LCOV - code coverage report
Current view: top level - g10 - build-packet.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 385 712 54.1 %
Date: 2016-09-12 13:01:59 Functions: 27 34 79.4 %

          Line data    Source code
       1             : /* build-packet.c - assemble packets and write them
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
       3             :  *               2006, 2010, 2011  Free Software Foundation, Inc.
       4             :  *
       5             :  * This file is part of GnuPG.
       6             :  *
       7             :  * GnuPG is free software; you can redistribute it and/or modify
       8             :  * it under the terms of the GNU General Public License as published by
       9             :  * the Free Software Foundation; either version 3 of the License, or
      10             :  * (at your option) any later version.
      11             :  *
      12             :  * GnuPG is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :  * GNU General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU General Public License
      18             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      19             :  */
      20             : 
      21             : #include <config.h>
      22             : #include <stdio.h>
      23             : #include <stdlib.h>
      24             : #include <string.h>
      25             : #include <ctype.h>
      26             : 
      27             : #include "gpg.h"
      28             : #include "util.h"
      29             : #include "packet.h"
      30             : #include "status.h"
      31             : #include "iobuf.h"
      32             : #include "i18n.h"
      33             : #include "options.h"
      34             : #include "host2net.h"
      35             : 
      36             : static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
      37             : static int do_key (iobuf_t out, int ctb, PKT_public_key *pk);
      38             : static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
      39             : static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
      40             : static u32 calc_plaintext( PKT_plaintext *pt );
      41             : static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
      42             : static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
      43             : static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
      44             : static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
      45             : static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
      46             : static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
      47             : 
      48             : static int calc_header_length( u32 len, int new_ctb );
      49             : static int write_16(IOBUF inp, u16 a);
      50             : static int write_32(IOBUF inp, u32 a);
      51             : static int write_header( IOBUF out, int ctb, u32 len );
      52             : static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
      53             : static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen );
      54             : static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
      55             : 
      56             : /* Returns 1 if CTB is a new format ctb and 0 if CTB is an old format
      57             :    ctb.  */
      58             : static int
      59        6205 : ctb_new_format_p (int ctb)
      60             : {
      61             :   /* Bit 7 must always be set.  */
      62        6205 :   log_assert ((ctb & (1 << 7)));
      63             :   /* Bit 6 indicates whether the packet is a new format packet.  */
      64        6205 :   return (ctb & (1 << 6));
      65             : }
      66             : 
      67             : /* Extract the packet type from a CTB.  */
      68             : static int
      69        2872 : ctb_pkttype (int ctb)
      70             : {
      71        2872 :   if (ctb_new_format_p (ctb))
      72             :     /* Bits 0 through 5 are the packet type.  */
      73         519 :     return (ctb & ((1 << 6) - 1));
      74             :   else
      75             :     /* Bits 2 through 5 are the packet type.  */
      76        2353 :     return (ctb & ((1 << 6) - 1)) >> 2;
      77             : }
      78             : 
      79             : /****************
      80             :  * Build a packet and write it to INP
      81             :  * Returns: 0 := okay
      82             :  *         >0 := error
      83             :  * Note: Caller must free the packet
      84             :  */
      85             : int
      86        2797 : build_packet( IOBUF out, PACKET *pkt )
      87             : {
      88        2797 :     int new_ctb=0, rc=0, ctb;
      89             :     int pkttype;
      90             : 
      91        2797 :     if( DBG_PACKET )
      92           0 :         log_debug("build_packet() type=%d\n", pkt->pkttype );
      93        2797 :     log_assert( pkt->pkt.generic );
      94             : 
      95        2797 :     switch ((pkttype = pkt->pkttype))
      96             :       {
      97             :       case PKT_PUBLIC_KEY:
      98          75 :         if (pkt->pkt.public_key->seckey_info)
      99           3 :           pkttype = PKT_SECRET_KEY;
     100          75 :         break;
     101             :       case PKT_PUBLIC_SUBKEY:
     102          65 :         if (pkt->pkt.public_key->seckey_info)
     103           2 :           pkttype = PKT_SECRET_SUBKEY;
     104          65 :         break;
     105         537 :       case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break;
     106             :       case PKT_ENCRYPTED:
     107         467 :       case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break;
     108         537 :       case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break;
     109             :       case PKT_USER_ID:
     110          95 :         if( pkt->pkt.user_id->attrib_data )
     111           0 :           pkttype = PKT_ATTRIBUTE;
     112          95 :         break;
     113        1021 :       default: break;
     114             :       }
     115             : 
     116        2797 :     if( new_ctb || pkttype > 15 ) /* new format */
     117         519 :         ctb = 0xc0 | (pkttype & 0x3f);
     118             :     else
     119        2278 :         ctb = 0x80 | ((pkttype & 15)<<2);
     120        2797 :     switch( pkttype )
     121             :       {
     122             :       case PKT_ATTRIBUTE:
     123             :       case PKT_USER_ID:
     124          95 :         rc = do_user_id( out, ctb, pkt->pkt.user_id );
     125          95 :         break;
     126             :       case PKT_OLD_COMMENT:
     127             :       case PKT_COMMENT:
     128             :         /*
     129             :           Ignore these.  Theoretically, this will never be called as
     130             :           we have no way to output comment packets any longer, but
     131             :           just in case there is some code path that would end up
     132             :           outputting a comment that was written before comments were
     133             :           dropped (in the public key?) this is a no-op.
     134             :         */
     135           0 :         break;
     136             :       case PKT_PUBLIC_SUBKEY:
     137             :       case PKT_PUBLIC_KEY:
     138             :       case PKT_SECRET_SUBKEY:
     139             :       case PKT_SECRET_KEY:
     140         140 :         rc = do_key (out, ctb, pkt->pkt.public_key);
     141         140 :         break;
     142             :       case PKT_SYMKEY_ENC:
     143         221 :         rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
     144         221 :         break;
     145             :       case PKT_PUBKEY_ENC:
     146         255 :         rc = do_pubkey_enc( out, ctb, pkt->pkt.pubkey_enc );
     147         255 :         break;
     148             :       case PKT_PLAINTEXT:
     149         537 :         rc = do_plaintext( out, ctb, pkt->pkt.plaintext );
     150         537 :         break;
     151             :       case PKT_ENCRYPTED:
     152          58 :         rc = do_encrypted( out, ctb, pkt->pkt.encrypted );
     153          58 :         break;
     154             :       case PKT_ENCRYPTED_MDC:
     155         409 :         rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
     156         409 :         break;
     157             :       case PKT_COMPRESSED:
     158         537 :         rc = do_compressed( out, ctb, pkt->pkt.compressed );
     159         537 :         break;
     160             :       case PKT_SIGNATURE:
     161         440 :         rc = do_signature( out, ctb, pkt->pkt.signature );
     162         440 :         break;
     163             :       case PKT_ONEPASS_SIG:
     164         105 :         rc = do_onepass_sig( out, ctb, pkt->pkt.onepass_sig );
     165         105 :         break;
     166             :       case PKT_RING_TRUST:
     167           0 :         break; /* ignore it (keyring.c does write it directly)*/
     168             :       case PKT_MDC: /* we write it directly, so we should never see it here. */
     169             :       default:
     170           0 :         log_bug("invalid packet type in build_packet()\n");
     171             :         break;
     172             :       }
     173             : 
     174        2797 :     return rc;
     175             : }
     176             : 
     177             : 
     178             : /*
     179             :  * Write the mpi A to OUT.
     180             :  */
     181             : gpg_error_t
     182        1667 : gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
     183             : {
     184             :   int rc;
     185             : 
     186        1667 :   if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
     187             :     {
     188             :       unsigned int nbits;
     189             :       const unsigned char *p;
     190             :       unsigned char lenhdr[2];
     191             : 
     192             :       /* gcry_log_debugmpi ("a", a); */
     193           0 :       p = gcry_mpi_get_opaque (a, &nbits);
     194           0 :       if (p)
     195             :         {
     196             :           /* Strip leading zero bits.  */
     197           0 :           for (; nbits >= 8 && !*p; p++, nbits -= 8)
     198             :             ;
     199           0 :           if (nbits >= 8 && !(*p & 0x80))
     200           0 :             if (--nbits >= 7 && !(*p & 0x40))
     201           0 :               if (--nbits >= 6 && !(*p & 0x20))
     202           0 :                 if (--nbits >= 5 && !(*p & 0x10))
     203           0 :                   if (--nbits >= 4 && !(*p & 0x08))
     204           0 :                     if (--nbits >= 3 && !(*p & 0x04))
     205           0 :                       if (--nbits >= 2 && !(*p & 0x02))
     206           0 :                         if (--nbits >= 1 && !(*p & 0x01))
     207           0 :                           --nbits;
     208             :         }
     209             :       /* gcry_log_debug ("   [%u bit]\n", nbits); */
     210             :       /* gcry_log_debughex (" ", p, (nbits+7)/8); */
     211           0 :       lenhdr[0] = nbits >> 8;
     212           0 :       lenhdr[1] = nbits;
     213           0 :       rc = iobuf_write (out, lenhdr, 2);
     214           0 :       if (!rc && p)
     215           0 :         rc = iobuf_write (out, p, (nbits+7)/8);
     216             :     }
     217             :   else
     218             :     {
     219             :       char buffer[(MAX_EXTERN_MPI_BITS+7)/8+2]; /* 2 is for the mpi length. */
     220             :       size_t nbytes;
     221             : 
     222        1667 :       nbytes = DIM(buffer);
     223        1667 :       rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
     224        1667 :       if( !rc )
     225        1667 :         rc = iobuf_write( out, buffer, nbytes );
     226           0 :       else if (gpg_err_code(rc) == GPG_ERR_TOO_SHORT )
     227             :         {
     228           0 :           log_info ("mpi too large (%u bits)\n", gcry_mpi_get_nbits (a));
     229             :           /* The buffer was too small. We better tell the user about the MPI. */
     230           0 :           rc = gpg_error (GPG_ERR_TOO_LARGE);
     231             :         }
     232             :     }
     233             : 
     234        1667 :   return rc;
     235             : }
     236             : 
     237             : 
     238             : /*
     239             :  * Write an opaque MPI to the output stream without length info.
