Line data Source code
1 : /* parse-packet.c - read packets
2 : * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 : * 2007, 2009, 2010 Free Software Foundation, Inc.
4 : * Copyright (C) 2014 Werner Koch
5 : * Copyright (C) 2015 g10 Code GmbH
6 : *
7 : * This file is part of GnuPG.
8 : *
9 : * GnuPG is free software; you can redistribute it and/or modify
10 : * it under the terms of the GNU General Public License as published by
11 : * the Free Software Foundation; either version 3 of the License, or
12 : * (at your option) any later version.
13 : *
14 : * GnuPG is distributed in the hope that it will be useful,
15 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : * GNU General Public License for more details.
18 : *
19 : * You should have received a copy of the GNU General Public License
20 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include <config.h>
24 : #include <stdio.h>
25 : #include <stdlib.h>
26 : #include <string.h>
27 :
28 : #include "gpg.h"
29 : #include "util.h"
30 : #include "packet.h"
31 : #include "iobuf.h"
32 : #include "filter.h"
33 : #include "photoid.h"
34 : #include "options.h"
35 : #include "main.h"
36 : #include "i18n.h"
37 : #include "host2net.h"
38 :
39 :
40 : /* Maximum length of packets to avoid excessive memory allocation. */
41 : #define MAX_KEY_PACKET_LENGTH (256 * 1024)
42 : #define MAX_UID_PACKET_LENGTH ( 2 * 1024)
43 : #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
44 : #define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024)
45 :
46 :
47 : static int mpi_print_mode;
48 : static int list_mode;
49 : static estream_t listfp;
50 :
51 : static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
52 : off_t * retpos, int *skip, IOBUF out, int do_skip
53 : #ifdef DEBUG_PARSE_PACKET
54 : , const char *dbg_w, const char *dbg_f, int dbg_l
55 : #endif
56 : );
57 : static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
58 : unsigned long pktlen, int partial);
59 : static void skip_packet (IOBUF inp, int pkttype,
60 : unsigned long pktlen, int partial);
61 : static void *read_rest (IOBUF inp, size_t pktlen);
62 : static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
63 : static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
64 : PACKET * packet);
65 : static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
66 : PACKET * packet);
67 : static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
68 : PKT_onepass_sig * ops);
69 : static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
70 : byte * hdr, int hdrlen, PACKET * packet);
71 : static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
72 : PACKET * packet);
73 : static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
74 : PACKET * packet);
75 : static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
76 : PACKET * packet);
77 : static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
78 : PACKET * packet);
79 : static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
80 : PACKET * packet, int new_ctb, int partial);
81 : static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
82 : PACKET * packet, int new_ctb);
83 : static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
84 : PACKET * packet, int new_ctb, int partial);
85 : static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
86 : PACKET * packet, int new_ctb);
87 : static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
88 : PACKET * packet, int partial);
89 :
90 : /* Read a 16-bit value in MSB order (big endian) from an iobuf. */
91 : static unsigned short
92 17449 : read_16 (IOBUF inp)
93 : {
94 : unsigned short a;
95 17449 : a = (unsigned short)iobuf_get_noeof (inp) << 8;
96 17449 : a |= iobuf_get_noeof (inp);
97 17449 : return a;
98 : }
99 :
100 :
101 : /* Read a 32-bit value in MSB order (big endian) from an iobuf. */
102 : static unsigned long
103 10585 : read_32 (IOBUF inp)
104 : {
105 : unsigned long a;
106 10585 : a = (unsigned long)iobuf_get_noeof (inp) << 24;
107 10585 : a |= iobuf_get_noeof (inp) << 16;
108 10585 : a |= iobuf_get_noeof (inp) << 8;
109 10585 : a |= iobuf_get_noeof (inp);
110 10585 : return a;
111 : }
112 :
113 :
114 : /* Read an external representation of an MPI and return the MPI. The
115 : external format is a 16-bit unsigned value stored in network byte
116 : order giving the number of bits for the following integer. The
117 : integer is stored MSB first and is left padded with zero bits to
118 : align on a byte boundary.
119 :
120 : The caller must set *RET_NREAD to the maximum number of bytes to
121 : read from the pipeline INP. This function sets *RET_NREAD to be
122 : the number of bytes actually read from the pipeline.
123 :
124 : If SECURE is true, the integer is stored in secure memory
125 : (allocated using gcry_xmalloc_secure). */
126 : static gcry_mpi_t
127 37130 : mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
128 : {
129 : int c, c1, c2, i;
130 37130 : unsigned int nmax = *ret_nread;
131 : unsigned int nbits, nbytes;
132 37130 : size_t nread = 0;
133 37130 : gcry_mpi_t a = NULL;
134 37130 : byte *buf = NULL;
135 : byte *p;
136 :
137 37130 : if (!nmax)
138 0 : goto overflow;
139 :
140 37130 : if ((c = c1 = iobuf_get (inp)) == -1)
141 0 : goto leave;
142 37130 : if (++nread == nmax)
143 0 : goto overflow;
144 37130 : nbits = c << 8;
145 37130 : if ((c = c2 = iobuf_get (inp)) == -1)
146 0 : goto leave;
147 37130 : ++nread;
148 37130 : nbits |= c;
149 37130 : if (nbits > MAX_EXTERN_MPI_BITS)
150 : {
151 0 : log_error ("mpi too large (%u bits)\n", nbits);
152 0 : goto leave;
153 : }
154 :
155 37130 : nbytes = (nbits + 7) / 8;
156 37130 : buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
157 37130 : p = buf;
158 37130 : p[0] = c1;
159 37130 : p[1] = c2;
160 3030197 : for (i = 0; i < nbytes; i++)
161 : {
162 2993067 : if (nread == nmax)
163 0 : goto overflow;
164 :
165 2993067 : c = iobuf_get (inp);
166 2993067 : if (c == -1)
167 0 : goto leave;
168 :
169 2993067 : p[i + 2] = c;
170 2993067 : nread ++;
171 : }
172 :
173 37130 : if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
174 0 : a = NULL;
175 :
176 37130 : *ret_nread = nread;
177 37130 : gcry_free(buf);
178 37130 : return a;
179 :
180 : overflow:
181 0 : log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
182 : leave:
183 0 : *ret_nread = nread;
184 0 : gcry_free(buf);
185 0 : return a;
186 : }
187 :
188 :
189 : int
190 6963 : set_packet_list_mode (int mode)
191 : {
192 6963 : int old = list_mode;
193 6963 : list_mode = mode;
194 :
195 : /* We use stdout only if invoked by the --list-packets command
196 : but switch to stderr in all other cases. This breaks the
197 : previous behaviour but that seems to be more of a bug than
198 : intentional. I don't believe that any application makes use of
199 : this long standing annoying way of printing to stdout except when
200 : doing a --list-packets. If this assumption fails, it will be easy
201 : to add an option for the listing stream. Note that we initialize
202 : it only once; mainly because there is code which switches
203 : opt.list_mode back to 1 and we want to have all output to the
204 : same stream. The MPI_PRINT_MODE will be enabled if the
205 : corresponding debug flag is set or if we are in --list-packets
206 : and --verbose is given.
207 :
208 : Using stderr is not actually very clean because it bypasses the
209 : logging code but it is a special thing anyway. I am not sure
210 : whether using log_stream() would be better. Perhaps we should
211 : enable the list mode only with a special option. */
212 6963 : if (!listfp)
213 : {
214 1013 : if (opt.list_packets)
215 : {
216 13 : listfp = es_stdout;
217 13 : if (opt.verbose)
218 0 : mpi_print_mode = 1;
219 : }
220 : else
221 1000 : listfp = es_stderr;
222 :
223 1013 : if (DBG_MPI)
224 0 : mpi_print_mode = 1;
225 : }
226 6963 : return old;
227 : }
228 :
229 :
230 : /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
231 : not suitable for signing and encryption. */
232 : static void
233 0 : unknown_pubkey_warning (int algo)
234 : {
235 : static byte unknown_pubkey_algos[256];
236 :
237 : /* First check whether the algorithm is usable but not suitable for
238 : encryption/signing. */
239 0 : if (pubkey_get_npkey (algo))
240 : {
241 0 : if (opt.verbose)
242 : {
243 0 : if (!pubkey_get_nsig (algo))
244 0 : log_info ("public key algorithm %s not suitable for %s\n",
245 : openpgp_pk_algo_name (algo), "signing");
246 0 : if (!pubkey_get_nenc (algo))
247 0 : log_info ("public key algorithm %s not suitable for %s\n",
248 : openpgp_pk_algo_name (algo), "encryption");
249 : }
250 : }
251 : else
252 : {
253 0 : algo &= 0xff;
254 0 : if (!unknown_pubkey_algos[algo])
255 : {
256 0 : if (opt.verbose)
257 0 : log_info (_("can't handle public key algorithm %d\n"), algo);
258 0 : unknown_pubkey_algos[algo] = 1;
259 : }
260 : }
261 0 : }
262 :
263 :
264 : #ifdef DEBUG_PARSE_PACKET
265 : int
266 27654 : dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
267 : {
268 : int skip, rc;
269 :
270 : do
271 : {
272 27654 : rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
273 : }
274 27654 : while (skip && ! rc);
275 27654 : return rc;
276 : }
277 : #else /*!DEBUG_PARSE_PACKET*/
278 : int
279 : parse_packet (IOBUF inp, PACKET * pkt)
280 : {
281 : int skip, rc;
282 :
283 : do
284 : {
285 : rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
286 : }
287 : while (skip && ! rc);
288 : return rc;
289 : }
290 : #endif /*!DEBUG_PARSE_PACKET*/
291 :
292 :
293 : /*
294 : * Like parse packet, but only return secret or public (sub)key
295 : * packets.
296 : */
297 : #ifdef DEBUG_PARSE_PACKET
298 : int
299 766 : dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
300 : const char *dbg_f, int dbg_l)
301 : {
302 : int skip, rc;
303 :
304 : do
305 : {
306 766 : rc =
307 766 : parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
308 : dbg_f, dbg_l);
309 : }
310 766 : while (skip && ! rc);
311 173 : return rc;
312 : }
313 : #else /*!DEBUG_PARSE_PACKET*/
314 : int
315 : search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
316 : {
317 : int skip, rc;
318 :
319 : do
320 : {
321 : rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
322 : }
323 : while (skip && ! rc);
324 : return rc;
325 : }
326 : #endif /*!DEBUG_PARSE_PACKET*/
327 :
328 :
329 : /*
330 : * Copy all packets from INP to OUT, thereby removing unused spaces.
331 : */
332 : #ifdef DEBUG_PARSE_PACKET
333 : int
334 1 : dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
335 : {
336 : PACKET pkt;
337 1 : int skip, rc = 0;
338 :
339 1 : if (! out)
340 0 : log_bug ("copy_all_packets: OUT may not be NULL.\n");
341 :
342 : do
343 : {
344 1 : init_packet (&pkt);
345 : }
346 : while (!
347 : (rc =
348 1 : parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
349 1 : return rc;
350 : }
351 : #else /*!DEBUG_PARSE_PACKET*/
352 : int
353 : copy_all_packets (IOBUF inp, IOBUF out)
354 : {
355 : PACKET pkt;
356 : int skip, rc = 0;
357 :
358 : if (! out)
359 : log_bug ("copy_all_packets: OUT may not be NULL.\n");
360 :
361 : do
362 : {
363 : init_packet (&pkt);
364 : }
365 : while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
366 : return rc;
367 : }
368 : #endif /*!DEBUG_PARSE_PACKET*/
369 :
370 :
371 : /*
372 : * Copy some packets from INP to OUT, thereby removing unused spaces.
373 : * Stop at offset STOPoff (i.e. don't copy packets at this or later
374 : * offsets)
375 : */
376 : #ifdef DEBUG_PARSE_PACKET
377 : int
378 0 : dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
379 : const char *dbg_f, int dbg_l)
380 : {
381 : PACKET pkt;
382 0 : int skip, rc = 0;
383 : do
384 : {
385 0 : if (iobuf_tell (inp) >= stopoff)
386 0 : return 0;
387 0 : init_packet (&pkt);
388 : }
389 : while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
390 0 : "some", dbg_f, dbg_l)));
391 0 : return rc;
392 : }
393 : #else /*!DEBUG_PARSE_PACKET*/
394 : int
395 : copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
396 : {
397 : PACKET pkt;
398 : int skip, rc = 0;
399 : do
400 : {
401 : if (iobuf_tell (inp) >= stopoff)
402 : return 0;
403 : init_packet (&pkt);
404 : }
405 : while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
406 : return rc;
407 : }
408 : #endif /*!DEBUG_PARSE_PACKET*/
409 :
410 :
411 : /*
412 : * Skip over N packets
413 : */
414 : #ifdef DEBUG_PARSE_PACKET
415 : int
416 0 : dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
417 : {
418 0 : int skip, rc = 0;
419 : PACKET pkt;
420 :
421 0 : for (; n && !rc; n--)
422 : {
423 0 : init_packet (&pkt);
424 0 : rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
425 : }
426 0 : return rc;
427 : }
428 : #else /*!DEBUG_PARSE_PACKET*/
429 : int
430 : skip_some_packets (IOBUF inp, unsigned n)
431 : {
432 : int skip, rc = 0;
433 : PACKET pkt;
434 :
435 : for (; n && !rc; n--)
436 : {
437 : init_packet (&pkt);
438 : rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
439 : }
440 : return rc;
441 : }
442 : #endif /*!DEBUG_PARSE_PACKET*/
443 :
444 :
445 : /* Parse a packet and save it in *PKT.
446 :
447 : If OUT is not NULL and the packet is valid (its type is not 0),
448 : then the header, the initial length field and the packet's contents
449 : are written to OUT. In this case, the packet is not saved in *PKT.
