Line data Source code
1 : /* build-packet.c - assemble packets and write them
2 : * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 : * 2006, 2010, 2011 Free Software Foundation, Inc.
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <ctype.h>
26 :
27 : #include "gpg.h"
28 : #include "util.h"
29 : #include "packet.h"
30 : #include "status.h"
31 : #include "iobuf.h"
32 : #include "i18n.h"
33 : #include "options.h"
34 : #include "host2net.h"
35 :
36 : static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
37 : static int do_key (iobuf_t out, int ctb, PKT_public_key *pk);
38 : static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
39 : static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
40 : static u32 calc_plaintext( PKT_plaintext *pt );
41 : static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
42 : static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
43 : static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
44 : static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
45 : static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
46 : static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
47 :
48 : static int calc_header_length( u32 len, int new_ctb );
49 : static int write_16(IOBUF inp, u16 a);
50 : static int write_32(IOBUF inp, u32 a);
51 : static int write_header( IOBUF out, int ctb, u32 len );
52 : static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
53 : static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen );
54 : static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
55 :
56 : /* Returns 1 if CTB is a new format ctb and 0 if CTB is an old format
57 : ctb. */
58 : static int
59 6205 : ctb_new_format_p (int ctb)
60 : {
61 : /* Bit 7 must always be set. */
62 6205 : log_assert ((ctb & (1 << 7)));
63 : /* Bit 6 indicates whether the packet is a new format packet. */
64 6205 : return (ctb & (1 << 6));
65 : }
66 :
67 : /* Extract the packet type from a CTB. */
68 : static int
69 2872 : ctb_pkttype (int ctb)
70 : {
71 2872 : if (ctb_new_format_p (ctb))
72 : /* Bits 0 through 5 are the packet type. */
73 519 : return (ctb & ((1 << 6) - 1));
74 : else
75 : /* Bits 2 through 5 are the packet type. */
76 2353 : return (ctb & ((1 << 6) - 1)) >> 2;
77 : }
78 :
79 : /****************
80 : * Build a packet and write it to INP
81 : * Returns: 0 := okay
82 : * >0 := error
83 : * Note: Caller must free the packet
84 : */
85 : int
86 2797 : build_packet( IOBUF out, PACKET *pkt )
87 : {
88 2797 : int new_ctb=0, rc=0, ctb;
89 : int pkttype;
90 :
91 2797 : if( DBG_PACKET )
92 0 : log_debug("build_packet() type=%d\n", pkt->pkttype );
93 2797 : log_assert( pkt->pkt.generic );
94 :
95 2797 : switch ((pkttype = pkt->pkttype))
96 : {
97 : case PKT_PUBLIC_KEY:
98 75 : if (pkt->pkt.public_key->seckey_info)
99 3 : pkttype = PKT_SECRET_KEY;
100 75 : break;
101 : case PKT_PUBLIC_SUBKEY:
102 65 : if (pkt->pkt.public_key->seckey_info)
103 2 : pkttype = PKT_SECRET_SUBKEY;
104 65 : break;
105 537 : case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break;
106 : case PKT_ENCRYPTED:
107 467 : case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break;
108 537 : case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break;
109 : case PKT_USER_ID:
110 95 : if( pkt->pkt.user_id->attrib_data )
111 0 : pkttype = PKT_ATTRIBUTE;
112 95 : break;
113 1021 : default: break;
114 : }
115 :
116 2797 : if( new_ctb || pkttype > 15 ) /* new format */
117 519 : ctb = 0xc0 | (pkttype & 0x3f);
118 : else
119 2278 : ctb = 0x80 | ((pkttype & 15)<<2);
120 2797 : switch( pkttype )
121 : {
122 : case PKT_ATTRIBUTE:
123 : case PKT_USER_ID:
124 95 : rc = do_user_id( out, ctb, pkt->pkt.user_id );
125 95 : break;
126 : case PKT_OLD_COMMENT:
127 : case PKT_COMMENT:
128 : /*
129 : Ignore these. Theoretically, this will never be called as
130 : we have no way to output comment packets any longer, but
131 : just in case there is some code path that would end up
132 : outputting a comment that was written before comments were
133 : dropped (in the public key?) this is a no-op.
134 : */
135 0 : break;
136 : case PKT_PUBLIC_SUBKEY:
137 : case PKT_PUBLIC_KEY:
138 : case PKT_SECRET_SUBKEY:
139 : case PKT_SECRET_KEY:
140 140 : rc = do_key (out, ctb, pkt->pkt.public_key);
141 140 : break;
142 : case PKT_SYMKEY_ENC:
143 221 : rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
144 221 : break;
145 : case PKT_PUBKEY_ENC:
146 255 : rc = do_pubkey_enc( out, ctb, pkt->pkt.pubkey_enc );
147 255 : break;
148 : case PKT_PLAINTEXT:
149 537 : rc = do_plaintext( out, ctb, pkt->pkt.plaintext );
150 537 : break;
151 : case PKT_ENCRYPTED:
152 58 : rc = do_encrypted( out, ctb, pkt->pkt.encrypted );
153 58 : break;
154 : case PKT_ENCRYPTED_MDC:
155 409 : rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
156 409 : break;
157 : case PKT_COMPRESSED:
158 537 : rc = do_compressed( out, ctb, pkt->pkt.compressed );
159 537 : break;
160 : case PKT_SIGNATURE:
161 440 : rc = do_signature( out, ctb, pkt->pkt.signature );
162 440 : break;
163 : case PKT_ONEPASS_SIG:
164 105 : rc = do_onepass_sig( out, ctb, pkt->pkt.onepass_sig );
165 105 : break;
166 : case PKT_RING_TRUST:
167 0 : break; /* ignore it (keyring.c does write it directly)*/
168 : case PKT_MDC: /* we write it directly, so we should never see it here. */
169 : default:
170 0 : log_bug("invalid packet type in build_packet()\n");
171 : break;
172 : }
173 :
174 2797 : return rc;
175 : }
176 :
177 :
178 : /*
179 : * Write the mpi A to OUT.
180 : */
181 : gpg_error_t
182 1667 : gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
183 : {
184 : int rc;
185 :
186 1667 : if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
187 : {
188 : unsigned int nbits;
189 : const unsigned char *p;
190 : unsigned char lenhdr[2];
191 :
192 : /* gcry_log_debugmpi ("a", a); */
193 0 : p = gcry_mpi_get_opaque (a, &nbits);
194 0 : if (p)
195 : {
196 : /* Strip leading zero bits. */
197 0 : for (; nbits >= 8 && !*p; p++, nbits -= 8)
198 : ;
199 0 : if (nbits >= 8 && !(*p & 0x80))
200 0 : if (--nbits >= 7 && !(*p & 0x40))
201 0 : if (--nbits >= 6 && !(*p & 0x20))
202 0 : if (--nbits >= 5 && !(*p & 0x10))
203 0 : if (--nbits >= 4 && !(*p & 0x08))
204 0 : if (--nbits >= 3 && !(*p & 0x04))
205 0 : if (--nbits >= 2 && !(*p & 0x02))
206 0 : if (--nbits >= 1 && !(*p & 0x01))
207 0 : --nbits;
208 : }
209 : /* gcry_log_debug (" [%u bit]\n", nbits); */
210 : /* gcry_log_debughex (" ", p, (nbits+7)/8); */
211 0 : lenhdr[0] = nbits >> 8;
212 0 : lenhdr[1] = nbits;
213 0 : rc = iobuf_write (out, lenhdr, 2);
214 0 : if (!rc && p)
215 0 : rc = iobuf_write (out, p, (nbits+7)/8);
216 : }
217 : else
218 : {
219 : char buffer[(MAX_EXTERN_MPI_BITS+7)/8+2]; /* 2 is for the mpi length. */
220 : size_t nbytes;
221 :
222 1667 : nbytes = DIM(buffer);
223 1667 : rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
224 1667 : if( !rc )
225 1667 : rc = iobuf_write( out, buffer, nbytes );
226 0 : else if (gpg_err_code(rc) == GPG_ERR_TOO_SHORT )
227 : {
228 0 : log_info ("mpi too large (%u bits)\n", gcry_mpi_get_nbits (a));
229 : /* The buffer was too small. We better tell the user about the MPI. */
230 0 : rc = gpg_error (GPG_ERR_TOO_LARGE);
231 : }
232 : }
233 :
234 1667 : return rc;
235 : }
236 :
237 :
238 : /*
239 : * Write an opaque MPI to the output stream without length info.