     240             :  */
     241             : gpg_error_t
     242         137 : gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a)
     243             : {
     244             :   int rc;
     245             : 
     246         137 :   if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
     247             :     {
     248             :       unsigned int nbits;
     249             :       const void *p;
     250             : 
     251         137 :       p = gcry_mpi_get_opaque (a, &nbits);
     252         137 :       rc = p ? iobuf_write (out, p, (nbits+7)/8) : 0;
     253             :     }
     254             :   else
     255           0 :     rc = gpg_error (GPG_ERR_BAD_MPI);
     256             : 
     257         137 :   return rc;
     258             : }
     259             : 
     260             : 
     261             : /* Calculate the length of a packet described by PKT.  */
     262             : u32
     263           0 : calc_packet_length( PACKET *pkt )
     264             : {
     265           0 :     u32 n=0;
     266           0 :     int new_ctb = 0;
     267             : 
     268           0 :     log_assert (pkt->pkt.generic);
     269           0 :     switch( pkt->pkttype ) {
     270             :       case PKT_PLAINTEXT:
     271           0 :         n = calc_plaintext( pkt->pkt.plaintext );
     272           0 :         new_ctb = pkt->pkt.plaintext->new_ctb;
     273           0 :         break;
     274             :       case PKT_ATTRIBUTE:
     275             :       case PKT_USER_ID:
     276             :       case PKT_COMMENT:
     277             :       case PKT_PUBLIC_KEY:
     278             :       case PKT_SECRET_KEY:
     279             :       case PKT_SYMKEY_ENC:
     280             :       case PKT_PUBKEY_ENC:
     281             :       case PKT_ENCRYPTED:
     282             :       case PKT_SIGNATURE:
     283             :       case PKT_ONEPASS_SIG:
     284             :       case PKT_RING_TRUST:
     285             :       case PKT_COMPRESSED:
     286             :       default:
     287           0 :         log_bug("invalid packet type in calc_packet_length()");
     288             :         break;
     289             :     }
     290             : 
     291           0 :     n += calc_header_length(n, new_ctb);
     292           0 :     return n;
     293             : }
     294             : 
     295             : 
     296             : static gpg_error_t
     297           0 : write_fake_data (IOBUF out, gcry_mpi_t a)
     298             : {
     299             :   unsigned int n;
     300             :   void *p;
     301             : 
     302           0 :   if (!a)
     303           0 :     return 0;
     304           0 :   if (!gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
     305           0 :     return 0; /* e.g. due to generating a key with wrong usage.  */
     306           0 :   p = gcry_mpi_get_opaque ( a, &n);
     307           0 :   if (!p)
     308           0 :     return 0; /* For example due to a read error in
     309             :                  parse-packet.c:read_rest.  */
     310           0 :   return iobuf_write (out, p, (n+7)/8 );
     311             : }
     312             : 
     313             : 
     314             : /* Serialize the user id (RFC 4880, Section 5.11) or the user
     315             :    attribute UID (Section 5.12) and write it to OUT.
     316             : 
     317             :    CTB is the serialization's CTB.  It specifies the header format and
     318             :    the packet's type.  The header length must not be set.  */
     319             : static int
     320          95 : do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
     321             : {
     322             :   int rc;
     323             : 
     324          95 :   log_assert (ctb_pkttype (ctb) == PKT_USER_ID
     325             :               || ctb_pkttype (ctb) == PKT_ATTRIBUTE);
     326             : 
     327          95 :   if (uid->attrib_data)
     328             :     {
     329           0 :       write_header(out, ctb, uid->attrib_len);
     330           0 :       rc = iobuf_write( out, uid->attrib_data, uid->attrib_len );
     331             :     }
     332             :   else
     333             :     {
     334          95 :       write_header2( out, ctb, uid->len, 0 );
     335          95 :       rc = iobuf_write( out, uid->name, uid->len );
     336             :     }
     337          95 :   return rc;
     338             : }
     339             : 
     340             : 
     341             : /* Serialize the key (RFC 4880, Section 5.5) described by PK and write
     342             :    it to OUT.
     343             : 
     344             :    This function serializes both primary keys and subkeys with or
     345             :    without a secret part.
     346             : 
     347             :    CTB is the serialization's CTB.  It specifies the header format and
     348             :    the packet's type.  The header length must not be set.
     349             : 
     350             :    PK->VERSION specifies the serialization format.  A value of 0 means
     351             :    to use the default version.  Currently, only version 4 packets are
     352             :    supported.
     353             :  */
     354             : static int
     355         140 : do_key (iobuf_t out, int ctb, PKT_public_key *pk)
     356             : {
     357         140 :   gpg_error_t err = 0;
     358             :   /* The length of the body is stored in the packet's header, which
     359             :      occurs before the body.  Unfortunately, we don't know the length
     360             :      of the packet's body until we've written all of the data!  To
     361             :      work around this, we first write the data into this temporary
     362             :      buffer, then generate the header, and finally copy the contents
     363             :      of this buffer to OUT.  */
     364         140 :   iobuf_t a = iobuf_temp();
     365             :   int i, nskey, npkey;
     366             : 
     367         140 :   log_assert (pk->version == 0 || pk->version == 4);
     368         140 :   log_assert (ctb_pkttype (ctb) == PKT_PUBLIC_KEY
     369             :               || ctb_pkttype (ctb) == PKT_PUBLIC_SUBKEY
     370             :               || ctb_pkttype (ctb) == PKT_SECRET_KEY
     371             :               || ctb_pkttype (ctb) == PKT_SECRET_SUBKEY);
     372             : 
     373             :   /* Write the version number - if none is specified, use 4 */
     374         140 :   if ( !pk->version )
     375           0 :     iobuf_put ( a, 4 );
     376             :   else
     377         140 :     iobuf_put ( a, pk->version );
     378         140 :   write_32 (a, pk->timestamp );
     379             : 
     380         140 :   iobuf_put (a, pk->pubkey_algo );
     381             : 
     382             :   /* Get number of secret and public parameters.  They are held in one
     383             :      array: the public ones followed by the secret ones.  */
     384         140 :   nskey = pubkey_get_nskey (pk->pubkey_algo);
     385         140 :   npkey = pubkey_get_npkey (pk->pubkey_algo);
     386             : 
     387             :   /* If we don't have any public parameters - which is for example the
     388             :      case if we don't know the algorithm used - the parameters are
     389             :      stored as one blob in a faked (opaque) MPI. */
     390         140 :   if (!npkey)
     391             :     {
     392           0 :       write_fake_data (a, pk->pkey[0]);
     393           0 :       goto leave;
     394             :     }
     395         140 :   log_assert (npkey < nskey);
     396             : 
     397         566 :   for (i=0; i < npkey; i++ )
     398             :     {
     399         426 :       if (   (pk->pubkey_algo == PUBKEY_ALGO_ECDSA && (i == 0))
     400         420 :           || (pk->pubkey_algo == PUBKEY_ALGO_EDDSA && (i == 0))
     401         419 :           || (pk->pubkey_algo == PUBKEY_ALGO_ECDH  && (i == 0 || i == 2)))
     402          17 :         err = gpg_mpi_write_nohdr (a, pk->pkey[i]);
     403             :       else
     404         409 :         err = gpg_mpi_write (a, pk->pkey[i]);
     405         426 :       if (err)
     406           0 :         goto leave;
     407             :     }
     408             : 
     409             : 
     410         140 :   if (pk->seckey_info)
     411             :     {
     412             :       /* This is a secret key packet.  */
     413           5 :       struct seckey_info *ski = pk->seckey_info;
     414             : 
     415             :       /* Build the header for protected (encrypted) secret parameters.  */
     416           5 :       if (ski->is_protected)
     417             :         {
     418             :           /* OpenPGP protection according to rfc2440. */
     419           2 :           iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
     420           2 :           iobuf_put (a, ski->algo);
     421           2 :           if (ski->s2k.mode >= 1000)
     422             :             {
     423             :               /* These modes are not possible in OpenPGP, we use them
     424             :                  to implement our extensions, 101 can be viewed as a
     425             :                  private/experimental extension (this is not specified
     426             :                  in rfc2440 but the same scheme is used for all other
     427             :                  algorithm identifiers). */
     428           0 :               iobuf_put (a, 101);
     429           0 :               iobuf_put (a, ski->s2k.hash_algo);
     430           0 :               iobuf_write (a, "GNU", 3 );
