LCOV - code coverage report
Current view: top level - kbx - keybox-openpgp.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 143 238 60.1 %
Date: 2016-11-29 15:00:56 Functions: 4 4 100.0 %

          Line data    Source code
       1             : /* keybox-openpgp.c - OpenPGP key parsing
       2             :  * Copyright (C) 2001, 2003, 2011 Free Software Foundation, Inc.
       3             :  *
       4             :  * This file is part of GnuPG.
       5             :  *
       6             :  * GnuPG is free software; you can redistribute it and/or modify
       7             :  * it under the terms of the GNU General Public License as published by
       8             :  * the Free Software Foundation; either version 3 of the License, or
       9             :  * (at your option) any later version.
      10             :  *
      11             :  * GnuPG is distributed in the hope that it will be useful,
      12             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  * GNU General Public License for more details.
      15             :  *
      16             :  * You should have received a copy of the GNU General Public License
      17             :  * along with this program; if not, see <https://www.gnu.org/licenses/>.
      18             :  */
      19             : 
      20             : /* This is a simple OpenPGP parser suitable for all OpenPGP key
      21             :    material.  It just provides the functionality required to build and
      22             :    parse an KBX OpenPGP key blob.  Thus it is not a complete parser.
      23             :    However it is self-contained and optimized for fast in-memory
      24             :    parsing.  Note that we don't support old ElGamal v3 keys
      25             :    anymore. */
      26             : 
      27             : #include <config.h>
      28             : #include <stdlib.h>
      29             : #include <stdio.h>
      30             : #include <string.h>
      31             : #include <errno.h>
      32             : #include <assert.h>
      33             : 
      34             : #include "keybox-defs.h"
      35             : 
      36             : #include <gcrypt.h>
      37             : 
      38             : #include "../common/openpgpdefs.h"
      39             : #include "host2net.h"
      40             : 
      41             : /* Assume a valid OpenPGP packet at the address pointed to by BUFBTR
      42             :    which has a maximum length as stored at BUFLEN.  Return the header
      43             :    information of that packet and advance the pointer stored at BUFPTR
      44             :    to the next packet; also adjust the length stored at BUFLEN to
      45             :    match the remaining bytes. If there are no more packets, store NULL
      46             :    at BUFPTR.  Return an non-zero error code on failure or the
      47             :    following data on success:
      48             : 
      49             :    R_DATAPKT = Pointer to the begin of the packet data.
      50             :    R_DATALEN = Length of this data.  This has already been checked to fit
      51             :                into the buffer.
      52             :    R_PKTTYPE = The packet type.
      53             :    R_NTOTAL  = The total number of bytes of this packet
      54             : 
      55             :    Note that these values are only updated on success.
      56             : */
      57             : static gpg_error_t
      58         989 : next_packet (unsigned char const **bufptr, size_t *buflen,
      59             :              unsigned char const **r_data, size_t *r_datalen, int *r_pkttype,
      60             :              size_t *r_ntotal)
      61             : {
      62         989 :   const unsigned char *buf = *bufptr;
      63         989 :   size_t len = *buflen;
      64             :   int c, ctb, pkttype;
      65             :   unsigned long pktlen;
      66             : 
      67         989 :   if (!len)
      68           0 :     return gpg_error (GPG_ERR_NO_DATA);
      69             : 
      70         989 :   ctb = *buf++; len--;
      71         989 :   if ( !(ctb & 0x80) )
      72           0 :     return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
      73             : 
      74         989 :   if ((ctb & 0x40))  /* New style (OpenPGP) CTB.  */
      75             :     {
      76           0 :       pkttype = (ctb & 0x3f);
      77           0 :       if (!len)
      78           0 :         return gpg_error (GPG_ERR_INV_PACKET); /* No 1st length byte. */
      79           0 :       c = *buf++; len--;
      80           0 :       if (pkttype == PKT_COMPRESSED)
      81           0 :         return gpg_error (GPG_ERR_UNEXPECTED); /* ... packet in a keyblock. */
      82           0 :       if ( c < 192 )
      83           0 :         pktlen = c;
      84           0 :       else if ( c < 224 )
      85             :         {
      86           0 :           pktlen = (c - 192) * 256;
      87           0 :           if (!len)
      88           0 :             return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */
      89           0 :           c = *buf++; len--;
      90           0 :           pktlen += c + 192;
      91             :         }
      92           0 :       else if (c == 255)
      93             :         {
      94           0 :           if (len <4 )