240 : */
241 : gpg_error_t
242 137 : gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a)
243 : {
244 : int rc;
245 :
246 137 : if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
247 : {
248 : unsigned int nbits;
249 : const void *p;
250 :
251 137 : p = gcry_mpi_get_opaque (a, &nbits);
252 137 : rc = p ? iobuf_write (out, p, (nbits+7)/8) : 0;
253 : }
254 : else
255 0 : rc = gpg_error (GPG_ERR_BAD_MPI);
256 :
257 137 : return rc;
258 : }
259 :
260 :
261 : /* Calculate the length of a packet described by PKT. */
262 : u32
263 0 : calc_packet_length( PACKET *pkt )
264 : {
265 0 : u32 n=0;
266 0 : int new_ctb = 0;
267 :
268 0 : log_assert (pkt->pkt.generic);
269 0 : switch( pkt->pkttype ) {
270 : case PKT_PLAINTEXT:
271 0 : n = calc_plaintext( pkt->pkt.plaintext );
272 0 : new_ctb = pkt->pkt.plaintext->new_ctb;
273 0 : break;
274 : case PKT_ATTRIBUTE:
275 : case PKT_USER_ID:
276 : case PKT_COMMENT:
277 : case PKT_PUBLIC_KEY:
278 : case PKT_SECRET_KEY:
279 : case PKT_SYMKEY_ENC:
280 : case PKT_PUBKEY_ENC:
281 : case PKT_ENCRYPTED:
282 : case PKT_SIGNATURE:
283 : case PKT_ONEPASS_SIG:
284 : case PKT_RING_TRUST:
285 : case PKT_COMPRESSED:
286 : default:
287 0 : log_bug("invalid packet type in calc_packet_length()");
288 : break;
289 : }
290 :
291 0 : n += calc_header_length(n, new_ctb);
292 0 : return n;
293 : }
294 :
295 :
296 : static gpg_error_t
297 0 : write_fake_data (IOBUF out, gcry_mpi_t a)
298 : {
299 : unsigned int n;
300 : void *p;
301 :
302 0 : if (!a)
303 0 : return 0;
304 0 : if (!gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
305 0 : return 0; /* e.g. due to generating a key with wrong usage. */
306 0 : p = gcry_mpi_get_opaque ( a, &n);
307 0 : if (!p)
308 0 : return 0; /* For example due to a read error in
309 : parse-packet.c:read_rest. */
310 0 : return iobuf_write (out, p, (n+7)/8 );
311 : }
312 :
313 :
314 : /* Serialize the user id (RFC 4880, Section 5.11) or the user
315 : attribute UID (Section 5.12) and write it to OUT.
316 :
317 : CTB is the serialization's CTB. It specifies the header format and
318 : the packet's type. The header length must not be set. */
319 : static int
320 95 : do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
321 : {
322 : int rc;
323 :
324 95 : log_assert (ctb_pkttype (ctb) == PKT_USER_ID
325 : || ctb_pkttype (ctb) == PKT_ATTRIBUTE);
326 :
327 95 : if (uid->attrib_data)
328 : {
329 0 : write_header(out, ctb, uid->attrib_len);
330 0 : rc = iobuf_write( out, uid->attrib_data, uid->attrib_len );
331 : }
332 : else
333 : {
334 95 : write_header2( out, ctb, uid->len, 0 );
335 95 : rc = iobuf_write( out, uid->name, uid->len );
336 : }
337 95 : return rc;
338 : }
339 :
340 :
341 : /* Serialize the key (RFC 4880, Section 5.5) described by PK and write
342 : it to OUT.
343 :
344 : This function serializes both primary keys and subkeys with or
345 : without a secret part.
346 :
347 : CTB is the serialization's CTB. It specifies the header format and
348 : the packet's type. The header length must not be set.
349 :
350 : PK->VERSION specifies the serialization format. A value of 0 means
351 : to use the default version. Currently, only version 4 packets are
352 : supported.
353 : */
354 : static int
355 140 : do_key (iobuf_t out, int ctb, PKT_public_key *pk)
356 : {
357 140 : gpg_error_t err = 0;
358 : /* The length of the body is stored in the packet's header, which
359 : occurs before the body. Unfortunately, we don't know the length
360 : of the packet's body until we've written all of the data! To
361 : work around this, we first write the data into this temporary
362 : buffer, then generate the header, and finally copy the contents
363 : of this buffer to OUT. */
364 140 : iobuf_t a = iobuf_temp();
365 : int i, nskey, npkey;
366 :
367 140 : log_assert (pk->version == 0 || pk->version == 4);
368 140 : log_assert (ctb_pkttype (ctb) == PKT_PUBLIC_KEY
369 : || ctb_pkttype (ctb) == PKT_PUBLIC_SUBKEY
370 : || ctb_pkttype (ctb) == PKT_SECRET_KEY
371 : || ctb_pkttype (ctb) == PKT_SECRET_SUBKEY);
372 :
373 : /* Write the version number - if none is specified, use 4 */
374 140 : if ( !pk->version )
375 0 : iobuf_put ( a, 4 );
376 : else
377 140 : iobuf_put ( a, pk->version );
378 140 : write_32 (a, pk->timestamp );
379 :
380 140 : iobuf_put (a, pk->pubkey_algo );
381 :
382 : /* Get number of secret and public parameters. They are held in one
383 : array: the public ones followed by the secret ones. */
384 140 : nskey = pubkey_get_nskey (pk->pubkey_algo);
385 140 : npkey = pubkey_get_npkey (pk->pubkey_algo);
386 :
387 : /* If we don't have any public parameters - which is for example the
388 : case if we don't know the algorithm used - the parameters are
389 : stored as one blob in a faked (opaque) MPI. */
390 140 : if (!npkey)
391 : {
392 0 : write_fake_data (a, pk->pkey[0]);
393 0 : goto leave;
394 : }
395 140 : log_assert (npkey < nskey);
396 :
397 566 : for (i=0; i < npkey; i++ )
398 : {
399 426 : if ( (pk->pubkey_algo == PUBKEY_ALGO_ECDSA && (i == 0))
400 420 : || (pk->pubkey_algo == PUBKEY_ALGO_EDDSA && (i == 0))
401 419 : || (pk->pubkey_algo == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
402 17 : err = gpg_mpi_write_nohdr (a, pk->pkey[i]);
403 : else
404 409 : err = gpg_mpi_write (a, pk->pkey[i]);
405 426 : if (err)
406 0 : goto leave;
407 : }
408 :
409 :
410 140 : if (pk->seckey_info)
411 : {
412 : /* This is a secret key packet. */
413 5 : struct seckey_info *ski = pk->seckey_info;
414 :
415 : /* Build the header for protected (encrypted) secret parameters. */
416 5 : if (ski->is_protected)
417 : {
418 : /* OpenPGP protection according to rfc2440. */
419 2 : iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
420 2 : iobuf_put (a, ski->algo);
421 2 : if (ski->s2k.mode >= 1000)
422 : {
423 : /* These modes are not possible in OpenPGP, we use them
424 : to implement our extensions, 101 can be viewed as a
425 : private/experimental extension (this is not specified
426 : in rfc2440 but the same scheme is used for all other
427 : algorithm identifiers). */
428 0 : iobuf_put (a, 101);
429 0 : iobuf_put (a, ski->s2k.hash_algo);