     431           0 :               iobuf_put (a, ski->s2k.mode - 1000);
     432             :             }
     433             :           else
     434             :             {
     435           2 :               iobuf_put (a, ski->s2k.mode);
     436           2 :               iobuf_put (a, ski->s2k.hash_algo);
     437             :             }
     438             : 
     439           2 :           if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
     440           2 :             iobuf_write (a, ski->s2k.salt, 8);
     441             : 
     442           2 :           if (ski->s2k.mode == 3)
     443           2 :             iobuf_put (a, ski->s2k.count);
     444             : 
     445             :           /* For our special modes 1001, 1002 we do not need an IV. */
     446           2 :           if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
     447           2 :             iobuf_write (a, ski->iv, ski->ivlen);
     448             : 
     449             :         }
     450             :       else /* Not protected. */
     451           3 :         iobuf_put (a, 0 );
     452             : 
     453           5 :       if (ski->s2k.mode == 1001)
     454             :         ; /* GnuPG extension - don't write a secret key at all. */
     455           5 :       else if (ski->s2k.mode == 1002)
     456             :         {
     457             :           /* GnuPG extension - divert to OpenPGP smartcard. */
     458             :           /* Length of the serial number or 0 for no serial number. */
     459           0 :           iobuf_put (a, ski->ivlen );
     460             :           /* The serial number gets stored in the IV field.  */
     461           0 :           iobuf_write (a, ski->iv, ski->ivlen);
     462             :         }
     463           5 :       else if (ski->is_protected)
     464             :         {
     465             :           /* The secret key is protected - write it out as it is.  */
     466             :           byte *p;
     467             :           unsigned int ndatabits;
     468             : 
     469           2 :           log_assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
     470           2 :           p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
     471           2 :           if (p)
     472           2 :             iobuf_write (a, p, (ndatabits+7)/8 );
     473             :         }
     474             :       else
     475             :         {
     476             :           /* Non-protected key. */
     477           9 :           for ( ; i < nskey; i++ )
     478           6 :             if ( (err = gpg_mpi_write (a, pk->pkey[i])))
     479           0 :               goto leave;
     480           3 :           write_16 (a, ski->csum );
     481             :         }
     482             :     }
     483             : 
     484             :  leave:
     485         140 :   if (!err)
     486             :     {
     487             :       /* Build the header of the packet - which we must do after
     488             :          writing all the other stuff, so that we know the length of
     489             :          the packet */
     490         140 :       write_header2 (out, ctb, iobuf_get_temp_length(a), 0);
     491             :        /* And finally write it out to the real stream. */
     492         140 :       err = iobuf_write_temp (out, a);
     493             :     }
     494             : 
     495         140 :   iobuf_close (a); /* Close the temporary buffer */
     496         140 :   return err;
     497             : }
     498             : 
     499             : /* Serialize the symmetric-key encrypted session key packet (RFC 4880,
     500             :    5.3) described by ENC and write it to OUT.
     501             : 
     502             :    CTB is the serialization's CTB.  It specifies the header format and
     503             :    the packet's type.  The header length must not be set.  */
     504             : static int
     505         221 : do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
     506             : {
     507         221 :     int rc = 0;
     508         221 :     IOBUF a = iobuf_temp();
     509             : 
     510         221 :     log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC);
     511             : 
     512             :     /* The only acceptable version.  */
     513         221 :     log_assert( enc->version == 4 );
     514             : 
     515             :     /* RFC 4880, Section 3.7.  */
     516         221 :     switch( enc->s2k.mode )
     517             :       {
     518             :       /* Simple S2K.  */
     519             :       case 0:
     520             :       /* Salted S2K.  */
     521             :       case 1:
     522             :       /* Iterated and salted S2K.  */
     523             :       case 3:
     524             :         /* Reasonable values.  */
     525         221 :         break;
     526             : 
     527             :       default:
     528           0 :         log_bug("do_symkey_enc: s2k=%d\n", enc->s2k.mode );
     529             :     }
     530         221 :     iobuf_put( a, enc->version );
     531         221 :     iobuf_put( a, enc->cipher_algo );
     532         221 :     iobuf_put( a, enc->s2k.mode );
     533         221 :     iobuf_put( a, enc->s2k.hash_algo );
     534         221 :     if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
     535         221 :         iobuf_write(a, enc->s2k.salt, 8 );
     536         221 :         if( enc->s2k.mode == 3 )
     537         221 :             iobuf_put(a, enc->s2k.count);
     538             :     }
     539         221 :     if( enc->seskeylen )
     540           1 :         iobuf_write(a, enc->seskey, enc->seskeylen );
     541             : 
     542         221 :     write_header(out, ctb, iobuf_get_temp_length(a) );
     543         221 :     rc = iobuf_write_temp( out, a );
     544             : 
     545         221 :     iobuf_close(a);
     546         221 :     return rc;
     547             : }
     548             : 
     549             : 
     550             : /* Serialize the public-key encrypted session key packet (RFC 4880,
     551             :    5.1) described by ENC and write it to OUT.
     552             : 
     553             :    CTB is the serialization's CTB.  It specifies the header format and
     554             :    the packet's type.  The header length must not be set.  */
     555             : static int
     556         255 : do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
     557             : {
     558         255 :   int rc = 0;
     559             :   int n, i;
     560         255 :   IOBUF a = iobuf_temp();
     561             : 
     562         255 :   log_assert (ctb_pkttype (ctb) == PKT_PUBKEY_ENC);
     563             : 
     564         255 :   iobuf_put (a, 3); /* Version.  */
     565             : 
     566         255 :   if ( enc->throw_keyid )
     567             :     {
     568           3 :       write_32(a, 0 );  /* Don't tell Eve who can decrypt the message.  */
     569           3 :       write_32(a, 0 );
     570             :     }
     571             :   else
     572             :     {
     573         252 :       write_32(a, enc->keyid[0] );
     574         252 :       write_32(a, enc->keyid[1] );
     575             :     }
     576         255 :   iobuf_put(a,enc->pubkey_algo );
     577         255 :   n = pubkey_get_nenc( enc->pubkey_algo );
     578         255 :   if ( !n )
     579           0 :     write_fake_data( a, enc->data[0] );
     580             : 
     581         757 :   for (i=0; i < n && !rc ; i++ )
     582             :     {
     583         502 :       if (enc->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
     584          24 :         rc = gpg_mpi_write_nohdr (a, enc->data[i]);
     585             :       else
     586         478 :         rc = gpg_mpi_write (a, enc->data[i]);
     587             :     }
     588             : 
     589         255 :   if (!rc)
     590             :     {
     591         255 :       write_header (out, ctb, iobuf_get_temp_length(a) );
     592         255 :       rc = iobuf_write_temp (out, a);
     593             :     }
     594         255 :   iobuf_close(a);
     595         255 :   return rc;
     596             : }
     597             : 
     598             : 
     599             : /* Calculate the length of the serialized plaintext packet PT (RFC
     600             :    4480, Section 5.9).  */
     601             : static u32
     602         537 : calc_plaintext( PKT_plaintext *pt )
     603             : {
     604             :   /* Truncate namelen to the maximum 255 characters.  Note this means
     605             :      that a function that calls build_packet with an illegal literal
     606             :      packet will get it back legalized. */
     607             : 
     608         537 :   if(pt->namelen>255)
     609           0 :     pt->namelen=255;
     610             : 
     611         537 :   return pt->len? (1 + 1 + pt->namelen + 4 + pt->len) : 0;
     612             : }
     613             : 
     614             : /* Serialize the plaintext packet (RFC 4880, 5.9) described by PT and
     615             :    write it to OUT.
     616             : 
     617             :    The body of the message is stored in PT->BUF.  The amount of data
     618             :    to write is PT->LEN.  (PT->BUF should be configured to return EOF
     619             :    after this much data has been read.)  If PT->LEN is 0 and CTB
     620             :    indicates that this is a new format packet, then partial block mode
     621             :    is assumed to have been enabled on OUT.  On success, partial block
     622             :    mode is disabled.
