1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007, 2009, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
5 * Copyright (C) 2015 g10 Code GmbH
7 * This file is part of GnuPG.
9 * GnuPG is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * GnuPG is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
40 /* Maximum length of packets to avoid excessive memory allocation. */
41 #define MAX_KEY_PACKET_LENGTH (256 * 1024)
42 #define MAX_UID_PACKET_LENGTH ( 2 * 1024)
43 #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
44 #define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024)
47 static int mpi_print_mode;
49 static estream_t listfp;
51 static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
52 off_t * retpos, int *skip, IOBUF out, int do_skip
53 #ifdef DEBUG_PARSE_PACKET
54 , const char *dbg_w, const char *dbg_f, int dbg_l
57 static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
58 unsigned long pktlen, int partial);
59 static void skip_packet (IOBUF inp, int pkttype,
60 unsigned long pktlen, int partial);
61 static void *read_rest (IOBUF inp, size_t pktlen);
62 static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
63 static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
65 static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
67 static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
68 PKT_onepass_sig * ops);
69 static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
70 byte * hdr, int hdrlen, PACKET * packet);
71 static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
73 static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
75 static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
77 static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
79 static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
80 PACKET * packet, int new_ctb, int partial);
81 static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
82 PACKET * packet, int new_ctb);
83 static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
84 PACKET * packet, int new_ctb, int partial);
85 static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
86 PACKET * packet, int new_ctb);
87 static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
88 PACKET * packet, int partial);
90 /* Read a 16-bit value in MSB order (big endian) from an iobuf. */
95 a = (unsigned short)iobuf_get_noeof (inp) << 8;
96 a |= iobuf_get_noeof (inp);
101 /* Read a 32-bit value in MSB order (big endian) from an iobuf. */
106 a = (unsigned long)iobuf_get_noeof (inp) << 24;
107 a |= iobuf_get_noeof (inp) << 16;
108 a |= iobuf_get_noeof (inp) << 8;
109 a |= iobuf_get_noeof (inp);
114 /* Read an external representation of an MPI and return the MPI. The
115 external format is a 16-bit unsigned value stored in network byte
116 order giving the number of bits for the following integer. The
117 integer is stored MSB first and is left padded with zero bits to
118 align on a byte boundary.
120 The caller must set *RET_NREAD to the maximum number of bytes to
121 read from the pipeline INP. This function sets *RET_NREAD to be
122 the number of bytes actually read from the pipeline.
124 If SECURE is true, the integer is stored in secure memory
125 (allocated using gcry_xmalloc_secure). */
127 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
130 unsigned int nmax = *ret_nread;
131 unsigned int nbits, nbytes;
140 if ((c = c1 = iobuf_get (inp)) == -1)
145 if ((c = c2 = iobuf_get (inp)) == -1)
149 if (nbits > MAX_EXTERN_MPI_BITS)
151 log_error ("mpi too large (%u bits)\n", nbits);
155 nbytes = (nbits + 7) / 8;
156 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
160 for (i = 0; i < nbytes; i++)
173 if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
181 log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
190 set_packet_list_mode (int mode)
195 /* We use stdout only if invoked by the --list-packets command
196 but switch to stderr in all other cases. This breaks the
197 previous behaviour but that seems to be more of a bug than
198 intentional. I don't believe that any application makes use of
199 this long standing annoying way of printing to stdout except when
200 doing a --list-packets. If this assumption fails, it will be easy
201 to add an option for the listing stream. Note that we initialize
202 it only once; mainly because there is code which switches
203 opt.list_mode back to 1 and we want to have all output to the
204 same stream. The MPI_PRINT_MODE will be enabled if the
205 corresponding debug flag is set or if we are in --list-packets
206 and --verbose is given.
208 Using stderr is not actually very clean because it bypasses the
209 logging code but it is a special thing anyway. I am not sure
210 whether using log_stream() would be better. Perhaps we should
211 enable the list mode only with a special option. */
214 if (opt.list_packets)
223 if (opt.debug && DBG_MPI_VALUE)
230 /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
231 not suitable for signing and encryption. */
233 unknown_pubkey_warning (int algo)
235 static byte unknown_pubkey_algos[256];
237 /* First check whether the algorithm is usable but not suitable for
238 encryption/signing. */
239 if (pubkey_get_npkey (algo))
243 if (!pubkey_get_nsig (algo))
244 log_info ("public key algorithm %s not suitable for %s\n",
245 openpgp_pk_algo_name (algo), "signing");
246 if (!pubkey_get_nenc (algo))
247 log_info ("public key algorithm %s not suitable for %s\n",
248 openpgp_pk_algo_name (algo), "encryption");
254 if (!unknown_pubkey_algos[algo])
257 log_info (_("can't handle public key algorithm %d\n"), algo);
258 unknown_pubkey_algos[algo] = 1;
264 #ifdef DEBUG_PARSE_PACKET
266 dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
272 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
274 while (skip && ! rc);
277 #else /*!DEBUG_PARSE_PACKET*/
279 parse_packet (IOBUF inp, PACKET * pkt)
285 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
287 while (skip && ! rc);
290 #endif /*!DEBUG_PARSE_PACKET*/
294 * Like parse packet, but only return secret or public (sub)key
297 #ifdef DEBUG_PARSE_PACKET
299 dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
300 const char *dbg_f, int dbg_l)
307 parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
310 while (skip && ! rc);
313 #else /*!DEBUG_PARSE_PACKET*/
315 search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
321 rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
323 while (skip && ! rc);
326 #endif /*!DEBUG_PARSE_PACKET*/
330 * Copy all packets from INP to OUT, thereby removing unused spaces.
332 #ifdef DEBUG_PARSE_PACKET
334 dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
340 log_bug ("copy_all_packets: OUT may not be NULL.\n");
348 parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
351 #else /*!DEBUG_PARSE_PACKET*/
353 copy_all_packets (IOBUF inp, IOBUF out)
359 log_bug ("copy_all_packets: OUT may not be NULL.\n");
365 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
368 #endif /*!DEBUG_PARSE_PACKET*/
372 * Copy some packets from INP to OUT, thereby removing unused spaces.
373 * Stop at offset STOPoff (i.e. don't copy packets at this or later
376 #ifdef DEBUG_PARSE_PACKET
378 dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
379 const char *dbg_f, int dbg_l)
385 if (iobuf_tell (inp) >= stopoff)
389 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
390 "some", dbg_f, dbg_l)));
393 #else /*!DEBUG_PARSE_PACKET*/
395 copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
401 if (iobuf_tell (inp) >= stopoff)
405 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
408 #endif /*!DEBUG_PARSE_PACKET*/
412 * Skip over N packets
414 #ifdef DEBUG_PARSE_PACKET
416 dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
421 for (; n && !rc; n--)
424 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
428 #else /*!DEBUG_PARSE_PACKET*/
430 skip_some_packets (IOBUF inp, unsigned n)
435 for (; n && !rc; n--)
438 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
442 #endif /*!DEBUG_PARSE_PACKET*/
445 /* Parse a packet and save it in *PKT.
447 If OUT is not NULL and the packet is valid (its type is not 0),
448 then the header, the initial length field and the packet's contents
449 are written to OUT. In this case, the packet is not saved in *PKT.
451 ONLYKEYPKTS is a simple packet filter. If ONLYKEYPKTS is set to 1,
452 then only public subkey packets, public key packets, private subkey
453 packets and private key packets are parsed. The rest are skipped
454 (i.e., the header and the contents are read from the pipeline and
455 discarded). If ONLYKEYPKTS is set to 2, then in addition to the
456 above 4 types of packets, user id packets are also accepted.
458 DO_SKIP is a more coarse grained filter. Unless ONLYKEYPKTS is set
459 to 2 and the packet is a user id packet, all packets are skipped.
461 Finally, if a packet is invalid (it's type is 0), it is skipped.
463 If a packet is skipped and SKIP is not NULL, then *SKIP is set to
466 Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
467 i.e., the packets are not simply being copied.
469 If RETPOS is not NULL, then the position of INP (as returned by
470 iobuf_tell) is saved there before any data is read from INP.