      95           0 :             return gpg_error (GPG_ERR_INV_PACKET); /* No length bytes. */
      96           0 :           pktlen = buf32_to_ulong (buf);
      97           0 :           buf += 4;
      98           0 :           len -= 4;
      99             :       }
     100             :       else /* Partial length encoding is not allowed for key packets. */
     101           0 :         return gpg_error (GPG_ERR_UNEXPECTED);
     102             :     }
     103             :   else /* Old style CTB.  */
     104             :     {
     105             :       int lenbytes;
     106             : 
     107         989 :       pktlen = 0;
     108         989 :       pkttype = (ctb>>2)&0xf;
     109         989 :       lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
     110         989 :       if (!lenbytes) /* Not allowed in key packets.  */
     111           0 :         return gpg_error (GPG_ERR_UNEXPECTED);
     112         989 :       if (len < lenbytes)
     113           0 :         return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes.  */
     114        2528 :       for (; lenbytes; lenbytes--)
     115             :         {
     116        1539 :           pktlen <<= 8;
     117        1539 :           pktlen |= *buf++; len--;
     118             :         }
     119             :     }
     120             : 
     121             :   /* Do some basic sanity check.  */
     122         989 :   switch (pkttype)
     123             :     {
     124             :     case PKT_SIGNATURE:
     125             :     case PKT_SECRET_KEY:
     126             :     case PKT_PUBLIC_KEY:
     127             :     case PKT_SECRET_SUBKEY:
     128             :     case PKT_MARKER:
     129             :     case PKT_RING_TRUST:
     130             :     case PKT_USER_ID:
     131             :     case PKT_PUBLIC_SUBKEY:
     132             :     case PKT_OLD_COMMENT:
     133             :     case PKT_ATTRIBUTE:
     134             :     case PKT_COMMENT:
     135             :     case PKT_GPG_CONTROL:
     136         989 :       break; /* Okay these are allowed packets. */
     137             :     default:
     138           0 :       return gpg_error (GPG_ERR_UNEXPECTED);
     139             :     }
     140             : 
     141         989 :   if (pkttype == 63 && pktlen == 0xFFFFFFFF)
     142             :     /* Sometimes the decompressing layer enters an error state in
     143             :        which it simply outputs 0xff for every byte read.  If we have a
     144             :        stream of 0xff bytes, then it will be detected as a new format
     145             :        packet with type 63 and a 4-byte encoded length that is 4G-1.
     146             :        Since packets with type 63 are private and we use them as a
     147             :        control packet, which won't be 4 GB, we reject such packets as
     148             :        invalid.  */
     149           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     150             : 
     151         989 :   if (pktlen > len)
     152           0 :     return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */
     153             : 
     154         989 :   *r_data = buf;
     155         989 :   *r_datalen = pktlen;
     156         989 :   *r_pkttype = pkttype;
     157         989 :   *r_ntotal = (buf - *bufptr) + pktlen;
     158             : 
     159         989 :   *bufptr = buf + pktlen;
     160         989 :   *buflen = len - pktlen;
     161         989 :   if (!*buflen)
     162         162 :     *bufptr = NULL;
     163             : 
     164         989 :   return 0;
     165             : }
     166             : 
     167             : 
     168             : /* Parse a key packet and store the information in KI. */
     169             : static gpg_error_t
     170         316 : parse_key (const unsigned char *data, size_t datalen,
     171             :            struct _keybox_openpgp_key_info *ki)
     172             : {
     173             :   gpg_error_t err;
     174         316 :   const unsigned char *data_start = data;
     175             :   int i, version, algorithm;
     176             :   size_t n;
     177             :   int npkey;
     178             :   unsigned char hashbuffer[768];
     179         316 :   const unsigned char *mpi_n = NULL;
     180         316 :   size_t mpi_n_len = 0, mpi_e_len = 0;
     181             :   gcry_md_hd_t md;
     182         316 :   int is_ecc = 0;
     183             : 
     184         316 :   if (datalen < 5)
     185           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     186         316 :   version = *data++; datalen--;
     187         316 :   if (version < 2 || version > 4 )
     188           0 :     return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */
     189             : 
     190             :   /*timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));*/
     191         316 :   data +=4; datalen -=4;
     192             : 
     193         316 :   if (version < 4)
     194             :     {
     195           0 :       if (datalen < 2)
     196           0 :         return gpg_error (GPG_ERR_INV_PACKET);
     197           0 :       data +=2; datalen -= 2;
     198             :     }
     199             : 
     200         316 :   if (!datalen)
     201           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     202         316 :   algorithm = *data++; datalen--;
     203             : 