     623             : 
     624             :    If PT->BUF is NULL, the the caller must write out the data.  In
     625             :    this case, if PT->LEN was 0, then partial body length mode was
     626             :    enabled and the caller must disable it by calling
     627             :    iobuf_set_partial_body_length_mode (out, 0).  */
     628             : static int
     629         537 : do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
     630             : {
     631         537 :     int rc = 0;
     632             :     size_t nbytes;
     633             : 
     634         537 :     log_assert (ctb_pkttype (ctb) == PKT_PLAINTEXT);
     635             : 
     636         537 :     write_header(out, ctb, calc_plaintext( pt ) );
     637         537 :     log_assert (pt->mode == 'b' || pt->mode == 't' || pt->mode == 'u'
     638             :                 || pt->mode == 'm'
     639             :                 || pt->mode == 'l' || pt->mode == '1');
     640         537 :     iobuf_put(out, pt->mode );
     641         537 :     iobuf_put(out, pt->namelen );
     642         537 :     iobuf_write (out, pt->name, pt->namelen);
     643         537 :     rc = write_32(out, pt->timestamp );
     644         537 :     if (rc)
     645           0 :       return rc;
     646             : 
     647         537 :     if (pt->buf)
     648             :       {
     649         537 :         nbytes = iobuf_copy (out, pt->buf);
     650         537 :         if(ctb_new_format_p (ctb) && !pt->len)
     651             :           /* Turn off partial body length mode.  */
     652          52 :           iobuf_set_partial_body_length_mode (out, 0);
     653         537 :         if( pt->len && nbytes != pt->len )
     654           0 :           log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n",
     655           0 :                     (ulong)nbytes, (ulong)pt->len );
     656             :       }
     657             : 
     658         537 :     return rc;
     659             : }
     660             : 
     661             : 
     662             : 
     663             : /* Serialize the symmetrically encrypted data packet (RFC 4880,
     664             :    Section 5.7) described by ED and write it to OUT.
     665             : 
     666             :    Note: this only writes the packets header!  The call must then
     667             :    follow up and write the initial random data and the body to OUT.
     668             :    (If you use the encryption iobuf filter (cipher_filter), then this
     669             :    is done automatically.)  */
     670             : static int
     671          58 : do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed )
     672             : {
     673          58 :     int rc = 0;
     674             :     u32 n;
     675             : 
     676          58 :     log_assert (! ed->mdc_method);
     677          58 :     log_assert (ctb_pkttype (ctb) == PKT_ENCRYPTED);
     678             : 
     679          58 :     n = ed->len ? (ed->len + ed->extralen) : 0;
     680          58 :     write_header(out, ctb, n );
     681             : 
     682             :     /* This is all. The caller has to write the real data */
     683             : 
     684          58 :     return rc;
     685             : }
     686             : 
     687             : /* Serialize the symmetrically encrypted integrity protected data
     688             :    packet (RFC 4880, Section 5.13) described by ED and write it to
     689             :    OUT.
     690             : 
     691             :    Note: this only writes the packet's header!  The caller must then
     692             :    follow up and write the initial random data, the body and the MDC
     693             :    packet to OUT.  (If you use the encryption iobuf filter
     694             :    (cipher_filter), then this is done automatically.)  */
     695             : static int
     696         409 : do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
     697             : {
     698         409 :     int rc = 0;
     699             :     u32 n;
     700             : 
     701         409 :     log_assert (ed->mdc_method);
     702         409 :     log_assert (ctb_pkttype (ctb) == PKT_ENCRYPTED_MDC);
     703             : 
     704             :     /* Take version number and the following MDC packet in account. */
     705         409 :     n = ed->len ? (ed->len + ed->extralen + 1 + 22) : 0;
     706         409 :     write_header(out, ctb, n );
     707         409 :     iobuf_put(out, 1 );  /* version */
     708             : 
     709             :     /* This is all. The caller has to write the real data */
     710             : 
     711         409 :     return rc;
     712             : }
     713             : 
     714             : 
     715             : /* Serialize the compressed packet (RFC 4880, Section 5.6) described
     716             :    by CD and write it to OUT.
     717             : 
     718             :    Note: this only writes the packet's header!  The caller must then
     719             :    follow up and write the body to OUT.  */
     720             : static int
     721         537 : do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
     722             : {
     723         537 :     int rc = 0;
     724             : 
     725         537 :     log_assert (ctb_pkttype (ctb) == PKT_COMPRESSED);
     726             : 
     727             :     /* We must use the old convention and don't use blockmode for the
     728             :        sake of PGP 2 compatibility.  However if the new_ctb flag was
     729             :        set, CTB is already formatted as new style and write_header2
     730             :        does create a partial length encoding using new the new
     731             :        style. */
     732         537 :     write_header2(out, ctb, 0, 0);
     733         537 :     iobuf_put(out, cd->algorithm );
     734             : 
     735             :     /* This is all. The caller has to write the real data */
     736             : 
     737         537 :     return rc;
     738             : }
     739             : 
     740             : 
     741             : /****************
     742             :  * Delete all subpackets of type REQTYPE and return a bool whether a packet
     743             :  * was deleted.
     744             :  */
     745             : int
     746         608 : delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
     747             : {
     748             :     int buflen;
     749             :     sigsubpkttype_t type;
     750             :     byte *buffer, *bufstart;
     751             :     size_t n;
     752         608 :     size_t unused = 0;
     753         608 :     int okay = 0;
     754             : 
     755         608 :     if( !area )
     756         408 :         return 0;
     757         200 :     buflen = area->len;
     758         200 :     buffer = area->data;
     759             :     for(;;) {
     760         471 :         if( !buflen ) {
     761         200 :             okay = 1;
     762         200 :             break;
     763             :         }
     764         271 :         bufstart = buffer;
     765         271 :         n = *buffer++; buflen--;
     766         271 :         if( n == 255 ) {
     767           0 :             if( buflen < 4 )
     768           0 :                 break;
     769           0 :             n = buf32_to_size_t (buffer);
     770           0 :             buffer += 4;
     771           0 :             buflen -= 4;
     772             :         }
     773         271 :         else if( n >= 192 ) {
     774           0 :             if( buflen < 2 )
     775           0 :                 break;
     776           0 :             n = (( n - 192 ) << 8) + *buffer + 192;
     777           0 :             buffer++;
     778           0 :             buflen--;
     779             :         }
     780         271 :         if( buflen < n )
     781           0 :             break;
     782             : 
     783         271 :         type = *buffer & 0x7f;
     784         271 :         if( type == reqtype ) {
     785           0 :             buffer++;
     786           0 :             buflen--;
     787           0 :             n--;
     788           0 :             if( n > buflen )
     789           0 :                 break;
     790           0 :             buffer += n; /* point to next subpkt */
     791           0 :             buflen -= n;
     792           0 :             memmove (bufstart, buffer, buflen); /* shift */
     793           0 :             unused +=  buffer - bufstart;
     794           0 :             buffer = bufstart;
     795             :         }
     796             :         else {
     797         271 :             buffer += n; buflen -=n;
     798             :         }
     799         271 :     }
     800             : 
     801         200 :     if (!okay)
     802           0 :         log_error ("delete_subpkt: buffer shorter than subpacket\n");
     803         200 :     log_assert (unused <= area->len);
     804         200 :     area->len -= unused;
     805         200 :     return !!unused;
     806             : }
     807             : 
     808             : 
     809             : /****************
     810             :  * Create or update a signature subpacket for SIG of TYPE.  This
     811             :  * functions knows where to put the data (hashed or unhashed).  The
     812             :  * function may move data from the unhashed part to the hashed one.
     813             :  * Note: All pointers into sig->[un]hashed (e.g. returned by
     814             :  * parse_sig_subpkt) are not valid after a call to this function.  The
     815             :  * data to put into the subpaket should be in a buffer with a length
     816             :  * of buflen.