473 parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
474 int *skip, IOBUF out, int do_skip
475 #ifdef DEBUG_PARSE_PACKET
476 , const char *dbg_w, const char *dbg_f, int dbg_l
480 int rc = 0, c, ctb, pkttype, lenbytes;
481 unsigned long pktlen;
484 int new_ctb = 0, partial = 0;
485 int with_uid = (onlykeypkts == 2);
489 log_assert (!pkt->pkt.generic);
490 if (retpos || list_mode)
492 pos = iobuf_tell (inp);
497 pos = 0; /* (silence compiler warning) */
499 /* The first byte of a packet is the so-called tag. The highest bit
501 if ((ctb = iobuf_get (inp)) == -1)
511 log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
512 rc = gpg_error (GPG_ERR_INV_PACKET);
516 /* Immediately following the header is the length. There are two
517 formats: the old format and the new format. If bit 6 (where the
518 least significant bit is bit 0) is set in the tag, then we are
519 dealing with a new format packet. Otherwise, it is an old format
522 new_ctb = !!(ctb & 0x40);
525 /* Get the packet's type. This is encoded in the 6 least
526 significant bits of the tag. */
527 pkttype = ctb & 0x3f;
529 /* Extract the packet's length. New format packets have 4 ways
530 to encode the packet length. The value of the first byte
531 determines the encoding and partially determines the length.
532 See section 4.2.2 of RFC 4880 for details. */
533 if ((c = iobuf_get (inp)) == -1)
535 log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
536 rc = gpg_error (GPG_ERR_INV_PACKET);
546 pktlen = (c - 192) * 256;
547 if ((c = iobuf_get (inp)) == -1)
549 log_error ("%s: 2nd length byte missing\n",
551 rc = gpg_error (GPG_ERR_INV_PACKET);
562 for (i = 0; i < 4; i ++)
564 if ((c = iobuf_get (inp)) == -1)
566 log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
567 rc = gpg_error (GPG_ERR_INV_PACKET);
570 value[i] = hdr[hdrlen++] = c;
573 pktlen = buf32_to_ulong (value);
575 else /* Partial body length. */
581 case PKT_ENCRYPTED_MDC:
583 iobuf_set_partial_body_length_mode (inp, c & 0xff);
584 pktlen = 0; /* To indicate partial length. */
589 log_error ("%s: partial length invalid for"
590 " packet type %d\n", iobuf_where (inp), pkttype);
591 rc = gpg_error (GPG_ERR_INV_PACKET);
598 /* This is an old format packet. */
600 /* Extract the packet's type. This is encoded in bits 2-5. */
601 pkttype = (ctb >> 2) & 0xf;
603 /* The type of length encoding is encoded in bits 0-1 of the
605 lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
608 pktlen = 0; /* Don't know the value. */
609 /* This isn't really partial, but we can treat it the same
610 in a "read until the end" sort of way. */
612 if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
613 && pkttype != PKT_COMPRESSED)
615 log_error ("%s: indeterminate length for invalid"
616 " packet type %d\n", iobuf_where (inp), pkttype);
617 rc = gpg_error (GPG_ERR_INV_PACKET);
623 for (; lenbytes; lenbytes--)
629 log_error ("%s: length invalid\n", iobuf_where (inp));
630 rc = gpg_error (GPG_ERR_INV_PACKET);
633 pktlen |= hdr[hdrlen++] = c;
638 /* Sometimes the decompressing layer enters an error state in which
639 it simply outputs 0xff for every byte read. If we have a stream
640 of 0xff bytes, then it will be detected as a new format packet
641 with type 63 and a 4-byte encoded length that is 4G-1. Since
642 packets with type 63 are private and we use them as a control
643 packet, which won't be 4 GB, we reject such packets as
645 if (pkttype == 63 && pktlen == 0xFFFFFFFF)
647 /* With some probability this is caused by a problem in the
648 * the uncompressing layer - in some error cases it just loops
649 * and spits out 0xff bytes. */
650 log_error ("%s: garbled packet detected\n", iobuf_where (inp));
656 /* This type of copying won't work if the packet uses a partial
657 body length. (In other words, this only works if HDR is
658 actually the length.) Currently, no callers require this
659 functionality so we just log this as an error. */
662 log_error ("parse: Can't copy partial packet. Aborting.\n");
663 rc = gpg_error (GPG_ERR_INV_PACKET);
667 rc = iobuf_write (out, hdr, hdrlen);
669 rc = copy_packet (inp, out, pkttype, pktlen, partial);
673 if (with_uid && pkttype == PKT_USER_ID)
674 /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
675 even if DO_SKIP is set. */
678 /* type==0 is not allowed. This is an invalid packet. */
680 /* When ONLYKEYPKTS is set, we don't skip keys. */
681 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
682 && pkttype != PKT_PUBLIC_KEY
683 && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
685 iobuf_skip_rest (inp, pktlen, partial);
693 #ifdef DEBUG_PARSE_PACKET
694 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
695 iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
696 dbg_w, dbg_f, dbg_l);
698 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
699 iobuf_id (inp), pkttype, pktlen,
700 new_ctb ? " (new_ctb)" : "");
705 es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
706 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
707 partial? (new_ctb ? " partial" : " indeterminate") :"",
708 new_ctb? " new-ctb":"");
710 pkt->pkttype = pkttype;
711 rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
715 case PKT_PUBLIC_SUBKEY:
717 case PKT_SECRET_SUBKEY:
718 pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
719 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
722 rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
725 rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
728 pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
729 rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
731 case PKT_ONEPASS_SIG:
732 pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
733 rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
736 rc = parse_user_id (inp, pkttype, pktlen, pkt);
739 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
740 rc = parse_attribute (inp, pkttype, pktlen, pkt);
742 case PKT_OLD_COMMENT:
744 rc = parse_comment (inp, pkttype, pktlen, pkt);
747 parse_trust (inp, pkttype, pktlen, pkt);
751 rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
754 rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
757 case PKT_ENCRYPTED_MDC:
758 rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
761 rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
763 case PKT_GPG_CONTROL:
764 rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
767 rc = parse_marker (inp, pkttype, pktlen);
770 /* Unknown packet. Skip it. */
771 skip_packet (inp, pkttype, pktlen, partial);
776 /* FIXME: We leak in case of an error (see the xmalloc's above). */
777 if (!rc && iobuf_error (inp))
778 rc = GPG_ERR_INV_KEYRING;
780 /* FIXME: We use only the error code for now to avoid problems with
781 callers which have not been checked to always use gpg_err_code()
782 when comparing error codes. */
783 return rc == -1? -1 : gpg_err_code (rc);
788 dump_hex_line (int c, int *i)
792 if (*i && !(*i % 24))
793 es_fprintf (listfp, "\n%4d:", *i);
795 es_putc (' ', listfp);
798 es_fprintf (listfp, " EOF");
800 es_fprintf (listfp, " %02x", c);
805 /* Copy the contents of a packet from the pipeline IN to the pipeline
808 The header and length have already been read from INP and the
809 decoded values are given as PKGTYPE and PKTLEN.
811 If the packet is a partial body length packet (RFC 4880, Section
812 4.2.2.4), then iobuf_set_partial_block_mode should already have
813 been called on INP and PARTIAL should be set.
815 If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
816 copy until the first EOF is encountered on INP.