     204         316 :   switch (algorithm)
     205             :     {
     206             :     case PUBKEY_ALGO_RSA:
     207             :     case PUBKEY_ALGO_RSA_E:
     208             :     case PUBKEY_ALGO_RSA_S:
     209         224 :       npkey = 2;
     210         224 :       break;
     211             :     case PUBKEY_ALGO_ELGAMAL_E:
     212             :     case PUBKEY_ALGO_ELGAMAL:
     213          40 :       npkey = 3;
     214          40 :       break;
     215             :     case PUBKEY_ALGO_DSA:
     216          40 :       npkey = 4;
     217          40 :       break;
     218             :     case PUBKEY_ALGO_ECDH:
     219           5 :       npkey = 3;
     220           5 :       is_ecc = 1;
     221           5 :       break;
     222             :     case PUBKEY_ALGO_ECDSA:
     223             :     case PUBKEY_ALGO_EDDSA:
     224           7 :       npkey = 2;
     225           7 :       is_ecc = 1;
     226           7 :       break;
     227             :     default: /* Unknown algorithm. */
     228           0 :       return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
     229             :     }
     230             : 
     231         316 :   ki->algo = algorithm;
     232             : 
     233        1073 :   for (i=0; i < npkey; i++ )
     234             :     {
     235             :       unsigned int nbits, nbytes;
     236             : 
     237         757 :       if (datalen < 2)
     238           0 :         return gpg_error (GPG_ERR_INV_PACKET);
     239             : 
     240         757 :       if (is_ecc && (i == 0 || i == 2))
     241             :         {
     242          17 :           nbytes = data[0];
     243          17 :           if (nbytes < 2 || nbytes > 254)
     244           0 :             return gpg_error (GPG_ERR_INV_PACKET);
     245          17 :           nbytes++; /* The size byte itself.  */
     246          34 :           if (datalen < nbytes)
     247           0 :             return gpg_error (GPG_ERR_INV_PACKET);
     248             :         }
     249             :       else
     250             :         {
     251         740 :           nbits = ((data[0]<<8)|(data[1]));
     252         740 :           data += 2;
     253         740 :           datalen -= 2;
     254         740 :           nbytes = (nbits+7) / 8;
     255         740 :           if (datalen < nbytes)
     256           0 :             return gpg_error (GPG_ERR_INV_PACKET);
     257             :           /* For use by v3 fingerprint calculation we need to know the RSA
     258             :              modulus and exponent. */
     259         740 :           if (i==0)
     260             :             {
     261         304 :               mpi_n = data;
     262         304 :               mpi_n_len = nbytes;
     263             :             }
     264         436 :           else if (i==1)
     265         316 :             mpi_e_len = nbytes;
     266             :         }
     267             : 
     268         757 :       data += nbytes; datalen -= nbytes;
     269             :     }
     270         316 :   n = data - data_start;
     271             : 
     272         316 :   if (version < 4)
     273             :     {
     274             :       /* We do not support any other algorithm than RSA in v3
     275             :          packets. */
     276           0 :       if (algorithm < 1 || algorithm > 3)
     277           0 :         return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
     278             : 
     279           0 :       err = gcry_md_open (&md, GCRY_MD_MD5, 0);
     280           0 :       if (err)
     281           0 :         return err; /* Oops */
     282           0 :       gcry_md_write (md, mpi_n, mpi_n_len);
     283           0 :       gcry_md_write (md, mpi_n+mpi_n_len+2, mpi_e_len);
     284           0 :       memcpy (ki->fpr, gcry_md_read (md, 0), 16);
     285           0 :       gcry_md_close (md);
     286           0 :       ki->fprlen = 16;
     287             : 
     288           0 :       if (mpi_n_len < 8)
     289             :         {
     290             :           /* Moduli less than 64 bit are out of the specs scope.  Zero
     291             :              them out because this is what gpg does too. */
     292           0 :           memset (ki->keyid, 0, 8);
     293             :         }
     294             :       else
     295           0 :         memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8);
     296             :     }
     297             :   else
     298             :     {
     299             :       /* Its a pitty that we need to prefix the buffer with the tag
     300             :          and a length header: We can't simply pass it to the fast
     301             :          hashing function for that reason.  It might be a good idea to
     302             :          have a scatter-gather enabled hash function. What we do here
     303             :          is to use a static buffer if this one is large enough and
     304             :          only use the regular hash functions if this buffer is not
     305             :          large enough. */
     306         316 :       if ( 3 + n < sizeof hashbuffer )
     307             :         {
     308         316 :           hashbuffer[0] = 0x99;     /* CTB */
     309         316 :           hashbuffer[1] = (n >> 8); /* 2 byte length header. */