430 0 : iobuf_write (a, "GNU", 3 );
431 0 : iobuf_put (a, ski->s2k.mode - 1000);
432 : }
433 : else
434 : {
435 2 : iobuf_put (a, ski->s2k.mode);
436 2 : iobuf_put (a, ski->s2k.hash_algo);
437 : }
438 :
439 2 : if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
440 2 : iobuf_write (a, ski->s2k.salt, 8);
441 :
442 2 : if (ski->s2k.mode == 3)
443 2 : iobuf_put (a, ski->s2k.count);
444 :
445 : /* For our special modes 1001, 1002 we do not need an IV. */
446 2 : if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
447 2 : iobuf_write (a, ski->iv, ski->ivlen);
448 :
449 : }
450 : else /* Not protected. */
451 3 : iobuf_put (a, 0 );
452 :
453 5 : if (ski->s2k.mode == 1001)
454 : ; /* GnuPG extension - don't write a secret key at all. */
455 5 : else if (ski->s2k.mode == 1002)
456 : {
457 : /* GnuPG extension - divert to OpenPGP smartcard. */
458 : /* Length of the serial number or 0 for no serial number. */
459 0 : iobuf_put (a, ski->ivlen );
460 : /* The serial number gets stored in the IV field. */
461 0 : iobuf_write (a, ski->iv, ski->ivlen);
462 : }
463 5 : else if (ski->is_protected)
464 : {
465 : /* The secret key is protected - write it out as it is. */
466 : byte *p;
467 : unsigned int ndatabits;
468 :
469 2 : log_assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
470 2 : p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
471 2 : if (p)
472 2 : iobuf_write (a, p, (ndatabits+7)/8 );
473 : }
474 : else
475 : {
476 : /* Non-protected key. */
477 9 : for ( ; i < nskey; i++ )
478 6 : if ( (err = gpg_mpi_write (a, pk->pkey[i])))
479 0 : goto leave;
480 3 : write_16 (a, ski->csum );
481 : }
482 : }
483 :
484 : leave:
485 140 : if (!err)
486 : {
487 : /* Build the header of the packet - which we must do after
488 : writing all the other stuff, so that we know the length of
489 : the packet */
490 140 : write_header2 (out, ctb, iobuf_get_temp_length(a), 0);
491 : /* And finally write it out to the real stream. */
492 140 : err = iobuf_write_temp (out, a);
493 : }
494 :
495 140 : iobuf_close (a); /* Close the temporary buffer */
496 140 : return err;
497 : }
498 :
499 : /* Serialize the symmetric-key encrypted session key packet (RFC 4880,
500 : 5.3) described by ENC and write it to OUT.
501 :
502 : CTB is the serialization's CTB. It specifies the header format and
503 : the packet's type. The header length must not be set. */
504 : static int
505 221 : do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
506 : {
507 221 : int rc = 0;
508 221 : IOBUF a = iobuf_temp();
509 :
510 221 : log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC);
511 :
512 : /* The only acceptable version. */
513 221 : log_assert( enc->version == 4 );
514 :
515 : /* RFC 4880, Section 3.7. */
516 221 : switch( enc->s2k.mode )
517 : {
518 : /* Simple S2K. */
519 : case 0:
520 : /* Salted S2K. */
521 : case 1:
522 : /* Iterated and salted S2K. */
523 : case 3:
524 : /* Reasonable values. */
525 221 : break;
526 :
527 : default:
528 0 : log_bug("do_symkey_enc: s2k=%d\n", enc->s2k.mode );
529 : }
530 221 : iobuf_put( a, enc->version );
531 221 : iobuf_put( a, enc->cipher_algo );
532 221 : iobuf_put( a, enc->s2k.mode );
533 221 : iobuf_put( a, enc->s2k.hash_algo );
534 221 : if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
535 221 : iobuf_write(a, enc->s2k.salt, 8 );
536 221 : if( enc->s2k.mode == 3 )
537 221 : iobuf_put(a, enc->s2k.count);
538 : }
539 221 : if( enc->seskeylen )
540 1 : iobuf_write(a, enc->seskey, enc->seskeylen );
541 :
542 221 : write_header(out, ctb, iobuf_get_temp_length(a) );
543 221 : rc = iobuf_write_temp( out, a );
544 :
545 221 : iobuf_close(a);
546 221 : return rc;
547 : }
548 :
549 :
550 : /* Serialize the public-key encrypted session key packet (RFC 4880,
551 : 5.1) described by ENC and write it to OUT.
552 :
553 : CTB is the serialization's CTB. It specifies the header format and
554 : the packet's type. The header length must not be set. */
555 : static int
556 255 : do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
557 : {
558 255 : int rc = 0;
559 : int n, i;
560 255 : IOBUF a = iobuf_temp();
561 :
562 255 : log_assert (ctb_pkttype (ctb) == PKT_PUBKEY_ENC);
563 :
564 255 : iobuf_put (a, 3); /* Version. */
565 :
566 255 : if ( enc->throw_keyid )
567 : {
568 3 : write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */
569 3 : write_32(a, 0 );
570 : }
571 : else
572 : {
573 252 : write_32(a, enc->keyid[0] );
574 252 : write_32(a, enc->keyid[1] );
575 : }
576 255 : iobuf_put(a,enc->pubkey_algo );
577 255 : n = pubkey_get_nenc( enc->pubkey_algo );
578 255 : if ( !n )
579 0 : write_fake_data( a, enc->data[0] );
580 :
581 757 : for (i=0; i < n && !rc ; i++ )
582 : {
583 502 : if (enc->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
584 24 : rc = gpg_mpi_write_nohdr (a, enc->data[i]);
585 : else
586 478 : rc = gpg_mpi_write (a, enc->data[i]);
587 : }
588 :
589 255 : if (!rc)
590 : {
591 255 : write_header (out, ctb, iobuf_get_temp_length(a) );
592 255 : rc = iobuf_write_temp (out, a);
593 : }
594 255 : iobuf_close(a);
595 255 : return rc;
596 : }
597 :
598 :
599 : /* Calculate the length of the serialized plaintext packet PT (RFC
600 : 4480, Section 5.9). */
601 : static u32
602 537 : calc_plaintext( PKT_plaintext *pt )
603 : {
604 : /* Truncate namelen to the maximum 255 characters. Note this means
605 : that a function that calls build_packet with an illegal literal
606 : packet will get it back legalized. */
607 :
608 537 : if(pt->namelen>255)
609 0 : pt->namelen=255;
610 :
611 537 : return pt->len? (1 + 1 + pt->namelen + 4 + pt->len) : 0;
612 : }
613 :
614 : /* Serialize the plaintext packet (RFC 4880, 5.9) described by PT and
615 : write it to OUT.
616 :
617 : The body of the message is stored in PT->BUF. The amount of data
618 : to write is PT->LEN. (PT->BUF should be configured to return EOF
619 : after this much data has been read.) If PT->LEN is 0 and CTB
620 : indicates that this is a new format packet, then partial block mode
621 : is assumed to have been enabled on OUT. On success, partial block
622 : mode is disabled.