818 Returns 0 on success and an error code if an error occurs. */
820 copy_packet (IOBUF inp, IOBUF out, int pkttype,
821 unsigned long pktlen, int partial)
829 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
830 if ((rc = iobuf_write (out, buf, n)))
831 return rc; /* write error */
833 else if (!pktlen && pkttype == PKT_COMPRESSED)
835 log_debug ("copy_packet: compressed!\n");
836 /* compressed packet, copy till EOF */
837 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
838 if ((rc = iobuf_write (out, buf, n)))
839 return rc; /* write error */
843 for (; pktlen; pktlen -= n)
845 n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
846 n = iobuf_read (inp, buf, n);
848 return gpg_error (GPG_ERR_EOF);
849 if ((rc = iobuf_write (out, buf, n)))
850 return rc; /* write error */
857 /* Skip an unknown packet. PKTTYPE is the packet's type, PKTLEN is
858 the length of the packet's content and PARTIAL is whether partial
859 body length encoding in used (in this case PKTLEN is ignored). */
861 skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
865 es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
870 es_fputs ("dump:", listfp);
873 while ((c = iobuf_get (inp)) != -1)
874 dump_hex_line (c, &i);
878 for (; pktlen; pktlen--)
880 dump_hex_line ((c = iobuf_get (inp)), &i);
885 es_putc ('\n', listfp);
889 iobuf_skip_rest (inp, pktlen, partial);
893 /* Read PKTLEN bytes form INP and return them in a newly allocated
894 buffer. In case of an error (including reading fewer than PKTLEN
895 bytes from INP before EOF is returned), NULL is returned and an
896 error message is logged. */
898 read_rest (IOBUF inp, size_t pktlen)
903 buf = xtrymalloc (pktlen);
906 gpg_error_t err = gpg_error_from_syserror ();
907 log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
910 for (p = buf; pktlen; pktlen--)
915 log_error ("premature eof while reading rest of packet\n");
926 /* Read a special size+body from INP. On success store an opaque MPI
927 with it at R_DATA. On error return an error code and store NULL at
928 R_DATA. Even in the error case store the number of read bytes at
929 R_NREAD. The caller shall pass the remaining size of the packet in
932 read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
943 return gpg_error (GPG_ERR_INV_PACKET);
944 c = iobuf_readbyte (inp);
946 return gpg_error (GPG_ERR_INV_PACKET);
950 if (nbytes < 2 || nbytes > 254)
951 return gpg_error (GPG_ERR_INV_PACKET);
953 return gpg_error (GPG_ERR_INV_PACKET);
957 for (i = 0; i < nbytes; i++)
961 return gpg_error (GPG_ERR_INV_PACKET);
966 tmpbuf = xtrymalloc (1 + nbytes);
968 return gpg_error_from_syserror ();
969 memcpy (tmpbuf, buffer, 1 + nbytes);
970 *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
974 return gpg_error_from_syserror ();
980 /* Parse a marker packet. */
982 parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
989 if (iobuf_get (inp) != 'P')
995 if (iobuf_get (inp) != 'G')
1001 if (iobuf_get (inp) != 'P')
1008 es_fputs (":marker packet: PGP\n", listfp);
1013 log_error ("invalid marker packet\n");
1015 es_fputs (":marker packet: [invalid]\n", listfp);
1016 iobuf_skip_rest (inp, pktlen, 0);
1017 return GPG_ERR_INV_PACKET;
1022 parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1027 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
1031 log_error ("packet(%d) too short\n", pkttype);
1033 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1034 rc = gpg_error (GPG_ERR_INV_PACKET);
1037 version = iobuf_get_noeof (inp);
1041 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1043 es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
1044 rc = gpg_error (GPG_ERR_INV_PACKET);
1048 { /* (we encode the seskeylen in a byte) */
1049 log_error ("packet(%d) too large\n", pkttype);
1051 es_fprintf (listfp, ":symkey enc packet: [too large]\n");
1052 rc = gpg_error (GPG_ERR_INV_PACKET);
1055 cipher_algo = iobuf_get_noeof (inp);
1057 s2kmode = iobuf_get_noeof (inp);
1059 hash_algo = iobuf_get_noeof (inp);
1063 case 0: /* Simple S2K. */
1066 case 1: /* Salted S2K. */
1069 case 3: /* Iterated+salted S2K. */
1073 log_error ("unknown S2K mode %d\n", s2kmode);
1075 es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
1078 if (minlen > pktlen)
1080 log_error ("packet with S2K %d too short\n", s2kmode);
1082 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1083 rc = gpg_error (GPG_ERR_INV_PACKET);
1086 seskeylen = pktlen - minlen;
1087 k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
1089 k->version = version;
1090 k->cipher_algo = cipher_algo;
1091 k->s2k.mode = s2kmode;
1092 k->s2k.hash_algo = hash_algo;
1093 if (s2kmode == 1 || s2kmode == 3)
1095 for (i = 0; i < 8 && pktlen; i++, pktlen--)
1096 k->s2k.salt[i] = iobuf_get_noeof (inp);
1100 k->s2k.count = iobuf_get (inp);
1103 k->seskeylen = seskeylen;
1106 for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
1107 k->seskey[i] = iobuf_get_noeof (inp);
1109 /* What we're watching out for here is a session key decryptor
1110 with no salt. The RFC says that using salt for this is a
1112 if (s2kmode != 1 && s2kmode != 3)
1113 log_info (_("WARNING: potentially insecure symmetrically"
1114 " encrypted session key\n"));
1116 log_assert (!pktlen);
1121 ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
1122 version, cipher_algo, s2kmode, hash_algo);
1124 es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
1125 es_fprintf (listfp, "\n");
1126 if (s2kmode == 1 || s2kmode == 3)
1128 es_fprintf (listfp, "\tsalt ");
1129 es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
1131 es_fprintf (listfp, ", count %lu (%lu)",
1132 S2K_DECODE_COUNT ((ulong) k->s2k.count),
1133 (ulong) k->s2k.count);
1134 es_fprintf (listfp, "\n");
1139 iobuf_skip_rest (inp, pktlen, 0);
1145 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1152 k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
1155 log_error ("packet(%d) too short\n", pkttype);
1157 es_fputs (":pubkey enc packet: [too short]\n", listfp);
1158 rc = gpg_error (GPG_ERR_INV_PACKET);
1161 k->version = iobuf_get_noeof (inp);
1163 if (k->version != 2 && k->version != 3)
1165 log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
1167 es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
1168 rc = gpg_error (GPG_ERR_INV_PACKET);
1171 k->keyid[0] = read_32 (inp);
1173 k->keyid[1] = read_32 (inp);
1175 k->pubkey_algo = iobuf_get_noeof (inp);
1177 k->throw_keyid = 0; /* Only used as flag for build_packet. */
1180 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
1181 k->version, k->pubkey_algo, (ulong) k->keyid[0],
1182 (ulong) k->keyid[1]);
1184 ndata = pubkey_get_nenc (k->pubkey_algo);
1188 es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
1189 unknown_pubkey_warning (k->pubkey_algo);
1190 k->data[0] = NULL; /* No need to store the encrypted data. */
1194 for (i = 0; i < ndata; i++)
1196 if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
1199 rc = read_size_body (inp, pktlen, &n, k->data+i);
1205 k->data[i] = mpi_read (inp, &n, 0);
1208 rc = gpg_error (GPG_ERR_INV_PACKET);
1214 es_fprintf (listfp, "\tdata: ");
1215 mpi_print (listfp, k->data[i], mpi_print_mode);
1216 es_putc ('\n', listfp);
1222 iobuf_skip_rest (inp, pktlen, 0);
1227 /* Dump a subpacket to LISTFP. BUFFER contains the subpacket in
1228 question and points to the type field in the subpacket header (not
1229 the start of the header). TYPE is the subpacket's type with the
1230 critical bit cleared. CRITICAL is the value of the CRITICAL bit.
