIBUTE: |
141 | 0 | case PKT_COMMENT: |
142 | 0 | case PKT_GPG_CONTROL: |
143 | 0 | break; /* Okay these are allowed packets. */ |
144 | 0 | default: |
145 | 0 | return gpg_error (GPG_ERR_UNEXPECTED); |
146 | 0 | } |
147 | | |
148 | 0 | if (pkttype == 63 && pktlen == 0xFFFFFFFF) |
149 | | /* Sometimes the decompressing layer enters an error state in |
150 | | which it simply outputs 0xff for every byte read. If we have a |
151 | | stream of 0xff bytes, then it will be detected as a new format |
152 | | packet with type 63 and a 4-byte encoded length that is 4G-1. |
153 | | Since packets with type 63 are private and we use them as a |
154 | | control packet, which won't be 4 GB, we reject such packets as |
155 | | invalid. */ |
156 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
157 | | |
158 | 0 | if (pktlen > len) |
159 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */ |
160 | | |
161 | 0 | *r_data = buf; |
162 | 0 | *r_datalen = pktlen; |
163 | 0 | *r_pkttype = pkttype; |
164 | 0 | *r_ntotal = (buf - *bufptr) + pktlen; |
165 | |
|
166 | 0 | *bufptr = buf + pktlen; |
167 | 0 | *buflen = len - pktlen; |
168 | 0 | if (!*buflen) |
169 | 0 | *bufptr = NULL; |
170 | |
|
171 | 0 | return 0; |
172 | 0 | } |
173 | | |
174 | | |
175 | | /* Take a list of key parameters KP for the OpenPGP ALGO and compute |
176 | | * the keygrip which will be stored at GRIP. GRIP needs to be a |
177 | | * buffer of 20 bytes. */ |
178 | | static gpg_error_t |
179 | | keygrip_from_keyparm (int algo, struct keyparm_s *kp, unsigned char *grip) |
180 | 0 | { |
181 | 0 | gpg_error_t err; |
182 | 0 | gcry_sexp_t s_pkey = NULL; |
183 | |
|
184 | 0 | switch (algo) |
185 | 0 | { |
186 | 0 | case PUBKEY_ALGO_DSA: |
187 | 0 | err = gcry_sexp_build (&s_pkey, NULL, |
188 | 0 | "(public-key(dsa(p%b)(q%b)(g%b)(y%b)))", |
189 | 0 | kp[0].len, kp[0].mpi, |
190 | 0 | kp[1].len, kp[1].mpi, |
191 | 0 | kp[2].len, kp[2].mpi, |
192 | 0 | kp[3].len, kp[3].mpi); |
193 | 0 | break; |
194 | | |
195 | 0 | case PUBKEY_ALGO_ELGAMAL: |
196 | 0 | case PUBKEY_ALGO_ELGAMAL_E: |
197 | 0 | err = gcry_sexp_build (&s_pkey, NULL, |
198 | 0 | "(public-key(elg(p%b)(g%b)(y%b)))", |
199 | 0 | kp[0].len, kp[0].mpi, |
200 | 0 | kp[1].len, kp[1].mpi, |
201 | 0 | kp[2].len, kp[2].mpi); |
202 | 0 | break; |
203 | | |
204 | 0 | case PUBKEY_ALGO_RSA: |
205 | 0 | case PUBKEY_ALGO_RSA_S: |
206 | 0 | case PUBKEY_ALGO_RSA_E: |
207 | 0 | err = gcry_sexp_build (&s_pkey, NULL, |
208 | 0 | "(public-key(rsa(n%b)(e%b)))", |
209 | 0 | kp[0].len, kp[0].mpi, |
210 | 0 | kp[1].len, kp[1].mpi); |
211 | 0 | break; |
212 | | |
213 | 0 | case PUBKEY_ALGO_EDDSA: |
214 | 0 | case PUBKEY_ALGO_ECDSA: |
215 | 0 | case PUBKEY_ALGO_ECDH: |
216 | 0 | { |
217 | 0 | char *curve = openpgp_oidbuf_to_str (kp[0].mpi, kp[0].len); |
218 | 0 | if (!curve) |
219 | 0 | err = gpg_error_from_syserror (); |
220 | 0 | else |
221 | 0 | { |
222 | 0 | err = gcry_sexp_build |
223 | 0 | (&s_pkey, NULL, |
224 | 0 | (algo == PUBKEY_ALGO_EDDSA)? |
225 | 0 | "(public-key(ecc(curve%s)(flags eddsa)(q%b)))": |
