1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007, 2009, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
5 * Copyright (C) 2015 g10 Code GmbH
7 * This file is part of GnuPG.
9 * GnuPG is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * GnuPG is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <https://www.gnu.org/licenses/>.
40 /* Maximum length of packets to avoid excessive memory allocation. */
41 #define MAX_KEY_PACKET_LENGTH (256 * 1024)
42 #define MAX_UID_PACKET_LENGTH ( 2 * 1024)
43 #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
44 #define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024)
47 static int mpi_print_mode;
49 static estream_t listfp;
51 static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
52 off_t * retpos, int *skip, IOBUF out, int do_skip
53 #ifdef DEBUG_PARSE_PACKET
54 , const char *dbg_w, const char *dbg_f, int dbg_l
57 static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
58 unsigned long pktlen, int partial);
59 static void skip_packet (IOBUF inp, int pkttype,
60 unsigned long pktlen, int partial);
61 static void *read_rest (IOBUF inp, size_t pktlen);
62 static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
63 static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
65 static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
67 static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
68 PKT_onepass_sig * ops);
69 static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
70 byte * hdr, int hdrlen, PACKET * packet);
71 static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
73 static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
75 static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
77 static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
79 static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
80 PACKET * packet, int new_ctb, int partial);
81 static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
82 PACKET * packet, int new_ctb);
83 static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
84 PACKET * packet, int new_ctb, int partial);
85 static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
86 PACKET * packet, int new_ctb);
87 static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
88 PACKET * packet, int partial);
90 /* Read a 16-bit value in MSB order (big endian) from an iobuf. */
95 a = (unsigned short)iobuf_get_noeof (inp) << 8;
96 a |= iobuf_get_noeof (inp);
101 /* Read a 32-bit value in MSB order (big endian) from an iobuf. */
106 a = (unsigned long)iobuf_get_noeof (inp) << 24;
107 a |= iobuf_get_noeof (inp) << 16;
108 a |= iobuf_get_noeof (inp) << 8;
109 a |= iobuf_get_noeof (inp);
114 /* Read an external representation of an MPI and return the MPI. The
115 external format is a 16-bit unsigned value stored in network byte
116 order giving the number of bits for the following integer. The
117 integer is stored MSB first and is left padded with zero bits to
118 align on a byte boundary.
120 The caller must set *RET_NREAD to the maximum number of bytes to
121 read from the pipeline INP. This function sets *RET_NREAD to be
122 the number of bytes actually read from the pipeline.
124 If SECURE is true, the integer is stored in secure memory
125 (allocated using gcry_xmalloc_secure). */
127 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
130 unsigned int nmax = *ret_nread;
131 unsigned int nbits, nbytes;
140 if ((c = c1 = iobuf_get (inp)) == -1)
145 if ((c = c2 = iobuf_get (inp)) == -1)
149 if (nbits > MAX_EXTERN_MPI_BITS)
151 log_error ("mpi too large (%u bits)\n", nbits);
155 nbytes = (nbits + 7) / 8;
156 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
160 for (i = 0; i < nbytes; i++)
173 if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
181 log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
190 set_packet_list_mode (int mode)
195 /* We use stdout only if invoked by the --list-packets command
196 but switch to stderr in all other cases. This breaks the
197 previous behaviour but that seems to be more of a bug than
198 intentional. I don't believe that any application makes use of
199 this long standing annoying way of printing to stdout except when
200 doing a --list-packets. If this assumption fails, it will be easy
201 to add an option for the listing stream. Note that we initialize
202 it only once; mainly because there is code which switches
203 opt.list_mode back to 1 and we want to have all output to the
204 same stream. The MPI_PRINT_MODE will be enabled if the
205 corresponding debug flag is set or if we are in --list-packets
206 and --verbose is given.