1231 BUFLEN is the length of the buffer and LENGTH is the length of the
1232 subpacket according to the subpacket's header. */
1234 dump_sig_subpkt (int hashed, int type, int critical,
1235 const byte * buffer, size_t buflen, size_t length)
1237 const char *p = NULL;
1240 /* The CERT has warning out with explains how to use GNUPG to detect
1241 * the ARRs - we print our old message here when it is a faked ARR
1242 * and add an additional notice. */
1243 if (type == SIGSUBPKT_ARR && !hashed)
1246 "\tsubpkt %d len %u (additional recipient request)\n"
1247 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
1248 "encrypt to this key and thereby reveal the plaintext to "
1249 "the owner of this ARR key. Detailed info follows:\n",
1250 type, (unsigned) length);
1256 es_fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
1257 critical ? "critical " : "",
1258 hashed ? "hashed " : "", type, (unsigned) length);
1259 if (length > buflen)
1261 es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
1266 case SIGSUBPKT_SIG_CREATED:
1268 es_fprintf (listfp, "sig created %s",
1269 strtimestamp (buf32_to_u32 (buffer)));
1271 case SIGSUBPKT_SIG_EXPIRE:
1274 if (buf32_to_u32 (buffer))
1275 es_fprintf (listfp, "sig expires after %s",
1276 strtimevalue (buf32_to_u32 (buffer)));
1278 es_fprintf (listfp, "sig does not expire");
1281 case SIGSUBPKT_EXPORTABLE:
1283 es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1285 case SIGSUBPKT_TRUST:
1287 p = "[invalid trust subpacket]";
1289 es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1292 case SIGSUBPKT_REGEXP:
1294 p = "[invalid regexp subpacket]";
1297 es_fprintf (listfp, "regular expression: \"");
1298 es_write_sanitized (listfp, buffer, length, "\"", NULL);
1302 case SIGSUBPKT_REVOCABLE:
1304 es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1306 case SIGSUBPKT_KEY_EXPIRE:
1309 if (buf32_to_u32 (buffer))
1310 es_fprintf (listfp, "key expires after %s",
1311 strtimevalue (buf32_to_u32 (buffer)));
1313 es_fprintf (listfp, "key does not expire");
1316 case SIGSUBPKT_PREF_SYM:
1317 es_fputs ("pref-sym-algos:", listfp);
1318 for (i = 0; i < length; i++)
1319 es_fprintf (listfp, " %d", buffer[i]);
1321 case SIGSUBPKT_REV_KEY:
1322 es_fputs ("revocation key: ", listfp);
1327 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1328 for (i = 2; i < length; i++)
1329 es_fprintf (listfp, "%02X", buffer[i]);
1332 case SIGSUBPKT_ISSUER:
1334 es_fprintf (listfp, "issuer key ID %08lX%08lX",
1335 (ulong) buf32_to_u32 (buffer),
1336 (ulong) buf32_to_u32 (buffer + 4));
1338 case SIGSUBPKT_ISSUER_FPR:
1342 es_fprintf (listfp, "issuer fpr v%d ", buffer[0]);
1343 tmp = bin2hex (buffer+1, length-1, NULL);
1346 es_fputs (tmp, listfp);
1351 case SIGSUBPKT_NOTATION:
1353 es_fputs ("notation: ", listfp);
1358 const byte *s = buffer;
1361 n1 = (s[4] << 8) | s[5];
1362 n2 = (s[6] << 8) | s[7];
1364 if (8 + n1 + n2 != length)
1368 es_write_sanitized (listfp, s, n1, ")", NULL);
1369 es_putc ('=', listfp);
1372 es_write_sanitized (listfp, s + n1, n2, ")", NULL);
1374 p = "[not human readable]";
1379 case SIGSUBPKT_PREF_HASH:
1380 es_fputs ("pref-hash-algos:", listfp);
1381 for (i = 0; i < length; i++)
1382 es_fprintf (listfp, " %d", buffer[i]);
1384 case SIGSUBPKT_PREF_COMPR:
1385 es_fputs ("pref-zip-algos:", listfp);
1386 for (i = 0; i < length; i++)
1387 es_fprintf (listfp, " %d", buffer[i]);
1389 case SIGSUBPKT_KS_FLAGS:
1390 es_fputs ("keyserver preferences:", listfp);
1391 for (i = 0; i < length; i++)
1392 es_fprintf (listfp, " %02X", buffer[i]);
1394 case SIGSUBPKT_PREF_KS:
1395 es_fputs ("preferred keyserver: ", listfp);
1396 es_write_sanitized (listfp, buffer, length, ")", NULL);
1398 case SIGSUBPKT_PRIMARY_UID:
1399 p = "primary user ID";
1401 case SIGSUBPKT_POLICY:
1402 es_fputs ("policy: ", listfp);
1403 es_write_sanitized (listfp, buffer, length, ")", NULL);
1405 case SIGSUBPKT_KEY_FLAGS:
1406 es_fputs ("key flags:", listfp);
1407 for (i = 0; i < length; i++)
1408 es_fprintf (listfp, " %02X", buffer[i]);
1410 case SIGSUBPKT_SIGNERS_UID:
1411 p = "signer's user ID";
1413 case SIGSUBPKT_REVOC_REASON:
1416 es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1417 es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
1422 es_fputs ("Big Brother's key (ignored): ", listfp);
1427 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1429 es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
1432 case SIGSUBPKT_FEATURES:
1433 es_fputs ("features:", listfp);
1434 for (i = 0; i < length; i++)
1435 es_fprintf (listfp, " %02x", buffer[i]);
1437 case SIGSUBPKT_SIGNATURE:
1438 es_fputs ("signature: ", listfp);
1442 es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1444 buffer[0] == 3 ? buffer[2] : buffer[1],
1445 buffer[0] == 3 ? buffer[15] : buffer[2],
1446 buffer[0] == 3 ? buffer[16] : buffer[3]);
1449 if (type >= 100 && type <= 110)
1450 p = "experimental / private subpacket";
1456 es_fprintf (listfp, "%s)\n", p ? p : "");
1461 * Returns: >= 0 use this offset into buffer
1462 * -1 explicitly reject returning this type
1463 * -2 subpacket too short
1466 parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1470 case SIGSUBPKT_REV_KEY:
1474 case SIGSUBPKT_SIG_CREATED:
1475 case SIGSUBPKT_SIG_EXPIRE:
1476 case SIGSUBPKT_KEY_EXPIRE:
1480 case SIGSUBPKT_KEY_FLAGS:
1481 case SIGSUBPKT_KS_FLAGS:
1482 case SIGSUBPKT_PREF_SYM:
1483 case SIGSUBPKT_PREF_HASH:
1484 case SIGSUBPKT_PREF_COMPR:
1485 case SIGSUBPKT_POLICY:
1486 case SIGSUBPKT_PREF_KS:
1487 case SIGSUBPKT_FEATURES:
1488 case SIGSUBPKT_REGEXP:
1490 case SIGSUBPKT_SIGNATURE:
1491 case SIGSUBPKT_EXPORTABLE:
1492 case SIGSUBPKT_REVOCABLE:
1493 case SIGSUBPKT_REVOC_REASON:
1497 case SIGSUBPKT_ISSUER: /* issuer key ID */
1501 case SIGSUBPKT_ISSUER_FPR: /* issuer key ID */
1505 case SIGSUBPKT_NOTATION:
1506 /* minimum length needed, and the subpacket must be well-formed
1507 where the name length and value length all fit inside the
1510 || 8 + ((buffer[4] << 8) | buffer[5]) +
1511 ((buffer[6] << 8) | buffer[7]) != n)
1514 case SIGSUBPKT_PRIMARY_UID:
1518 case SIGSUBPKT_TRUST:
1529 /* Return true if we understand the critical notation. */
1531 can_handle_critical_notation (const byte * name, size_t len)
1533 if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
1535 if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
1543 can_handle_critical (const byte * buffer, size_t n, int type)
1547 case SIGSUBPKT_NOTATION:
1550 size_t notation_len = ((buffer[4] << 8) | buffer[5]);
1551 if (n - 8 >= notation_len)
1552 return can_handle_critical_notation (buffer + 8, notation_len);
1555 case SIGSUBPKT_SIGNATURE:
1556 case SIGSUBPKT_SIG_CREATED:
1557 case SIGSUBPKT_SIG_EXPIRE:
1558 case SIGSUBPKT_KEY_EXPIRE:
1559 case SIGSUBPKT_EXPORTABLE:
1560 case SIGSUBPKT_REVOCABLE:
1561 case SIGSUBPKT_REV_KEY:
1562 case SIGSUBPKT_ISSUER: /* issuer key ID */
1563 case SIGSUBPKT_ISSUER_FPR: /* issuer fingerprint */
1564 case SIGSUBPKT_PREF_SYM:
1565 case SIGSUBPKT_PREF_HASH:
1566 case SIGSUBPKT_PREF_COMPR:
1567 case SIGSUBPKT_KEY_FLAGS:
1568 case SIGSUBPKT_PRIMARY_UID:
1569 case SIGSUBPKT_FEATURES:
1570 case SIGSUBPKT_TRUST:
1571 case SIGSUBPKT_REGEXP:
1572 /* Is it enough to show the policy or keyserver? */
1573 case SIGSUBPKT_POLICY:
1574 case SIGSUBPKT_PREF_KS:
1584 enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
1585 size_t * ret_n, int *start, int *critical)
1594 int reqseq = start ? *start : 0;
1597 critical = &critical_dummy;
1599 if (!pktbuf || reqseq == -1)
1601 static char dummy[] = "x";
1602 /* Return a value different from NULL to indicate that
1603 * there is no critical bit we do not understand. */
1604 return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
1606 buffer = pktbuf->data;
1607 buflen = pktbuf->len;
1612 if (n == 255) /* 4 byte length header. */
1616 n = buf32_to_size_t (buffer);
1620 else if (n >= 192) /* 4 byte special encoded length header. */
1624 n = ((n - 192) << 8) + *buffer + 192;
1638 if (!(++seq > reqseq))
1640 else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1644 if (n - 1 > buflen + 1)