623 :
624 : If PT->BUF is NULL, the the caller must write out the data. In
625 : this case, if PT->LEN was 0, then partial body length mode was
626 : enabled and the caller must disable it by calling
627 : iobuf_set_partial_body_length_mode (out, 0). */
628 : static int
629 537 : do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
630 : {
631 537 : int rc = 0;
632 : size_t nbytes;
633 :
634 537 : log_assert (ctb_pkttype (ctb) == PKT_PLAINTEXT);
635 :
636 537 : write_header(out, ctb, calc_plaintext( pt ) );
637 537 : log_assert (pt->mode == 'b' || pt->mode == 't' || pt->mode == 'u'
638 : || pt->mode == 'm'
639 : || pt->mode == 'l' || pt->mode == '1');
640 537 : iobuf_put(out, pt->mode );
641 537 : iobuf_put(out, pt->namelen );
642 537 : iobuf_write (out, pt->name, pt->namelen);
643 537 : rc = write_32(out, pt->timestamp );
644 537 : if (rc)
645 0 : return rc;
646 :
647 537 : if (pt->buf)
648 : {
649 537 : nbytes = iobuf_copy (out, pt->buf);
650 537 : if(ctb_new_format_p (ctb) && !pt->len)
651 : /* Turn off partial body length mode. */
652 52 : iobuf_set_partial_body_length_mode (out, 0);
653 537 : if( pt->len && nbytes != pt->len )
654 0 : log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n",
655 0 : (ulong)nbytes, (ulong)pt->len );
656 : }
657 :
658 537 : return rc;
659 : }
660 :
661 :
662 :
663 : /* Serialize the symmetrically encrypted data packet (RFC 4880,
664 : Section 5.7) described by ED and write it to OUT.
665 :
666 : Note: this only writes the packets header! The call must then
667 : follow up and write the initial random data and the body to OUT.
668 : (If you use the encryption iobuf filter (cipher_filter), then this
669 : is done automatically.) */
670 : static int
671 58 : do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed )
672 : {
673 58 : int rc = 0;
674 : u32 n;
675 :
676 58 : log_assert (! ed->mdc_method);
677 58 : log_assert (ctb_pkttype (ctb) == PKT_ENCRYPTED);
678 :
679 58 : n = ed->len ? (ed->len + ed->extralen) : 0;
680 58 : write_header(out, ctb, n );
681 :
682 : /* This is all. The caller has to write the real data */
683 :
684 58 : return rc;
685 : }
686 :
687 : /* Serialize the symmetrically encrypted integrity protected data
688 : packet (RFC 4880, Section 5.13) described by ED and write it to
689 : OUT.
690 :
691 : Note: this only writes the packet's header! The caller must then
692 : follow up and write the initial random data, the body and the MDC
693 : packet to OUT. (If you use the encryption iobuf filter
694 : (cipher_filter), then this is done automatically.) */
695 : static int
696 409 : do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
697 : {
698 409 : int rc = 0;
699 : u32 n;
700 :
701 409 : log_assert (ed->mdc_method);
702 409 : log_assert (ctb_pkttype (ctb) == PKT_ENCRYPTED_MDC);
703 :
704 : /* Take version number and the following MDC packet in account. */
705 409 : n = ed->len ? (ed->len + ed->extralen + 1 + 22) : 0;
706 409 : write_header(out, ctb, n );
707 409 : iobuf_put(out, 1 ); /* version */
708 :
709 : /* This is all. The caller has to write the real data */
710 :
711 409 : return rc;
712 : }
713 :
714 :
715 : /* Serialize the compressed packet (RFC 4880, Section 5.6) described
716 : by CD and write it to OUT.
717 :
718 : Note: this only writes the packet's header! The caller must then
719 : follow up and write the body to OUT. */
720 : static int
721 537 : do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
722 : {
723 537 : int rc = 0;
724 :
725 537 : log_assert (ctb_pkttype (ctb) == PKT_COMPRESSED);
726 :
727 : /* We must use the old convention and don't use blockmode for the
728 : sake of PGP 2 compatibility. However if the new_ctb flag was
729 : set, CTB is already formatted as new style and write_header2
730 : does create a partial length encoding using new the new
731 : style. */
732 537 : write_header2(out, ctb, 0, 0);
733 537 : iobuf_put(out, cd->algorithm );
734 :
735 : /* This is all. The caller has to write the real data */
736 :
737 537 : return rc;
738 : }
739 :
740 :
741 : /****************
742 : * Delete all subpackets of type REQTYPE and return a bool whether a packet
743 : * was deleted.
744 : */
745 : int
746 608 : delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
747 : {
748 : int buflen;
749 : sigsubpkttype_t type;
750 : byte *buffer, *bufstart;
751 : size_t n;
752 608 : size_t unused = 0;
753 608 : int okay = 0;
754 :
755 608 : if( !area )
756 408 : return 0;
757 200 : buflen = area->len;
758 200 : buffer = area->data;
759 : for(;;) {
760 471 : if( !buflen ) {
761 200 : okay = 1;
762 200 : break;
763 : }
764 271 : bufstart = buffer;
765 271 : n = *buffer++; buflen--;
766 271 : if( n == 255 ) {
767 0 : if( buflen < 4 )
768 0 : break;
769 0 : n = buf32_to_size_t (buffer);
770 0 : buffer += 4;
771 0 : buflen -= 4;
772 : }
773 271 : else if( n >= 192 ) {
774 0 : if( buflen < 2 )
775 0 : break;
776 0 : n = (( n - 192 ) << 8) + *buffer + 192;
777 0 : buffer++;
778 0 : buflen--;
779 : }
780 271 : if( buflen < n )
781 0 : break;
782 :
783 271 : type = *buffer & 0x7f;
784 271 : if( type == reqtype ) {
785 0 : buffer++;
786 0 : buflen--;
787 0 : n--;
788 0 : if( n > buflen )
789 0 : break;
790 0 : buffer += n; /* point to next subpkt */
791 0 : buflen -= n;
792 0 : memmove (bufstart, buffer, buflen); /* shift */
793 0 : unused += buffer - bufstart;
794 0 : buffer = bufstart;
795 : }
796 : else {
797 271 : buffer += n; buflen -=n;
798 : }
799 271 : }
800 :
801 200 : if (!okay)
802 0 : log_error ("delete_subpkt: buffer shorter than subpacket\n");
803 200 : log_assert (unused <= area->len);
804 200 : area->len -= unused;
805 200 : return !!unused;
806 : }
807 :
808 :
809 : /****************
810 : * Create or update a signature subpacket for SIG of TYPE. This
811 : * functions knows where to put the data (hashed or unhashed). The
812 : * function may move data from the unhashed part to the hashed one.
813 : * Note: All pointers into sig->[un]hashed (e.g. returned by
814 : * parse_sig_subpkt) are not valid after a call to this function. The
815 : * data to put into the subpaket should be in a buffer with a length
816 : * of buflen.