450 :
451 : ONLYKEYPKTS is a simple packet filter. If ONLYKEYPKTS is set to 1,
452 : then only public subkey packets, public key packets, private subkey
453 : packets and private key packets are parsed. The rest are skipped
454 : (i.e., the header and the contents are read from the pipeline and
455 : discarded). If ONLYKEYPKTS is set to 2, then in addition to the
456 : above 4 types of packets, user id packets are also accepted.
457 :
458 : DO_SKIP is a more coarse grained filter. Unless ONLYKEYPKTS is set
459 : to 2 and the packet is a user id packet, all packets are skipped.
460 :
461 : Finally, if a packet is invalid (it's type is 0), it is skipped.
462 :
463 : If a packet is skipped and SKIP is not NULL, then *SKIP is set to
464 : 1.
465 :
466 : Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
467 : i.e., the packets are not simply being copied.
468 :
469 : If RETPOS is not NULL, then the position of INP (as returned by
470 : iobuf_tell) is saved there before any data is read from INP.
471 : */
472 : static int
473 28421 : parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
474 : int *skip, IOBUF out, int do_skip
475 : #ifdef DEBUG_PARSE_PACKET
476 : , const char *dbg_w, const char *dbg_f, int dbg_l
477 : #endif
478 : )
479 : {
480 28421 : int rc = 0, c, ctb, pkttype, lenbytes;
481 : unsigned long pktlen;
482 : byte hdr[8];
483 : int hdrlen;
484 28421 : int new_ctb = 0, partial = 0;
485 28421 : int with_uid = (onlykeypkts == 2);
486 : off_t pos;
487 :
488 28421 : *skip = 0;
489 28421 : log_assert (!pkt->pkt.generic);
490 28421 : if (retpos || list_mode)
491 : {
492 848 : pos = iobuf_tell (inp);
493 1696 : if (retpos)
494 766 : *retpos = pos;
495 : }
496 : else
497 27573 : pos = 0; /* (silence compiler warning) */
498 :
499 : /* The first byte of a packet is the so-called tag. The highest bit
500 : must be set. */
501 28421 : if ((ctb = iobuf_get (inp)) == -1)
502 : {
503 4742 : rc = -1;
504 4742 : goto leave;
505 : }
506 23679 : hdrlen = 0;
507 23679 : hdr[hdrlen++] = ctb;
508 :
509 23679 : if (!(ctb & 0x80))
510 : {
511 1 : log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
512 1 : rc = gpg_error (GPG_ERR_INV_PACKET);
513 1 : goto leave;
514 : }
515 :
516 : /* Immediately following the header is the length. There are two
517 : formats: the old format and the new format. If bit 6 (where the
518 : least significant bit is bit 0) is set in the tag, then we are
519 : dealing with a new format packet. Otherwise, it is an old format
520 : packet. */
521 23678 : pktlen = 0;
522 23678 : new_ctb = !!(ctb & 0x40);
523 23678 : if (new_ctb)
524 : {
525 : /* Get the packet's type. This is encoded in the 6 least
526 : significant bits of the tag. */
527 450 : pkttype = ctb & 0x3f;
528 :
529 : /* Extract the packet's length. New format packets have 4 ways
530 : to encode the packet length. The value of the first byte
531 : determines the encoding and partially determines the length.
532 : See section 4.2.2 of RFC 4880 for details. */
533 450 : if ((c = iobuf_get (inp)) == -1)
534 : {
535 0 : log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
536 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
537 0 : goto leave;
538 : }
539 :
540 :
541 450 : hdr[hdrlen++] = c;
542 450 : if (c < 192)
543 125 : pktlen = c;
544 325 : else if (c < 224)
545 : {
546 10 : pktlen = (c - 192) * 256;
547 10 : if ((c = iobuf_get (inp)) == -1)
548 : {
549 0 : log_error ("%s: 2nd length byte missing\n",
550 : iobuf_where (inp));
551 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
552 0 : goto leave;
553 : }
554 10 : hdr[hdrlen++] = c;
555 10 : pktlen += c + 192;
556 : }
557 315 : else if (c == 255)
558 : {
559 : int i;
560 : char value[4];
561 :
562 0 : for (i = 0; i < 4; i ++)
563 : {
564 0 : if ((c = iobuf_get (inp)) == -1)
565 : {
566 0 : log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
567 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
568 0 : goto leave;
569 : }
570 0 : value[i] = hdr[hdrlen++] = c;
571 : }
572 :
573 0 : pktlen = buf32_to_ulong (value);
574 : }
575 : else /* Partial body length. */
576 : {
577 315 : switch (pkttype)
578 : {
579 : case PKT_PLAINTEXT:
580 : case PKT_ENCRYPTED:
581 : case PKT_ENCRYPTED_MDC:
582 : case PKT_COMPRESSED:
583 315 : iobuf_set_partial_body_length_mode (inp, c & 0xff);
584 315 : pktlen = 0; /* To indicate partial length. */
585 315 : partial = 1;
586 315 : break;
587 :
588 : default:
589 0 : log_error ("%s: partial length invalid for"
590 : " packet type %d\n", iobuf_where (inp), pkttype);
591 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
592 0 : goto leave;
593 : }
594 : }
595 :
596 : }
597 : else
598 : /* This is an old format packet. */
599 : {
600 : /* Extract the packet's type. This is encoded in bits 2-5. */
601 23228 : pkttype = (ctb >> 2) & 0xf;
602 :
603 : /* The type of length encoding is encoded in bits 0-1 of the
604 : tag. */
605 23228 : lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
606 23228 : if (!lenbytes)
607 : {
608 418 : pktlen = 0; /* Don't know the value. */
609 : /* This isn't really partial, but we can treat it the same
610 : in a "read until the end" sort of way. */
611 418 : partial = 1;
612 418 : if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
613 418 : && pkttype != PKT_COMPRESSED)
614 : {
615 0 : log_error ("%s: indeterminate length for invalid"
616 : " packet type %d\n", iobuf_where (inp), pkttype);
617 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
618 0 : goto leave;
619 : }
620 : }
621 : else
622 : {
623 54046 : for (; lenbytes; lenbytes--)
624 : {
625 31236 : pktlen <<= 8;
626 31236 : c = iobuf_get (inp);
627 31236 : if (c == -1)
628 : {
629 0 : log_error ("%s: length invalid\n", iobuf_where (inp));
630 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
631 0 : goto leave;
632 : }
633 31236 : pktlen |= hdr[hdrlen++] = c;
634 : }
635 : }
636 : }
637 :
638 : /* Sometimes the decompressing layer enters an error state in which
639 : it simply outputs 0xff for every byte read. If we have a stream
640 : of 0xff bytes, then it will be detected as a new format packet
641 : with type 63 and a 4-byte encoded length that is 4G-1. Since
642 : packets with type 63 are private and we use them as a control
643 : packet, which won't be 4 GB, we reject such packets as
644 : invalid. */
645 23678 : if (pkttype == 63 && pktlen == 0xFFFFFFFF)
646 : {
647 : /* With some probability this is caused by a problem in the
648 : * the uncompressing layer - in some error cases it just loops
649 : * and spits out 0xff bytes. */
650 0 : log_error ("%s: garbled packet detected\n", iobuf_where (inp));
651 0 : g10_exit (2);
652 : }
653 :
654 23678 : if (out && pkttype)
655 : {
656 : /* This type of copying won't work if the packet uses a partial
657 : body length. (In other words, this only works if HDR is
658 : actually the length.) Currently, no callers require this
659 : functionality so we just log this as an error. */
660 0 : if (partial)
661 : {
662 0 : log_error ("parse: Can't copy partial packet. Aborting.\n");
663 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
664 0 : goto leave;
665 : }
666 :
667 0 : rc = iobuf_write (out, hdr, hdrlen);
668 0 : if (!rc)
669 0 : rc = copy_packet (inp, out, pkttype, pktlen, partial);
670 0 : goto leave;
671 : }
672 :
673 23678 : if (with_uid && pkttype == PKT_USER_ID)
674 : /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
675 : even if DO_SKIP is set. */
676 : ;
677 23675 : else if (do_skip
678 : /* type==0 is not allowed. This is an invalid packet. */
679 23675 : || !pkttype
680 : /* When ONLYKEYPKTS is set, we don't skip keys. */
681 23675 : || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
682 691 : && pkttype != PKT_PUBLIC_KEY
683 593 : && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
684 : {
685 593 : iobuf_skip_rest (inp, pktlen, partial);
686 593 : *skip = 1;
687 593 : rc = 0;
688 593 : goto leave;
689 : }
690 :
691 23085 : if (DBG_PACKET)
692 : {
693 : #ifdef DEBUG_PARSE_PACKET
694 0 : log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
695 : iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
696 : dbg_w, dbg_f, dbg_l);
697 : #else
698 : log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
699 : iobuf_id (inp), pkttype, pktlen,
700 : new_ctb ? " (new_ctb)" : "");
701 : #endif
702 : }
703 :
704 23085 : if (list_mode)
705 63 : es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
706 : (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
707 6 : partial? (new_ctb ? " partial" : " indeterminate") :"",
708 : new_ctb? " new-ctb":"");
709 :
710 23085 : pkt->pkttype = pkttype;
711 23085 : rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
712 23085 : switch (pkttype)
713 : {
714 : case PKT_PUBLIC_KEY:
715 : case PKT_PUBLIC_SUBKEY:
716 : case PKT_SECRET_KEY:
717 : case PKT_SECRET_SUBKEY:
718 7295 : pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
719 7295 : rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
720 7295 : break;
721 : case PKT_SYMKEY_ENC:
722 59 : rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
723 59 : break;
724 : case PKT_PUBKEY_ENC:
725 271 : rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
726 271 : break;
727 : case PKT_SIGNATURE:
728 9255 : pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
729 9255 : rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
730 9255 : break;
731 : case PKT_ONEPASS_SIG:
732 155 : pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
733 155 : rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
734 155 : break;
735 : case PKT_USER_ID:
736 4408 : rc = parse_user_id (inp, pkttype, pktlen, pkt);
737 4408 : break;
738 : case PKT_ATTRIBUTE:
739 0 : pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
740 0 : rc = parse_attribute (inp, pkttype, pktlen, pkt);
741 0 : break;
742 : case PKT_OLD_COMMENT:
743 : case PKT_COMMENT:
744 0 : rc = parse_comment (inp, pkttype, pktlen, pkt);
745 0 : break;
746 : case PKT_RING_TRUST:
747 412 : parse_trust (inp, pkttype, pktlen, pkt);
748 412 : rc = 0;
749 412 : break;
750 : case PKT_PLAINTEXT:
751 463 : rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
752 463 : break;
753 : case PKT_COMPRESSED:
754 424 : rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
755 424 : break;
756 : case PKT_ENCRYPTED:
757 : case PKT_ENCRYPTED_MDC:
758 319 : rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
759 319 : break;
760 : case PKT_MDC:
761 0 : rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
762 0 : break;
763 : case PKT_GPG_CONTROL:
764 17 : rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
765 17 : break;
766 : case PKT_MARKER:
767 7 : rc = parse_marker (inp, pkttype, pktlen);
768 7 : break;
769 : default:
770 : /* Unknown packet. Skip it. */
771 0 : skip_packet (inp, pkttype, pktlen, partial);
772 0 : break;
773 : }
774 :
775 : leave:
776 : /* FIXME: We leak in case of an error (see the xmalloc's above). */
777 28421 : if (!rc && iobuf_error (inp))
778 0 : rc = GPG_ERR_INV_KEYRING;
779 :
780 : /* FIXME: We use only the error code for now to avoid problems with
781 : callers which have not been checked to always use gpg_err_code()
782 : when comparing error codes. */
783 28421 : return rc == -1? -1 : gpg_err_code (rc);
784 : }
785 :
786 :
787 : static void
788 0 : dump_hex_line (int c, int *i)
789 : {
790 0 : if (*i && !(*i % 8))
791 : {
792 0 : if (*i && !(*i % 24))
793 0 : es_fprintf (listfp, "\n%4d:", *i);
794 : else
795 0 : es_putc (' ', listfp);
796 : }
797 0 : if (c == -1)
798 0 : es_fprintf (listfp, " EOF");
799 : else
800 0 : es_fprintf (listfp, " %02x", c);
801 0 : ++*i;
802 0 : }
803 :
804 :
805 : /* Copy the contents of a packet from the pipeline IN to the pipeline
806 : OUT.
807 :
808 : The header and length have already been read from INP and the
809 : decoded values are given as PKGTYPE and PKTLEN.
810 :
811 : If the packet is a partial body length packet (RFC 4880, Section
812 : 4.2.2.4), then iobuf_set_partial_block_modeiobuf_set_partial_block_mode
813 : should already have been called on INP and PARTIAL should be set.
814 :
815 : If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
816 : copy until the first EOF is encountered on INP.