208 Using stderr is not actually very clean because it bypasses the
209 logging code but it is a special thing anyway. I am not sure
210 whether using log_stream() would be better. Perhaps we should
211 enable the list mode only with a special option. */
214 if (opt.list_packets)
230 /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
231 not suitable for signing and encryption. */
233 unknown_pubkey_warning (int algo)
235 static byte unknown_pubkey_algos[256];
237 /* First check whether the algorithm is usable but not suitable for
238 encryption/signing. */
239 if (pubkey_get_npkey (algo))
243 if (!pubkey_get_nsig (algo))
244 log_info ("public key algorithm %s not suitable for %s\n",
245 openpgp_pk_algo_name (algo), "signing");
246 if (!pubkey_get_nenc (algo))
247 log_info ("public key algorithm %s not suitable for %s\n",
248 openpgp_pk_algo_name (algo), "encryption");
254 if (!unknown_pubkey_algos[algo])
257 log_info (_("can't handle public key algorithm %d\n"), algo);
258 unknown_pubkey_algos[algo] = 1;
264 #ifdef DEBUG_PARSE_PACKET
266 dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
272 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
274 while (skip && ! rc);
277 #else /*!DEBUG_PARSE_PACKET*/
279 parse_packet (IOBUF inp, PACKET * pkt)
285 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
287 while (skip && ! rc);
290 #endif /*!DEBUG_PARSE_PACKET*/
294 * Like parse packet, but only return secret or public (sub)key
297 #ifdef DEBUG_PARSE_PACKET
299 dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
300 const char *dbg_f, int dbg_l)
307 parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
310 while (skip && ! rc);
313 #else /*!DEBUG_PARSE_PACKET*/
315 search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
321 rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
323 while (skip && ! rc);
326 #endif /*!DEBUG_PARSE_PACKET*/
330 * Copy all packets from INP to OUT, thereby removing unused spaces.
332 #ifdef DEBUG_PARSE_PACKET
334 dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
340 log_bug ("copy_all_packets: OUT may not be NULL.\n");
348 parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
351 #else /*!DEBUG_PARSE_PACKET*/
353 copy_all_packets (IOBUF inp, IOBUF out)
359 log_bug ("copy_all_packets: OUT may not be NULL.\n");
365 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
368 #endif /*!DEBUG_PARSE_PACKET*/
372 * Copy some packets from INP to OUT, thereby removing unused spaces.
373 * Stop at offset STOPoff (i.e. don't copy packets at this or later
376 #ifdef DEBUG_PARSE_PACKET
378 dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
379 const char *dbg_f, int dbg_l)
385 if (iobuf_tell (inp) >= stopoff)
389 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
390 "some", dbg_f, dbg_l)));
393 #else /*!DEBUG_PARSE_PACKET*/
395 copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
401 if (iobuf_tell (inp) >= stopoff)
405 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
408 #endif /*!DEBUG_PARSE_PACKET*/
412 * Skip over N packets
414 #ifdef DEBUG_PARSE_PACKET
416 dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
421 for (; n && !rc; n--)
424 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
428 #else /*!DEBUG_PARSE_PACKET*/
430 skip_some_packets (IOBUF inp, unsigned n)
435 for (; n && !rc; n--)
438 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
442 #endif /*!DEBUG_PARSE_PACKET*/
445 /* Parse a packet and save it in *PKT.
447 If OUT is not NULL and the packet is valid (its type is not 0),
448 then the header, the initial length field and the packet's contents
449 are written to OUT. In this case, the packet is not saved in *PKT.
451 ONLYKEYPKTS is a simple packet filter. If ONLYKEYPKTS is set to 1,
452 then only public subkey packets, public key packets, private subkey
453 packets and private key packets are parsed. The rest are skipped
454 (i.e., the header and the contents are read from the pipeline and
455 discarded). If ONLYKEYPKTS is set to 2, then in addition to the
456 above 4 types of packets, user id packets are also accepted.
458 DO_SKIP is a more coarse grained filter. Unless ONLYKEYPKTS is set
459 to 2 and the packet is a user id packet, all packets are skipped.
461 Finally, if a packet is invalid (it's type is 0), it is skipped.
463 If a packet is skipped and SKIP is not NULL, then *SKIP is set to
466 Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
467 i.e., the packets are not simply being copied.
469 If RETPOS is not NULL, then the position of INP (as returned by
470 iobuf_tell) is saved there before any data is read from INP.