1646 if (!can_handle_critical (buffer + 1, n - 1, type))
1649 log_info (_("subpacket of type %d has "
1650 "critical bit set\n"), type);
1653 return NULL; /* This is an error. */
1657 else if (reqtype < 0) /* List packets. */
1658 dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1659 type, *critical, buffer, buflen, n);
1660 else if (type == reqtype) /* Found. */
1668 offset = parse_one_sig_subpkt (buffer, n, type);
1672 log_error ("subpacket of type %d too short\n", type);
1681 return buffer + offset;
1686 if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1687 /* Returning NULL means we found a subpacket with the critical bit
1688 set that we don't grok. We've iterated over all the subpackets
1689 and haven't found such a packet so we need to return a non-NULL
1693 /* Critical bit we don't understand. */
1696 return NULL; /* End of packets; not found. */
1700 log_info ("buffer shorter than subpacket\n");
1708 parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
1711 return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
1716 parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
1720 p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
1722 p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
1727 /* Find all revocation keys. Look in hashed area only. */
1729 parse_revkeys (PKT_signature * sig)
1735 if (sig->sig_class != 0x1F)
1738 while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
1741 if (/* The only valid length is 22 bytes. See RFC 4880
1744 /* 0x80 bit must be set on the class. */
1745 && (revkey[0] & 0x80))
1747 sig->revkey = xrealloc (sig->revkey,
1748 sizeof (struct revocation_key) *
1749 (sig->numrevkeys + 1));
1751 /* Copy the individual fields. */
1752 sig->revkey[sig->numrevkeys].class = revkey[0];
1753 sig->revkey[sig->numrevkeys].algid = revkey[1];
1754 memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
1763 parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
1764 PKT_signature * sig)
1774 log_error ("packet(%d) too short\n", pkttype);
1776 es_fputs (":signature packet: [too short]\n", listfp);
1779 sig->version = iobuf_get_noeof (inp);
1781 if (sig->version == 4)
1783 else if (sig->version != 2 && sig->version != 3)
1785 log_error ("packet(%d) with unknown version %d\n",
1786 pkttype, sig->version);
1788 es_fputs (":signature packet: [unknown version]\n", listfp);
1789 rc = gpg_error (GPG_ERR_INV_PACKET);
1797 md5_len = iobuf_get_noeof (inp);
1802 sig->sig_class = iobuf_get_noeof (inp);
1808 sig->timestamp = read_32 (inp);
1810 sig->keyid[0] = read_32 (inp);
1812 sig->keyid[1] = read_32 (inp);
1817 sig->pubkey_algo = iobuf_get_noeof (inp);
1819 sig->digest_algo = iobuf_get_noeof (inp);
1821 sig->flags.exportable = 1;
1822 sig->flags.revocable = 1;
1823 if (is_v4) /* Read subpackets. */
1828 pktlen -= 2; /* Length of hashed data. */
1833 log_error ("signature packet: hashed data too long\n");
1835 es_fputs (":signature packet: [hashed data too long]\n", listfp);
1836 rc = GPG_ERR_INV_PACKET;
1841 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
1842 sig->hashed->size = n;
1843 sig->hashed->len = n;
1844 if (iobuf_read (inp, sig->hashed->data, n) != n)
1846 log_error ("premature eof while reading "
1847 "hashed signature data\n");
1849 es_fputs (":signature packet: [premature eof]\n", listfp);
1858 pktlen -= 2; /* Length of unhashed data. */
1863 log_error ("signature packet: unhashed data too long\n");
1865 es_fputs (":signature packet: [unhashed data too long]\n", listfp);
1866 rc = GPG_ERR_INV_PACKET;
1871 sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
1872 sig->unhashed->size = n;
1873 sig->unhashed->len = n;
1874 if (iobuf_read (inp, sig->unhashed->data, n) != n)
1876 log_error ("premature eof while reading "
1877 "unhashed signature data\n");
1879 es_fputs (":signature packet: [premature eof]\n", listfp);
1889 sig->digest_start[0] = iobuf_get_noeof (inp);
1891 sig->digest_start[1] = iobuf_get_noeof (inp);
1894 if (is_v4 && sig->pubkey_algo) /* Extract required information. */
1899 /* Set sig->flags.unknown_critical if there is a critical bit
1900 * set for packets which we do not understand. */
1901 if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1902 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
1903 sig->flags.unknown_critical = 1;
1905 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
1907 sig->timestamp = buf32_to_u32 (p);
1908 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1910 log_info ("signature packet without timestamp\n");
1912 p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
1915 sig->keyid[0] = buf32_to_u32 (p);
1916 sig->keyid[1] = buf32_to_u32 (p + 4);
1918 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1920 log_info ("signature packet without keyid\n");
1922 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
1923 if (p && buf32_to_u32 (p))
1924 sig->expiredate = sig->timestamp + buf32_to_u32 (p);
1925 if (sig->expiredate && sig->expiredate <= make_timestamp ())
1926 sig->flags.expired = 1;
1928 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
1930 sig->flags.policy_url = 1;
1932 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
1934 sig->flags.pref_ks = 1;
1936 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
1939 sig->signers_uid = xtrymalloc (len+1);
1940 if (!sig->signers_uid)
1942 rc = gpg_error_from_syserror ();
1945 /* Note that we don't care about binary zeroes in the value. */
1946 memcpy (sig->signers_uid, p, len);
1947 sig->signers_uid[len] = 0;
1950 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
1952 sig->flags.notation = 1;
1954 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
1956 sig->flags.revocable = 0;
1958 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
1961 sig->trust_depth = p[0];
1962 sig->trust_value = p[1];
1964 /* Only look for a regexp if there is also a trust
1967 parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
1969 /* If the regular expression is of 0 length, there is no
1970 regular expression. */
1972 sig->trust_regexp = NULL;
1975 /* We accept the exportable subpacket from either the hashed or
1976 unhashed areas as older versions of gpg put it in the
1977 unhashed area. In theory, anyway, we should never see this
1978 packet off of a local keyring. */
1980 p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
1982 sig->flags.exportable = 0;
1984 /* Find all revocation keys. */
1985 if (sig->sig_class == 0x1F)
1986 parse_revkeys (sig);
1991 es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1992 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1993 "\tdigest algo %d, begin of digest %02x %02x\n",
1995 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1996 sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
1997 sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
2000 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
2001 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
2005 ndata = pubkey_get_nsig (sig->pubkey_algo);
2009 es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
2010 unknown_pubkey_warning (sig->pubkey_algo);
2012 /* We store the plain material in data[0], so that we are able
2013 * to write it back with build_packet(). */
2014 if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
2016 /* We include a limit to avoid too trivial DoS attacks by
2017 having gpg allocate too much memory. */
2018 log_error ("signature packet: too much data\n");
2019 rc = GPG_ERR_INV_PACKET;
2024 gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
2030 for (i = 0; i < ndata; i++)
2033 sig->data[i] = mpi_read (inp, &n, 0);
2037 es_fprintf (listfp, "\tdata: ");
2038 mpi_print (listfp, sig->data[i], mpi_print_mode);
2039 es_putc ('\n', listfp);
2042 rc = GPG_ERR_INV_PACKET;
2047 iobuf_skip_rest (inp, pktlen, 0);
2051 log_error ("packet(%d) too short\n", pkttype);
2053 es_fputs (":signature packet: [too short]\n", listfp);
2055 iobuf_skip_rest (inp, pktlen, 0);
2057 return GPG_ERR_INV_PACKET;