817 :
818 : Returns 0 on success and an error code if an error occurs. */
819 : static int
820 0 : copy_packet (IOBUF inp, IOBUF out, int pkttype,
821 : unsigned long pktlen, int partial)
822 : {
823 : int rc;
824 : int n;
825 : char buf[100];
826 :
827 0 : if (partial)
828 : {
829 0 : while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
830 0 : if ((rc = iobuf_write (out, buf, n)))
831 0 : return rc; /* write error */
832 : }
833 0 : else if (!pktlen && pkttype == PKT_COMPRESSED)
834 : {
835 0 : log_debug ("copy_packet: compressed!\n");
836 : /* compressed packet, copy till EOF */
837 0 : while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
838 0 : if ((rc = iobuf_write (out, buf, n)))
839 0 : return rc; /* write error */
840 : }
841 : else
842 : {
843 0 : for (; pktlen; pktlen -= n)
844 : {
845 0 : n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
846 0 : n = iobuf_read (inp, buf, n);
847 0 : if (n == -1)
848 0 : return gpg_error (GPG_ERR_EOF);
849 0 : if ((rc = iobuf_write (out, buf, n)))
850 0 : return rc; /* write error */
851 : }
852 : }
853 0 : return 0;
854 : }
855 :
856 :
857 : /* Skip an unknown packet. PKTTYPE is the packet's type, PKTLEN is
858 : the length of the packet's content and PARTIAL is whether partial
859 : body length encoding in used (in this case PKTLEN is ignored). */
860 : static void
861 0 : skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
862 : {
863 0 : if (list_mode)
864 : {
865 0 : es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
866 : pkttype, pktlen);
867 0 : if (pkttype)
868 : {
869 0 : int c, i = 0;
870 0 : es_fputs ("dump:", listfp);
871 0 : if (partial)
872 : {
873 0 : while ((c = iobuf_get (inp)) != -1)
874 0 : dump_hex_line (c, &i);
875 : }
876 : else
877 : {
878 0 : for (; pktlen; pktlen--)
879 : {
880 0 : dump_hex_line ((c = iobuf_get (inp)), &i);
881 0 : if (c == -1)
882 0 : break;
883 : }
884 : }
885 0 : es_putc ('\n', listfp);
886 0 : return;
887 : }
888 : }
889 0 : iobuf_skip_rest (inp, pktlen, partial);
890 : }
891 :
892 :
893 : /* Read PKTLEN bytes form INP and return them in a newly allocated
894 : buffer. In case of an error (including reading fewer than PKTLEN
895 : bytes from INP before EOF is returned), NULL is returned and an
896 : error message is logged. */
897 : static void *
898 33 : read_rest (IOBUF inp, size_t pktlen)
899 : {
900 : int c;
901 : byte *buf, *p;
902 :
903 33 : buf = xtrymalloc (pktlen);
904 33 : if (!buf)
905 : {
906 0 : gpg_error_t err = gpg_error_from_syserror ();
907 0 : log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
908 0 : return NULL;
909 : }
910 4115 : for (p = buf; pktlen; pktlen--)
911 : {
912 4082 : c = iobuf_get (inp);
913 4082 : if (c == -1)
914 : {
915 0 : log_error ("premature eof while reading rest of packet\n");
916 0 : xfree (buf);
917 0 : return NULL;
918 : }
919 4082 : *p++ = c;
920 : }
921 :
922 33 : return buf;
923 : }
924 :
925 :
926 : /* Read a special size+body from INP. On success store an opaque MPI
927 : with it at R_DATA. On error return an error code and store NULL at
928 : R_DATA. Even in the error case store the number of read bytes at
929 : R_NREAD. The caller shall pass the remaining size of the packet in
930 : PKTLEN. */
931 : static gpg_error_t
932 802 : read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
933 : gcry_mpi_t *r_data)
934 : {
935 : char buffer[256];
936 : char *tmpbuf;
937 : int i, c, nbytes;
938 :
939 802 : *r_nread = 0;
940 802 : *r_data = NULL;
941 :
942 802 : if (!pktlen)
943 0 : return gpg_error (GPG_ERR_INV_PACKET);
944 802 : c = iobuf_readbyte (inp);
945 802 : if (c < 0)
946 0 : return gpg_error (GPG_ERR_INV_PACKET);
947 802 : pktlen--;
948 802 : ++*r_nread;
949 802 : nbytes = c;
950 802 : if (nbytes < 2 || nbytes > 254)
951 0 : return gpg_error (GPG_ERR_INV_PACKET);
952 802 : if (nbytes > pktlen)
953 0 : return gpg_error (GPG_ERR_INV_PACKET);
954 :
955 802 : buffer[0] = nbytes;
956 :
957 6044 : for (i = 0; i < nbytes; i++)
958 : {
959 5242 : c = iobuf_get (inp);
960 5242 : if (c < 0)
961 0 : return gpg_error (GPG_ERR_INV_PACKET);
962 5242 : ++*r_nread;
963 5242 : buffer[1+i] = c;
964 : }
965 :
966 802 : tmpbuf = xtrymalloc (1 + nbytes);
967 802 : if (!tmpbuf)
968 0 : return gpg_error_from_syserror ();
969 802 : memcpy (tmpbuf, buffer, 1 + nbytes);
970 802 : *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
971 802 : if (!*r_data)
972 : {
973 0 : xfree (tmpbuf);
974 0 : return gpg_error_from_syserror ();
975 : }
976 802 : return 0;
977 : }
978 :
979 :
980 : /* Parse a marker packet. */
981 : static int
982 7 : parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
983 : {
984 : (void) pkttype;
985 :
986 7 : if (pktlen != 3)
987 1 : goto fail;
988 :
989 6 : if (iobuf_get (inp) != 'P')
990 : {
991 0 : pktlen--;
992 0 : goto fail;
993 : }
994 :
995 6 : if (iobuf_get (inp) != 'G')
996 : {
997 0 : pktlen--;
998 0 : goto fail;
999 : }
1000 :
1001 6 : if (iobuf_get (inp) != 'P')
1002 : {
1003 0 : pktlen--;
1004 0 : goto fail;
1005 : }
1006 :
1007 6 : if (list_mode)
1008 0 : es_fputs (":marker packet: PGP\n", listfp);
1009 :
1010 6 : return 0;
1011 :
1012 : fail:
1013 1 : log_error ("invalid marker packet\n");
1014 1 : if (list_mode)
1015 0 : es_fputs (":marker packet: [invalid]\n", listfp);
1016 1 : iobuf_skip_rest (inp, pktlen, 0);
1017 1 : return GPG_ERR_INV_PACKET;
1018 : }
1019 :
1020 :
1021 : static int
1022 59 : parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1023 : PACKET * packet)
1024 : {
1025 : PKT_symkey_enc *k;
1026 59 : int rc = 0;
1027 : int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
1028 :
1029 59 : if (pktlen < 4)
1030 : {
1031 0 : log_error ("packet(%d) too short\n", pkttype);
1032 0 : if (list_mode)
1033 0 : es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1034 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1035 0 : goto leave;
1036 : }
1037 59 : version = iobuf_get_noeof (inp);
1038 59 : pktlen--;
1039 59 : if (version != 4)
1040 : {
1041 0 : log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1042 0 : if (list_mode)
1043 0 : es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
1044 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1045 0 : goto leave;
1046 : }
1047 59 : if (pktlen > 200)
1048 : { /* (we encode the seskeylen in a byte) */
1049 0 : log_error ("packet(%d) too large\n", pkttype);
1050 0 : if (list_mode)
1051 0 : es_fprintf (listfp, ":symkey enc packet: [too large]\n");
1052 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1053 0 : goto leave;
1054 : }
1055 59 : cipher_algo = iobuf_get_noeof (inp);
1056 59 : pktlen--;
1057 59 : s2kmode = iobuf_get_noeof (inp);
1058 59 : pktlen--;
1059 59 : hash_algo = iobuf_get_noeof (inp);
1060 59 : pktlen--;
1061 59 : switch (s2kmode)
1062 : {
1063 : case 0: /* Simple S2K. */
1064 0 : minlen = 0;
1065 0 : break;
1066 : case 1: /* Salted S2K. */
1067 0 : minlen = 8;
1068 0 : break;
1069 : case 3: /* Iterated+salted S2K. */
1070 59 : minlen = 9;
1071 59 : break;
1072 : default:
1073 0 : log_error ("unknown S2K mode %d\n", s2kmode);
1074 0 : if (list_mode)
1075 0 : es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
1076 0 : goto leave;
1077 : }
1078 59 : if (minlen > pktlen)
1079 : {
1080 0 : log_error ("packet with S2K %d too short\n", s2kmode);
1081 0 : if (list_mode)
1082 0 : es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1083 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1084 0 : goto leave;
1085 : }
1086 59 : seskeylen = pktlen - minlen;
1087 59 : k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
1088 : + seskeylen - 1);
1089 59 : k->version = version;
1090 59 : k->cipher_algo = cipher_algo;
1091 59 : k->s2k.mode = s2kmode;
1092 59 : k->s2k.hash_algo = hash_algo;
1093 59 : if (s2kmode == 1 || s2kmode == 3)
1094 : {
1095 531 : for (i = 0; i < 8 && pktlen; i++, pktlen--)
1096 472 : k->s2k.salt[i] = iobuf_get_noeof (inp);
1097 : }
1098 59 : if (s2kmode == 3)
1099 : {
1100 59 : k->s2k.count = iobuf_get (inp);
1101 59 : pktlen--;
1102 : }
1103 59 : k->seskeylen = seskeylen;
1104 59 : if (k->seskeylen)
1105 : {
1106 68 : for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
1107 66 : k->seskey[i] = iobuf_get_noeof (inp);
1108 :
1109 : /* What we're watching out for here is a session key decryptor
1110 : with no salt. The RFC says that using salt for this is a
1111 : MUST. */
1112 2 : if (s2kmode != 1 && s2kmode != 3)
1113 0 : log_info (_("WARNING: potentially insecure symmetrically"
1114 : " encrypted session key\n"));
1115 : }
1116 59 : log_assert (!pktlen);
1117 :
1118 59 : if (list_mode)
1119 : {
1120 0 : es_fprintf (listfp,
1121 : ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
1122 : version, cipher_algo, s2kmode, hash_algo);
1123 0 : if (seskeylen)
1124 0 : es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
1125 0 : es_fprintf (listfp, "\n");
1126 0 : if (s2kmode == 1 || s2kmode == 3)
1127 : {
1128 0 : es_fprintf (listfp, "\tsalt ");
1129 0 : es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
1130 0 : if (s2kmode == 3)
1131 0 : es_fprintf (listfp, ", count %lu (%lu)",
1132 0 : S2K_DECODE_COUNT ((ulong) k->s2k.count),
1133 0 : (ulong) k->s2k.count);
1134 0 : es_fprintf (listfp, "\n");
1135 : }
1136 : }
1137 :
1138 : leave:
1139 59 : iobuf_skip_rest (inp, pktlen, 0);
1140 59 : return rc;
1141 : }
1142 :
1143 :
1144 : static int
1145 271 : parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1146 : PACKET * packet)
1147 : {
1148 271 : int rc = 0;
1149 : int i, ndata;
1150 : PKT_pubkey_enc *k;
1151 :
1152 271 : k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
1153 271 : if (pktlen < 12)
1154 : {
1155 0 : log_error ("packet(%d) too short\n", pkttype);
1156 0 : if (list_mode)
1157 0 : es_fputs (":pubkey enc packet: [too short]\n", listfp);
1158 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1159 0 : goto leave;
1160 : }
1161 271 : k->version = iobuf_get_noeof (inp);
1162 271 : pktlen--;
1163 271 : if (k->version != 2 && k->version != 3)
1164 : {
1165 0 : log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
1166 0 : if (list_mode)
1167 0 : es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
1168 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1169 0 : goto leave;
1170 : }
1171 271 : k->keyid[0] = read_32 (inp);
1172 271 : pktlen -= 4;
1173 271 : k->keyid[1] = read_32 (inp);
1174 271 : pktlen -= 4;
1175 271 : k->pubkey_algo = iobuf_get_noeof (inp);
1176 271 : pktlen--;
1177 271 : k->throw_keyid = 0; /* Only used as flag for build_packet. */
1178 271 : if (list_mode)
1179 40 : es_fprintf (listfp,
1180 : ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
1181 30 : k->version, k->pubkey_algo, (ulong) k->keyid[0],
1182 10 : (ulong) k->keyid[1]);
1183 :
1184 271 : ndata = pubkey_get_nenc (k->pubkey_algo);
1185 271 : if (!ndata)
1186 : {
1187 0 : if (list_mode)
1188 0 : es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
1189 0 : unknown_pubkey_warning (k->pubkey_algo);
1190 0 : k->data[0] = NULL; /* No need to store the encrypted data. */
1191 : }
1192 : else
1193 : {
1194 804 : for (i = 0; i < ndata; i++)
1195 : {
1196 533 : if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
1197 27 : {
1198 : size_t n;
1199 27 : rc = read_size_body (inp, pktlen, &n, k->data+i);
1200 27 : pktlen -= n;
1201 : }
1202 : else
1203 : {
1204 506 : int n = pktlen;
1205 506 : k->data[i] = mpi_read (inp, &n, 0);
1206 506 : pktlen -= n;
1207 506 : if (!k->data[i])
1208 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1209 : }
1210 533 : if (rc)
1211 0 : goto leave;
1212 533 : if (list_mode)
1213 : {
1214 15 : es_fprintf (listfp, "\tdata: ");
1215 15 : mpi_print (listfp, k->data[i], mpi_print_mode);
1216 15 : es_putc ('\n', listfp);
1217 : }
1218 : }
1219 : }
1220 :
1221 : leave:
1222 271 : iobuf_skip_rest (inp, pktlen, 0);
1223 271 : return rc;
1224 : }
1225 :
1226 :
1227 : /* Dump a subpacket to LISTFP. BUFFER contains the subpacket in
1228 : question and points to the type field in the subpacket header (not
1229 : the start of the header). TYPE is the subpacket's type with the
1230 : critical bit cleared. CRITICAL is the value of the CRITICAL bit.