473 parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
474 int *skip, IOBUF out, int do_skip
475 #ifdef DEBUG_PARSE_PACKET
476 , const char *dbg_w, const char *dbg_f, int dbg_l
480 int rc = 0, c, ctb, pkttype, lenbytes;
481 unsigned long pktlen;
484 int new_ctb = 0, partial = 0;
485 int with_uid = (onlykeypkts == 2);
489 log_assert (!pkt->pkt.generic);
490 if (retpos || list_mode)
492 pos = iobuf_tell (inp);
497 pos = 0; /* (silence compiler warning) */
499 /* The first byte of a packet is the so-called tag. The highest bit
501 if ((ctb = iobuf_get (inp)) == -1)
511 log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
512 rc = gpg_error (GPG_ERR_INV_PACKET);
516 /* Immediately following the header is the length. There are two
517 formats: the old format and the new format. If bit 6 (where the
518 least significant bit is bit 0) is set in the tag, then we are
519 dealing with a new format packet. Otherwise, it is an old format
522 new_ctb = !!(ctb & 0x40);
525 /* Get the packet's type. This is encoded in the 6 least
526 significant bits of the tag. */
527 pkttype = ctb & 0x3f;
529 /* Extract the packet's length. New format packets have 4 ways
530 to encode the packet length. The value of the first byte
531 determines the encoding and partially determines the length.
532 See section 4.2.2 of RFC 4880 for details. */
533 if ((c = iobuf_get (inp)) == -1)
535 log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
536 rc = gpg_error (GPG_ERR_INV_PACKET);
546 pktlen = (c - 192) * 256;
547 if ((c = iobuf_get (inp)) == -1)
549 log_error ("%s: 2nd length byte missing\n",
551 rc = gpg_error (GPG_ERR_INV_PACKET);
562 for (i = 0; i < 4; i ++)
564 if ((c = iobuf_get (inp)) == -1)
566 log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
567 rc = gpg_error (GPG_ERR_INV_PACKET);
570 value[i] = hdr[hdrlen++] = c;
573 pktlen = buf32_to_ulong (value);
575 else /* Partial body length. */
581 case PKT_ENCRYPTED_MDC:
583 iobuf_set_partial_body_length_mode (inp, c & 0xff);
584 pktlen = 0; /* To indicate partial length. */
589 log_error ("%s: partial length invalid for"
590 " packet type %d\n", iobuf_where (inp), pkttype);
591 rc = gpg_error (GPG_ERR_INV_PACKET);
598 /* This is an old format packet. */
600 /* Extract the packet's type. This is encoded in bits 2-5. */
601 pkttype = (ctb >> 2) & 0xf;
603 /* The type of length encoding is encoded in bits 0-1 of the
605 lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
608 pktlen = 0; /* Don't know the value. */
609 /* This isn't really partial, but we can treat it the same
610 in a "read until the end" sort of way. */
612 if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
613 && pkttype != PKT_COMPRESSED)
615 log_error ("%s: indeterminate length for invalid"
616 " packet type %d\n", iobuf_where (inp), pkttype);
617 rc = gpg_error (GPG_ERR_INV_PACKET);
623 for (; lenbytes; lenbytes--)
629 log_error ("%s: length invalid\n", iobuf_where (inp));
630 rc = gpg_error (GPG_ERR_INV_PACKET);
633 pktlen |= hdr[hdrlen++] = c;
638 /* Sometimes the decompressing layer enters an error state in which
639 it simply outputs 0xff for every byte read. If we have a stream
640 of 0xff bytes, then it will be detected as a new format packet
641 with type 63 and a 4-byte encoded length that is 4G-1. Since
642 packets with type 63 are private and we use them as a control
643 packet, which won't be 4 GB, we reject such packets as
645 if (pkttype == 63 && pktlen == 0xFFFFFFFF)
647 /* With some probability this is caused by a problem in the
648 * the uncompressing layer - in some error cases it just loops
649 * and spits out 0xff bytes. */
650 log_error ("%s: garbled packet detected\n", iobuf_where (inp));
656 /* This type of copying won't work if the packet uses a partial