2062 parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
2063 PKT_onepass_sig * ops)
2070 log_error ("packet(%d) too short\n", pkttype);
2072 es_fputs (":onepass_sig packet: [too short]\n", listfp);
2073 rc = gpg_error (GPG_ERR_INV_PACKET);
2076 version = iobuf_get_noeof (inp);
2080 log_error ("onepass_sig with unknown version %d\n", version);
2082 es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
2083 rc = gpg_error (GPG_ERR_INV_PACKET);
2086 ops->sig_class = iobuf_get_noeof (inp);
2088 ops->digest_algo = iobuf_get_noeof (inp);
2090 ops->pubkey_algo = iobuf_get_noeof (inp);
2092 ops->keyid[0] = read_32 (inp);
2094 ops->keyid[1] = read_32 (inp);
2096 ops->last = iobuf_get_noeof (inp);
2100 ":onepass_sig packet: keyid %08lX%08lX\n"
2101 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
2103 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
2104 version, ops->sig_class,
2105 ops->digest_algo, ops->pubkey_algo, ops->last);
2109 iobuf_skip_rest (inp, pktlen, 0);
2115 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
2116 byte * hdr, int hdrlen, PACKET * pkt)
2118 gpg_error_t err = 0;
2119 int i, version, algorithm;
2120 unsigned long timestamp, expiredate, max_expiredate;
2127 pk = pkt->pkt.public_key; /* PK has been cleared. */
2129 version = iobuf_get_noeof (inp);
2131 if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
2133 /* Early versions of G10 used the old PGP comments packets;
2134 * luckily all those comments are started by a hash. */
2137 es_fprintf (listfp, ":rfc1991 comment packet: \"");
2138 for (; pktlen; pktlen--)
2141 c = iobuf_get (inp);
2143 break; /* Ooops: shorter than indicated. */
2144 if (c >= ' ' && c <= 'z')
2145 es_putc (c, listfp);
2147 es_fprintf (listfp, "\\x%02x", c);
2149 es_fprintf (listfp, "\"\n");
2151 iobuf_skip_rest (inp, pktlen, 0);
2154 else if (version == 4)
2156 /* The only supported version. Use an older gpg
2157 version (i.e. gpg 1.4) to parse v3 packets. */
2159 else if (version == 2 || version == 3)
2161 if (opt.verbose > 1)
2162 log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
2164 es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
2165 pk->version = version;
2166 err = gpg_error (GPG_ERR_LEGACY_KEY);
2171 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
2173 es_fputs (":key packet: [unknown version]\n", listfp);
2174 err = gpg_error (GPG_ERR_INV_PACKET);
2180 log_error ("packet(%d) too short\n", pkttype);
2182 es_fputs (":key packet: [too short]\n", listfp);
2183 err = gpg_error (GPG_ERR_INV_PACKET);
2186 else if (pktlen > MAX_KEY_PACKET_LENGTH)
2188 log_error ("packet(%d) too large\n", pkttype);
2190 es_fputs (":key packet: [too larget]\n", listfp);
2191 err = gpg_error (GPG_ERR_INV_PACKET);
2195 timestamp = read_32 (inp);
2197 expiredate = 0; /* have to get it from the selfsignature */
2199 algorithm = iobuf_get_noeof (inp);
2202 es_fprintf (listfp, ":%s key packet:\n"
2203 "\tversion %d, algo %d, created %lu, expires %lu\n",
2204 pkttype == PKT_PUBLIC_KEY ? "public" :
2205 pkttype == PKT_SECRET_KEY ? "secret" :
2206 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
2207 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
2208 version, algorithm, timestamp, expiredate);
2210 pk->timestamp = timestamp;
2211 pk->expiredate = expiredate;
2212 pk->max_expiredate = max_expiredate;
2213 pk->hdrbytes = hdrlen;
2214 pk->version = version;
2215 pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
2216 pk->pubkey_algo = algorithm;
2218 nskey = pubkey_get_nskey (algorithm);
2219 npkey = pubkey_get_npkey (algorithm);
2223 es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
2224 unknown_pubkey_warning (algorithm);
2229 /* Unknown algorithm - put data into an opaque MPI. */
2230 pk->pkey[0] = gcry_mpi_set_opaque (NULL,
2231 read_rest (inp, pktlen), pktlen * 8);
2237 for (i = 0; i < npkey; i++)
2239 if ( (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
2240 || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
2241 || (algorithm == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
2243 /* Read the OID (i==1) or the KDF params (i==2). */
2245 err = read_size_body (inp, pktlen, &n, pk->pkey+i);
2250 unsigned int n = pktlen;
2251 pk->pkey[i] = mpi_read (inp, &n, 0);
2254 err = gpg_error (GPG_ERR_INV_PACKET);
2260 es_fprintf (listfp, "\tpkey[%d]: ", i);
2261 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2262 if ((algorithm == PUBKEY_ALGO_ECDSA
2263 || algorithm == PUBKEY_ALGO_EDDSA
2264 || algorithm == PUBKEY_ALGO_ECDH) && i==0)
2266 char *curve = openpgp_oid_to_str (pk->pkey[0]);
2267 const char *name = openpgp_oid_to_curve (curve, 0);
2268 es_fprintf (listfp, " %s (%s)", name?name:"", curve);
2271 es_putc ('\n', listfp);
2276 keyid_from_pk (pk, keyid);
2278 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
2280 struct seckey_info *ski;
2286 err = gpg_error (GPG_ERR_INV_PACKET);
2290 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
2291 if (!pk->seckey_info)
2293 err = gpg_error_from_syserror ();
2297 ski->algo = iobuf_get_noeof (inp);
2301 ski->is_protected = 1;
2303 if (ski->algo == 254 || ski->algo == 255)
2307 err = gpg_error (GPG_ERR_INV_PACKET);
2310 ski->sha1chk = (ski->algo == 254);
2311 ski->algo = iobuf_get_noeof (inp);
2313 /* Note that a ski->algo > 110 is illegal, but I'm not
2314 erroring on it here as otherwise there would be no
2315 way to delete such a key. */
2316 ski->s2k.mode = iobuf_get_noeof (inp);
2318 ski->s2k.hash_algo = iobuf_get_noeof (inp);
2320 /* Check for the special GNU extension. */
2321 if (ski->s2k.mode == 101)
2323 for (i = 0; i < 4 && pktlen; i++, pktlen--)
2324 temp[i] = iobuf_get_noeof (inp);
2325 if (i < 4 || memcmp (temp, "GNU", 3))
2328 es_fprintf (listfp, "\tunknown S2K %d\n",
2330 err = gpg_error (GPG_ERR_INV_PACKET);
2333 /* Here we know that it is a GNU extension. What
2334 * follows is the GNU protection mode: All values
2335 * have special meanings and they are mapped to MODE
2336 * with a base of 1000. */
2337 ski->s2k.mode = 1000 + temp[3];
2340 /* Read the salt. */
2341 switch (ski->s2k.mode)
2345 for (i = 0; i < 8 && pktlen; i++, pktlen--)
2346 temp[i] = iobuf_get_noeof (inp);
2349 err = gpg_error (GPG_ERR_INV_PACKET);
2352 memcpy (ski->s2k.salt, temp, 8);
2356 /* Check the mode. */
2357 switch (ski->s2k.mode)
2361 es_fprintf (listfp, "\tsimple S2K");
2365 es_fprintf (listfp, "\tsalted S2K");
2369 es_fprintf (listfp, "\titer+salt S2K");
2373 es_fprintf (listfp, "\tgnu-dummy S2K");
2377 es_fprintf (listfp, "\tgnu-divert-to-card S2K");
2381 es_fprintf (listfp, "\tunknown %sS2K %d\n",
2382 ski->s2k.mode < 1000 ? "" : "GNU ",
2384 err = gpg_error (GPG_ERR_INV_PACKET);
2388 /* Print some info. */
2391 es_fprintf (listfp, ", algo: %d,%s hash: %d",
2393 ski->sha1chk ? " SHA1 protection,"
2394 : " simple checksum,", ski->s2k.hash_algo);
2395 if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
2397 es_fprintf (listfp, ", salt: ");
2398 es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
2400 es_putc ('\n', listfp);
2403 /* Read remaining protection parameters. */
2404 if (ski->s2k.mode == 3)
2408 err = gpg_error (GPG_ERR_INV_PACKET);
2411 ski->s2k.count = iobuf_get (inp);
2414 es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
2415 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
2416 (ulong) ski->s2k.count);
2418 else if (ski->s2k.mode == 1002)
2420 /* Read the serial number. */
2423 err = gpg_error (GPG_ERR_INV_PACKET);
2426 snlen = iobuf_get (inp);
2428 if (pktlen < snlen || snlen == (size_t)(-1))
2430 err = gpg_error (GPG_ERR_INV_PACKET);
2435 else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2437 /* Note that a ski->algo > 110 is illegal, but I'm not
2438 erroring on it here as otherwise there would be no
2439 way to delete such a key. */
2441 ski->s2k.hash_algo = DIGEST_ALGO_MD5;
2443 es_fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2444 ski->algo, ski->s2k.hash_algo);
2447 /* It is really ugly that we don't know the size
2448 * of the IV here in cases we are not aware of the algorithm.