1231 : BUFLEN is the length of the buffer and LENGTH is the length of the
1232 : subpacket according to the subpacket's header. */
1233 : static void
1234 78 : dump_sig_subpkt (int hashed, int type, int critical,
1235 : const byte * buffer, size_t buflen, size_t length)
1236 : {
1237 78 : const char *p = NULL;
1238 : int i;
1239 :
1240 : /* The CERT has warning out with explains how to use GNUPG to detect
1241 : * the ARRs - we print our old message here when it is a faked ARR
1242 : * and add an additional notice. */
1243 78 : if (type == SIGSUBPKT_ARR && !hashed)
1244 : {
1245 0 : es_fprintf (listfp,
1246 : "\tsubpkt %d len %u (additional recipient request)\n"
1247 : "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
1248 : "encrypt to this key and thereby reveal the plaintext to "
1249 : "the owner of this ARR key. Detailed info follows:\n",
1250 : type, (unsigned) length);
1251 : }
1252 :
1253 78 : buffer++;
1254 78 : length--;
1255 :
1256 78 : es_fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
1257 : critical ? "critical " : "",
1258 : hashed ? "hashed " : "", type, (unsigned) length);
1259 78 : if (length > buflen)
1260 : {
1261 0 : es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
1262 78 : return;
1263 : }
1264 78 : switch (type)
1265 : {
1266 : case SIGSUBPKT_SIG_CREATED:
1267 13 : if (length >= 4)
1268 13 : es_fprintf (listfp, "sig created %s",
1269 : strtimestamp (buf32_to_u32 (buffer)));
1270 13 : break;
1271 : case SIGSUBPKT_SIG_EXPIRE:
1272 0 : if (length >= 4)
1273 : {
1274 0 : if (buf32_to_u32 (buffer))
1275 0 : es_fprintf (listfp, "sig expires after %s",
1276 : strtimevalue (buf32_to_u32 (buffer)));
1277 : else
1278 0 : es_fprintf (listfp, "sig does not expire");
1279 : }
1280 0 : break;
1281 : case SIGSUBPKT_EXPORTABLE:
1282 0 : if (length)
1283 0 : es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1284 0 : break;
1285 : case SIGSUBPKT_TRUST:
1286 0 : if (length != 2)
1287 0 : p = "[invalid trust subpacket]";
1288 : else
1289 0 : es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1290 0 : buffer[1]);
1291 0 : break;
1292 : case SIGSUBPKT_REGEXP:
1293 0 : if (!length)
1294 0 : p = "[invalid regexp subpacket]";
1295 : else
1296 : {
1297 0 : es_fprintf (listfp, "regular expression: \"");
1298 0 : es_write_sanitized (listfp, buffer, length, "\"", NULL);
1299 0 : p = "\"";
1300 : }
1301 0 : break;
1302 : case SIGSUBPKT_REVOCABLE:
1303 0 : if (length)
1304 0 : es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1305 0 : break;
1306 : case SIGSUBPKT_KEY_EXPIRE:
1307 0 : if (length >= 4)
1308 : {
1309 0 : if (buf32_to_u32 (buffer))
1310 0 : es_fprintf (listfp, "key expires after %s",
1311 : strtimevalue (buf32_to_u32 (buffer)));
1312 : else
1313 0 : es_fprintf (listfp, "key does not expire");
1314 : }
1315 0 : break;
1316 : case SIGSUBPKT_PREF_SYM:
1317 8 : es_fputs ("pref-sym-algos:", listfp);
1318 36 : for (i = 0; i < length; i++)
1319 28 : es_fprintf (listfp, " %d", buffer[i]);
1320 8 : break;
1321 : case SIGSUBPKT_REV_KEY:
1322 0 : es_fputs ("revocation key: ", listfp);
1323 0 : if (length < 22)
1324 0 : p = "[too short]";
1325 : else
1326 : {
1327 0 : es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1328 0 : for (i = 2; i < length; i++)
1329 0 : es_fprintf (listfp, "%02X", buffer[i]);
1330 : }
1331 0 : break;
1332 : case SIGSUBPKT_ISSUER:
1333 13 : if (length >= 8)
1334 26 : es_fprintf (listfp, "issuer key ID %08lX%08lX",
1335 13 : (ulong) buf32_to_u32 (buffer),
1336 13 : (ulong) buf32_to_u32 (buffer + 4));
1337 13 : break;
1338 : case SIGSUBPKT_ISSUER_FPR:
1339 0 : if (length >= 21)
1340 : {
1341 : char *tmp;
1342 0 : es_fprintf (listfp, "issuer fpr v%d ", buffer[0]);
1343 0 : tmp = bin2hex (buffer+1, length-1, NULL);
1344 0 : if (tmp)
1345 : {
1346 0 : es_fputs (tmp, listfp);
1347 0 : xfree (tmp);
1348 : }
1349 : }
1350 0 : break;
1351 : case SIGSUBPKT_NOTATION:
1352 : {
1353 0 : es_fputs ("notation: ", listfp);
1354 0 : if (length < 8)
1355 0 : p = "[too short]";
1356 : else
1357 : {
1358 0 : const byte *s = buffer;
1359 : size_t n1, n2;
1360 :
1361 0 : n1 = (s[4] << 8) | s[5];
1362 0 : n2 = (s[6] << 8) | s[7];
1363 0 : s += 8;
1364 0 : if (8 + n1 + n2 != length)
1365 0 : p = "[error]";
1366 : else
1367 : {
1368 0 : es_write_sanitized (listfp, s, n1, ")", NULL);
1369 0 : es_putc ('=', listfp);
1370 :
1371 0 : if (*buffer & 0x80)
1372 0 : es_write_sanitized (listfp, s + n1, n2, ")", NULL);
1373 : else
1374 0 : p = "[not human readable]";
1375 : }
1376 : }
1377 : }
1378 0 : break;
1379 : case SIGSUBPKT_PREF_HASH:
1380 8 : es_fputs ("pref-hash-algos:", listfp);
1381 24 : for (i = 0; i < length; i++)
1382 16 : es_fprintf (listfp, " %d", buffer[i]);
1383 8 : break;
1384 : case SIGSUBPKT_PREF_COMPR:
1385 8 : es_fputs ("pref-zip-algos:", listfp);
1386 24 : for (i = 0; i < length; i++)
1387 16 : es_fprintf (listfp, " %d", buffer[i]);
1388 8 : break;
1389 : case SIGSUBPKT_KS_FLAGS:
1390 8 : es_fputs ("keyserver preferences:", listfp);
1391 16 : for (i = 0; i < length; i++)
1392 8 : es_fprintf (listfp, " %02X", buffer[i]);
1393 8 : break;
1394 : case SIGSUBPKT_PREF_KS:
1395 0 : es_fputs ("preferred keyserver: ", listfp);
1396 0 : es_write_sanitized (listfp, buffer, length, ")", NULL);
1397 0 : break;
1398 : case SIGSUBPKT_PRIMARY_UID:
1399 0 : p = "primary user ID";
1400 0 : break;
1401 : case SIGSUBPKT_POLICY:
1402 0 : es_fputs ("policy: ", listfp);
1403 0 : es_write_sanitized (listfp, buffer, length, ")", NULL);
1404 0 : break;
1405 : case SIGSUBPKT_KEY_FLAGS:
1406 12 : es_fputs ("key flags:", listfp);
1407 24 : for (i = 0; i < length; i++)
1408 12 : es_fprintf (listfp, " %02X", buffer[i]);
1409 12 : break;
1410 : case SIGSUBPKT_SIGNERS_UID:
1411 0 : p = "signer's user ID";
1412 0 : break;
1413 : case SIGSUBPKT_REVOC_REASON:
1414 0 : if (length)
1415 : {
1416 0 : es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1417 0 : es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
1418 0 : p = ")";
1419 : }
1420 0 : break;
1421 : case SIGSUBPKT_ARR:
1422 0 : es_fputs ("Big Brother's key (ignored): ", listfp);
1423 0 : if (length < 22)
1424 0 : p = "[too short]";
1425 : else
1426 : {
1427 0 : es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1428 0 : if (length > 2)
1429 0 : es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
1430 : }
1431 0 : break;
1432 : case SIGSUBPKT_FEATURES:
1433 8 : es_fputs ("features:", listfp);
1434 16 : for (i = 0; i < length; i++)
1435 8 : es_fprintf (listfp, " %02x", buffer[i]);
1436 8 : break;
1437 : case SIGSUBPKT_SIGNATURE:
1438 0 : es_fputs ("signature: ", listfp);
1439 0 : if (length < 17)
1440 0 : p = "[too short]";
1441 : else
1442 0 : es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1443 0 : buffer[0],
1444 0 : buffer[0] == 3 ? buffer[2] : buffer[1],
1445 0 : buffer[0] == 3 ? buffer[15] : buffer[2],
1446 0 : buffer[0] == 3 ? buffer[16] : buffer[3]);
1447 0 : break;
1448 : default:
1449 0 : if (type >= 100 && type <= 110)
1450 0 : p = "experimental / private subpacket";
1451 : else
1452 0 : p = "?";
1453 0 : break;
1454 : }
1455 :
1456 78 : es_fprintf (listfp, "%s)\n", p ? p : "");
1457 : }
1458 :
1459 :
1460 : /*
1461 : * Returns: >= 0 use this offset into buffer
1462 : * -1 explicitly reject returning this type
1463 : * -2 subpacket too short
1464 : */
1465 : int
1466 36693 : parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1467 : {
1468 36693 : switch (type)
1469 : {
1470 : case SIGSUBPKT_REV_KEY:
1471 5 : if (n < 22)
1472 0 : break;
1473 5 : return 0;
1474 : case SIGSUBPKT_SIG_CREATED:
1475 : case SIGSUBPKT_SIG_EXPIRE:
1476 : case SIGSUBPKT_KEY_EXPIRE:
1477 9661 : if (n < 4)
1478 0 : break;
1479 9661 : return 0;
1480 : case SIGSUBPKT_KEY_FLAGS:
1481 : case SIGSUBPKT_KS_FLAGS:
1482 : case SIGSUBPKT_PREF_SYM:
1483 : case SIGSUBPKT_PREF_HASH:
1484 : case SIGSUBPKT_PREF_COMPR:
1485 : case SIGSUBPKT_POLICY:
1486 : case SIGSUBPKT_PREF_KS:
1487 : case SIGSUBPKT_FEATURES:
1488 : case SIGSUBPKT_REGEXP:
1489 17414 : return 0;
1490 : case SIGSUBPKT_SIGNATURE:
1491 : case SIGSUBPKT_EXPORTABLE:
1492 : case SIGSUBPKT_REVOCABLE:
1493 : case SIGSUBPKT_REVOC_REASON:
1494 135 : if (!n)
1495 0 : break;
1496 135 : return 0;
1497 : case SIGSUBPKT_ISSUER: /* issuer key ID */
1498 8863 : if (n < 8)
1499 0 : break;
1500 8863 : return 0;
1501 : case SIGSUBPKT_ISSUER_FPR: /* issuer key ID */
1502 277 : if (n < 21)
1503 0 : break;
1504 277 : return 0;
1505 : case SIGSUBPKT_NOTATION:
1506 : /* minimum length needed, and the subpacket must be well-formed
1507 : where the name length and value length all fit inside the
1508 : packet. */
1509 160 : if (n < 8
1510 480 : || 8 + ((buffer[4] << 8) | buffer[5]) +
1511 320 : ((buffer[6] << 8) | buffer[7]) != n)
1512 : break;
1513 160 : return 0;
1514 : case SIGSUBPKT_PRIMARY_UID:
1515 135 : if (n != 1)
1516 0 : break;
1517 135 : return 0;
1518 : case SIGSUBPKT_TRUST:
1519 2 : if (n != 2)
1520 0 : break;
1521 2 : return 0;
1522 : default:
1523 41 : return 0;
1524 : }
1525 0 : return -2;
1526 : }
1527 :
1528 :
1529 : /* Return true if we understand the critical notation. */
1530 : static int
1531 0 : can_handle_critical_notation (const byte * name, size_t len)
1532 : {
1533 0 : if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
1534 0 : return 1;
1535 0 : if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
1536 0 : return 1;
1537 :
1538 0 : return 0;
1539 : }
1540 :
1541 :
1542 : static int
1543 10 : can_handle_critical (const byte * buffer, size_t n, int type)
1544 : {
1545 10 : switch (type)
1546 : {
1547 : case SIGSUBPKT_NOTATION:
1548 0 : if (n >= 8)
1549 : {
1550 0 : size_t notation_len = ((buffer[4] << 8) | buffer[5]);
1551 0 : if (n - 8 >= notation_len)
1552 0 : return can_handle_critical_notation (buffer + 8, notation_len);
1553 : }
1554 0 : return 0;
1555 : case SIGSUBPKT_SIGNATURE:
1556 : case SIGSUBPKT_SIG_CREATED:
1557 : case SIGSUBPKT_SIG_EXPIRE:
1558 : case SIGSUBPKT_KEY_EXPIRE:
1559 : case SIGSUBPKT_EXPORTABLE:
1560 : case SIGSUBPKT_REVOCABLE:
1561 : case SIGSUBPKT_REV_KEY:
1562 : case SIGSUBPKT_ISSUER: /* issuer key ID */
1563 : case SIGSUBPKT_ISSUER_FPR: /* issuer fingerprint */
1564 : case SIGSUBPKT_PREF_SYM:
1565 : case SIGSUBPKT_PREF_HASH:
1566 : case SIGSUBPKT_PREF_COMPR:
1567 : case SIGSUBPKT_KEY_FLAGS:
1568 : case SIGSUBPKT_PRIMARY_UID:
1569 : case SIGSUBPKT_FEATURES:
1570 : case SIGSUBPKT_TRUST:
1571 : case SIGSUBPKT_REGEXP:
1572 : /* Is it enough to show the policy or keyserver? */
1573 : case SIGSUBPKT_POLICY:
1574 : case SIGSUBPKT_PREF_KS:
1575 10 : return 1;
1576 :
1577 : default:
1578 0 : return 0;
1579 : }
1580 : }
1581 :
1582 :
1583 : const byte *
1584 161700 : enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
1585 : size_t * ret_n, int *start, int *critical)
1586 : {
1587 : const byte *buffer;
1588 : int buflen;
1589 : int type;
1590 : int critical_dummy;
1591 : int offset;
1592 : size_t n;
1593 161700 : int seq = 0;
1594 161700 : int reqseq = start ? *start : 0;
1595 :
1596 161700 : if (!critical)
1597 161151 : critical = &critical_dummy;
1598 :
1599 161700 : if (!pktbuf || reqseq == -1)
1600 : {
1601 : static char dummy[] = "x";
1602 : /* Return a value different from NULL to indicate that
1603 : * there is no critical bit we do not understand. */
1604 2167 : return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
1605 : }
1606 159533 : buffer = pktbuf->data;
1607 159533 : buflen = pktbuf->len;
1608 810568 : while (buflen)
1609 : {
1610 527727 : n = *buffer++;
1611 527727 : buflen--;
1612 527727 : if (n == 255) /* 4 byte length header. */
1613 : {
1614 0 : if (buflen < 4)
1615 0 : goto too_short;
1616 0 : n = buf32_to_size_t (buffer);
1617 0 : buffer += 4;
1618 0 : buflen -= 4;
1619 : }
1620 527727 : else if (n >= 192) /* 4 byte special encoded length header. */
1621 : {
1622 0 : if (buflen < 2)
1623 0 : goto too_short;
1624 0 : n = ((n - 192) << 8) + *buffer + 192;
1625 0 : buffer++;
1626 0 : buflen--;
1627 : }
1628 527727 : if (buflen < n)
1629 0 : goto too_short;
1630 527727 : type = *buffer;
1631 527727 : if (type & 0x80)
1632 : {
1633 100 : type &= 0x7f;
1634 100 : *critical = 1;
1635 : }
1636 : else
1637 527627 : *critical = 0;
1638 527727 : if (!(++seq > reqseq))
1639 : ;
1640 527465 : else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1641 : {
1642 44046 : if (*critical)
1643 : {
1644 10 : if (n - 1 > buflen + 1)
1645 0 : goto too_short;
1646 10 : if (!can_handle_critical (buffer + 1, n - 1, type))
1647 : {
1648 0 : if (opt.verbose)