     310         316 :           hashbuffer[2] = n;
     311         316 :           memcpy (hashbuffer + 3, data_start, n);
     312         316 :           gcry_md_hash_buffer (GCRY_MD_SHA1, ki->fpr, hashbuffer, 3 + n);
     313             :         }
     314             :       else
     315             :         {
     316           0 :           err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
     317           0 :           if (err)
     318           0 :             return err; /* Oops */
     319           0 :           gcry_md_putc (md, 0x99 );     /* CTB */
     320           0 :           gcry_md_putc (md, (n >> 8) ); /* 2 byte length header. */
     321           0 :           gcry_md_putc (md, n );
     322           0 :           gcry_md_write (md, data_start, n);
     323           0 :           memcpy (ki->fpr, gcry_md_read (md, 0), 20);
     324           0 :           gcry_md_close (md);
     325             :         }
     326         316 :       ki->fprlen = 20;
     327         316 :       memcpy (ki->keyid, ki->fpr+12, 8);
     328             :     }
     329             : 
     330         316 :   return 0;
     331             : }
     332             : 
     333             : 
     334             : 
     335             : /* The caller must pass the address of an INFO structure which will
     336             :    get filled on success with information pertaining to the OpenPGP
     337             :    keyblock IMAGE of length IMAGELEN.  Note that a caller does only
     338             :    need to release this INFO structure if the function returns
     339             :    success.  If NPARSED is not NULL the actual number of bytes parsed
     340             :    will be stored at this address.  */
     341             : gpg_error_t
     342         162 : _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
     343             :                        size_t *nparsed, keybox_openpgp_info_t info)
     344             : {
     345         162 :   gpg_error_t err = 0;
     346             :   const unsigned char *image_start, *data;
     347             :   size_t n, datalen;
     348             :   int pkttype;
     349         162 :   int first = 1;
     350         162 :   int read_error = 0;
     351         162 :   struct _keybox_openpgp_key_info *k, **ktail = NULL;
     352         162 :   struct _keybox_openpgp_uid_info *u, **utail = NULL;
     353             : 
     354         162 :   memset (info, 0, sizeof *info);
     355         162 :   if (nparsed)
     356         162 :     *nparsed = 0;
     357             : 
     358         162 :   image_start = image;
     359        1313 :   while (image)
     360             :     {
     361         989 :       err = next_packet (&image, &imagelen, &data, &datalen, &pkttype, &n);
     362         989 :       if (err)
     363             :         {
     364           0 :           read_error = 1;
     365           0 :           break;
     366             :         }
     367             : 
     368         989 :       if (first)
     369             :         {
     370         162 :           if (pkttype == PKT_PUBLIC_KEY)
     371             :             ;
     372           0 :           else if (pkttype == PKT_SECRET_KEY)
     373           0 :             info->is_secret = 1;
     374             :           else
     375             :             {
     376           0 :               err = gpg_error (GPG_ERR_UNEXPECTED);
     377           0 :               if (nparsed)
     378           0 :                 *nparsed += n;
     379           0 :               break;
     380             :             }
     381         162 :           first = 0;
     382             :         }
     383         827 :       else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
     384             :         break; /* Next keyblock encountered - ready. */
     385             : 
     386         989 :       if (nparsed)
     387         989 :         *nparsed += n;
     388             : 
     389         989 :       if (pkttype == PKT_SIGNATURE)
     390             :         {
     391             :           /* For now we only count the total number of signatures. */
     392         491 :           info->nsigs++;
     393             :         }
     394         498 :       else if (pkttype == PKT_USER_ID)
     395             :         {
     396         182 :           info->nuids++;
     397         182 :           if (info->nuids == 1)
     398             :             {
     399         162 :               info->uids.off = data - image_start;
     400         162 :               info->uids.len = datalen;
     401         162 :               utail = &info->uids.next;
     402             :             }
     403             :           else
     404             :             {
     405          20 :               u = xtrycalloc (1, sizeof *u);
     406          20 :               if (!u)
     407             :                 {
     408           0 :                   err = gpg_error_from_syserror ();
     409           0 :                   break;
     410             :                 }
     411          20 :               u->off = data - image_start;
     412          20 :               u->len = datalen;
     413          20 :               *utail = u;
     414          20 :               utail = &u->next;
     415             :             }
     416             :         }