226 | 0 | (algo == PUBKEY_ALGO_ECDH |
227 | 0 | && openpgp_oidbuf_is_cv25519 (kp[0].mpi, kp[0].len))? |
228 | 0 | "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))": |
229 | 0 | "(public-key(ecc(curve%s)(q%b)))", |
230 | 0 | curve, kp[1].len, kp[1].mpi); |
231 | 0 | xfree (curve); |
232 | 0 | } |
233 | 0 | } |
234 | 0 | break; |
235 | | |
236 | 0 | default: |
237 | 0 | err = gpg_error (GPG_ERR_PUBKEY_ALGO); |
238 | 0 | break; |
239 | 0 | } |
240 | | |
241 | 0 | if (!err && !gcry_pk_get_keygrip (s_pkey, grip)) |
242 | 0 | { |
243 | | /* Some Linux distributions remove certain curves from Libgcrypt |
244 | | * but not from GnuPG and thus the keygrip can't be computed. |
245 | | * Emit a better error message for this case. */ |
246 | 0 | if (!gcry_pk_get_curve (s_pkey, 0, NULL)) |
247 | 0 | err = gpg_error (GPG_ERR_UNKNOWN_CURVE); |
248 | 0 | else |
249 | 0 | { |
250 | 0 | log_info ("kbx: error computing keygrip\n"); |
251 | 0 | err = gpg_error (GPG_ERR_GENERAL); |
252 | 0 | } |
253 | 0 | } |
254 | |
|
255 | 0 | gcry_sexp_release (s_pkey); |
256 | |
|
257 | 0 | if (err) |
258 | 0 | memset (grip, 0, 20); |
259 | 0 | return err; |
260 | 0 | } |
261 | | |
262 | | |
263 | | /* Parse a key packet and store the information in KI. */ |
264 | | static gpg_error_t |
265 | | parse_key (const unsigned char *data, size_t datalen, |
266 | | struct _keybox_openpgp_key_info *ki) |
267 | 0 | { |
268 | 0 | gpg_error_t err; |
269 | 0 | const unsigned char *data_start = data; |
270 | 0 | int i, version, algorithm; |
271 | 0 | size_t n; |
272 | 0 | int npkey; |
273 | 0 | unsigned char hashbuffer[768]; |
274 | 0 | gcry_md_hd_t md; |
275 | 0 | int is_ecc = 0; |
276 | 0 | int is_v5; |
277 | | /* unsigned int pkbytes; for v5: # of octets of the public key params. */ |
278 | 0 | struct keyparm_s keyparm[OPENPGP_MAX_NPKEY]; |
279 | 0 | unsigned char *helpmpibuf[OPENPGP_MAX_NPKEY] = { NULL }; |
280 | |
|
281 | 0 | if (datalen < 5) |
282 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
283 | 0 | version = *data++; datalen--; |
284 | 0 | if (version < 2 || version > 5 ) |
285 | 0 | return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */ |
286 | 0 | is_v5 = version == 5; |
287 | | |
288 | | /*timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));*/ |
289 | 0 | data +=4; datalen -=4; |
290 | |
|
291 | 0 | if (version < 4) |
292 | 0 | { |
293 | 0 | if (datalen < 2) |
294 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
295 | 0 | data +=2; datalen -= 2; |
296 | 0 | } |
297 | | |
298 | 0 | if (!datalen) |
299 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
300 | 0 | algorithm = *data++; datalen--; |
301 | |
|
302 | 0 | if (is_v5) |
303 | 0 | { |
304 | 0 | if (datalen < 4) |
305 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
306 | | /* pkbytes = buf32_to_uint (data); */ |
307 | 0 | data += 4; |
308 | 0 | datalen -= 4; |
309 | 0 | } |
310 | | |
311 | 0 | switch (algorithm) |
312 | 0 | { |
313 | 0 | case PUBKEY_ALGO_RSA: |
314 | 0 | case PUBKEY_ALGO_RSA_E: |
315 | 0 | case PUBKEY_ALGO_RSA_S: |