657 body length. (In other words, this only works if HDR is
658 actually the length.) Currently, no callers require this
659 functionality so we just log this as an error. */
662 log_error ("parse: Can't copy partial packet. Aborting.\n");
663 rc = gpg_error (GPG_ERR_INV_PACKET);
667 rc = iobuf_write (out, hdr, hdrlen);
669 rc = copy_packet (inp, out, pkttype, pktlen, partial);
673 if (with_uid && pkttype == PKT_USER_ID)
674 /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
675 even if DO_SKIP is set. */
678 /* type==0 is not allowed. This is an invalid packet. */
680 /* When ONLYKEYPKTS is set, we don't skip keys. */
681 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
682 && pkttype != PKT_PUBLIC_KEY
683 && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
685 iobuf_skip_rest (inp, pktlen, partial);
693 #ifdef DEBUG_PARSE_PACKET
694 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
695 iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
696 dbg_w, dbg_f, dbg_l);
698 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
699 iobuf_id (inp), pkttype, pktlen,
700 new_ctb ? " (new_ctb)" : "");
705 es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
706 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
707 partial? (new_ctb ? " partial" : " indeterminate") :"",
708 new_ctb? " new-ctb":"");
710 pkt->pkttype = pkttype;
711 rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
715 case PKT_PUBLIC_SUBKEY:
717 case PKT_SECRET_SUBKEY:
718 pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
719 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
722 rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
725 rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
728 pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
729 rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
731 case PKT_ONEPASS_SIG:
732 pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
733 rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
736 rc = parse_user_id (inp, pkttype, pktlen, pkt);
739 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
740 rc = parse_attribute (inp, pkttype, pktlen, pkt);
742 case PKT_OLD_COMMENT:
744 rc = parse_comment (inp, pkttype, pktlen, pkt);
747 parse_trust (inp, pkttype, pktlen, pkt);
751 rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
754 rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
757 case PKT_ENCRYPTED_MDC:
758 rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
761 rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
763 case PKT_GPG_CONTROL:
764 rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
767 rc = parse_marker (inp, pkttype, pktlen);
770 /* Unknown packet. Skip it. */
771 skip_packet (inp, pkttype, pktlen, partial);
776 /* FIXME: We leak in case of an error (see the xmalloc's above). */
777 if (!rc && iobuf_error (inp))
778 rc = GPG_ERR_INV_KEYRING;
780 /* FIXME: We use only the error code for now to avoid problems with
781 callers which have not been checked to always use gpg_err_code()
782 when comparing error codes. */
783 return rc == -1? -1 : gpg_err_code (rc);
788 dump_hex_line (int c, int *i)
792 if (*i && !(*i % 24))
793 es_fprintf (listfp, "\n%4d:", *i);
795 es_putc (' ', listfp);
798 es_fprintf (listfp, " EOF");
800 es_fprintf (listfp, " %02x", c);
805 /* Copy the contents of a packet from the pipeline IN to the pipeline
808 The header and length have already been read from INP and the
809 decoded values are given as PKGTYPE and PKTLEN.
811 If the packet is a partial body length packet (RFC 4880, Section
812 4.2.2.4), then iobuf_set_partial_block_modeiobuf_set_partial_block_mode
813 should already have been called on INP and PARTIAL should be set.
815 If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
816 copy until the first EOF is encountered on INP.