2450 * ski->ivlen = cipher_get_blocksize (ski->algo);
2451 * won't work. The only solution I see is to hardwire it.
2452 * NOTE: if you change the ivlen above 16, don't forget to
2454 ski->ivlen = openpgp_cipher_blocklen (ski->algo);
2455 log_assert (ski->ivlen <= sizeof (temp));
2457 if (ski->s2k.mode == 1001)
2459 else if (ski->s2k.mode == 1002)
2460 ski->ivlen = snlen < 16 ? snlen : 16;
2462 if (pktlen < ski->ivlen)
2464 err = gpg_error (GPG_ERR_INV_PACKET);
2467 for (i = 0; i < ski->ivlen; i++, pktlen--)
2468 temp[i] = iobuf_get_noeof (inp);
2472 ski->s2k.mode == 1002 ? "\tserial-number: "
2473 : "\tprotect IV: ");
2474 for (i = 0; i < ski->ivlen; i++)
2475 es_fprintf (listfp, " %02x", temp[i]);
2476 es_putc ('\n', listfp);
2478 memcpy (ski->iv, temp, ski->ivlen);
2481 /* It does not make sense to read it into secure memory.
2482 * If the user is so careless, not to protect his secret key,
2483 * we can assume, that he operates an open system :=(.
2484 * So we put the key into secure memory when we unprotect it. */
2485 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
2487 /* Better set some dummy stuff here. */
2488 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2489 xstrdup ("dummydata"),
2493 else if (ski->is_protected)
2495 if (pktlen < 2) /* At least two bytes for the length. */
2497 err = gpg_error (GPG_ERR_INV_PACKET);
2501 /* Ugly: The length is encrypted too, so we read all stuff
2502 * up to the end of the packet into the first SKEY
2504 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2505 read_rest (inp, pktlen),
2507 /* Mark that MPI as protected - we need this information for
2508 importing a key. The OPAQUE flag can't be used because
2509 we also store public EdDSA values in opaque MPIs. */
2510 if (pk->pkey[npkey])
2511 gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
2514 es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
2518 /* Not encrypted. */
2519 for (i = npkey; i < nskey; i++)
2523 if (pktlen < 2) /* At least two bytes for the length. */
2525 err = gpg_error (GPG_ERR_INV_PACKET);
2529 pk->pkey[i] = mpi_read (inp, &n, 0);
2533 es_fprintf (listfp, "\tskey[%d]: ", i);
2534 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2535 es_putc ('\n', listfp);
2539 err = gpg_error (GPG_ERR_INV_PACKET);
2546 err = gpg_error (GPG_ERR_INV_PACKET);
2549 ski->csum = read_16 (inp);
2552 es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
2556 /* Note that KEYID below has been initialized above in list_mode. */
2558 es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2559 (ulong) keyid[0], (ulong) keyid[1]);
2562 iobuf_skip_rest (inp, pktlen, 0);
2567 /* Attribute subpackets have the same format as v4 signature
2568 subpackets. This is not part of OpenPGP, but is done in several
2569 versions of PGP nevertheless. */
2571 parse_attribute_subpkts (PKT_user_id * uid)
2575 struct user_attribute *attribs = NULL;
2576 const byte *buffer = uid->attrib_data;
2577 int buflen = uid->attrib_len;
2580 xfree (uid->attribs);
2586 if (n == 255) /* 4 byte length header. */
2590 n = buf32_to_size_t (buffer);
2594 else if (n >= 192) /* 2 byte special encoded length header. */
2598 n = ((n - 192) << 8) + *buffer + 192;
2607 /* Too short to encode the subpacket type. */
2609 log_info ("attribute subpacket too short\n");
2613 attribs = xrealloc (attribs,
2614 (count + 1) * sizeof (struct user_attribute));
2615 memset (&attribs[count], 0, sizeof (struct user_attribute));
2622 attribs[count].type = type;
2623 attribs[count].data = buffer;
2624 attribs[count].len = n;
2630 uid->attribs = attribs;
2631 uid->numattribs = count;
2636 log_info ("buffer shorter than attribute subpacket\n");
2637 uid->attribs = attribs;
2638 uid->numattribs = count;
2644 parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2648 /* Cap the size of a user ID at 2k: a value absurdly large enough
2649 that there is no sane user ID string (which is printable text
2650 as of RFC2440bis) that won't fit in it, but yet small enough to
2651 avoid allocation problems. A large pktlen may not be
2652 allocatable, and a very large pktlen could actually cause our
2653 allocation to wrap around in xmalloc to a small number. */
2655 if (pktlen > MAX_UID_PACKET_LENGTH)
2657 log_error ("packet(%d) too large\n", pkttype);
2659 es_fprintf (listfp, ":user ID packet: [too large]\n");
2660 iobuf_skip_rest (inp, pktlen, 0);
2661 return GPG_ERR_INV_PACKET;
2664 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
2665 packet->pkt.user_id->len = pktlen;
2666 packet->pkt.user_id->ref = 1;
2668 p = packet->pkt.user_id->name;
2669 for (; pktlen; pktlen--, p++)
2670 *p = iobuf_get_noeof (inp);
2675 int n = packet->pkt.user_id->len;
2676 es_fprintf (listfp, ":user ID packet: \"");
2677 /* fixme: Hey why don't we replace this with es_write_sanitized?? */
2678 for (p = packet->pkt.user_id->name; n; p++, n--)
2680 if (*p >= ' ' && *p <= 'z')
2681 es_putc (*p, listfp);
2683 es_fprintf (listfp, "\\x%02x", *p);
2685 es_fprintf (listfp, "\"\n");
2692 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
2694 log_assert (max_namelen > 70);
2695 if (uid->numattribs <= 0)
2696 sprintf (uid->name, "[bad attribute packet of size %lu]",
2698 else if (uid->numattribs > 1)
2699 sprintf (uid->name, "[%d attributes of size %lu]",
2700 uid->numattribs, uid->attrib_len);
2703 /* Only one attribute, so list it as the "user id" */
2705 if (uid->attribs->type == ATTRIB_IMAGE)
2710 if (parse_image_header (uid->attribs, &type, &len))
2711 sprintf (uid->name, "[%.20s image of size %lu]",
2712 image_type_to_string (type, 1), (ulong) len);
2714 sprintf (uid->name, "[invalid image]");
2717 sprintf (uid->name, "[unknown attribute of size %lu]",
2718 (ulong) uid->attribs->len);
2721 uid->len = strlen (uid->name);
2726 parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
2733 /* We better cap the size of an attribute packet to make DoS not too
2734 easy. 16MB should be more then enough for one attribute packet
2736 if (pktlen > MAX_ATTR_PACKET_LENGTH)
2738 log_error ("packet(%d) too large\n", pkttype);
2740 es_fprintf (listfp, ":attribute packet: [too large]\n");
2741 iobuf_skip_rest (inp, pktlen, 0);
2742 return GPG_ERR_INV_PACKET;
2745 #define EXTRA_UID_NAME_SPACE 71
2746 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
2747 + EXTRA_UID_NAME_SPACE);
2748 packet->pkt.user_id->ref = 1;
2749 packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
2750 packet->pkt.user_id->attrib_len = pktlen;
2752 p = packet->pkt.user_id->attrib_data;
2753 for (; pktlen; pktlen--, p++)
2754 *p = iobuf_get_noeof (inp);
2756 /* Now parse out the individual attribute subpackets. This is
2757 somewhat pointless since there is only one currently defined
2758 attribute type (jpeg), but it is correct by the spec. */
2759 parse_attribute_subpkts (packet->pkt.user_id);
2761 make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2765 es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
2772 parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2776 /* Cap comment packet at a reasonable value to avoid an integer
2777 overflow in the malloc below. Comment packets are actually not
2778 anymore define my OpenPGP and we even stopped to use our
2779 private comment packet. */
2780 if (pktlen > MAX_COMMENT_PACKET_LENGTH)
2782 log_error ("packet(%d) too large\n", pkttype);