316 | 0 | npkey = 2; |
317 | 0 | break; |
318 | 0 | case PUBKEY_ALGO_ELGAMAL_E: |
319 | 0 | case PUBKEY_ALGO_ELGAMAL: |
320 | 0 | npkey = 3; |
321 | 0 | break; |
322 | 0 | case PUBKEY_ALGO_DSA: |
323 | 0 | npkey = 4; |
324 | 0 | break; |
325 | 0 | case PUBKEY_ALGO_ECDH: |
326 | 0 | npkey = 3; |
327 | 0 | is_ecc = 1; |
328 | 0 | break; |
329 | 0 | case PUBKEY_ALGO_ECDSA: |
330 | 0 | case PUBKEY_ALGO_EDDSA: |
331 | 0 | npkey = 2; |
332 | 0 | is_ecc = 1; |
333 | 0 | break; |
334 | 0 | default: /* Unknown algorithm. */ |
335 | 0 | return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); |
336 | 0 | } |
337 | | |
338 | 0 | ki->version = version; |
339 | 0 | ki->algo = algorithm; |
340 | |
|
341 | 0 | for (i=0; i < npkey; i++ ) |
342 | 0 | { |
343 | 0 | unsigned int nbits, nbytes; |
344 | |
|
345 | 0 | if (datalen < 2) |
346 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
347 | | |
348 | 0 | if (is_ecc && (i == 0 || i == 2)) |
349 | 0 | { |
350 | 0 | nbytes = data[0]; |
351 | 0 | if (nbytes < 2 || nbytes > 254) |
352 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
353 | 0 | nbytes++; /* The size byte itself. */ |
354 | 0 | if (datalen < nbytes) |
355 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
356 | | |
357 | 0 | keyparm[i].mpi = data; |
358 | 0 | keyparm[i].len = nbytes; |
359 | 0 | } |
360 | 0 | else |
361 | 0 | { |
362 | 0 | nbits = ((data[0]<<8)|(data[1])); |
363 | 0 | data += 2; |
364 | 0 | datalen -= 2; |
365 | 0 | nbytes = (nbits+7) / 8; |
366 | 0 | if (datalen < nbytes) |
367 | 0 | return gpg_error (GPG_ERR_INV_PACKET); |
368 | | |
369 | 0 | keyparm[i].mpi = data; |
370 | 0 | keyparm[i].len = nbytes; |
371 | 0 | } |
372 | | |
373 | 0 | data += nbytes; datalen -= nbytes; |
374 | 0 | } |
375 | 0 | n = data - data_start; |
376 | | |
377 | | |
378 | | /* Note: Starting here we need to jump to leave on error. */ |
379 | | |
380 | | /* For non-ECC, make sure the MPIs are unsigned. */ |
381 | 0 | if (!is_ecc) |
382 | 0 | for (i=0; i < npkey; i++) |
383 | 0 | { |
384 | 0 | if (!keyparm[i].len || (keyparm[i].mpi[0] & 0x80)) |
385 | 0 | { |
386 | 0 | helpmpibuf[i] = xtrymalloc (1+keyparm[i].len); |
387 | 0 | if (!helpmpibuf[i]) |
388 | 0 | { |
389 | 0 | err = gpg_error_from_syserror (); |
390 | 0 | goto leave; |
391 | 0 | } |
392 | 0 | helpmpibuf[i][0] = 0; |
393 | 0 | memcpy (helpmpibuf[i]+1, keyparm[i].mpi, keyparm[i].len); |
394 | 0 | keyparm[i].mpi = helpmpibuf[i]; |
395 | 0 | keyparm[i].len++; |
396 | 0 | } |
397 | 0 | } |
398 | | |
399 | 0 | err = keygrip_from_keyparm (algorithm, keyparm, ki->grip); |
400 | 0 | if (err) |
401 | 0 | goto leave; |
402 | | |
403 | 0 | if (version < 4) |
404 | 0 | { |
405 | | /* We do not support any other algorithm than RSA in v3 |
406 | | packets. */ |
407 | 0 | if (algorithm < 1 || algorithm > 3) |
408 | 0 | return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); |
409 | | |
410 | 0 | err = gcry_md_open (&md, GCRY_MD_MD5, 0); |
411 | 0 | if (err) |
412 | 0 | return err; /* Oops */ |
413 | 0 | gcry_md_write (md, keyparm[0].mpi, keyparm[0].len); |