818 Returns 0 on success and an error code if an error occurs. */
820 copy_packet (IOBUF inp, IOBUF out, int pkttype,
821 unsigned long pktlen, int partial)
829 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
830 if ((rc = iobuf_write (out, buf, n)))
831 return rc; /* write error */
833 else if (!pktlen && pkttype == PKT_COMPRESSED)
835 log_debug ("copy_packet: compressed!\n");
836 /* compressed packet, copy till EOF */
837 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
838 if ((rc = iobuf_write (out, buf, n)))
839 return rc; /* write error */
843 for (; pktlen; pktlen -= n)
845 n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
846 n = iobuf_read (inp, buf, n);
848 return gpg_error (GPG_ERR_EOF);
849 if ((rc = iobuf_write (out, buf, n)))
850 return rc; /* write error */
857 /* Skip an unknown packet. PKTTYPE is the packet's type, PKTLEN is
858 the length of the packet's content and PARTIAL is whether partial
859 body length encoding in used (in this case PKTLEN is ignored). */
861 skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
865 es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
870 es_fputs ("dump:", listfp);
873 while ((c = iobuf_get (inp)) != -1)
874 dump_hex_line (c, &i);
878 for (; pktlen; pktlen--)
880 dump_hex_line ((c = iobuf_get (inp)), &i);
885 es_putc ('\n', listfp);
889 iobuf_skip_rest (inp, pktlen, partial);
893 /* Read PKTLEN bytes form INP and return them in a newly allocated
894 buffer. In case of an error (including reading fewer than PKTLEN
895 bytes from INP before EOF is returned), NULL is returned and an
896 error message is logged. */
898 read_rest (IOBUF inp, size_t pktlen)
903 buf = xtrymalloc (pktlen);
906 gpg_error_t err = gpg_error_from_syserror ();
907 log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
910 for (p = buf; pktlen; pktlen--)
915 log_error ("premature eof while reading rest of packet\n");
926 /* Read a special size+body from INP. On success store an opaque MPI
927 with it at R_DATA. On error return an error code and store NULL at
928 R_DATA. Even in the error case store the number of read bytes at
929 R_NREAD. The caller shall pass the remaining size of the packet in
932 read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
943 return gpg_error (GPG_ERR_INV_PACKET);
944 c = iobuf_readbyte (inp);
946 return gpg_error (GPG_ERR_INV_PACKET);
950 if (nbytes < 2 || nbytes > 254)
951 return gpg_error (GPG_ERR_INV_PACKET);
953 return gpg_error (GPG_ERR_INV_PACKET);
957 for (i = 0; i < nbytes; i++)
961 return gpg_error (GPG_ERR_INV_PACKET);
966 tmpbuf = xtrymalloc (1 + nbytes);
968 return gpg_error_from_syserror ();
969 memcpy (tmpbuf, buffer, 1 + nbytes);
970 *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
974 return gpg_error_from_syserror ();
980 /* Parse a marker packet. */
982 parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
989 if (iobuf_get (inp) != 'P')
995 if (iobuf_get (inp) != 'G')
1001 if (iobuf_get (inp) != 'P')
1008 es_fputs (":marker packet: PGP\n", listfp);
1013 log_error ("invalid marker packet\n");
1015 es_fputs (":marker packet: [invalid]\n", listfp);
1016 iobuf_skip_rest (inp, pktlen, 0);
1017 return GPG_ERR_INV_PACKET;
1022 parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1027 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
1031 log_error ("packet(%d) too short\n", pkttype);
1033 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1034 rc = gpg_error (GPG_ERR_INV_PACKET);
1037 version = iobuf_get_noeof (inp);
1041 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1043 es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
1044 rc = gpg_error (GPG_ERR_INV_PACKET);
1048 { /* (we encode the seskeylen in a byte) */
1049 log_error ("packet(%d) too large\n", pkttype);