1649 0 : log_info (_("subpacket of type %d has "
1650 : "critical bit set\n"), type);
1651 0 : if (start)
1652 0 : *start = seq;
1653 0 : return NULL; /* This is an error. */
1654 : }
1655 : }
1656 : }
1657 483419 : else if (reqtype < 0) /* List packets. */
1658 78 : dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1659 : type, *critical, buffer, buflen, n);
1660 483341 : else if (type == reqtype) /* Found. */
1661 : {
1662 36225 : buffer++;
1663 36225 : n--;
1664 36225 : if (n > buflen)
1665 0 : goto too_short;
1666 36225 : if (ret_n)
1667 17680 : *ret_n = n;
1668 36225 : offset = parse_one_sig_subpkt (buffer, n, type);
1669 36225 : switch (offset)
1670 : {
1671 : case -2:
1672 0 : log_error ("subpacket of type %d too short\n", type);
1673 0 : return NULL;
1674 : case -1:
1675 0 : return NULL;
1676 : default:
1677 36225 : break;
1678 : }
1679 36225 : if (start)
1680 131 : *start = seq;
1681 36225 : return buffer + offset;
1682 : }
1683 491502 : buffer += n;
1684 491502 : buflen -= n;
1685 : }
1686 123308 : if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1687 : /* Returning NULL means we found a subpacket with the critical bit
1688 : set that we don't grok. We've iterated over all the subpackets
1689 : and haven't found such a packet so we need to return a non-NULL
1690 : value. */
1691 17444 : return buffer;
1692 :
1693 : /* Critical bit we don't understand. */
1694 105864 : if (start)
1695 4993 : *start = -1;
1696 105864 : return NULL; /* End of packets; not found. */
1697 :
1698 : too_short:
1699 0 : if (opt.verbose)
1700 0 : log_info ("buffer shorter than subpacket\n");
1701 0 : if (start)
1702 0 : *start = -1;
1703 0 : return NULL;
1704 : }
1705 :
1706 :
1707 : const byte *
1708 155475 : parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
1709 : size_t * ret_n)
1710 : {
1711 155475 : return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
1712 : }
1713 :
1714 :
1715 : const byte *
1716 17444 : parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
1717 : {
1718 : const byte *p;
1719 :
1720 17444 : p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
1721 17444 : if (!p)
1722 17444 : p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
1723 17444 : return p;
1724 : }
1725 :
1726 :
1727 : /* Find all revocation keys. Look in hashed area only. */
1728 : void
1729 5 : parse_revkeys (PKT_signature * sig)
1730 : {
1731 : const byte *revkey;
1732 5 : int seq = 0;
1733 : size_t len;
1734 :
1735 5 : if (sig->sig_class != 0x1F)
1736 5 : return;
1737 :
1738 15 : while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
1739 : &len, &seq, NULL)))
1740 : {
1741 5 : if (/* The only valid length is 22 bytes. See RFC 4880
1742 : 5.2.3.15. */
1743 5 : len == 22
1744 : /* 0x80 bit must be set on the class. */
1745 5 : && (revkey[0] & 0x80))
1746 : {
1747 5 : sig->revkey = xrealloc (sig->revkey,
1748 : sizeof (struct revocation_key) *
1749 : (sig->numrevkeys + 1));
1750 :
1751 : /* Copy the individual fields. */
1752 5 : sig->revkey[sig->numrevkeys].class = revkey[0];
1753 5 : sig->revkey[sig->numrevkeys].algid = revkey[1];
1754 5 : memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
1755 :
1756 5 : sig->numrevkeys++;
1757 : }
1758 : }
1759 : }
1760 :
1761 :
1762 : int
1763 9381 : parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
1764 : PKT_signature * sig)
1765 : {
1766 9381 : int md5_len = 0;
1767 : unsigned n;
1768 9381 : int is_v4 = 0;
1769 9381 : int rc = 0;
1770 : int i, ndata;
1771 :
1772 9381 : if (pktlen < 16)
1773 : {
1774 0 : log_error ("packet(%d) too short\n", pkttype);
1775 0 : if (list_mode)
1776 0 : es_fputs (":signature packet: [too short]\n", listfp);
1777 0 : goto leave;
1778 : }
1779 9381 : sig->version = iobuf_get_noeof (inp);
1780 9381 : pktlen--;
1781 9381 : if (sig->version == 4)
1782 8722 : is_v4 = 1;
1783 659 : else if (sig->version != 2 && sig->version != 3)
1784 : {
1785 0 : log_error ("packet(%d) with unknown version %d\n",
1786 0 : pkttype, sig->version);
1787 0 : if (list_mode)
1788 0 : es_fputs (":signature packet: [unknown version]\n", listfp);
1789 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
1790 0 : goto leave;
1791 : }
1792 :
1793 9381 : if (!is_v4)
1794 : {
1795 659 : if (pktlen == 0)
1796 0 : goto underflow;
1797 659 : md5_len = iobuf_get_noeof (inp);
1798 659 : pktlen--;
1799 : }
1800 9381 : if (pktlen == 0)
1801 0 : goto underflow;
1802 9381 : sig->sig_class = iobuf_get_noeof (inp);
1803 9381 : pktlen--;
1804 9381 : if (!is_v4)
1805 : {
1806 659 : if (pktlen < 12)
1807 0 : goto underflow;
1808 659 : sig->timestamp = read_32 (inp);
1809 659 : pktlen -= 4;
1810 659 : sig->keyid[0] = read_32 (inp);
1811 659 : pktlen -= 4;
1812 659 : sig->keyid[1] = read_32 (inp);
1813 659 : pktlen -= 4;
1814 : }
1815 9381 : if (pktlen < 2)
1816 0 : goto underflow;
1817 9381 : sig->pubkey_algo = iobuf_get_noeof (inp);
1818 9381 : pktlen--;
1819 9381 : sig->digest_algo = iobuf_get_noeof (inp);
1820 9381 : pktlen--;
1821 9381 : sig->flags.exportable = 1;
1822 9381 : sig->flags.revocable = 1;
1823 9381 : if (is_v4) /* Read subpackets. */
1824 : {
1825 8722 : if (pktlen < 2)
1826 0 : goto underflow;
1827 8722 : n = read_16 (inp);
1828 8722 : pktlen -= 2; /* Length of hashed data. */
1829 8722 : if (pktlen < n)
1830 0 : goto underflow;
1831 8722 : if (n > 10000)
1832 : {
1833 0 : log_error ("signature packet: hashed data too long\n");
1834 0 : if (list_mode)
1835 0 : es_fputs (":signature packet: [hashed data too long]\n", listfp);
1836 0 : rc = GPG_ERR_INV_PACKET;
1837 0 : goto leave;
1838 : }
1839 8722 : if (n)
1840 : {
1841 8722 : sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
1842 8722 : sig->hashed->size = n;
1843 8722 : sig->hashed->len = n;
1844 8722 : if (iobuf_read (inp, sig->hashed->data, n) != n)
1845 : {
1846 0 : log_error ("premature eof while reading "
1847 : "hashed signature data\n");
1848 0 : if (list_mode)
1849 0 : es_fputs (":signature packet: [premature eof]\n", listfp);
1850 0 : rc = -1;
1851 0 : goto leave;
1852 : }
1853 8722 : pktlen -= n;
1854 : }
1855 8722 : if (pktlen < 2)
1856 0 : goto underflow;
1857 8722 : n = read_16 (inp);
1858 8722 : pktlen -= 2; /* Length of unhashed data. */
1859 8722 : if (pktlen < n)
1860 0 : goto underflow;
1861 8722 : if (n > 10000)
1862 : {
1863 0 : log_error ("signature packet: unhashed data too long\n");
1864 0 : if (list_mode)
1865 0 : es_fputs (":signature packet: [unhashed data too long]\n", listfp);
1866 0 : rc = GPG_ERR_INV_PACKET;
1867 0 : goto leave;
1868 : }
1869 8722 : if (n)
1870 : {
1871 8722 : sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
1872 8722 : sig->unhashed->size = n;
1873 8722 : sig->unhashed->len = n;
1874 8722 : if (iobuf_read (inp, sig->unhashed->data, n) != n)
1875 : {
1876 0 : log_error ("premature eof while reading "
1877 : "unhashed signature data\n");
1878 0 : if (list_mode)
1879 0 : es_fputs (":signature packet: [premature eof]\n", listfp);
1880 0 : rc = -1;
1881 0 : goto leave;
1882 : }
1883 8722 : pktlen -= n;
1884 : }
1885 : }
1886 :
1887 9381 : if (pktlen < 2)
1888 0 : goto underflow;
1889 9381 : sig->digest_start[0] = iobuf_get_noeof (inp);
1890 9381 : pktlen--;
1891 9381 : sig->digest_start[1] = iobuf_get_noeof (inp);
1892 9381 : pktlen--;
1893 :
1894 9381 : if (is_v4 && sig->pubkey_algo) /* Extract required information. */
1895 : {
1896 : const byte *p;
1897 : size_t len;
1898 :
1899 : /* Set sig->flags.unknown_critical if there is a critical bit
1900 : * set for packets which we do not understand. */
1901 8722 : if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1902 8722 : || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
1903 0 : sig->flags.unknown_critical = 1;
1904 :
1905 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
1906 8722 : if (p)
1907 8722 : sig->timestamp = buf32_to_u32 (p);
1908 0 : else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1909 0 : && opt.verbose)
1910 0 : log_info ("signature packet without timestamp\n");
1911 :
1912 8722 : p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
1913 8722 : if (p)
1914 : {
1915 8722 : sig->keyid[0] = buf32_to_u32 (p);
1916 8722 : sig->keyid[1] = buf32_to_u32 (p + 4);
1917 : }
1918 0 : else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1919 0 : && opt.verbose)
1920 0 : log_info ("signature packet without keyid\n");
1921 :
1922 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
1923 8722 : if (p && buf32_to_u32 (p))
1924 148 : sig->expiredate = sig->timestamp + buf32_to_u32 (p);
1925 8722 : if (sig->expiredate && sig->expiredate <= make_timestamp ())
1926 141 : sig->flags.expired = 1;
1927 :
1928 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
1929 8722 : if (p)
1930 6 : sig->flags.policy_url = 1;
1931 :
1932 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
1933 8722 : if (p)
1934 0 : sig->flags.pref_ks = 1;
1935 :
1936 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
1937 8722 : if (p && len)
1938 : {
1939 29 : sig->signers_uid = try_make_printable_string (p, len, 0);
1940 29 : if (!sig->signers_uid)
1941 : {
1942 0 : rc = gpg_error_from_syserror ();
1943 0 : goto leave;
1944 : }
1945 : }
1946 :
1947 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
1948 8722 : if (p)
1949 160 : sig->flags.notation = 1;
1950 :
1951 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
1952 8722 : if (p && *p == 0)
1953 5 : sig->flags.revocable = 0;
1954 :
1955 8722 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
1956 8722 : if (p && len == 2)
1957 : {
1958 2 : sig->trust_depth = p[0];
1959 2 : sig->trust_value = p[1];
1960 :
1961 : /* Only look for a regexp if there is also a trust
1962 : subpacket. */
1963 2 : sig->trust_regexp =
1964 2 : parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
1965 :
1966 : /* If the regular expression is of 0 length, there is no
1967 : regular expression. */
1968 2 : if (len == 0)
1969 0 : sig->trust_regexp = NULL;
1970 : }
1971 :
1972 : /* We accept the exportable subpacket from either the hashed or
1973 : unhashed areas as older versions of gpg put it in the
1974 : unhashed area. In theory, anyway, we should never see this
1975 : packet off of a local keyring. */
1976 :
1977 8722 : p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
1978 8722 : if (p && *p == 0)
1979 0 : sig->flags.exportable = 0;
1980 :
1981 : /* Find all revocation keys. */
1982 8722 : if (sig->sig_class == 0x1F)
1983 5 : parse_revkeys (sig);
1984 : }
1985 :
1986 9381 : if (list_mode)
1987 : {
1988 117 : es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1989 : "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1990 : "\tdigest algo %d, begin of digest %02x %02x\n",
1991 13 : sig->pubkey_algo,
1992 26 : (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1993 39 : sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
1994 39 : sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
1995 13 : if (is_v4)
1996 : {
1997 13 : parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
1998 13 : parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
1999 : }
2000 : }
2001 :
2002 9381 : ndata = pubkey_get_nsig (sig->pubkey_algo);
2003 9381 : if (!ndata)
2004 : {
2005 0 : if (list_mode)
2006 0 : es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
2007 0 : unknown_pubkey_warning (sig->pubkey_algo);
2008 :
2009 : /* We store the plain material in data[0], so that we are able
2010 : * to write it back with build_packet(). */
2011 0 : if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
2012 : {
2013 : /* We include a limit to avoid too trivial DoS attacks by
2014 : having gpg allocate too much memory. */
2015 0 : log_error ("signature packet: too much data\n");
2016 0 : rc = GPG_ERR_INV_PACKET;
2017 : }
2018 : else
2019 : {
2020 0 : sig->data[0] =
2021 0 : gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
2022 0 : pktlen = 0;
2023 : }
2024 : }
2025 : else
2026 : {
2027 25137 : for (i = 0; i < ndata; i++)
2028 : {
2029 15756 : n = pktlen;
2030 15756 : sig->data[i] = mpi_read (inp, &n, 0);
2031 15756 : pktlen -= n;
2032 15756 : if (list_mode)
2033 : {
2034 23 : es_fprintf (listfp, "\tdata: ");
2035 23 : mpi_print (listfp, sig->data[i], mpi_print_mode);
2036 23 : es_putc ('\n', listfp);
2037 : }
2038 15756 : if (!sig->data[i])
2039 0 : rc = GPG_ERR_INV_PACKET;
2040 : }
2041 : }
2042 :
2043 : leave:
2044 9381 : iobuf_skip_rest (inp, pktlen, 0);
2045 9381 : return rc;
2046 :
2047 : underflow:
2048 0 : log_error ("packet(%d) too short\n", pkttype);
2049 0 : if (list_mode)