414 | 0 | gcry_md_write (md, keyparm[1].mpi, keyparm[1].len); |
415 | 0 | memcpy (ki->fpr, gcry_md_read (md, 0), 16); |
416 | 0 | gcry_md_close (md); |
417 | 0 | ki->fprlen = 16; |
418 | |
|
419 | 0 | if (keyparm[0].len < 8) |
420 | 0 | { |
421 | | /* Moduli less than 64 bit are out of the specs scope. Zero |
422 | | them out because this is what gpg does too. */ |
423 | 0 | memset (ki->keyid, 0, 8); |
424 | 0 | } |
425 | 0 | else |
426 | 0 | memcpy (ki->keyid, keyparm[0].mpi + keyparm[0].len - 8, 8); |
427 | 0 | } |
428 | 0 | else |
429 | 0 | { |
430 | | /* Its a pity that we need to prefix the buffer with the tag |
431 | | and a length header: We can't simply pass it to the fast |
432 | | hashing function for that reason. It might be a good idea to |
433 | | have a scatter-gather enabled hash function. What we do here |
434 | | is to use a static buffer if this one is large enough and |
435 | | only use the regular hash functions if this buffer is not |
436 | | large enough. |
437 | | FIXME: Factor this out to a shared fingerprint function. |
438 | | */ |
439 | 0 | if (version == 5) |
440 | 0 | { |
441 | 0 | if ( 5 + n < sizeof hashbuffer ) |
442 | 0 | { |
443 | 0 | hashbuffer[0] = 0x9a; /* CTB */ |
444 | 0 | hashbuffer[1] = (n >> 24);/* 4 byte length header. */ |
445 | 0 | hashbuffer[2] = (n >> 16); |
446 | 0 | hashbuffer[3] = (n >> 8); |
447 | 0 | hashbuffer[4] = (n ); |
448 | 0 | memcpy (hashbuffer + 5, data_start, n); |
449 | 0 | gcry_md_hash_buffer (GCRY_MD_SHA256, ki->fpr, hashbuffer, 5 + n); |
450 | 0 | } |
451 | 0 | else |
452 | 0 | { |
453 | 0 | err = gcry_md_open (&md, GCRY_MD_SHA256, 0); |
454 | 0 | if (err) |
455 | 0 | return err; /* Oops */ |
456 | 0 | gcry_md_putc (md, 0x9a ); /* CTB */ |
457 | 0 | gcry_md_putc (md, (n >> 24)); /* 4 byte length header. */ |
458 | 0 | gcry_md_putc (md, (n >> 16)); |
459 | 0 | gcry_md_putc (md, (n >> 8)); |
460 | 0 | gcry_md_putc (md, (n )); |
461 | 0 | gcry_md_write (md, data_start, n); |
462 | 0 | memcpy (ki->fpr, gcry_md_read (md, 0), 32); |
463 | 0 | gcry_md_close (md); |
464 | 0 | } |
465 | 0 | ki->fprlen = 32; |
466 | 0 | memcpy (ki->keyid, ki->fpr, 8); |
467 | 0 | } |
468 | 0 | else |
469 | 0 | { |
470 | 0 | if ( 3 + n < sizeof hashbuffer ) |
471 | 0 | { |
472 | 0 | hashbuffer[0] = 0x99; /* CTB */ |
473 | 0 | hashbuffer[1] = (n >> 8); /* 2 byte length header. */ |
474 | 0 | hashbuffer[2] = (n ); |
475 | 0 | memcpy (hashbuffer + 3, data_start, n); |
476 | 0 | gcry_md_hash_buffer (GCRY_MD_SHA1, ki->fpr, hashbuffer, 3 + n); |
477 | 0 | } |
478 | 0 | else |
479 | 0 | { |
480 | 0 | err = gcry_md_open (&md, GCRY_MD_SHA1, 0); |
481 | 0 | if (err) |
482 | 0 | return err; /* Oops */ |
483 | 0 | gcry_md_putc (md, 0x99 ); /* CTB */ |
484 | 0 | gcry_md_putc (md, (n >> 8)); /* 2 byte length header. */ |
485 | 0 | gcry_md_putc (md, (n )); |
486 | 0 | gcry_md_write (md, data_start, n); |
487 | 0 | memcpy (ki->fpr, gcry_md_read (md, 0), 20); |
488 | 0 | gcry_md_close (md); |
489 | 0 | } |
490 | 0 | ki->fprlen = 20; |