     817             :  */
     818             : void
     819         302 : build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
     820             :                   const byte *buffer, size_t buflen )
     821             : {
     822             :     byte *p;
     823             :     int critical, hashed;
     824             :     subpktarea_t *oldarea, *newarea;
     825             :     size_t nlen, n, n0;
     826             : 
     827         302 :     critical = (type & SIGSUBPKT_FLAG_CRITICAL);
     828         302 :     type &= ~SIGSUBPKT_FLAG_CRITICAL;
     829             : 
     830             :     /* Sanity check buffer sizes */
     831         302 :     if(parse_one_sig_subpkt(buffer,buflen,type)<0)
     832           0 :       BUG();
     833             : 
     834         302 :     switch(type)
     835             :       {
     836             :       case SIGSUBPKT_NOTATION:
     837             :       case SIGSUBPKT_POLICY:
     838             :       case SIGSUBPKT_REV_KEY:
     839             :       case SIGSUBPKT_SIGNATURE:
     840             :         /* we do allow multiple subpackets */
     841           0 :         break;
     842             : 
     843             :       default:
     844             :         /* we don't allow multiple subpackets */
     845         302 :         delete_sig_subpkt(sig->hashed,type);
     846         302 :         delete_sig_subpkt(sig->unhashed,type);
     847         302 :         break;
     848             :       }
     849             : 
     850             :     /* Any special magic that needs to be done for this type so the
     851             :        packet doesn't need to be reparsed? */
     852         302 :     switch(type)
     853             :       {
     854             :       case SIGSUBPKT_NOTATION:
     855           0 :         sig->flags.notation=1;
     856           0 :         break;
     857             : 
     858             :       case SIGSUBPKT_POLICY:
     859           0 :         sig->flags.policy_url=1;
     860           0 :         break;
     861             : 
     862             :       case SIGSUBPKT_PREF_KS:
     863           0 :         sig->flags.pref_ks=1;
     864           0 :         break;
     865             : 
     866             :       case SIGSUBPKT_EXPORTABLE:
     867           0 :         if(buffer[0])
     868           0 :           sig->flags.exportable=1;
     869             :         else
     870           0 :           sig->flags.exportable=0;
     871           0 :         break;
     872             : 
     873             :       case SIGSUBPKT_REVOCABLE:
     874           0 :         if(buffer[0])
     875           0 :           sig->flags.revocable=1;
     876             :         else
     877           0 :           sig->flags.revocable=0;
     878           0 :         break;
     879             : 
     880             :       case SIGSUBPKT_TRUST:
     881           0 :         sig->trust_depth=buffer[0];
     882           0 :         sig->trust_value=buffer[1];
     883           0 :         break;
     884             : 
     885             :       case SIGSUBPKT_REGEXP:
     886           0 :         sig->trust_regexp=buffer;
     887           0 :         break;
     888             : 
     889             :         /* This should never happen since we don't currently allow
     890             :            creating such a subpacket, but just in case... */
     891             :       case SIGSUBPKT_SIG_EXPIRE:
     892           0 :         if(buf32_to_u32(buffer)+sig->timestamp<=make_timestamp())
     893           0 :           sig->flags.expired=1;
     894             :         else
     895           0 :           sig->flags.expired=0;
     896           0 :         break;
     897             : 
     898             :       default:
     899         302 :         break;
     900             :       }
     901             : 
     902         302 :     if( (buflen+1) >= 8384 )
     903           0 :         nlen = 5; /* write 5 byte length header */
     904         302 :     else if( (buflen+1) >= 192 )
     905           0 :         nlen = 2; /* write 2 byte length header */
     906             :     else
     907         302 :         nlen = 1; /* just a 1 byte length header */
     908             : 
     909         302 :     switch( type )
     910             :       {
     911             :         /* The issuer being unhashed is a historical oddity.  It
     912             :            should work equally as well hashed.  Of course, if even an
     913             :            unhashed issuer is tampered with, it makes it awfully hard
     914             :            to verify the sig... */
     915             :       case SIGSUBPKT_ISSUER:
     916             :       case SIGSUBPKT_SIGNATURE:
     917         136 :         hashed = 0;
     918         136 :         break;
     919             :       default:
     920         166 :         hashed = 1;
     921         166 :         break;
     922             :       }
     923             : 
     924         302 :     if( critical )
     925           0 :         type |= SIGSUBPKT_FLAG_CRITICAL;
     926             : 
     927         302 :     oldarea = hashed? sig->hashed : sig->unhashed;
     928             : 
     929             :     /* Calculate new size of the area and allocate */
     930         302 :     n0 = oldarea? oldarea->len : 0;
     931         302 :     n = n0 + nlen + 1 + buflen; /* length, type, buffer */
     932         302 :     if (oldarea && n <= oldarea->size) { /* fits into the unused space */
     933           0 :         newarea = oldarea;
     934             :         /*log_debug ("updating area for type %d\n", type );*/
     935             :     }
     936         302 :     else if (oldarea) {
     937          30 :         newarea = xrealloc (oldarea, sizeof (*newarea) + n - 1);
     938          30 :         newarea->size = n;
     939             :         /*log_debug ("reallocating area for type %d\n", type );*/
     940             :     }
     941             :     else {
     942         272 :         newarea = xmalloc (sizeof (*newarea) + n - 1);
     943         272 :         newarea->size = n;
     944             :         /*log_debug ("allocating area for type %d\n", type );*/
     945             :     }
     946         302 :     newarea->len = n;
     947             : 
     948         302 :     p = newarea->data + n0;
     949         302 :     if (nlen == 5) {
     950           0 :         *p++ = 255;
     951           0 :         *p++ = (buflen+1) >> 24;
     952           0 :         *p++ = (buflen+1) >> 16;
     953           0 :         *p++ = (buflen+1) >>  8;
     954           0 :         *p++ = (buflen+1);
     955           0 :         *p++ = type;
     956           0 :         memcpy (p, buffer, buflen);
     957             :     }
     958         302 :     else if (nlen == 2) {
     959           0 :         *p++ = (buflen+1-192) / 256 + 192;
     960           0 :         *p++ = (buflen+1-192) % 256;
     961           0 :         *p++ = type;
     962           0 :         memcpy (p, buffer, buflen);
     963             :     }
     964             :     else {
     965         302 :         *p++ = buflen+1;
     966         302 :         *p++ = type;
     967         302 :         memcpy (p, buffer, buflen);
     968             :     }
     969             : 
     970         302 :     if (hashed)
     971         166 :         sig->hashed = newarea;
     972             :     else
     973         136 :         sig->unhashed = newarea;
     974         302 : }
     975             : 
     976             : /*
     977             :  * Put all the required stuff from SIG into subpackets of sig.
     978             :  * PKSK is the signing key.
     979             :  * Hmmm, should we delete those subpackets which are in a wrong area?
     980             :  */
     981             : void
     982         136 : build_sig_subpkt_from_sig (PKT_signature *sig, PKT_public_key *pksk)
     983             : {
     984             :     u32  u;
     985             :     byte buf[1+MAX_FINGERPRINT_LEN];
     986             :     size_t fprlen;
     987             : 
     988             :     /* For v4 keys we need to write the ISSUER subpacket.  We do not
     989             :      * want that for a future v5 format.  */
     990         136 :     if (pksk->version < 5)
     991             :       {
     992         136 :         u = sig->keyid[0];
     993         136 :         buf[0] = (u >> 24) & 0xff;
     994         136 :         buf[1] = (u >> 16) & 0xff;
     995         136 :         buf[2] = (u >>  8) & 0xff;
     996         136 :         buf[3] = u & 0xff;
     997         136 :         u = sig->keyid[1];
     998         136 :         buf[4] = (u >> 24) & 0xff;
     999         136 :         buf[5] = (u >> 16) & 0xff;
    1000         136 :         buf[6] = (u >>  8) & 0xff;
    1001         136 :         buf[7] = u & 0xff;
    1002         136 :         build_sig_subpkt (sig, SIGSUBPKT_ISSUER, buf, 8);
    1003             :       }
    1004             : 
    1005             :     /* For a future v5 keys we write the ISSUER_FPR subpacket.  We
    1006             :      * also write that for a v4 key is experimental support for
    1007             :      * RFC4880bis is requested.  */
    1008         136 :     if (pksk->version > 4 || opt.flags.rfc4880bis)
    1009             :       {
    1010           0 :         fingerprint_from_pk (pksk, buf+1, &fprlen);
    1011           0 :         if (fprlen == 20)
    1012             :           {
    1013           0 :             buf[0] = pksk->version;
    1014           0 :             build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, 21);
    1015             :           }
    1016             :       }
    1017             : 
    1018             :     /* Write the timestamp.  */
    1019         136 :     u = sig->timestamp;
    1020         136 :     buf[0] = (u >> 24) & 0xff;
    1021         136 :     buf[1] = (u >> 16) & 0xff;
    1022         136 :     buf[2] = (u >>  8) & 0xff;
    1023         136 :     buf[3] = u & 0xff;
    1024         136 :     build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 );
    1025             : 
    1026         136 :     if(sig->expiredate)
    1027             :       {
    1028           0 :         if(sig->expiredate>sig->timestamp)
    1029           0 :           u=sig->expiredate-sig->timestamp;
    1030             :         else
    1031           0 :           u=1; /* A 1-second expiration time is the shortest one
    1032             :                   OpenPGP has */
    1033             : 
    1034           0 :         buf[0] = (u >> 24) & 0xff;
    1035           0 :         buf[1] = (u >> 16) & 0xff;
    1036           0 :         buf[2] = (u >>  8) & 0xff;
    1037           0 :         buf[3] = u & 0xff;
    1038             : 
    1039             :         /* Mark this CRITICAL, so if any implementation doesn't
    1040             :            understand sigs that can expire, it'll just disregard this
    1041             :            sig altogether. */
    1042             : 
    1043           0 :         build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
    1044             :                           buf, 4 );
    1045             :       }
    1046         136 : }
    1047             : 
    1048             : void
    1049           0 : build_attribute_subpkt(PKT_user_id *uid,byte type,
    1050             :                        const void *buf,u32 buflen,
    1051             :                        const void *header,u32 headerlen)
    1052             : {
    1053             :   byte *attrib;
    1054             :   int idx;
    1055             : 
    1056           0 :   if(1+headerlen+buflen>8383)
    1057           0 :     idx=5;
    1058           0 :   else if(1+headerlen+buflen>191)
    1059           0 :     idx=2;
    1060             :   else
    1061           0 :     idx=1;
    1062             : 
    1063             :   /* realloc uid->attrib_data to the right size */
    1064             : 
    1065           0 :   uid->attrib_data=xrealloc(uid->attrib_data,
    1066             :                              uid->attrib_len+idx+1+headerlen+buflen);
    1067             : 
    1068           0 :   attrib=&uid->attrib_data[uid->attrib_len];
    1069             : 
    1070           0 :   if(idx==5)
    1071             :     {
    1072           0 :       attrib[0]=255;
    1073           0 :       attrib[1]=(1+headerlen+buflen) >> 24;
    1074           0 :       attrib[2]=(1+headerlen+buflen) >> 16;
    1075           0 :       attrib[3]=(1+headerlen+buflen) >> 8;
    1076           0 :       attrib[4]=1+headerlen+buflen;
    1077             :     }
    1078           0 :   else if(idx==2)
    1079             :     {
    1080           0 :       attrib[0]=(1+headerlen+buflen-192) / 256 + 192;
    1081           0 :       attrib[1]=(1+headerlen+buflen-192) % 256;
    1082             :     }
    1083             :   else
    1084           0 :     attrib[0]=1+headerlen+buflen; /* Good luck finding a JPEG this small! */
    1085             : 
    1086           0 :   attrib[idx++]=type;
    1087             : 
    1088             :   /* Tack on our data at the end */
    1089             : 
    1090           0 :   if(headerlen>0)
    1091           0 :     memcpy(&attrib[idx],header,headerlen);
    1092           0 :   memcpy(&attrib[idx+headerlen],buf,buflen);
    1093           0 :   uid->attrib_len+=idx+headerlen+buflen;
    1094           0 : }
    1095             : 
    1096             : /* Returns a human-readable string corresponding to the notation.