817 : */
818 : void
819 302 : build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
820 : const byte *buffer, size_t buflen )
821 : {
822 : byte *p;
823 : int critical, hashed;
824 : subpktarea_t *oldarea, *newarea;
825 : size_t nlen, n, n0;
826 :
827 302 : critical = (type & SIGSUBPKT_FLAG_CRITICAL);
828 302 : type &= ~SIGSUBPKT_FLAG_CRITICAL;
829 :
830 : /* Sanity check buffer sizes */
831 302 : if(parse_one_sig_subpkt(buffer,buflen,type)<0)
832 0 : BUG();
833 :
834 302 : switch(type)
835 : {
836 : case SIGSUBPKT_NOTATION:
837 : case SIGSUBPKT_POLICY:
838 : case SIGSUBPKT_REV_KEY:
839 : case SIGSUBPKT_SIGNATURE:
840 : /* we do allow multiple subpackets */
841 0 : break;
842 :
843 : default:
844 : /* we don't allow multiple subpackets */
845 302 : delete_sig_subpkt(sig->hashed,type);
846 302 : delete_sig_subpkt(sig->unhashed,type);
847 302 : break;
848 : }
849 :
850 : /* Any special magic that needs to be done for this type so the
851 : packet doesn't need to be reparsed? */
852 302 : switch(type)
853 : {
854 : case SIGSUBPKT_NOTATION:
855 0 : sig->flags.notation=1;
856 0 : break;
857 :
858 : case SIGSUBPKT_POLICY:
859 0 : sig->flags.policy_url=1;
860 0 : break;
861 :
862 : case SIGSUBPKT_PREF_KS:
863 0 : sig->flags.pref_ks=1;
864 0 : break;
865 :
866 : case SIGSUBPKT_EXPORTABLE:
867 0 : if(buffer[0])
868 0 : sig->flags.exportable=1;
869 : else
870 0 : sig->flags.exportable=0;
871 0 : break;
872 :
873 : case SIGSUBPKT_REVOCABLE:
874 0 : if(buffer[0])
875 0 : sig->flags.revocable=1;
876 : else
877 0 : sig->flags.revocable=0;
878 0 : break;
879 :
880 : case SIGSUBPKT_TRUST:
881 0 : sig->trust_depth=buffer[0];
882 0 : sig->trust_value=buffer[1];
883 0 : break;
884 :
885 : case SIGSUBPKT_REGEXP:
886 0 : sig->trust_regexp=buffer;
887 0 : break;
888 :
889 : /* This should never happen since we don't currently allow
890 : creating such a subpacket, but just in case... */
891 : case SIGSUBPKT_SIG_EXPIRE:
892 0 : if(buf32_to_u32(buffer)+sig->timestamp<=make_timestamp())
893 0 : sig->flags.expired=1;
894 : else
895 0 : sig->flags.expired=0;
896 0 : break;
897 :
898 : default:
899 302 : break;
900 : }
901 :
902 302 : if( (buflen+1) >= 8384 )
903 0 : nlen = 5; /* write 5 byte length header */
904 302 : else if( (buflen+1) >= 192 )
905 0 : nlen = 2; /* write 2 byte length header */
906 : else
907 302 : nlen = 1; /* just a 1 byte length header */
908 :
909 302 : switch( type )
910 : {
911 : /* The issuer being unhashed is a historical oddity. It
912 : should work equally as well hashed. Of course, if even an
913 : unhashed issuer is tampered with, it makes it awfully hard
914 : to verify the sig... */
915 : case SIGSUBPKT_ISSUER:
916 : case SIGSUBPKT_SIGNATURE:
917 136 : hashed = 0;
918 136 : break;
919 : default:
920 166 : hashed = 1;
921 166 : break;
922 : }
923 :
924 302 : if( critical )
925 0 : type |= SIGSUBPKT_FLAG_CRITICAL;
926 :
927 302 : oldarea = hashed? sig->hashed : sig->unhashed;
928 :
929 : /* Calculate new size of the area and allocate */
930 302 : n0 = oldarea? oldarea->len : 0;
931 302 : n = n0 + nlen + 1 + buflen; /* length, type, buffer */
932 302 : if (oldarea && n <= oldarea->size) { /* fits into the unused space */
933 0 : newarea = oldarea;
934 : /*log_debug ("updating area for type %d\n", type );*/
935 : }
936 302 : else if (oldarea) {
937 30 : newarea = xrealloc (oldarea, sizeof (*newarea) + n - 1);
938 30 : newarea->size = n;
939 : /*log_debug ("reallocating area for type %d\n", type );*/
940 : }
941 : else {
942 272 : newarea = xmalloc (sizeof (*newarea) + n - 1);
943 272 : newarea->size = n;
944 : /*log_debug ("allocating area for type %d\n", type );*/
945 : }
946 302 : newarea->len = n;
947 :
948 302 : p = newarea->data + n0;
949 302 : if (nlen == 5) {
950 0 : *p++ = 255;
951 0 : *p++ = (buflen+1) >> 24;
952 0 : *p++ = (buflen+1) >> 16;
953 0 : *p++ = (buflen+1) >> 8;
954 0 : *p++ = (buflen+1);
955 0 : *p++ = type;
956 0 : memcpy (p, buffer, buflen);
957 : }
958 302 : else if (nlen == 2) {
959 0 : *p++ = (buflen+1-192) / 256 + 192;
960 0 : *p++ = (buflen+1-192) % 256;
961 0 : *p++ = type;
962 0 : memcpy (p, buffer, buflen);
963 : }
964 : else {
965 302 : *p++ = buflen+1;
966 302 : *p++ = type;
967 302 : memcpy (p, buffer, buflen);
968 : }
969 :
970 302 : if (hashed)
971 166 : sig->hashed = newarea;
972 : else
973 136 : sig->unhashed = newarea;
974 302 : }
975 :
976 : /*
977 : * Put all the required stuff from SIG into subpackets of sig.
978 : * PKSK is the signing key.
979 : * Hmmm, should we delete those subpackets which are in a wrong area?
980 : */
981 : void
982 136 : build_sig_subpkt_from_sig (PKT_signature *sig, PKT_public_key *pksk)
983 : {
984 : u32 u;
985 : byte buf[1+MAX_FINGERPRINT_LEN];
986 : size_t fprlen;
987 :
988 : /* For v4 keys we need to write the ISSUER subpacket. We do not
989 : * want that for a future v5 format. */
990 136 : if (pksk->version < 5)
991 : {
992 136 : u = sig->keyid[0];
993 136 : buf[0] = (u >> 24) & 0xff;
994 136 : buf[1] = (u >> 16) & 0xff;
995 136 : buf[2] = (u >> 8) & 0xff;
996 136 : buf[3] = u & 0xff;
997 136 : u = sig->keyid[1];
998 136 : buf[4] = (u >> 24) & 0xff;
999 136 : buf[5] = (u >> 16) & 0xff;
1000 136 : buf[6] = (u >> 8) & 0xff;
1001 136 : buf[7] = u & 0xff;
1002 136 : build_sig_subpkt (sig, SIGSUBPKT_ISSUER, buf, 8);
1003 : }
1004 :
1005 : /* For a future v5 keys we write the ISSUER_FPR subpacket. We
1006 : * also write that for a v4 key is experimental support for
1007 : * RFC4880bis is requested. */
1008 136 : if (pksk->version > 4 || opt.flags.rfc4880bis)
1009 : {
1010 0 : fingerprint_from_pk (pksk, buf+1, &fprlen);
1011 0 : if (fprlen == 20)
1012 : {
1013 0 : buf[0] = pksk->version;
1014 0 : build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, 21);
1015 : }
1016 : }
1017 :
1018 : /* Write the timestamp. */
1019 136 : u = sig->timestamp;
1020 136 : buf[0] = (u >> 24) & 0xff;
1021 136 : buf[1] = (u >> 16) & 0xff;
1022 136 : buf[2] = (u >> 8) & 0xff;
1023 136 : buf[3] = u & 0xff;
1024 136 : build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 );
1025 :
1026 136 : if(sig->expiredate)
1027 : {
1028 0 : if(sig->expiredate>sig->timestamp)
1029 0 : u=sig->expiredate-sig->timestamp;
1030 : else
1031 0 : u=1; /* A 1-second expiration time is the shortest one
1032 : OpenPGP has */
1033 :
1034 0 : buf[0] = (u >> 24) & 0xff;
1035 0 : buf[1] = (u >> 16) & 0xff;
1036 0 : buf[2] = (u >> 8) & 0xff;
1037 0 : buf[3] = u & 0xff;
1038 :
1039 : /* Mark this CRITICAL, so if any implementation doesn't
1040 : understand sigs that can expire, it'll just disregard this
1041 : sig altogether. */
1042 :
1043 0 : build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
1044 : buf, 4 );
1045 : }
1046 136 : }
1047 :
1048 : void
1049 0 : build_attribute_subpkt(PKT_user_id *uid,byte type,
1050 : const void *buf,u32 buflen,
1051 : const void *header,u32 headerlen)
1052 : {
1053 : byte *attrib;
1054 : int idx;
1055 :
1056 0 : if(1+headerlen+buflen>8383)
1057 0 : idx=5;
1058 0 : else if(1+headerlen+buflen>191)
1059 0 : idx=2;
1060 : else
1061 0 : idx=1;
1062 :
1063 : /* realloc uid->attrib_data to the right size */
1064 :
1065 0 : uid->attrib_data=xrealloc(uid->attrib_data,
1066 : uid->attrib_len+idx+1+headerlen+buflen);
1067 :
1068 0 : attrib=&uid->attrib_data[uid->attrib_len];
1069 :
1070 0 : if(idx==5)
1071 : {
1072 0 : attrib[0]=255;
1073 0 : attrib[1]=(1+headerlen+buflen) >> 24;
1074 0 : attrib[2]=(1+headerlen+buflen) >> 16;
1075 0 : attrib[3]=(1+headerlen+buflen) >> 8;
1076 0 : attrib[4]=1+headerlen+buflen;
1077 : }
1078 0 : else if(idx==2)
1079 : {
1080 0 : attrib[0]=(1+headerlen+buflen-192) / 256 + 192;
1081 0 : attrib[1]=(1+headerlen+buflen-192) % 256;
1082 : }
1083 : else
1084 0 : attrib[0]=1+headerlen+buflen; /* Good luck finding a JPEG this small! */
1085 :
1086 0 : attrib[idx++]=type;
1087 :
1088 : /* Tack on our data at the end */
1089 :
1090 0 : if(headerlen>0)
1091 0 : memcpy(&attrib[idx],header,headerlen);
1092 0 : memcpy(&attrib[idx+headerlen],buf,buflen);
1093 0 : uid->attrib_len+=idx+headerlen+buflen;
1094 0 : }
1095 :
1096 : /* Returns a human-readable string corresponding to the notation.