     417         316 :       else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
     418             :         {
     419         162 :           err = parse_key (data, datalen, &info->primary);
     420         324 :           if (err)
     421           0 :             break;
     422             :         }
     423         154 :       else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' )
     424             :         {
     425             :           /* Early versions of GnuPG used old PGP comment packets;
     426             :            * luckily all those comments are prefixed by a hash
     427             :            * sign - ignore these packets. */
     428             :         }
     429         154 :       else if (pkttype == PKT_PUBLIC_SUBKEY || pkttype == PKT_SECRET_SUBKEY)
     430             :         {
     431         154 :           info->nsubkeys++;
     432         154 :           if (info->nsubkeys == 1)
     433             :             {
     434         132 :               err = parse_key (data, datalen, &info->subkeys);
     435         132 :               if (err)
     436             :                 {
     437           0 :                   info->nsubkeys--;
     438             :                   /* We ignore subkeys with unknown algorithms. */
     439           0 :                   if (gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM
     440           0 :                       || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM)
     441           0 :                     err = 0;
     442           0 :                   if (err)
     443           0 :                     break;
     444             :                 }
     445             :               else
     446         132 :                 ktail = &info->subkeys.next;
     447             :             }
     448             :           else
     449             :             {
     450          22 :               k = xtrycalloc (1, sizeof *k);
     451          22 :               if (!k)
     452             :                 {
     453           0 :                   err = gpg_error_from_syserror ();
     454           0 :                   break;
     455             :                 }
     456          22 :               err = parse_key (data, datalen, k);
     457          22 :               if (err)
     458             :                 {
     459           0 :                   xfree (k);
     460           0 :                   info->nsubkeys--;
     461             :                   /* We ignore subkeys with unknown algorithms. */
     462           0 :                   if (gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM
     463           0 :                       || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM)
     464           0 :                     err = 0;
     465           0 :                   if (err)
     466           0 :                     break;
     467             :                 }
     468             :               else
     469             :                 {
     470          22 :                   *ktail = k;
     471          22 :                   ktail = &k->next;
     472             :                 }
     473             :             }
     474             :         }
     475             :     }
     476             : 
     477         162 :   if (err)
     478             :     {
     479           0 :       _keybox_destroy_openpgp_info (info);
     480           0 :       if (!read_error)
     481             :         {
     482             :           /* Packet parsing worked, thus we should be able to skip the
     483             :              rest of the keyblock.  */
     484           0 :           while (image)
     485             :             {
     486           0 :               if (next_packet (&image, &imagelen,
     487             :                                &data, &datalen, &pkttype, &n) )
     488           0 :                 break; /* Another error - stop here. */
     489             : 
     490           0 :               if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
     491             :                 break; /* Next keyblock encountered - ready. */
     492             : 
     493           0 :               if (nparsed)
     494           0 :                 *nparsed += n;
     495             :             }
     496             :         }
     497             :     }
     498             : 
     499         162 :   return err;
     500             : }
     501             : 
     502             : 
     503             : /* Release any malloced data in INFO but not INFO itself! */
     504             : void
     505         162 : _keybox_destroy_openpgp_info (keybox_openpgp_info_t info)
     506             : {
     507             :   struct _keybox_openpgp_key_info *k, *k2;
     508             :   struct _keybox_openpgp_uid_info *u, *u2;
     509             : 
     510         162 :   assert (!info->primary.next);
     511         184 :   for (k=info->subkeys.next; k; k = k2)
     512             :     {
     513          22 :       k2 = k->next;
     514          22 :       xfree (k);
     515             :     }
     516             : 
     517         182 :   for (u=info->uids.next; u; u = u2)
     518             :     {
     519          20 :       u2 = u->next;
     520          20 :       xfree (u);
     521             :     }
     522         162 : }

Generated by: LCOV version 1.11