2784 es_fprintf (listfp, ":%scomment packet: [too large]\n",
2785 pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
2786 iobuf_skip_rest (inp, pktlen, 0);
2787 return GPG_ERR_INV_PACKET;
2789 packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
2790 packet->pkt.comment->len = pktlen;
2791 p = packet->pkt.comment->data;
2792 for (; pktlen; pktlen--, p++)
2793 *p = iobuf_get_noeof (inp);
2797 int n = packet->pkt.comment->len;
2798 es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
2799 "OpenPGP draft " : "");
2800 for (p = packet->pkt.comment->data; n; p++, n--)
2802 if (*p >= ' ' && *p <= 'z')
2803 es_putc (*p, listfp);
2805 es_fprintf (listfp, "\\x%02x", *p);
2807 es_fprintf (listfp, "\"\n");
2814 parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
2820 pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
2823 c = iobuf_get_noeof (inp);
2825 pkt->pkt.ring_trust->trustval = c;
2826 pkt->pkt.ring_trust->sigcache = 0;
2827 if (!c && pktlen == 1)
2829 c = iobuf_get_noeof (inp);
2831 /* We require that bit 7 of the sigcache is 0 (easier eof
2834 pkt->pkt.ring_trust->sigcache = c;
2837 es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2838 pkt->pkt.ring_trust->trustval,
2839 pkt->pkt.ring_trust->sigcache);
2843 pkt->pkt.ring_trust->trustval = 0;
2844 pkt->pkt.ring_trust->sigcache = 0;
2846 es_fprintf (listfp, ":trust packet: empty\n");
2848 iobuf_skip_rest (inp, pktlen, 0);
2853 parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
2854 PACKET * pkt, int new_ctb, int partial)
2862 if (!partial && pktlen < 6)
2864 log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
2866 es_fputs (":literal data packet: [too short]\n", listfp);
2867 rc = gpg_error (GPG_ERR_INV_PACKET);
2870 mode = iobuf_get_noeof (inp);
2873 namelen = iobuf_get_noeof (inp);
2876 /* Note that namelen will never exceed 255 bytes. */
2877 pt = pkt->pkt.plaintext =
2878 xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
2879 pt->new_ctb = new_ctb;
2881 pt->namelen = namelen;
2882 pt->is_partial = partial;
2885 for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
2886 pt->name[i] = iobuf_get_noeof (inp);
2890 for (i = 0; i < namelen; i++)
2891 if ((c = iobuf_get (inp)) == -1)
2896 pt->timestamp = read_32 (inp);
2904 es_fprintf (listfp, ":literal data packet:\n"
2905 "\tmode %c (%X), created %lu, name=\"",
2906 mode >= ' ' && mode < 'z' ? mode : '?', mode,
2907 (ulong) pt->timestamp);
2908 for (p = pt->name, i = 0; i < namelen; p++, i++)
2910 if (*p >= ' ' && *p <= 'z')
2911 es_putc (*p, listfp);
2913 es_fprintf (listfp, "\\x%02x", *p);
2915 es_fprintf (listfp, "\",\n\traw data: ");
2917 es_fprintf (listfp, "unknown length\n");
2919 es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
2928 parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
2929 PACKET * pkt, int new_ctb)
2933 /* PKTLEN is here 0, but data follows (this should be the last
2934 object in a file or the compress algorithm should know the
2939 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2940 zd->algorithm = iobuf_get_noeof (inp);
2941 zd->len = 0; /* not used */
2942 zd->new_ctb = new_ctb;
2945 es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2951 parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
2952 PACKET * pkt, int new_ctb, int partial)
2956 unsigned long orig_pktlen = pktlen;
2958 ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
2959 /* ed->len is set below. */
2960 ed->extralen = 0; /* Unknown here; only used in build_packet. */
2962 ed->new_ctb = new_ctb;
2963 ed->is_partial = partial;
2964 if (pkttype == PKT_ENCRYPTED_MDC)
2966 /* Fixme: add some pktlen sanity checks. */
2969 version = iobuf_get_noeof (inp);
2974 log_error ("encrypted_mdc packet with unknown version %d\n",
2977 es_fputs (":encrypted data packet: [unknown version]\n", listfp);
2978 /*skip_rest(inp, pktlen); should we really do this? */
2979 rc = gpg_error (GPG_ERR_INV_PACKET);
2982 ed->mdc_method = DIGEST_ALGO_SHA1;
2987 /* A basic sanity check. We need at least an 8 byte IV plus the 2
2988 detection bytes. Note that we don't known the algorithm and thus
2989 we may only check against the minimum blocksize. */
2990 if (orig_pktlen && pktlen < 10)
2992 /* Actually this is blocksize+2. */
2993 log_error ("packet(%d) too short\n", pkttype);
2995 es_fputs (":encrypted data packet: [too short]\n", listfp);
2996 rc = GPG_ERR_INV_PACKET;
2997 iobuf_skip_rest (inp, pktlen, partial);
3001 /* Store the remaining length of the encrypted data (i.e. without
3002 the MDC version number but with the IV etc.). This value is
3003 required during decryption. */
3009 es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
3012 es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
3014 es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
3024 /* Note, that this code is not anymore used in real life because the
3025 MDC checking is now done right after the decryption in
3028 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
3029 PACKET * pkt, int new_ctb)
3037 mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
3039 es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
3040 if (!new_ctb || pktlen != 20)
3042 log_error ("mdc_packet with invalid encoding\n");
3043 rc = gpg_error (GPG_ERR_INV_PACKET);
3047 for (; pktlen; pktlen--, p++)
3048 *p = iobuf_get_noeof (inp);
3056 * This packet is internally generated by us (ibn armor.c) to transfer
3057 * some information to the lower layer. To make sure that this packet
3058 * is really a GPG faked one and not one coming from outside, we
3059 * first check that there is a unique tag in it.
3061 * The format of such a control packet is:
3062 * n byte session marker
3063 * 1 byte control type CTRLPKT_xxxxx
3064 * m byte control data
3067 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
3068 PACKET * packet, int partial)
3071 const byte *sesmark;
3078 es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
3080 sesmark = get_session_marker (&sesmarklen);
3081 if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
3083 for (i = 0; i < sesmarklen; i++, pktlen--)
3085 if (sesmark[i] != iobuf_get_noeof (inp))
3089 goto skipit; /* Definitely too large. We skip it to avoid an
3090 overflow in the malloc. */
3092 es_fputs ("- gpg control packet", listfp);
3094 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3096 packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
3098 packet->pkt.gpg_control->datalen = pktlen;
3099 p = packet->pkt.gpg_control->data;
3100 for (; pktlen; pktlen--, p++)
3101 *p = iobuf_get_noeof (inp);
3111 es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
3114 while ((c = iobuf_get (inp)) != -1)
3115 dump_hex_line (c, &i);
3119 for (; pktlen; pktlen--)
3121 dump_hex_line ((c = iobuf_get (inp)), &i);
3126 es_putc ('\n', listfp);
3128 iobuf_skip_rest (inp, pktlen, 0);
3129 return gpg_error (GPG_ERR_INV_PACKET);
3133 /* Create a GPG control packet to be used internally as a placeholder. */
3135 create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
3140 packet = xmalloc (sizeof *packet);
3141 init_packet (packet);
3142 packet->pkttype = PKT_GPG_CONTROL;
3143 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3145 packet->pkt.gpg_control->control = type;
3146 packet->pkt.gpg_control->datalen = datalen;
3147 p = packet->pkt.gpg_control->data;
3148 for (; datalen; datalen--, p++)