1097 : This ignores notation->value. The caller must free the result. */
1098 : static char *
1099 0 : notation_value_to_human_readable_string (struct notation *notation)
1100 : {
1101 0 : if(notation->bdat)
1102 : /* Binary data. */
1103 : {
1104 0 : size_t len = notation->blen;
1105 : int i;
1106 : char preview[20];
1107 :
1108 0 : for (i = 0; i < len && i < sizeof (preview) - 1; i ++)
1109 0 : if (isprint (notation->bdat[i]))
1110 0 : preview[i] = notation->bdat[i];
1111 : else
1112 0 : preview[i] = '?';
1113 0 : preview[i] = 0;
1114 :
1115 0 : return xasprintf (_("[ not human readable (%zu bytes: %s%s) ]"),
1116 0 : len, preview, i < len ? "..." : "");
1117 : }
1118 : else
1119 : /* The value is human-readable. */
1120 0 : return xstrdup (notation->value);
1121 : }
1122 :
1123 : /* Turn the notation described by the string STRING into a notation.
1124 :
1125 : STRING has the form:
1126 :
1127 : - -name - Delete the notation.
1128 : - name@domain.name=value - Normal notation
1129 : - !name@domain.name=value - Notation with critical bit set.
1130 :
1131 : The caller must free the result using free_notation(). */
1132 : struct notation *
1133 0 : string_to_notation(const char *string,int is_utf8)
1134 : {
1135 : const char *s;
1136 0 : int saw_at=0;
1137 : struct notation *notation;
1138 :
1139 0 : notation=xmalloc_clear(sizeof(*notation));
1140 :
1141 0 : if(*string=='-')
1142 : {
1143 0 : notation->flags.ignore=1;
1144 0 : string++;
1145 : }
1146 :
1147 0 : if(*string=='!')
1148 : {
1149 0 : notation->flags.critical=1;
1150 0 : string++;
1151 : }
1152 :
1153 : /* If and when the IETF assigns some official name tags, we'll have
1154 : to add them here. */
1155 :
1156 0 : for( s=string ; *s != '='; s++ )
1157 : {
1158 0 : if( *s=='@')
1159 0 : saw_at++;
1160 :
1161 : /* -notationname is legal without an = sign */
1162 0 : if(!*s && notation->flags.ignore)
1163 0 : break;
1164 :
1165 0 : if( !*s || !isascii (*s) || (!isgraph(*s) && !isspace(*s)) )
1166 : {
1167 0 : log_error(_("a notation name must have only printable characters"
1168 : " or spaces, and end with an '='\n") );
1169 0 : goto fail;
1170 : }
1171 : }
1172 :
1173 0 : notation->name=xmalloc((s-string)+1);
1174 0 : strncpy(notation->name,string,s-string);
1175 0 : notation->name[s-string]='\0';
1176 :
1177 0 : if(!saw_at && !opt.expert)
1178 : {
1179 0 : log_error(_("a user notation name must contain the '@' character\n"));
1180 0 : goto fail;
1181 : }
1182 :
1183 0 : if (saw_at > 1)
1184 : {
1185 0 : log_error(_("a notation name must not contain more than"
1186 : " one '@' character\n"));
1187 0 : goto fail;
1188 : }
1189 :
1190 0 : if(*s)
1191 : {
1192 0 : const char *i=s+1;
1193 0 : int highbit=0;
1194 :
1195 : /* we only support printable text - therefore we enforce the use
1196 : of only printable characters (an empty value is valid) */
1197 0 : for(s++; *s ; s++ )
1198 : {
1199 0 : if ( !isascii (*s) )
1200 0 : highbit=1;
1201 0 : else if (iscntrl(*s))
1202 : {
1203 0 : log_error(_("a notation value must not use any"
1204 : " control characters\n"));
1205 0 : goto fail;
1206 : }
1207 : }
1208 :
1209 0 : if(!highbit || is_utf8)
1210 0 : notation->value=xstrdup(i);
1211 : else
1212 0 : notation->value=native_to_utf8(i);
1213 : }
1214 :
1215 0 : return notation;
1216 :
1217 : fail:
1218 0 : free_notation(notation);
1219 0 : return NULL;
1220 : }
1221 :
1222 : /* Like string_to_notation, but store opaque data rather than human
1223 : readable data. */
1224 : struct notation *
1225 0 : blob_to_notation(const char *name, const char *data, size_t len)
1226 : {
1227 : const char *s;
1228 0 : int saw_at=0;
1229 : struct notation *notation;
1230 :
1231 0 : notation=xmalloc_clear(sizeof(*notation));
1232 :
1233 0 : if(*name=='-')
1234 : {
1235 0 : notation->flags.ignore=1;
1236 0 : name++;
1237 : }
1238 :
1239 0 : if(*name=='!')