1051 es_fprintf (listfp, ":symkey enc packet: [too large]\n");
1052 rc = gpg_error (GPG_ERR_INV_PACKET);
1055 cipher_algo = iobuf_get_noeof (inp);
1057 s2kmode = iobuf_get_noeof (inp);
1059 hash_algo = iobuf_get_noeof (inp);
1063 case 0: /* Simple S2K. */
1066 case 1: /* Salted S2K. */
1069 case 3: /* Iterated+salted S2K. */
1073 log_error ("unknown S2K mode %d\n", s2kmode);
1075 es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
1078 if (minlen > pktlen)
1080 log_error ("packet with S2K %d too short\n", s2kmode);
1082 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1083 rc = gpg_error (GPG_ERR_INV_PACKET);
1086 seskeylen = pktlen - minlen;
1087 k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
1089 k->version = version;
1090 k->cipher_algo = cipher_algo;
1091 k->s2k.mode = s2kmode;
1092 k->s2k.hash_algo = hash_algo;
1093 if (s2kmode == 1 || s2kmode == 3)
1095 for (i = 0; i < 8 && pktlen; i++, pktlen--)
1096 k->s2k.salt[i] = iobuf_get_noeof (inp);
1100 k->s2k.count = iobuf_get (inp);
1103 k->seskeylen = seskeylen;
1106 for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
1107 k->seskey[i] = iobuf_get_noeof (inp);
1109 /* What we're watching out for here is a session key decryptor
1110 with no salt. The RFC says that using salt for this is a
1112 if (s2kmode != 1 && s2kmode != 3)
1113 log_info (_("WARNING: potentially insecure symmetrically"
1114 " encrypted session key\n"));
1116 log_assert (!pktlen);
1121 ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
1122 version, cipher_algo, s2kmode, hash_algo);
1124 es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
1125 es_fprintf (listfp, "\n");
1126 if (s2kmode == 1 || s2kmode == 3)
1128 es_fprintf (listfp, "\tsalt ");
1129 es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
1131 es_fprintf (listfp, ", count %lu (%lu)",
1132 S2K_DECODE_COUNT ((ulong) k->s2k.count),
1133 (ulong) k->s2k.count);
1134 es_fprintf (listfp, "\n");
1139 iobuf_skip_rest (inp, pktlen, 0);
1145 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1152 k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
1155 log_error ("packet(%d) too short\n", pkttype);
1157 es_fputs (":pubkey enc packet: [too short]\n", listfp);
1158 rc = gpg_error (GPG_ERR_INV_PACKET);
1161 k->version = iobuf_get_noeof (inp);
1163 if (k->version != 2 && k->version != 3)
1165 log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
1167 es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
1168 rc = gpg_error (GPG_ERR_INV_PACKET);
1171 k->keyid[0] = read_32 (inp);
1173 k->keyid[1] = read_32 (inp);
1175 k->pubkey_algo = iobuf_get_noeof (inp);
1177 k->throw_keyid = 0; /* Only used as flag for build_packet. */
1180 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
1181 k->version, k->pubkey_algo, (ulong) k->keyid[0],
1182 (ulong) k->keyid[1]);
1184 ndata = pubkey_get_nenc (k->pubkey_algo);
1188 es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
1189 unknown_pubkey_warning (k->pubkey_algo);
1190 k->data[0] = NULL; /* No need to store the encrypted data. */
1194 for (i = 0; i < ndata; i++)
1196 if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
1199 rc = read_size_body (inp, pktlen, &n, k->data+i);
1205 k->data[i] = mpi_read (inp, &n, 0);
1208 rc = gpg_error (GPG_ERR_INV_PACKET);
1214 es_fprintf (listfp, "\tdata: ");
1215 mpi_print (listfp, k->data[i], mpi_print_mode);
1216 es_putc ('\n', listfp);
1222 iobuf_skip_rest (inp, pktlen, 0);
1227 /* Dump a subpacket to LISTFP. BUFFER contains the subpacket in
1228 question and points to the type field in the subpacket header (not
1229 the start of the header). TYPE is the subpacket's type with the
1230 critical bit cleared. CRITICAL is the value of the CRITICAL bit.