2050 0 : es_fputs (":signature packet: [too short]\n", listfp);
2051 :
2052 0 : iobuf_skip_rest (inp, pktlen, 0);
2053 :
2054 0 : return GPG_ERR_INV_PACKET;
2055 : }
2056 :
2057 :
2058 : static int
2059 155 : parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
2060 : PKT_onepass_sig * ops)
2061 : {
2062 : int version;
2063 155 : int rc = 0;
2064 :
2065 155 : if (pktlen < 13)
2066 : {
2067 0 : log_error ("packet(%d) too short\n", pkttype);
2068 0 : if (list_mode)
2069 0 : es_fputs (":onepass_sig packet: [too short]\n", listfp);
2070 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
2071 0 : goto leave;
2072 : }
2073 155 : version = iobuf_get_noeof (inp);
2074 155 : pktlen--;
2075 155 : if (version != 3)
2076 : {
2077 0 : log_error ("onepass_sig with unknown version %d\n", version);
2078 0 : if (list_mode)
2079 0 : es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
2080 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
2081 0 : goto leave;
2082 : }
2083 155 : ops->sig_class = iobuf_get_noeof (inp);
2084 155 : pktlen--;
2085 155 : ops->digest_algo = iobuf_get_noeof (inp);
2086 155 : pktlen--;
2087 155 : ops->pubkey_algo = iobuf_get_noeof (inp);
2088 155 : pktlen--;
2089 155 : ops->keyid[0] = read_32 (inp);
2090 155 : pktlen -= 4;
2091 155 : ops->keyid[1] = read_32 (inp);
2092 155 : pktlen -= 4;
2093 155 : ops->last = iobuf_get_noeof (inp);
2094 155 : pktlen--;
2095 155 : if (list_mode)
2096 6 : es_fprintf (listfp,
2097 : ":onepass_sig packet: keyid %08lX%08lX\n"
2098 : "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
2099 : "last=%d\n",
2100 2 : (ulong) ops->keyid[0], (ulong) ops->keyid[1],
2101 1 : version, ops->sig_class,
2102 3 : ops->digest_algo, ops->pubkey_algo, ops->last);
2103 :
2104 :
2105 : leave:
2106 155 : iobuf_skip_rest (inp, pktlen, 0);
2107 155 : return rc;
2108 : }
2109 :
2110 :
2111 : static int
2112 7295 : parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
2113 : byte * hdr, int hdrlen, PACKET * pkt)
2114 : {
2115 7295 : gpg_error_t err = 0;
2116 : int i, version, algorithm;
2117 : unsigned long timestamp, expiredate, max_expiredate;
2118 : int npkey, nskey;
2119 : u32 keyid[2];
2120 : PKT_public_key *pk;
2121 :
2122 : (void) hdr;
2123 :
2124 7295 : pk = pkt->pkt.public_key; /* PK has been cleared. */
2125 :
2126 7295 : version = iobuf_get_noeof (inp);
2127 7295 : pktlen--;
2128 7295 : if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
2129 : {
2130 : /* Early versions of G10 used the old PGP comments packets;
2131 : * luckily all those comments are started by a hash. */
2132 0 : if (list_mode)
2133 : {
2134 0 : es_fprintf (listfp, ":rfc1991 comment packet: \"");
2135 0 : for (; pktlen; pktlen--)
2136 : {
2137 : int c;
2138 0 : c = iobuf_get (inp);
2139 0 : if (c == -1)
2140 0 : break; /* Ooops: shorter than indicated. */
2141 0 : if (c >= ' ' && c <= 'z')
2142 0 : es_putc (c, listfp);
2143 : else
2144 0 : es_fprintf (listfp, "\\x%02x", c);
2145 : }
2146 0 : es_fprintf (listfp, "\"\n");
2147 : }
2148 0 : iobuf_skip_rest (inp, pktlen, 0);
2149 0 : return 0;
2150 : }
2151 7295 : else if (version == 4)
2152 : {
2153 : /* The only supported version. Use an older gpg
2154 : version (i.e. gpg 1.4) to parse v3 packets. */
2155 : }
2156 2 : else if (version == 2 || version == 3)
2157 : {
2158 2 : if (opt.verbose > 1)
2159 0 : log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
2160 2 : if (list_mode)
2161 0 : es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
2162 2 : pk->version = version;
2163 2 : err = gpg_error (GPG_ERR_LEGACY_KEY);
2164 2 : goto leave;
2165 : }
2166 : else
2167 : {
2168 0 : log_error ("packet(%d) with unknown version %d\n", pkttype, version);
2169 0 : if (list_mode)
2170 0 : es_fputs (":key packet: [unknown version]\n", listfp);
2171 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2172 0 : goto leave;
2173 : }
2174 :
2175 7293 : if (pktlen < 11)
2176 : {
2177 0 : log_error ("packet(%d) too short\n", pkttype);
2178 0 : if (list_mode)
2179 0 : es_fputs (":key packet: [too short]\n", listfp);
2180 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2181 0 : goto leave;
2182 : }
2183 7293 : else if (pktlen > MAX_KEY_PACKET_LENGTH)
2184 : {
2185 0 : log_error ("packet(%d) too large\n", pkttype);
2186 0 : if (list_mode)
2187 0 : es_fputs (":key packet: [too larget]\n", listfp);
2188 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2189 0 : goto leave;
2190 : }
2191 :
2192 7293 : timestamp = read_32 (inp);
2193 7293 : pktlen -= 4;
2194 7293 : expiredate = 0; /* have to get it from the selfsignature */
2195 7293 : max_expiredate = 0;
2196 7293 : algorithm = iobuf_get_noeof (inp);
2197 7293 : pktlen--;
2198 7293 : if (list_mode)
2199 17 : es_fprintf (listfp, ":%s key packet:\n"
2200 : "\tversion %d, algo %d, created %lu, expires %lu\n",
2201 : pkttype == PKT_PUBLIC_KEY ? "public" :
2202 11 : pkttype == PKT_SECRET_KEY ? "secret" :
2203 6 : pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
2204 2 : pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
2205 : version, algorithm, timestamp, expiredate);
2206 :
2207 7293 : pk->timestamp = timestamp;
2208 7293 : pk->expiredate = expiredate;
2209 7293 : pk->max_expiredate = max_expiredate;
2210 7293 : pk->hdrbytes = hdrlen;
2211 7293 : pk->version = version;
2212 7293 : pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
2213 7293 : pk->pubkey_algo = algorithm;
2214 :
2215 7293 : nskey = pubkey_get_nskey (algorithm);
2216 7293 : npkey = pubkey_get_npkey (algorithm);
2217 7293 : if (!npkey)
2218 : {
2219 0 : if (list_mode)
2220 0 : es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
2221 0 : unknown_pubkey_warning (algorithm);
2222 : }
2223 :
2224 7293 : if (!npkey)
2225 : {
2226 : /* Unknown algorithm - put data into an opaque MPI. */
2227 0 : pk->pkey[0] = gcry_mpi_set_opaque (NULL,
2228 : read_rest (inp, pktlen), pktlen * 8);
2229 0 : pktlen = 0;
2230 0 : goto leave;
2231 : }
2232 : else
2233 : {
2234 28922 : for (i = 0; i < npkey; i++)
2235 : {
2236 21629 : if ( (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
2237 21377 : || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
2238 21368 : || (algorithm == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
2239 775 : {
2240 : /* Read the OID (i==1) or the KDF params (i==2). */
2241 : size_t n;
2242 775 : err = read_size_body (inp, pktlen, &n, pk->pkey+i);
2243 775 : pktlen -= n;
2244 : }
2245 : else
2246 : {
2247 20854 : unsigned int n = pktlen;
2248 20854 : pk->pkey[i] = mpi_read (inp, &n, 0);
2249 20854 : pktlen -= n;
2250 20854 : if (!pk->pkey[i])
2251 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2252 : }
2253 21629 : if (err)
2254 0 : goto leave;
2255 21629 : if (list_mode)
2256 : {
2257 32 : es_fprintf (listfp, "\tpkey[%d]: ", i);
2258 32 : mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2259 32 : if ((algorithm == PUBKEY_ALGO_ECDSA
2260 32 : || algorithm == PUBKEY_ALGO_EDDSA
2261 32 : || algorithm == PUBKEY_ALGO_ECDH) && i==0)
2262 : {
2263 0 : char *curve = openpgp_oid_to_str (pk->pkey[0]);
2264 0 : const char *name = openpgp_oid_to_curve (curve, 0);
2265 0 : es_fprintf (listfp, " %s (%s)", name?name:"", curve);
2266 0 : xfree (curve);
2267 : }
2268 32 : es_putc ('\n', listfp);
2269 : }
2270 : }
2271 : }
2272 7293 : if (list_mode)
2273 10 : keyid_from_pk (pk, keyid);
2274 :
2275 7293 : if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
2276 : {
2277 : struct seckey_info *ski;
2278 : byte temp[16];
2279 38 : size_t snlen = 0;
2280 :
2281 38 : if (pktlen < 1)
2282 : {
2283 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2284 0 : goto leave;
2285 : }
2286 :
2287 38 : pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
2288 38 : if (!pk->seckey_info)
2289 : {
2290 0 : err = gpg_error_from_syserror ();
2291 0 : goto leave;
2292 : }
2293 :
2294 38 : ski->algo = iobuf_get_noeof (inp);
2295 38 : pktlen--;
2296 38 : if (ski->algo)
2297 : {
2298 33 : ski->is_protected = 1;
2299 33 : ski->s2k.count = 0;
2300 33 : if (ski->algo == 254 || ski->algo == 255)
2301 : {
2302 33 : if (pktlen < 3)
2303 : {
2304 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2305 0 : goto leave;
2306 : }
2307 33 : ski->sha1chk = (ski->algo == 254);
2308 33 : ski->algo = iobuf_get_noeof (inp);
2309 33 : pktlen--;
2310 : /* Note that a ski->algo > 110 is illegal, but I'm not
2311 : erroring on it here as otherwise there would be no
2312 : way to delete such a key. */
2313 33 : ski->s2k.mode = iobuf_get_noeof (inp);
2314 33 : pktlen--;
2315 33 : ski->s2k.hash_algo = iobuf_get_noeof (inp);
2316 33 : pktlen--;
2317 : /* Check for the special GNU extension. */
2318 33 : if (ski->s2k.mode == 101)
2319 : {
2320 0 : for (i = 0; i < 4 && pktlen; i++, pktlen--)
2321 0 : temp[i] = iobuf_get_noeof (inp);
2322 0 : if (i < 4 || memcmp (temp, "GNU", 3))
2323 : {
2324 0 : if (list_mode)
2325 0 : es_fprintf (listfp, "\tunknown S2K %d\n",
2326 : ski->s2k.mode);
2327 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2328 0 : goto leave;
2329 : }
2330 : /* Here we know that it is a GNU extension. What
2331 : * follows is the GNU protection mode: All values
2332 : * have special meanings and they are mapped to MODE
2333 : * with a base of 1000. */
2334 0 : ski->s2k.mode = 1000 + temp[3];
2335 : }
2336 :
2337 : /* Read the salt. */
2338 33 : switch (ski->s2k.mode)
2339 : {
2340 : case 1:
2341 : case 3:
2342 297 : for (i = 0; i < 8 && pktlen; i++, pktlen--)
2343 264 : temp[i] = iobuf_get_noeof (inp);
2344 33 : if (i < 8)
2345 : {
2346 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2347 0 : goto leave;
2348 : }
2349 33 : memcpy (ski->s2k.salt, temp, 8);
2350 33 : break;
2351 : }
2352 :
2353 : /* Check the mode. */
2354 33 : switch (ski->s2k.mode)
2355 : {
2356 : case 0:
2357 0 : if (list_mode)
2358 0 : es_fprintf (listfp, "\tsimple S2K");
2359 0 : break;
2360 : case 1:
2361 0 : if (list_mode)
2362 0 : es_fprintf (listfp, "\tsalted S2K");
2363 0 : break;
2364 : case 3:
2365 33 : if (list_mode)
2366 2 : es_fprintf (listfp, "\titer+salt S2K");
2367 33 : break;
2368 : case 1001:
2369 0 : if (list_mode)
2370 0 : es_fprintf (listfp, "\tgnu-dummy S2K");
2371 0 : break;
2372 : case 1002:
2373 0 : if (list_mode)
2374 0 : es_fprintf (listfp, "\tgnu-divert-to-card S2K");
2375 0 : break;
2376 : default:
2377 0 : if (list_mode)
2378 0 : es_fprintf (listfp, "\tunknown %sS2K %d\n",
2379 0 : ski->s2k.mode < 1000 ? "" : "GNU ",
2380 : ski->s2k.mode);
2381 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2382 0 : goto leave;
2383 : }
2384 :
2385 : /* Print some info. */
2386 33 : if (list_mode)
2387 : {
2388 6 : es_fprintf (listfp, ", algo: %d,%s hash: %d",
2389 2 : ski->algo,
2390 2 : ski->sha1chk ? " SHA1 protection,"
2391 2 : : " simple checksum,", ski->s2k.hash_algo);
2392 2 : if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
2393 : {
2394 2 : es_fprintf (listfp, ", salt: ");
2395 2 : es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
2396 : }
2397 2 : es_putc ('\n', listfp);
2398 : }
2399 :
2400 : /* Read remaining protection parameters. */
2401 66 : if (ski->s2k.mode == 3)
2402 : {
2403 33 : if (pktlen < 1)
2404 : {
2405 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2406 0 : goto leave;
2407 : }
2408 33 : ski->s2k.count = iobuf_get (inp);
2409 33 : pktlen--;
2410 33 : if (list_mode)
2411 4 : es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
2412 2 : (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
2413 2 : (ulong) ski->s2k.count);
2414 : }
2415 0 : else if (ski->s2k.mode == 1002)
2416 : {
2417 : /* Read the serial number. */
2418 0 : if (pktlen < 1)
2419 : {
2420 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2421 0 : goto leave;
2422 : }
2423 0 : snlen = iobuf_get (inp);
2424 0 : pktlen--;
2425 0 : if (pktlen < snlen || snlen == (size_t)(-1))
2426 : {
2427 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2428 0 : goto leave;
2429 : }
2430 : }
2431 : }
2432 : else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2433 : {
2434 : /* Note that a ski->algo > 110 is illegal, but I'm not
2435 : erroring on it here as otherwise there would be no
2436 : way to delete such a key. */
2437 0 : ski->s2k.mode = 0;
2438 0 : ski->s2k.hash_algo = DIGEST_ALGO_MD5;
2439 0 : if (list_mode)
2440 0 : es_fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2441 0 : ski->algo, ski->s2k.hash_algo);
2442 : }
2443 :
2444 : /* It is really ugly that we don't know the size
2445 : * of the IV here in cases we are not aware of the algorithm.