1240 : {
1241 0 : notation->flags.critical=1;
1242 0 : name++;
1243 : }
1244 :
1245 : /* If and when the IETF assigns some official name tags, we'll have
1246 : to add them here. */
1247 :
1248 0 : for( s=name ; *s; s++ )
1249 : {
1250 0 : if( *s=='@')
1251 0 : saw_at++;
1252 :
1253 : /* -notationname is legal without an = sign */
1254 0 : if(!*s && notation->flags.ignore)
1255 0 : break;
1256 :
1257 0 : if (*s == '=')
1258 : {
1259 0 : log_error(_("a notation name may not contain an '=' character\n"));
1260 0 : goto fail;
1261 : }
1262 :
1263 0 : if (!isascii (*s) || (!isgraph(*s) && !isspace(*s)))
1264 : {
1265 0 : log_error(_("a notation name must have only printable characters"
1266 : " or spaces\n") );
1267 0 : goto fail;
1268 : }
1269 : }
1270 :
1271 0 : notation->name=xstrdup (name);
1272 :
1273 0 : if(!saw_at && !opt.expert)
1274 : {
1275 0 : log_error(_("a user notation name must contain the '@' character\n"));
1276 0 : goto fail;
1277 : }
1278 :
1279 0 : if (saw_at > 1)
1280 : {
1281 0 : log_error(_("a notation name must not contain more than"
1282 : " one '@' character\n"));
1283 0 : goto fail;
1284 : }
1285 :
1286 0 : notation->bdat = xmalloc (len);
1287 0 : memcpy (notation->bdat, data, len);
1288 0 : notation->blen = len;
1289 :
1290 0 : notation->value = notation_value_to_human_readable_string (notation);
1291 :
1292 0 : return notation;
1293 :
1294 : fail:
1295 0 : free_notation(notation);
1296 0 : return NULL;
1297 : }
1298 :
1299 : struct notation *
1300 160 : sig_to_notation(PKT_signature *sig)
1301 : {
1302 : const byte *p;
1303 : size_t len;
1304 160 : int seq = 0;
1305 : int crit;
1306 160 : notation_t list = NULL;
1307 :
1308 : /* See RFC 4880, 5.2.3.16 for the format of notation data. In
1309 : short, a notation has:
1310 :
1311 : - 4 bytes of flags
1312 : - 2 byte name length (n1)
1313 : - 2 byte value length (n2)
1314 : - n1 bytes of name data
1315 : - n2 bytes of value data
1316 : */
1317 320 : while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
1318 : {
1319 : int n1,n2;
1320 0 : struct notation *n=NULL;
1321 :
1322 0 : if(len<8)
1323 : {
1324 0 : log_info(_("WARNING: invalid notation data found\n"));
1325 0 : continue;
1326 : }
1327 :
1328 : /* name length. */
1329 0 : n1=(p[4]<<8)|p[5];
1330 : /* value length. */
1331 0 : n2=(p[6]<<8)|p[7];
1332 :
1333 0 : if(8+n1+n2!=len)
1334 : {
1335 0 : log_info(_("WARNING: invalid notation data found\n"));
1336 0 : continue;
1337 : }
1338 :
1339 0 : n=xmalloc_clear(sizeof(*n));
1340 0 : n->name=xmalloc(n1+1);
1341 :
1342 0 : memcpy(n->name,&p[8],n1);
1343 0 : n->name[n1]='\0';
1344 :
1345 0 : if(p[0]&0x80)
1346 : /* The value is human-readable. */
1347 : {
1348 0 : n->value=xmalloc(n2+1);
1349 0 : memcpy(n->value,&p[8+n1],n2);
1350 0 : n->value[n2]='\0';
1351 0 : n->flags.human = 1;
1352 : }
1353 : else
1354 : /* Binary data. */
1355 : {
1356 0 : n->bdat=xmalloc(n2);
1357 0 : n->blen=n2;
1358 0 : memcpy(n->bdat,&p[8+n1],n2);
1359 :
1360 0 : n->value = notation_value_to_human_readable_string (n);
1361 : }
1362 :
1363 0 : n->flags.critical=crit;
1364 :
1365 0 : n->next=list;
1366 0 : list=n;
1367 : }
1368 :
1369 160 : return list;
1370 : }
1371 :
1372 : /* Release the resources associated with the *list* of notations. To
1373 : release a single notation, make sure that notation->next is
1374 : NULL. */
1375 : void
1376 160 : free_notation(struct notation *notation)
1377 : {
1378 320 : while(notation)
1379 : {
1380 0 : struct notation *n=notation;
1381 :
1382 0 : xfree(n->name);
1383 0 : xfree(n->value);
1384 0 : xfree(n->altvalue);
1385 0 : xfree(n->bdat);
1386 0 : notation=n->next;
1387 0 : xfree(n);
1388 : }
1389 160 : }
1390 :
1391 : /* Serialize the signature packet (RFC 4880, Section 5.2) described by
1392 : SIG and write it to OUT. */
1393 : static int
1394 440 : do_signature( IOBUF out, int ctb, PKT_signature *sig )
1395 : {
1396 440 : int rc = 0;
1397 : int n, i;
1398 440 : IOBUF a = iobuf_temp();
1399 :
1400 440 : log_assert (ctb_pkttype (ctb) == PKT_SIGNATURE);
1401 :
1402 440 : if ( !sig->version || sig->version == 3)
1403 : {
1404 2 : iobuf_put( a, 3 );
1405 :
1406 : /* Version 3 packets don't support subpackets. */
1407 2 : log_assert (! sig->hashed);
1408 2 : log_assert (! sig->unhashed);
1409 : }
1410 : else
1411 438 : iobuf_put( a, sig->version );
1412 440 : if ( sig->version < 4 )
1413 2 : iobuf_put (a, 5 ); /* Constant */
1414 440 : iobuf_put (a, sig->sig_class );
1415 440 : if ( sig->version < 4 )
1416 : {
1417 2 : write_32(a, sig->timestamp );
1418 2 : write_32(a, sig->keyid[0] );
1419 2 : write_32(a, sig->keyid[1] );
1420 : }
1421 440 : iobuf_put(a, sig->pubkey_algo );
1422 440 : iobuf_put(a, sig->digest_algo );
1423 440 : if ( sig->version >= 4 )
1424 : {
1425 : size_t nn;
1426 : /* Timestamp and keyid must have been packed into the subpackets
1427 : prior to the call of this function, because these subpackets
1428 : are hashed. */
1429 438 : nn = sig->hashed? sig->hashed->len : 0;
1430 438 : write_16(a, nn);
1431 438 : if (nn)
1432 438 : iobuf_write( a, sig->hashed->data, nn );
1433 438 : nn = sig->unhashed? sig->unhashed->len : 0;
1434 438 : write_16(a, nn);
1435 438 : if (nn)
1436 438 : iobuf_write( a, sig->unhashed->data, nn );
1437 : }
1438 440 : iobuf_put(a, sig->digest_start[0] );
1439 440 : iobuf_put(a, sig->digest_start[1] );
1440 440 : n = pubkey_get_nsig( sig->pubkey_algo );
1441 440 : if ( !n )
1442 0 : write_fake_data( a, sig->data[0] );
1443 1214 : for (i=0; i < n && !rc ; i++ )
1444 774 : rc = gpg_mpi_write (a, sig->data[i] );
1445 :
1446 440 : if (!rc)
1447 : {
1448 440 : if ( is_RSA(sig->pubkey_algo) && sig->version < 4 )
1449 1 : write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
1450 : else
1451 439 : write_header(out, ctb, iobuf_get_temp_length(a) );
1452 440 : rc = iobuf_write_temp( out, a );
1453 : }
1454 :
1455 440 : iobuf_close(a);
1456 440 : return rc;
1457 : }
1458 :
1459 :
1460 : /* Serialize the one-pass signature packet (RFC 4880, Section 5.4)
1461 : described by OPS and write it to OUT. */
1462 : static int
1463 105 : do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
1464 : {
1465 105 : log_assert (ctb_pkttype (ctb) == PKT_ONEPASS_SIG);
1466 :
1467 105 : write_header(out, ctb, 4 + 8 + 1);
1468 :
1469 105 : iobuf_put (out, 3); /* Version. */
1470 105 : iobuf_put(out, ops->sig_class );
1471 105 : iobuf_put(out, ops->digest_algo );
1472 105 : iobuf_put(out, ops->pubkey_algo );
1473 105 : write_32(out, ops->keyid[0] );
1474 105 : write_32(out, ops->keyid[1] );
1475 105 : iobuf_put(out, ops->last );
1476 :
1477 105 : return 0;
1478 : }
1479 :
1480 :
1481 : /* Write a 16-bit quantity to OUT in big endian order. */
1482 : static int
1483 879 : write_16(IOBUF out, u16 a)
1484 : {
1485 879 : iobuf_put(out, a>>8);
1486 879 : if( iobuf_put(out,a) )
1487 0 : return -1;
1488 879 : return 0;
1489 : }
1490 :
1491 : /* Write a 32-bit quantity to OUT in big endian order. */
1492 : static int
1493 1403 : write_32(IOBUF out, u32 a)
1494 : {
1495 1403 : iobuf_put(out, a>> 24);
1496 1403 : iobuf_put(out, a>> 16);
1497 1403 : iobuf_put(out, a>> 8);
1498 1403 : return iobuf_put(out, a);
1499 : }
1500 :
1501 :
1502 : /****************
1503 : * calculate the length of a header.