    1097             :    This ignores notation->value.  The caller must free the result.  */
    1098             : static char *
    1099           0 : notation_value_to_human_readable_string (struct notation *notation)
    1100             : {
    1101           0 :   if(notation->bdat)
    1102             :     /* Binary data.  */
    1103             :     {
    1104           0 :       size_t len = notation->blen;
    1105             :       int i;
    1106             :       char preview[20];
    1107             : 
    1108           0 :       for (i = 0; i < len && i < sizeof (preview) - 1; i ++)
    1109           0 :         if (isprint (notation->bdat[i]))
    1110           0 :           preview[i] = notation->bdat[i];
    1111             :         else
    1112           0 :           preview[i] = '?';
    1113           0 :       preview[i] = 0;
    1114             : 
    1115           0 :       return xasprintf (_("[ not human readable (%zu bytes: %s%s) ]"),
    1116           0 :                         len, preview, i < len ? "..." : "");
    1117             :     }
    1118             :   else
    1119             :     /* The value is human-readable.  */
    1120           0 :     return xstrdup (notation->value);
    1121             : }
    1122             : 
    1123             : /* Turn the notation described by the string STRING into a notation.
    1124             : 
    1125             :    STRING has the form:
    1126             : 
    1127             :      - -name - Delete the notation.
    1128             :      - name@domain.name=value - Normal notation
    1129             :      - !name@domain.name=value - Notation with critical bit set.
    1130             : 
    1131             :    The caller must free the result using free_notation().  */
    1132             : struct notation *
    1133           0 : string_to_notation(const char *string,int is_utf8)
    1134             : {
    1135             :   const char *s;
    1136           0 :   int saw_at=0;
    1137             :   struct notation *notation;
    1138             : 
    1139           0 :   notation=xmalloc_clear(sizeof(*notation));
    1140             : 
    1141           0 :   if(*string=='-')
    1142             :     {
    1143           0 :       notation->flags.ignore=1;
    1144           0 :       string++;
    1145             :     }
    1146             : 
    1147           0 :   if(*string=='!')
    1148             :     {
    1149           0 :       notation->flags.critical=1;
    1150           0 :       string++;
    1151             :     }
    1152             : 
    1153             :   /* If and when the IETF assigns some official name tags, we'll have
    1154             :      to add them here. */
    1155             : 
    1156           0 :   for( s=string ; *s != '='; s++ )
    1157             :     {
    1158           0 :       if( *s=='@')
    1159           0 :         saw_at++;
    1160             : 
    1161             :       /* -notationname is legal without an = sign */
    1162           0 :       if(!*s && notation->flags.ignore)
    1163           0 :         break;
    1164             : 
    1165           0 :       if( !*s || !isascii (*s) || (!isgraph(*s) && !isspace(*s)) )
    1166             :         {
    1167           0 :           log_error(_("a notation name must have only printable characters"
    1168             :                       " or spaces, and end with an '='\n") );
    1169           0 :           goto fail;
    1170             :         }
    1171             :     }
    1172             : 
    1173           0 :   notation->name=xmalloc((s-string)+1);
    1174           0 :   strncpy(notation->name,string,s-string);
    1175           0 :   notation->name[s-string]='\0';
    1176             : 
    1177           0 :   if(!saw_at && !opt.expert)
    1178             :     {
    1179           0 :       log_error(_("a user notation name must contain the '@' character\n"));
    1180           0 :       goto fail;
    1181             :     }
    1182             : 
    1183           0 :   if (saw_at > 1)
    1184             :     {
    1185           0 :       log_error(_("a notation name must not contain more than"
    1186             :                   " one '@' character\n"));
    1187           0 :       goto fail;
    1188             :     }
    1189             : 
    1190           0 :   if(*s)
    1191             :     {
    1192           0 :       const char *i=s+1;
    1193           0 :       int highbit=0;
    1194             : 
    1195             :       /* we only support printable text - therefore we enforce the use
    1196             :          of only printable characters (an empty value is valid) */
    1197           0 :       for(s++; *s ; s++ )
    1198             :         {
    1199           0 :           if ( !isascii (*s) )
    1200           0 :             highbit=1;
    1201           0 :           else if (iscntrl(*s))
    1202             :             {
    1203           0 :               log_error(_("a notation value must not use any"
    1204             :                           " control characters\n"));
    1205           0 :               goto fail;
    1206             :             }
    1207             :         }
    1208             : 
    1209           0 :       if(!highbit || is_utf8)
    1210           0 :         notation->value=xstrdup(i);
    1211             :       else
    1212           0 :         notation->value=native_to_utf8(i);
    1213             :     }
    1214             : 
    1215           0 :   return notation;
    1216             : 
    1217             :  fail:
    1218           0 :   free_notation(notation);
    1219           0 :   return NULL;
    1220             : }
    1221             : 
    1222             : /* Like string_to_notation, but store opaque data rather than human
    1223             :    readable data.  */
    1224             : struct notation *
    1225           0 : blob_to_notation(const char *name, const char *data, size_t len)
    1226             : {
    1227             :   const char *s;
    1228           0 :   int saw_at=0;
    1229             :   struct notation *notation;
    1230             : 
    1231           0 :   notation=xmalloc_clear(sizeof(*notation));
    1232             : 
    1233           0 :   if(*name=='-')
    1234             :     {
    1235           0 :       notation->flags.ignore=1;
    1236           0 :       name++;
    1237             :     }
    1238             : 
    1239           0 :   if(*name=='!')