2446 : * so a
2447 : * ski->ivlen = cipher_get_blocksize (ski->algo);
2448 : * won't work. The only solution I see is to hardwire it.
2449 : * NOTE: if you change the ivlen above 16, don't forget to
2450 : * enlarge temp. */
2451 33 : ski->ivlen = openpgp_cipher_blocklen (ski->algo);
2452 33 : log_assert (ski->ivlen <= sizeof (temp));
2453 :
2454 33 : if (ski->s2k.mode == 1001)
2455 0 : ski->ivlen = 0;
2456 33 : else if (ski->s2k.mode == 1002)
2457 0 : ski->ivlen = snlen < 16 ? snlen : 16;
2458 :
2459 33 : if (pktlen < ski->ivlen)
2460 : {
2461 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2462 0 : goto leave;
2463 : }
2464 513 : for (i = 0; i < ski->ivlen; i++, pktlen--)
2465 480 : temp[i] = iobuf_get_noeof (inp);
2466 33 : if (list_mode)
2467 : {
2468 2 : es_fprintf (listfp,
2469 2 : ski->s2k.mode == 1002 ? "\tserial-number: "
2470 : : "\tprotect IV: ");
2471 34 : for (i = 0; i < ski->ivlen; i++)
2472 32 : es_fprintf (listfp, " %02x", temp[i]);
2473 2 : es_putc ('\n', listfp);
2474 : }
2475 33 : memcpy (ski->iv, temp, ski->ivlen);
2476 : }
2477 :
2478 : /* It does not make sense to read it into secure memory.
2479 : * If the user is so careless, not to protect his secret key,
2480 : * we can assume, that he operates an open system :=(.
2481 : * So we put the key into secure memory when we unprotect it. */
2482 38 : if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
2483 : {
2484 : /* Better set some dummy stuff here. */
2485 0 : pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2486 0 : xstrdup ("dummydata"),
2487 : 10 * 8);
2488 0 : pktlen = 0;
2489 : }
2490 38 : else if (ski->is_protected)
2491 : {
2492 33 : if (pktlen < 2) /* At least two bytes for the length. */
2493 : {
2494 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2495 0 : goto leave;
2496 : }
2497 :
2498 : /* Ugly: The length is encrypted too, so we read all stuff
2499 : * up to the end of the packet into the first SKEY
2500 : * element. */
2501 33 : pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2502 : read_rest (inp, pktlen),
2503 : pktlen * 8);
2504 : /* Mark that MPI as protected - we need this information for
2505 : importing a key. The OPAQUE flag can't be used because
2506 : we also store public EdDSA values in opaque MPIs. */
2507 33 : if (pk->pkey[npkey])
2508 33 : gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
2509 33 : pktlen = 0;
2510 33 : if (list_mode)
2511 2 : es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
2512 : }
2513 : else
2514 : {
2515 : /* Not encrypted. */
2516 19 : for (i = npkey; i < nskey; i++)
2517 : {
2518 : unsigned int n;
2519 :
2520 14 : if (pktlen < 2) /* At least two bytes for the length. */
2521 : {
2522 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2523 0 : goto leave;
2524 : }
2525 14 : n = pktlen;
2526 14 : pk->pkey[i] = mpi_read (inp, &n, 0);
2527 14 : pktlen -= n;
2528 14 : if (list_mode)
2529 : {
2530 6 : es_fprintf (listfp, "\tskey[%d]: ", i);
2531 6 : mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2532 6 : es_putc ('\n', listfp);
2533 : }
2534 :
2535 14 : if (!pk->pkey[i])
2536 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2537 : }
2538 5 : if (err)
2539 0 : goto leave;
2540 :
2541 5 : if (pktlen < 2)
2542 : {
2543 0 : err = gpg_error (GPG_ERR_INV_PACKET);
2544 0 : goto leave;
2545 : }
2546 5 : ski->csum = read_16 (inp);
2547 5 : pktlen -= 2;
2548 5 : if (list_mode)
2549 3 : es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
2550 : }
2551 : }
2552 :
2553 : /* Note that KEYID below has been initialized above in list_mode. */
2554 7293 : if (list_mode)
2555 20 : es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2556 20 : (ulong) keyid[0], (ulong) keyid[1]);
2557 :
2558 : leave:
2559 7295 : iobuf_skip_rest (inp, pktlen, 0);
2560 7295 : return err;
2561 : }
2562 :
2563 :
2564 : /* Attribute subpackets have the same format as v4 signature
2565 : subpackets. This is not part of OpenPGP, but is done in several
2566 : versions of PGP nevertheless. */
2567 : int
2568 0 : parse_attribute_subpkts (PKT_user_id * uid)
2569 : {
2570 : size_t n;
2571 0 : int count = 0;
2572 0 : struct user_attribute *attribs = NULL;
2573 0 : const byte *buffer = uid->attrib_data;
2574 0 : int buflen = uid->attrib_len;
2575 : byte type;
2576 :
2577 0 : xfree (uid->attribs);
2578 :
2579 0 : while (buflen)
2580 : {
2581 0 : n = *buffer++;
2582 0 : buflen--;
2583 0 : if (n == 255) /* 4 byte length header. */
2584 : {
2585 0 : if (buflen < 4)
2586 0 : goto too_short;
2587 0 : n = buf32_to_size_t (buffer);
2588 0 : buffer += 4;
2589 0 : buflen -= 4;
2590 : }
2591 0 : else if (n >= 192) /* 2 byte special encoded length header. */
2592 : {
2593 0 : if (buflen < 2)
2594 0 : goto too_short;
2595 0 : n = ((n - 192) << 8) + *buffer + 192;
2596 0 : buffer++;
2597 0 : buflen--;
2598 : }
2599 0 : if (buflen < n)
2600 0 : goto too_short;
2601 :
2602 0 : if (!n)
2603 : {
2604 : /* Too short to encode the subpacket type. */
2605 0 : if (opt.verbose)
2606 0 : log_info ("attribute subpacket too short\n");
2607 0 : break;
2608 : }
2609 :
2610 0 : attribs = xrealloc (attribs,
2611 : (count + 1) * sizeof (struct user_attribute));
2612 0 : memset (&attribs[count], 0, sizeof (struct user_attribute));
2613 :
2614 0 : type = *buffer;
2615 0 : buffer++;
2616 0 : buflen--;
2617 0 : n--;
2618 :
2619 0 : attribs[count].type = type;
2620 0 : attribs[count].data = buffer;
2621 0 : attribs[count].len = n;
2622 0 : buffer += n;
2623 0 : buflen -= n;
2624 0 : count++;
2625 : }
2626 :
2627 0 : uid->attribs = attribs;
2628 0 : uid->numattribs = count;
2629 0 : return count;
2630 :
2631 : too_short:
2632 0 : if (opt.verbose)
2633 0 : log_info ("buffer shorter than attribute subpacket\n");
2634 0 : uid->attribs = attribs;
2635 0 : uid->numattribs = count;
2636 0 : return count;
2637 : }
2638 :
2639 :
2640 : static int
2641 4408 : parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2642 : {
2643 : byte *p;
2644 :
2645 : /* Cap the size of a user ID at 2k: a value absurdly large enough
2646 : that there is no sane user ID string (which is printable text
2647 : as of RFC2440bis) that won't fit in it, but yet small enough to
2648 : avoid allocation problems. A large pktlen may not be
2649 : allocatable, and a very large pktlen could actually cause our
2650 : allocation to wrap around in xmalloc to a small number. */
2651 :
2652 4408 : if (pktlen > MAX_UID_PACKET_LENGTH)
2653 : {
2654 0 : log_error ("packet(%d) too large\n", pkttype);
2655 0 : if (list_mode)
2656 0 : es_fprintf (listfp, ":user ID packet: [too large]\n");
2657 0 : iobuf_skip_rest (inp, pktlen, 0);
2658 0 : return GPG_ERR_INV_PACKET;
2659 : }
2660 :
2661 4408 : packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
2662 4408 : packet->pkt.user_id->len = pktlen;
2663 4408 : packet->pkt.user_id->ref = 1;
2664 :
2665 4408 : p = packet->pkt.user_id->name;
2666 143436 : for (; pktlen; pktlen--, p++)
2667 139028 : *p = iobuf_get_noeof (inp);
2668 4408 : *p = 0;
2669 :
2670 4408 : if (list_mode)
2671 : {
2672 6 : int n = packet->pkt.user_id->len;
2673 6 : es_fprintf (listfp, ":user ID packet: \"");
2674 : /* fixme: Hey why don't we replace this with es_write_sanitized?? */
2675 220 : for (p = packet->pkt.user_id->name; n; p++, n--)
2676 : {
2677 214 : if (*p >= ' ' && *p <= 'z')
2678 214 : es_putc (*p, listfp);
2679 : else
2680 0 : es_fprintf (listfp, "\\x%02x", *p);
2681 : }
2682 6 : es_fprintf (listfp, "\"\n");
2683 : }
2684 4408 : return 0;
2685 : }
2686 :
2687 :
2688 : void
2689 0 : make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
2690 : {
2691 0 : log_assert (max_namelen > 70);
2692 0 : if (uid->numattribs <= 0)
2693 0 : sprintf (uid->name, "[bad attribute packet of size %lu]",
2694 : uid->attrib_len);
2695 0 : else if (uid->numattribs > 1)
2696 0 : sprintf (uid->name, "[%d attributes of size %lu]",
2697 : uid->numattribs, uid->attrib_len);
2698 : else
2699 : {
2700 : /* Only one attribute, so list it as the "user id" */
2701 :
2702 0 : if (uid->attribs->type == ATTRIB_IMAGE)
2703 : {
2704 : u32 len;
2705 : byte type;
2706 :
2707 0 : if (parse_image_header (uid->attribs, &type, &len))
2708 0 : sprintf (uid->name, "[%.20s image of size %lu]",
2709 : image_type_to_string (type, 1), (ulong) len);
2710 : else
2711 0 : sprintf (uid->name, "[invalid image]");
2712 : }
2713 : else
2714 0 : sprintf (uid->name, "[unknown attribute of size %lu]",
2715 0 : (ulong) uid->attribs->len);
2716 : }
2717 :
2718 0 : uid->len = strlen (uid->name);
2719 0 : }
2720 :
2721 :
2722 : static int
2723 0 : parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
2724 : PACKET * packet)
2725 : {
2726 : byte *p;
2727 :
2728 : (void) pkttype;
2729 :
2730 : /* We better cap the size of an attribute packet to make DoS not too
2731 : easy. 16MB should be more then enough for one attribute packet
2732 : (ie. a photo). */
2733 0 : if (pktlen > MAX_ATTR_PACKET_LENGTH)
2734 : {
2735 0 : log_error ("packet(%d) too large\n", pkttype);
2736 0 : if (list_mode)
2737 0 : es_fprintf (listfp, ":attribute packet: [too large]\n");
2738 0 : iobuf_skip_rest (inp, pktlen, 0);
2739 0 : return GPG_ERR_INV_PACKET;
2740 : }
2741 :
2742 : #define EXTRA_UID_NAME_SPACE 71
2743 0 : packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
2744 : + EXTRA_UID_NAME_SPACE);
2745 0 : packet->pkt.user_id->ref = 1;
2746 0 : packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
2747 0 : packet->pkt.user_id->attrib_len = pktlen;
2748 :
2749 0 : p = packet->pkt.user_id->attrib_data;
2750 0 : for (; pktlen; pktlen--, p++)
2751 0 : *p = iobuf_get_noeof (inp);
2752 :
2753 : /* Now parse out the individual attribute subpackets. This is
2754 : somewhat pointless since there is only one currently defined
2755 : attribute type (jpeg), but it is correct by the spec. */
2756 0 : parse_attribute_subpkts (packet->pkt.user_id);
2757 :
2758 0 : make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2759 :
2760 0 : if (list_mode)
2761 : {
2762 0 : es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
2763 : }
2764 0 : return 0;
2765 : }
2766 :
2767 :
2768 : static int
2769 0 : parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2770 : {
2771 : byte *p;
2772 :
2773 : /* Cap comment packet at a reasonable value to avoid an integer
2774 : overflow in the malloc below. Comment packets are actually not
2775 : anymore define my OpenPGP and we even stopped to use our
2776 : private comment packet. */
2777 0 : if (pktlen > MAX_COMMENT_PACKET_LENGTH)
2778 : {
2779 0 : log_error ("packet(%d) too large\n", pkttype);
2780 0 : if (list_mode)
2781 0 : es_fprintf (listfp, ":%scomment packet: [too large]\n",
2782 : pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
2783 0 : iobuf_skip_rest (inp, pktlen, 0);
2784 0 : return GPG_ERR_INV_PACKET;
2785 : }
2786 0 : packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
2787 0 : packet->pkt.comment->len = pktlen;
2788 0 : p = packet->pkt.comment->data;