1504 : *
1505 : * LEN is the length of the packet's body. NEW_CTB is whether we are
1506 : * using a new or old format packet.
1507 : *
1508 : * This function does not handle indeterminate lengths or partial body
1509 : * lengths. (If you pass LEN as 0, then this function assumes you
1510 : * really mean an empty body.)
1511 : */
1512 : static int
1513 0 : calc_header_length( u32 len, int new_ctb )
1514 : {
1515 0 : if( new_ctb ) {
1516 0 : if( len < 192 )
1517 0 : return 2;
1518 0 : if( len < 8384 )
1519 0 : return 3;
1520 : else
1521 0 : return 6;
1522 : }
1523 0 : if( len < 256 )
1524 0 : return 2;
1525 0 : if( len < 65536 )
1526 0 : return 3;
1527 :
1528 0 : return 5;
1529 : }
1530 :
1531 : /****************
1532 : * Write the CTB and the packet length
1533 : */
1534 : static int
1535 2024 : write_header( IOBUF out, int ctb, u32 len )
1536 : {
1537 2024 : return write_header2( out, ctb, len, 0 );
1538 : }
1539 :
1540 :
1541 : static int
1542 1 : write_sign_packet_header (IOBUF out, int ctb, u32 len)
1543 : {
1544 : (void)ctb;
1545 :
1546 : /* Work around a bug in the pgp read function for signature packets,
1547 : which are not correctly coded and silently assume at some point 2
1548 : byte length headers.*/
1549 1 : iobuf_put (out, 0x89 );
1550 1 : iobuf_put (out, len >> 8 );
1551 1 : return iobuf_put (out, len) == -1 ? -1:0;
1552 : }
1553 :
1554 : /****************
1555 : * Write a packet header to OUT.
1556 : *
1557 : * CTB is the ctb. It determines whether a new or old format packet
1558 : * header should be written. The length field is adjusted, but the
1559 : * CTB is otherwise written out as is.
1560 : *
1561 : * LEN is the length of the packet's body.
1562 : *
1563 : * If HDRLEN is set, then we don't necessarily use the most efficient
1564 : * encoding to store LEN, but the specified length. (If this is not
1565 : * possible, this is a bug.) In this case, LEN=0 means a 0 length
1566 : * packet. Note: setting HDRLEN is only supported for old format
1567 : * packets!
1568 : *
1569 : * If HDRLEN is not set, then the shortest encoding is used. In this
1570 : * case, LEN=0 means the body has an indeterminate length and a
1571 : * partial body length header (if a new format packet) or an
1572 : * indeterminate length header (if an old format packet) is written
1573 : * out. Further, if using partial body lengths, this enables partial
1574 : * body length mode on OUT.
1575 : */
1576 : static int
1577 2796 : write_header2( IOBUF out, int ctb, u32 len, int hdrlen )
1578 : {
1579 2796 : if (ctb_new_format_p (ctb))
1580 519 : return write_new_header( out, ctb, len, hdrlen );
1581 :
1582 : /* An old format packet. Refer to RFC 4880, Section 4.2.1 to
1583 : understand how lengths are encoded in this case. */
1584 :
1585 : /* The length encoding is stored in the two least significant bits.
1586 : Make sure they are cleared. */
1587 2277 : log_assert ((ctb & 3) == 0);
1588 :
1589 2277 : log_assert (hdrlen == 0 || hdrlen == 2 || hdrlen == 3 || hdrlen == 5);
1590 :
1591 2277 : if (hdrlen)
1592 : /* Header length is given. */
1593 : {
1594 0 : if( hdrlen == 2 && len < 256 )
1595 : /* 00 => 1 byte length. */
1596 : ;
1597 0 : else if( hdrlen == 3 && len < 65536 )
1598 : /* 01 => 2 byte length. If len < 256, this is not the most
1599 : compact encoding, but it is a correct encoding. */
1600 0 : ctb |= 1;
1601 0 : else if (hdrlen == 5)
1602 : /* 10 => 4 byte length. If len < 65536, this is not the most
1603 : compact encoding, but it is a correct encoding. */
1604 0 : ctb |= 2;
1605 : else
1606 0 : log_bug ("Can't encode length=%d in a %d byte header!\n",
1607 : len, hdrlen);
1608 : }
1609 : else
1610 : {
1611 2277 : if( !len )
1612 : /* 11 => Indeterminate length. */
1613 537 : ctb |= 3;
1614 1740 : else if( len < 256 )
1615 : /* 00 => 1 byte length. */
1616 : ;
1617 583 : else if( len < 65536 )
1618 : /* 01 => 2 byte length. */
1619 534 : ctb |= 1;
1620 : else
1621 : /* 10 => 4 byte length. */
1622 49 : ctb |= 2;
1623 : }
1624 :
1625 2277 : if( iobuf_put(out, ctb ) )
1626 0 : return -1;
1627 :
1628 2277 : if( len || hdrlen )
1629 : {
1630 1740 : if( ctb & 2 )
1631 : {
1632 49 : if(iobuf_put(out, len >> 24 ))
1633 0 : return -1;
1634 49 : if(iobuf_put(out, len >> 16 ))
1635 0 : return -1;
1636 : }
1637 :
1638 1740 : if( ctb & 3 )
1639 583 : if(iobuf_put(out, len >> 8 ))
1640 0 : return -1;
1641 :
1642 1740 : if( iobuf_put(out, len ) )
1643 0 : return -1;
1644 : }
1645 :
1646 2277 : return 0;
1647 : }
1648 :
1649 :
1650 : /* Write a new format header to OUT.
1651 :
1652 : CTB is the ctb.
1653 :
1654 : LEN is the length of the packet's body. If LEN is 0, then enables
1655 : partial body length mode (i.e., the body is of an indeterminant
1656 : length) on OUT. Note: this function cannot be used to generate a
1657 : header for a zero length packet.
1658 :
1659 : HDRLEN is the length of the packet's header. If HDRLEN is 0, the
1660 : shortest encoding is chosen based on the length of the packet's
1661 : body. Currently, values other than 0 are not supported.
1662 :
1663 : Returns 0 on success. */
1664 : static int
1665 519 : write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
1666 : {
1667 519 : if( hdrlen )
1668 0 : log_bug("can't cope with hdrlen yet\n");
1669 :
1670 519 : if( iobuf_put(out, ctb ) )
1671 0 : return -1;
1672 519 : if( !len ) {
1673 519 : iobuf_set_partial_body_length_mode(out, 512 );
1674 : }
1675 : else {
1676 0 : if( len < 192 ) {
1677 0 : if( iobuf_put(out, len ) )
1678 0 : return -1;
1679 : }
1680 0 : else if( len < 8384 ) {
1681 0 : len -= 192;
1682 0 : if( iobuf_put( out, (len / 256) + 192) )
1683 0 : return -1;
1684 0 : if( iobuf_put( out, (len % 256) ) )
1685 0 : return -1;
1686 : }
1687 : else {
1688 0 : if( iobuf_put( out, 0xff ) )
1689 0 : return -1;
1690 0 : if( iobuf_put( out, (len >> 24)&0xff ) )
1691 0 : return -1;
1692 0 : if( iobuf_put( out, (len >> 16)&0xff ) )
1693 0 : return -1;
1694 0 : if( iobuf_put( out, (len >> 8)&0xff ) )
1695 0 : return -1;
1696 0 : if( iobuf_put( out, len & 0xff ) )
1697 0 : return -1;
1698 : }
1699 : }
1700 519 : return 0;
1701 : }
|