491 | 0 | memcpy (ki->keyid, ki->fpr+12, 8); |
492 | 0 | } |
493 | 0 | } |
494 | | |
495 | 0 | leave: |
496 | 0 | for (i=0; i < npkey; i++) |
497 | 0 | xfree (helpmpibuf[i]); |
498 | |
|
499 | 0 | return err; |
500 | 0 | } |
501 | | |
502 | | |
503 | | |
504 | | /* The caller must pass the address of an INFO structure which will |
505 | | get filled on success with information pertaining to the OpenPGP |
506 | | keyblock IMAGE of length IMAGELEN. Note that a caller does only |
507 | | need to release this INFO structure if the function returns |
508 | | success. If NPARSED is not NULL the actual number of bytes parsed |
509 | | will be stored at this address. */ |
510 | | gpg_error_t |
511 | | _keybox_parse_openpgp (const unsigned char *image, size_t imagelen, |
512 | | size_t *nparsed, keybox_openpgp_info_t info) |
513 | 0 | { |
514 | 0 | gpg_error_t err = 0; |
515 | 0 | const unsigned char *image_start, *data; |
516 | 0 | size_t n, datalen; |
517 | 0 | int pkttype; |
518 | 0 | int first = 1; |
519 | 0 | int read_error = 0; |
520 | 0 | struct _keybox_openpgp_key_info *k, **ktail = NULL; |
521 | 0 | struct _keybox_openpgp_uid_info *u, **utail = NULL; |
522 | |
|
523 | 0 | memset (info, 0, sizeof *info); |
524 | 0 | if (nparsed) |
525 | 0 | *nparsed = 0; |
526 | |
|
527 | 0 | image_start = image; |
528 | 0 | while (image) |
529 | 0 | { |
530 | 0 | err = next_packet (&image, &imagelen, &data, &datalen, &pkttype, &n); |
531 | 0 | if (err) |
532 | 0 | { |
533 | 0 | read_error = 1; |
534 | 0 | break; |
535 | 0 | } |
536 | | |
537 | 0 | if (first) |
538 | 0 | { |
539 | 0 | if (pkttype == PKT_PUBLIC_KEY) |
540 | 0 | ; |
541 | 0 | else if (pkttype == PKT_SECRET_KEY) |
542 | 0 | info->is_secret = 1; |
543 | 0 | else |
544 | 0 | { |
545 | 0 | err = gpg_error (GPG_ERR_UNEXPECTED); |
546 | 0 | if (nparsed) |
547 | 0 | *nparsed += n; |
548 | 0 | break; |
549 | 0 | } |
550 | 0 | first = 0; |
551 | 0 | } |
552 | 0 | else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY) |
553 | 0 | break; /* Next keyblock encountered - ready. */ |
554 | | |
555 | 0 | if (nparsed) |
556 | 0 | *nparsed += n; |
557 | |
|
558 | 0 | if (pkttype == PKT_SIGNATURE) |
559 | 0 | { |
560 | | /* For now we only count the total number of signatures. */ |
561 | 0 | info->nsigs++; |
562 | 0 | } |
563 | 0 | else if (pkttype == PKT_USER_ID) |
564 | 0 | { |
565 | 0 | info->nuids++; |
566 | 0 | if (info->nuids == 1) |
567 | 0 | { |
568 | 0 | info->uids.off = data - image_start; |
569 | 0 | info->uids.len = datalen; |
570 | 0 | utail = &info->uids.next; |
571 | 0 | } |
572 | 0 | else |
573 | 0 | { |
574 | 0 | u = xtrycalloc (1, sizeof *u); |
575 | 0 | if (!u) |
576 | 0 | { |
577 | 0 | err = gpg_error_from_syserror (); |
578 | 0 | break; |
579 | 0 | } |
580 | 0 | u->off = data - image_start; |
581 | 0 | u->len = datalen; |
582 | 0 | *utail = u; |
583 | 0 | utail = &u->next; |
584 | 0 | } |
585 | 0 | } |
586 | 0 | else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY) |
587 | 0 | { |
588 | 0 | err = parse_key (data, datalen, &info->primary); |
589 | 0 | if (err) |