    1240             :     {
    1241           0 :       notation->flags.critical=1;
    1242           0 :       name++;
    1243             :     }
    1244             : 
    1245             :   /* If and when the IETF assigns some official name tags, we'll have
    1246             :      to add them here. */
    1247             : 
    1248           0 :   for( s=name ; *s; s++ )
    1249             :     {
    1250           0 :       if( *s=='@')
    1251           0 :         saw_at++;
    1252             : 
    1253             :       /* -notationname is legal without an = sign */
    1254           0 :       if(!*s && notation->flags.ignore)
    1255           0 :         break;
    1256             : 
    1257           0 :       if (*s == '=')
    1258             :         {
    1259           0 :           log_error(_("a notation name may not contain an '=' character\n"));
    1260           0 :           goto fail;
    1261             :         }
    1262             : 
    1263           0 :       if (!isascii (*s) || (!isgraph(*s) && !isspace(*s)))
    1264             :         {
    1265           0 :           log_error(_("a notation name must have only printable characters"
    1266             :                       " or spaces\n") );
    1267           0 :           goto fail;
    1268             :         }
    1269             :     }
    1270             : 
    1271           0 :   notation->name=xstrdup (name);
    1272             : 
    1273           0 :   if(!saw_at && !opt.expert)
    1274             :     {
    1275           0 :       log_error(_("a user notation name must contain the '@' character\n"));
    1276           0 :       goto fail;
    1277             :     }
    1278             : 
    1279           0 :   if (saw_at > 1)
    1280             :     {
    1281           0 :       log_error(_("a notation name must not contain more than"
    1282             :                   " one '@' character\n"));
    1283           0 :       goto fail;
    1284             :     }
    1285             : 
    1286           0 :   notation->bdat = xmalloc (len);
    1287           0 :   memcpy (notation->bdat, data, len);
    1288           0 :   notation->blen = len;
    1289             : 
    1290           0 :   notation->value = notation_value_to_human_readable_string (notation);
    1291             : 
    1292           0 :   return notation;
    1293             : 
    1294             :  fail:
    1295           0 :   free_notation(notation);
    1296           0 :   return NULL;
    1297             : }
    1298             : 
    1299             : struct notation *
    1300         160 : sig_to_notation(PKT_signature *sig)
    1301             : {
    1302             :   const byte *p;
    1303             :   size_t len;
    1304         160 :   int seq = 0;
    1305             :   int crit;
    1306         160 :   notation_t list = NULL;
    1307             : 
    1308             :   /* See RFC 4880, 5.2.3.16 for the format of notation data.  In
    1309             :      short, a notation has:
    1310             : 
    1311             :        - 4 bytes of flags
    1312             :        - 2 byte name length (n1)
    1313             :        - 2 byte value length (n2)
    1314             :        - n1 bytes of name data
    1315             :        - n2 bytes of value data
    1316             :    */
    1317         320 :   while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
    1318             :     {
    1319             :       int n1,n2;
    1320           0 :       struct notation *n=NULL;
    1321             : 
    1322           0 :       if(len<8)
    1323             :         {
    1324           0 :           log_info(_("WARNING: invalid notation data found\n"));
    1325           0 :           continue;
    1326             :         }
    1327             : 
    1328             :       /* name length.  */
    1329           0 :       n1=(p[4]<<8)|p[5];
    1330             :       /* value length.  */
    1331           0 :       n2=(p[6]<<8)|p[7];
    1332             : 
    1333           0 :       if(8+n1+n2!=len)
    1334             :         {
    1335           0 :           log_info(_("WARNING: invalid notation data found\n"));
    1336           0 :           continue;
    1337             :         }
    1338             : 
    1339           0 :       n=xmalloc_clear(sizeof(*n));
    1340           0 :       n->name=xmalloc(n1+1);
    1341             : 
    1342           0 :       memcpy(n->name,&p[8],n1);
    1343           0 :       n->name[n1]='\0';
    1344             : 
    1345           0 :       if(p[0]&0x80)
    1346             :         /* The value is human-readable.  */
    1347             :         {
    1348           0 :           n->value=xmalloc(n2+1);
    1349           0 :           memcpy(n->value,&p[8+n1],n2);
    1350           0 :           n->value[n2]='\0';
    1351           0 :           n->flags.human = 1;
    1352             :         }
    1353             :       else
    1354             :         /* Binary data.  */
    1355             :         {
    1356           0 :           n->bdat=xmalloc(n2);
    1357           0 :           n->blen=n2;
    1358           0 :           memcpy(n->bdat,&p[8+n1],n2);
    1359             : 
    1360           0 :           n->value = notation_value_to_human_readable_string (n);
    1361             :         }
    1362             : 
    1363           0 :       n->flags.critical=crit;
    1364             : 
    1365           0 :       n->next=list;
    1366           0 :       list=n;
    1367             :     }
    1368             : 
    1369         160 :   return list;
    1370             : }
    1371             : 
    1372             : /* Release the resources associated with the *list* of notations.  To
    1373             :    release a single notation, make sure that notation->next is
    1374             :    NULL.  */
    1375             : void
    1376         160 : free_notation(struct notation *notation)
    1377             : {
    1378         320 :   while(notation)
    1379             :     {
    1380           0 :       struct notation *n=notation;
    1381             : 
    1382           0 :       xfree(n->name);
    1383           0 :       xfree(n->value);
    1384           0 :       xfree(n->altvalue);
    1385           0 :       xfree(n->bdat);
    1386           0 :       notation=n->next;
    1387           0 :       xfree(n);
    1388             :     }
    1389         160 : }
    1390             : 
    1391             : /* Serialize the signature packet (RFC 4880, Section 5.2) described by
    1392             :    SIG and write it to OUT.  */
    1393             : static int
    1394         440 : do_signature( IOBUF out, int ctb, PKT_signature *sig )
    1395             : {
    1396         440 :   int rc = 0;
    1397             :   int n, i;
    1398         440 :   IOBUF a = iobuf_temp();
    1399             : 
    1400         440 :   log_assert (ctb_pkttype (ctb) == PKT_SIGNATURE);
    1401             : 
    1402         440 :   if ( !sig->version || sig->version == 3)
    1403             :     {
    1404           2 :       iobuf_put( a, 3 );
    1405             : 
    1406             :       /* Version 3 packets don't support subpackets.  */
    1407           2 :       log_assert (! sig->hashed);
    1408           2 :       log_assert (! sig->unhashed);
    1409             :     }
    1410             :   else
    1411         438 :     iobuf_put( a, sig->version );
    1412         440 :   if ( sig->version < 4 )
    1413           2 :     iobuf_put (a, 5 ); /* Constant */
    1414         440 :   iobuf_put (a, sig->sig_class );
    1415         440 :   if ( sig->version < 4 )
    1416             :     {
    1417           2 :       write_32(a, sig->timestamp );
    1418           2 :       write_32(a, sig->keyid[0] );
    1419           2 :       write_32(a, sig->keyid[1] );
    1420             :     }
    1421         440 :   iobuf_put(a, sig->pubkey_algo );
    1422         440 :   iobuf_put(a, sig->digest_algo );
    1423         440 :   if ( sig->version >= 4 )
    1424             :     {
    1425             :       size_t nn;
    1426             :       /* Timestamp and keyid must have been packed into the subpackets
    1427             :          prior to the call of this function, because these subpackets
    1428             :          are hashed. */
    1429         438 :       nn = sig->hashed? sig->hashed->len : 0;
    1430         438 :       write_16(a, nn);
    1431         438 :       if (nn)
    1432         438 :         iobuf_write( a, sig->hashed->data, nn );
    1433         438 :       nn = sig->unhashed? sig->unhashed->len : 0;
    1434         438 :       write_16(a, nn);
    1435         438 :       if (nn)
    1436         438 :         iobuf_write( a, sig->unhashed->data, nn );
    1437             :     }
    1438         440 :   iobuf_put(a, sig->digest_start[0] );
    1439         440 :   iobuf_put(a, sig->digest_start[1] );
    1440         440 :   n = pubkey_get_nsig( sig->pubkey_algo );
    1441         440 :   if ( !n )
    1442           0 :     write_fake_data( a, sig->data[0] );
    1443        1214 :   for (i=0; i < n && !rc ; i++ )
    1444         774 :     rc = gpg_mpi_write (a, sig->data[i] );
    1445             : 
    1446         440 :   if (!rc)
    1447             :     {
    1448         440 :       if ( is_RSA(sig->pubkey_algo) && sig->version < 4 )
    1449           1 :         write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
    1450             :       else
    1451         439 :         write_header(out, ctb, iobuf_get_temp_length(a) );
    1452         440 :       rc = iobuf_write_temp( out, a );
    1453             :     }
    1454             : 
    1455         440 :   iobuf_close(a);
    1456         440 :   return rc;
    1457             : }
    1458             : 
    1459             : 
    1460             : /* Serialize the one-pass signature packet (RFC 4880, Section 5.4)
    1461             :    described by OPS and write it to OUT.  */
    1462             : static int
    1463         105 : do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
    1464             : {
    1465         105 :     log_assert (ctb_pkttype (ctb) == PKT_ONEPASS_SIG);
    1466             : 
    1467         105 :     write_header(out, ctb, 4 + 8 + 1);
    1468             : 
    1469         105 :     iobuf_put (out, 3);  /* Version.  */
    1470         105 :     iobuf_put(out, ops->sig_class );
    1471         105 :     iobuf_put(out, ops->digest_algo );
    1472         105 :     iobuf_put(out, ops->pubkey_algo );
    1473         105 :     write_32(out, ops->keyid[0] );
    1474         105 :     write_32(out, ops->keyid[1] );
    1475         105 :     iobuf_put(out, ops->last );
    1476             : 
    1477         105 :     return 0;
    1478             : }
    1479             : 
    1480             : 
    1481             : /* Write a 16-bit quantity to OUT in big endian order.  */
    1482             : static int
    1483         879 : write_16(IOBUF out, u16 a)
    1484             : {
    1485         879 :     iobuf_put(out, a>>8);
    1486         879 :     if( iobuf_put(out,a) )
    1487           0 :         return -1;
    1488         879 :     return 0;
    1489             : }
    1490             : 
    1491             : /* Write a 32-bit quantity to OUT in big endian order.  */
    1492             : static int
    1493        1403 : write_32(IOBUF out, u32 a)
    1494             : {
    1495        1403 :     iobuf_put(out, a>> 24);
    1496        1403 :     iobuf_put(out, a>> 16);
    1497        1403 :     iobuf_put(out, a>> 8);
    1498        1403 :     return iobuf_put(out, a);
    1499             : }
    1500             : 
    1501             : 
    1502             : /****************
    1503             :  * calculate the length of a header.