2789 0 : for (; pktlen; pktlen--, p++)
2790 0 : *p = iobuf_get_noeof (inp);
2791 :
2792 0 : if (list_mode)
2793 : {
2794 0 : int n = packet->pkt.comment->len;
2795 0 : es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
2796 : "OpenPGP draft " : "");
2797 0 : for (p = packet->pkt.comment->data; n; p++, n--)
2798 : {
2799 0 : if (*p >= ' ' && *p <= 'z')
2800 0 : es_putc (*p, listfp);
2801 : else
2802 0 : es_fprintf (listfp, "\\x%02x", *p);
2803 : }
2804 0 : es_fprintf (listfp, "\"\n");
2805 : }
2806 0 : return 0;
2807 : }
2808 :
2809 :
2810 : static void
2811 412 : parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
2812 : {
2813 : int c;
2814 :
2815 : (void) pkttype;
2816 :
2817 412 : pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
2818 412 : if (pktlen)
2819 : {
2820 412 : c = iobuf_get_noeof (inp);
2821 412 : pktlen--;
2822 412 : pkt->pkt.ring_trust->trustval = c;
2823 412 : pkt->pkt.ring_trust->sigcache = 0;
2824 412 : if (!c && pktlen == 1)
2825 : {
2826 407 : c = iobuf_get_noeof (inp);
2827 407 : pktlen--;
2828 : /* We require that bit 7 of the sigcache is 0 (easier eof
2829 : handling). */
2830 407 : if (!(c & 0x80))
2831 407 : pkt->pkt.ring_trust->sigcache = c;
2832 : }
2833 412 : if (list_mode)
2834 0 : es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2835 0 : pkt->pkt.ring_trust->trustval,
2836 0 : pkt->pkt.ring_trust->sigcache);
2837 : }
2838 : else
2839 : {
2840 0 : pkt->pkt.ring_trust->trustval = 0;
2841 0 : pkt->pkt.ring_trust->sigcache = 0;
2842 0 : if (list_mode)
2843 0 : es_fprintf (listfp, ":trust packet: empty\n");
2844 : }
2845 412 : iobuf_skip_rest (inp, pktlen, 0);
2846 412 : }
2847 :
2848 :
2849 : static int
2850 463 : parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
2851 : PACKET * pkt, int new_ctb, int partial)
2852 : {
2853 463 : int rc = 0;
2854 : int mode, namelen;
2855 : PKT_plaintext *pt;
2856 : byte *p;
2857 : int c, i;
2858 :
2859 463 : if (!partial && pktlen < 6)
2860 : {
2861 0 : log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
2862 0 : if (list_mode)
2863 0 : es_fputs (":literal data packet: [too short]\n", listfp);
2864 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
2865 0 : goto leave;
2866 : }
2867 463 : mode = iobuf_get_noeof (inp);
2868 463 : if (pktlen)
2869 421 : pktlen--;
2870 463 : namelen = iobuf_get_noeof (inp);
2871 463 : if (pktlen)
2872 421 : pktlen--;
2873 : /* Note that namelen will never exceed 255 bytes. */
2874 463 : pt = pkt->pkt.plaintext =
2875 463 : xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
2876 463 : pt->new_ctb = new_ctb;
2877 463 : pt->mode = mode;
2878 463 : pt->namelen = namelen;
2879 463 : pt->is_partial = partial;
2880 463 : if (pktlen)
2881 : {
2882 3443 : for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
2883 3022 : pt->name[i] = iobuf_get_noeof (inp);
2884 : }
2885 : else
2886 : {
2887 56 : for (i = 0; i < namelen; i++)
2888 14 : if ((c = iobuf_get (inp)) == -1)
2889 0 : break;
2890 : else
2891 14 : pt->name[i] = c;
2892 : }
2893 463 : pt->timestamp = read_32 (inp);
2894 463 : if (pktlen)
2895 421 : pktlen -= 4;
2896 463 : pt->len = pktlen;
2897 463 : pt->buf = inp;
2898 :
2899 463 : if (list_mode)
2900 : {
2901 12 : es_fprintf (listfp, ":literal data packet:\n"
2902 : "\tmode %c (%X), created %lu, name=\"",
2903 6 : mode >= ' ' && mode < 'z' ? mode : '?', mode,
2904 6 : (ulong) pt->timestamp);
2905 11 : for (p = pt->name, i = 0; i < namelen; p++, i++)
2906 : {
2907 5 : if (*p >= ' ' && *p <= 'z')
2908 5 : es_putc (*p, listfp);
2909 : else
2910 0 : es_fprintf (listfp, "\\x%02x", *p);
2911 : }
2912 6 : es_fprintf (listfp, "\",\n\traw data: ");
2913 6 : if (partial)
2914 0 : es_fprintf (listfp, "unknown length\n");
2915 : else
2916 6 : es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
2917 : }
2918 :
2919 : leave:
2920 463 : return rc;
2921 : }
2922 :
2923 :
2924 : static int
2925 424 : parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
2926 : PACKET * pkt, int new_ctb)
2927 : {
2928 : PKT_compressed *zd;
2929 :
2930 : /* PKTLEN is here 0, but data follows (this should be the last
2931 : object in a file or the compress algorithm should know the
2932 : length). */
2933 : (void) pkttype;
2934 : (void) pktlen;
2935 :
2936 424 : zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2937 424 : zd->algorithm = iobuf_get_noeof (inp);
2938 424 : zd->len = 0; /* not used */
2939 424 : zd->new_ctb = new_ctb;
2940 424 : zd->buf = inp;
2941 424 : if (list_mode)
2942 6 : es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2943 424 : return 0;
2944 : }
2945 :
2946 :
2947 : static int
2948 319 : parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
2949 : PACKET * pkt, int new_ctb, int partial)
2950 : {
2951 319 : int rc = 0;
2952 : PKT_encrypted *ed;
2953 319 : unsigned long orig_pktlen = pktlen;
2954 :
2955 319 : ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
2956 : /* ed->len is set below. */
2957 319 : ed->extralen = 0; /* Unknown here; only used in build_packet. */
2958 319 : ed->buf = NULL;
2959 319 : ed->new_ctb = new_ctb;
2960 319 : ed->is_partial = partial;
2961 319 : if (pkttype == PKT_ENCRYPTED_MDC)
2962 : {
2963 : /* Fixme: add some pktlen sanity checks. */
2964 : int version;
2965 :
2966 259 : version = iobuf_get_noeof (inp);
2967 259 : if (orig_pktlen)
2968 35 : pktlen--;
2969 259 : if (version != 1)
2970 : {
2971 0 : log_error ("encrypted_mdc packet with unknown version %d\n",
2972 : version);
2973 0 : if (list_mode)
2974 0 : es_fputs (":encrypted data packet: [unknown version]\n", listfp);
2975 : /*skip_rest(inp, pktlen); should we really do this? */
2976 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
2977 0 : goto leave;
2978 : }
2979 259 : ed->mdc_method = DIGEST_ALGO_SHA1;
2980 : }
2981 : else
2982 60 : ed->mdc_method = 0;
2983 :
2984 : /* A basic sanity check. We need at least an 8 byte IV plus the 2
2985 : detection bytes. Note that we don't known the algorithm and thus
2986 : we may only check against the minimum blocksize. */
2987 319 : if (orig_pktlen && pktlen < 10)
2988 : {
2989 : /* Actually this is blocksize+2. */
2990 0 : log_error ("packet(%d) too short\n", pkttype);
2991 0 : if (list_mode)
2992 0 : es_fputs (":encrypted data packet: [too short]\n", listfp);
2993 0 : rc = GPG_ERR_INV_PACKET;
2994 0 : iobuf_skip_rest (inp, pktlen, partial);
2995 0 : goto leave;
2996 : }
2997 :
2998 : /* Store the remaining length of the encrypted data (i.e. without
2999 : the MDC version number but with the IV etc.). This value is
3000 : required during decryption. */
3001 319 : ed->len = pktlen;
3002 :
3003 319 : if (list_mode)
3004 : {
3005 5 : if (orig_pktlen)
3006 5 : es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
3007 : orig_pktlen);
3008 : else
3009 0 : es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
3010 5 : if (ed->mdc_method)
3011 0 : es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
3012 : }
3013 :
3014 319 : ed->buf = inp;
3015 :
3016 : leave:
3017 319 : return rc;
3018 : }
3019 :
3020 :
3021 : /* Note, that this code is not anymore used in real life because the
3022 : MDC checking is now done right after the decryption in
3023 : decrypt_data. */
3024 : static int
3025 0 : parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
3026 : PACKET * pkt, int new_ctb)
3027 : {
3028 0 : int rc = 0;
3029 : PKT_mdc *mdc;
3030 : byte *p;
3031 :
3032 : (void) pkttype;
3033 :
3034 0 : mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
3035 0 : if (list_mode)
3036 0 : es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
3037 0 : if (!new_ctb || pktlen != 20)
3038 : {
3039 0 : log_error ("mdc_packet with invalid encoding\n");
3040 0 : rc = gpg_error (GPG_ERR_INV_PACKET);
3041 0 : goto leave;
3042 : }
3043 0 : p = mdc->hash;
3044 0 : for (; pktlen; pktlen--, p++)
3045 0 : *p = iobuf_get_noeof (inp);
3046 :
3047 : leave:
3048 0 : return rc;
3049 : }
3050 :
3051 :
3052 : /*
3053 : * This packet is internally generated by us (ibn armor.c) to transfer
3054 : * some information to the lower layer. To make sure that this packet
3055 : * is really a GPG faked one and not one coming from outside, we
3056 : * first check that there is a unique tag in it.
3057 : *
3058 : * The format of such a control packet is:
3059 : * n byte session marker
3060 : * 1 byte control type CTRLPKT_xxxxx
3061 : * m byte control data
3062 : */
3063 : static int
3064 17 : parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
3065 : PACKET * packet, int partial)
3066 : {
3067 : byte *p;
3068 : const byte *sesmark;
3069 : size_t sesmarklen;
3070 : int i;
3071 :
3072 : (void) pkttype;
3073 :
3074 17 : if (list_mode)
3075 0 : es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
3076 :
3077 17 : sesmark = get_session_marker (&sesmarklen);
3078 17 : if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
3079 0 : goto skipit;
3080 289 : for (i = 0; i < sesmarklen; i++, pktlen--)
3081 : {
3082 272 : if (sesmark[i] != iobuf_get_noeof (inp))
3083 0 : goto skipit;
3084 : }
3085 17 : if (pktlen > 4096)
3086 0 : goto skipit; /* Definitely too large. We skip it to avoid an
3087 : overflow in the malloc. */
3088 17 : if (list_mode)
3089 0 : es_fputs ("- gpg control packet", listfp);
3090 :
3091 17 : packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3092 : + pktlen - 1);
3093 17 : packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
3094 17 : pktlen--;
3095 17 : packet->pkt.gpg_control->datalen = pktlen;
3096 17 : p = packet->pkt.gpg_control->data;
3097 51 : for (; pktlen; pktlen--, p++)
3098 34 : *p = iobuf_get_noeof (inp);
3099 :
3100 17 : return 0;
3101 :
3102 : skipit:
3103 0 : if (list_mode)
3104 : {
3105 : int c;
3106 :
3107 0 : i = 0;
3108 0 : es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
3109 0 : if (partial)
3110 : {
3111 0 : while ((c = iobuf_get (inp)) != -1)
3112 0 : dump_hex_line (c, &i);
3113 : }
3114 : else
3115 : {
3116 0 : for (; pktlen; pktlen--)
3117 : {
3118 0 : dump_hex_line ((c = iobuf_get (inp)), &i);
3119 0 : if (c == -1)
3120 0 : break;
3121 : }
3122 : }
3123 0 : es_putc ('\n', listfp);
3124 : }
3125 0 : iobuf_skip_rest (inp, pktlen, 0);
3126 0 : return gpg_error (GPG_ERR_INV_PACKET);
3127 : }
3128 :
3129 :
3130 : /* Create a GPG control packet to be used internally as a placeholder. */
3131 : PACKET *
3132 457 : create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
3133 : {
3134 : PACKET *packet;
3135 : byte *p;
3136 :
3137 457 : packet = xmalloc (sizeof *packet);
3138 457 : init_packet (packet);
3139 457 : packet->pkttype = PKT_GPG_CONTROL;
3140 457 : packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3141 : + datalen - 1);
3142 457 : packet->pkt.gpg_control->control = type;
3143 457 : packet->pkt.gpg_control->datalen = datalen;
3144 457 : p = packet->pkt.gpg_control->data;
3145 457 : for (; datalen; datalen--, p++)
3146 0 : *p = *data++;
3147 :
3148 457 : return packet;
3149 : }
|