590 | 0 | break; |
591 | 0 | } |
592 | 0 | else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' ) |
593 | 0 | { |
594 | | /* Early versions of GnuPG used old PGP comment packets; |
595 | | * luckily all those comments are prefixed by a hash |
596 | | * sign - ignore these packets. */ |
597 | 0 | } |
598 | 0 | else if (pkttype == PKT_PUBLIC_SUBKEY || pkttype == PKT_SECRET_SUBKEY) |
599 | 0 | { |
600 | 0 | info->nsubkeys++; |
601 | 0 | if (info->nsubkeys == 1) |
602 | 0 | { |
603 | 0 | err = parse_key (data, datalen, &info->subkeys); |
604 | 0 | if (err) |
605 | 0 | { |
606 | 0 | info->nsubkeys--; |
607 | | /* We ignore subkeys with unknown algorithms. */ |
608 | 0 | if (gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM |
609 | 0 | || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM) |
610 | 0 | err = 0; |
611 | 0 | if (err) |
612 | 0 | break; |
613 | 0 | } |
614 | 0 | else |
615 | 0 | ktail = &info->subkeys.next; |
616 | 0 | } |
617 | 0 | else |
618 | 0 | { |
619 | 0 | k = xtrycalloc (1, sizeof *k); |
620 | 0 | if (!k) |
621 | 0 | { |
622 | 0 | err = gpg_error_from_syserror (); |
623 | 0 | break; |
624 | 0 | } |
625 | 0 | err = parse_key (data, datalen, k); |
626 | 0 | if (err) |
627 | 0 | { |
628 | 0 | xfree (k); |
629 | 0 | info->nsubkeys--; |
630 | | /* We ignore subkeys with unknown algorithms. */ |
631 | 0 | if (gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM |
632 | 0 | || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM) |
633 | 0 | err = 0; |
634 | 0 | if (err) |
635 | 0 | break; |
636 | 0 | } |
637 | 0 | else |
638 | 0 | { |
639 | 0 | *ktail = k; |
640 | 0 | ktail = &k->next; |
641 | 0 | } |
642 | 0 | } |
643 | 0 | } |
644 | 0 | } |
645 | |
|
646 | 0 | if (err) |
647 | 0 | { |
648 | 0 | _keybox_destroy_openpgp_info (info); |
649 | 0 | if (!read_error) |
650 | 0 | { |
651 | | /* Packet parsing worked, thus we should be able to skip the |
652 | | rest of the keyblock. */ |
653 | 0 | while (image) |
654 | 0 | { |
655 | 0 | if (next_packet (&image, &imagelen, |
656 | 0 | &data, &datalen, &pkttype, &n) ) |
657 | 0 | break; /* Another error - stop here. */ |
658 | | |
659 | 0 | if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY) |
660 | 0 | break; /* Next keyblock encountered - ready. */ |
661 | | |
662 | 0 | if (nparsed) |
663 | 0 | *nparsed += n; |
664 | 0 | } |
665 | 0 | } |
666 | 0 | } |
667 | |
|
668 | 0 | return err; |
669 | 0 | } |
670 | | |
671 | | |
672 | | /* Release any malloced data in INFO but not INFO itself! */ |
673 | | void |
674 | | _keybox_destroy_openpgp_info (keybox_openpgp_info_t info) |
675 | 0 | { |
676 | 0 | struct _keybox_openpgp_key_info *k, *k2; |
677 | 0 | struct _keybox_openpgp_uid_info *u, *u2; |
678 | |
|
679 | 0 | log_assert (!info->primary.next); |
680 | 0 | for (k=info->subkeys.next; k; k = k2) |
681 | 0 | { |
682 | 0 | k2 = k->next; |
683 | 0 | xfree (k); |
684 | 0 | } |
685 | |
|
686 | 0 | for (u=info->uids.next; u; u = u2) |
687 | 0 | { |
688 | 0 | u2 = u->next; |
689 | 0 | xfree (u); |
690 | 0 | } |
691 | 0 | } |