    1504             :  *
    1505             :  * LEN is the length of the packet's body.  NEW_CTB is whether we are
    1506             :  * using a new or old format packet.
    1507             :  *
    1508             :  * This function does not handle indeterminate lengths or partial body
    1509             :  * lengths.  (If you pass LEN as 0, then this function assumes you
    1510             :  * really mean an empty body.)
    1511             :  */
    1512             : static int
    1513           0 : calc_header_length( u32 len, int new_ctb )
    1514             : {
    1515           0 :     if( new_ctb ) {
    1516           0 :         if( len < 192 )
    1517           0 :             return 2;
    1518           0 :         if( len < 8384 )
    1519           0 :             return 3;
    1520             :         else
    1521           0 :             return 6;
    1522             :     }
    1523           0 :     if( len < 256 )
    1524           0 :         return 2;
    1525           0 :     if( len < 65536 )
    1526           0 :         return 3;
    1527             : 
    1528           0 :     return 5;
    1529             : }
    1530             : 
    1531             : /****************
    1532             :  * Write the CTB and the packet length
    1533             :  */
    1534             : static int
    1535        2024 : write_header( IOBUF out, int ctb, u32 len )
    1536             : {
    1537        2024 :     return write_header2( out, ctb, len, 0 );
    1538             : }
    1539             : 
    1540             : 
    1541             : static int
    1542           1 : write_sign_packet_header (IOBUF out, int ctb, u32 len)
    1543             : {
    1544             :   (void)ctb;
    1545             : 
    1546             :   /* Work around a bug in the pgp read function for signature packets,
    1547             :      which are not correctly coded and silently assume at some point 2
    1548             :      byte length headers.*/
    1549           1 :   iobuf_put (out, 0x89 );
    1550           1 :   iobuf_put (out, len >> 8 );
    1551           1 :   return iobuf_put (out, len) == -1 ? -1:0;
    1552             : }
    1553             : 
    1554             : /****************
    1555             :  * Write a packet header to OUT.
    1556             :  *
    1557             :  * CTB is the ctb.  It determines whether a new or old format packet
    1558             :  * header should be written.  The length field is adjusted, but the
    1559             :  * CTB is otherwise written out as is.
    1560             :  *
    1561             :  * LEN is the length of the packet's body.
    1562             :  *
    1563             :  * If HDRLEN is set, then we don't necessarily use the most efficient
    1564             :  * encoding to store LEN, but the specified length.  (If this is not
    1565             :  * possible, this is a bug.)  In this case, LEN=0 means a 0 length
    1566             :  * packet.  Note: setting HDRLEN is only supported for old format
    1567             :  * packets!
    1568             :  *
    1569             :  * If HDRLEN is not set, then the shortest encoding is used.  In this
    1570             :  * case, LEN=0 means the body has an indeterminate length and a
    1571             :  * partial body length header (if a new format packet) or an
    1572             :  * indeterminate length header (if an old format packet) is written
    1573             :  * out.  Further, if using partial body lengths, this enables partial
    1574             :  * body length mode on OUT.
    1575             :  */
    1576             : static int
    1577        2796 : write_header2( IOBUF out, int ctb, u32 len, int hdrlen )
    1578             : {
    1579        2796 :   if (ctb_new_format_p (ctb))
    1580         519 :     return write_new_header( out, ctb, len, hdrlen );
    1581             : 
    1582             :   /* An old format packet.  Refer to RFC 4880, Section 4.2.1 to
    1583             :      understand how lengths are encoded in this case.  */
    1584             : 
    1585             :   /* The length encoding is stored in the two least significant bits.
    1586             :      Make sure they are cleared.  */
    1587        2277 :   log_assert ((ctb & 3) == 0);
    1588             : 
    1589        2277 :   log_assert (hdrlen == 0 || hdrlen == 2 || hdrlen == 3 || hdrlen == 5);
    1590             : 
    1591        2277 :   if (hdrlen)
    1592             :     /* Header length is given.  */
    1593             :     {
    1594           0 :       if( hdrlen == 2 && len < 256 )
    1595             :         /* 00 => 1 byte length.  */
    1596             :         ;
    1597           0 :       else if( hdrlen == 3 && len < 65536 )
    1598             :         /* 01 => 2 byte length.  If len < 256, this is not the most
    1599             :            compact encoding, but it is a correct encoding.  */
    1600           0 :         ctb |= 1;
    1601           0 :       else if (hdrlen == 5)
    1602             :         /* 10 => 4 byte length.  If len < 65536, this is not the most
    1603             :            compact encoding, but it is a correct encoding.  */
    1604           0 :         ctb |= 2;
    1605             :       else
    1606           0 :         log_bug ("Can't encode length=%d in a %d byte header!\n",
    1607             :                  len, hdrlen);
    1608             :     }
    1609             :   else
    1610             :     {
    1611        2277 :       if( !len )
    1612             :         /* 11 => Indeterminate length.  */
    1613         537 :         ctb |= 3;
    1614        1740 :       else if( len < 256 )
    1615             :         /* 00 => 1 byte length.  */
    1616             :         ;
    1617         583 :       else if( len < 65536 )
    1618             :         /* 01 => 2 byte length.  */
    1619         534 :         ctb |= 1;
    1620             :       else
    1621             :         /* 10 => 4 byte length.  */
    1622          49 :         ctb |= 2;
    1623             :     }
    1624             : 
    1625        2277 :   if( iobuf_put(out, ctb ) )
    1626           0 :     return -1;
    1627             : 
    1628        2277 :   if( len || hdrlen )
    1629             :     {
    1630        1740 :       if( ctb & 2 )
    1631             :         {
    1632          49 :           if(iobuf_put(out, len >> 24 ))
    1633           0 :             return -1;
    1634          49 :           if(iobuf_put(out, len >> 16 ))
    1635           0 :             return -1;
    1636             :         }
    1637             : 
    1638        1740 :       if( ctb & 3 )
    1639         583 :         if(iobuf_put(out, len >> 8 ))
    1640           0 :           return -1;
    1641             : 
    1642        1740 :       if( iobuf_put(out, len ) )
    1643           0 :         return -1;
    1644             :     }
    1645             : 
    1646        2277 :   return 0;
    1647             : }
    1648             : 
    1649             : 
    1650             : /* Write a new format header to OUT.
    1651             : 
    1652             :    CTB is the ctb.
    1653             : 
    1654             :    LEN is the length of the packet's body.  If LEN is 0, then enables
    1655             :    partial body length mode (i.e., the body is of an indeterminant
    1656             :    length) on OUT.  Note: this function cannot be used to generate a
    1657             :    header for a zero length packet.
    1658             : 
    1659             :    HDRLEN is the length of the packet's header.  If HDRLEN is 0, the
    1660             :    shortest encoding is chosen based on the length of the packet's
    1661             :    body.  Currently, values other than 0 are not supported.
    1662             : 
    1663             :    Returns 0 on success.  */
    1664             : static int
    1665         519 : write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
    1666             : {
    1667         519 :     if( hdrlen )
    1668           0 :         log_bug("can't cope with hdrlen yet\n");
    1669             : 
    1670         519 :     if( iobuf_put(out, ctb ) )
    1671           0 :         return -1;
    1672         519 :     if( !len ) {
    1673         519 :         iobuf_set_partial_body_length_mode(out, 512 );
    1674             :     }
    1675             :     else {
    1676           0 :         if( len < 192 ) {
    1677           0 :             if( iobuf_put(out, len ) )
    1678           0 :                 return -1;
    1679             :         }
    1680           0 :         else if( len < 8384 ) {
    1681           0 :             len -= 192;
    1682           0 :             if( iobuf_put( out, (len / 256) + 192) )
    1683           0 :                 return -1;
    1684           0 :             if( iobuf_put( out, (len % 256) )  )
    1685           0 :                 return -1;
    1686             :         }
    1687             :         else {
    1688           0 :             if( iobuf_put( out, 0xff ) )
    1689           0 :                 return -1;
    1690           0 :             if( iobuf_put( out, (len >> 24)&0xff ) )
    1691           0 :                 return -1;
    1692           0 :             if( iobuf_put( out, (len >> 16)&0xff ) )
    1693           0 :                 return -1;
    1694           0 :             if( iobuf_put( out, (len >> 8)&0xff )  )
    1695           0 :                 return -1;
    1696           0 :             if( iobuf_put( out, len & 0xff ) )
    1697           0 :                 return -1;
    1698             :         }
    1699             :     }
    1700         519 :     return 0;
    1701             : }

Generated by: LCOV version 1.11