1231 BUFLEN is the length of the buffer and LENGTH is the length of the
1232 subpacket according to the subpacket's header. */
1234 dump_sig_subpkt (int hashed, int type, int critical,
1235 const byte * buffer, size_t buflen, size_t length)
1237 const char *p = NULL;
1240 /* The CERT has warning out with explains how to use GNUPG to detect
1241 * the ARRs - we print our old message here when it is a faked ARR
1242 * and add an additional notice. */
1243 if (type == SIGSUBPKT_ARR && !hashed)
1246 "\tsubpkt %d len %u (additional recipient request)\n"
1247 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
1248 "encrypt to this key and thereby reveal the plaintext to "
1249 "the owner of this ARR key. Detailed info follows:\n",
1250 type, (unsigned) length);
1256 es_fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
1257 critical ? "critical " : "",
1258 hashed ? "hashed " : "", type, (unsigned) length);
1259 if (length > buflen)
1261 es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
1266 case SIGSUBPKT_SIG_CREATED:
1268 es_fprintf (listfp, "sig created %s",
1269 strtimestamp (buf32_to_u32 (buffer)));
1271 case SIGSUBPKT_SIG_EXPIRE:
1274 if (buf32_to_u32 (buffer))
1275 es_fprintf (listfp, "sig expires after %s",
1276 strtimevalue (buf32_to_u32 (buffer)));
1278 es_fprintf (listfp, "sig does not expire");
1281 case SIGSUBPKT_EXPORTABLE:
1283 es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1285 case SIGSUBPKT_TRUST:
1287 p = "[invalid trust subpacket]";
1289 es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1292 case SIGSUBPKT_REGEXP:
1294 p = "[invalid regexp subpacket]";
1297 es_fprintf (listfp, "regular expression: \"");
1298 es_write_sanitized (listfp, buffer, length, "\"", NULL);
1302 case SIGSUBPKT_REVOCABLE:
1304 es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1306 case SIGSUBPKT_KEY_EXPIRE:
1309 if (buf32_to_u32 (buffer))
1310 es_fprintf (listfp, "key expires after %s",
1311 strtimevalue (buf32_to_u32 (buffer)));
1313 es_fprintf (listfp, "key does not expire");
1316 case SIGSUBPKT_PREF_SYM:
1317 es_fputs ("pref-sym-algos:", listfp);
1318 for (i = 0; i < length; i++)
1319 es_fprintf (listfp, " %d", buffer[i]);
1321 case SIGSUBPKT_REV_KEY:
1322 es_fputs ("revocation key: ", listfp);
1327 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1328 for (i = 2; i < length; i++)
1329 es_fprintf (listfp, "%02X", buffer[i]);
1332 case SIGSUBPKT_ISSUER:
1334 es_fprintf (listfp, "issuer key ID %08lX%08lX",
1335 (ulong) buf32_to_u32 (buffer),
1336 (ulong) buf32_to_u32 (buffer + 4));
1338 case SIGSUBPKT_ISSUER_FPR:
1342 es_fprintf (listfp, "issuer fpr v%d ", buffer[0]);
1343 tmp = bin2hex (buffer+1, length-1, NULL);
1346 es_fputs (tmp, listfp);
1351 case SIGSUBPKT_NOTATION:
1353 es_fputs ("notation: ", listfp);
1358 const byte *s = buffer;
1361 n1 = (s[4] << 8) | s[5];
1362 n2 = (s[6] << 8) | s[7];
1364 if (8 + n1 + n2 != length)
1368 es_write_sanitized (listfp, s, n1, ")", NULL);
1369 es_putc ('=', listfp);
1372 es_write_sanitized (listfp, s + n1, n2, ")", NULL);
1374 p = "[not human readable]";
1379 case SIGSUBPKT_PREF_HASH:
1380 es_fputs ("pref-hash-algos:", listfp);
1381 for (i = 0; i < length; i++)
1382 es_fprintf (listfp, " %d", buffer[i]);
1384 case SIGSUBPKT_PREF_COMPR:
1385 es_fputs ("pref-zip-algos:", listfp);
1386 for (i = 0; i < length; i++)
1387 es_fprintf (listfp, " %d", buffer[i]);
1389 case SIGSUBPKT_KS_FLAGS:
1390 es_fputs ("keyserver preferences:", listfp);
1391 for (i = 0; i < length; i++)
1392 es_fprintf (listfp, " %02X", buffer[i]);
1394 case SIGSUBPKT_PREF_KS:
1395 es_fputs ("preferred keyserver: ", listfp);
1396 es_write_sanitized (listfp, buffer, length, ")", NULL);
1398 case SIGSUBPKT_PRIMARY_UID:
1399 p = "primary user ID";
1401 case SIGSUBPKT_POLICY:
1402 es_fputs ("policy: ", listfp);
1403 es_write_sanitized (listfp, buffer, length, ")", NULL);
1405 case SIGSUBPKT_KEY_FLAGS:
1406 es_fputs ("key flags:", listfp);
1407 for (i = 0; i < length; i++)
1408 es_fprintf (listfp, " %02X", buffer[i]);
1410 case SIGSUBPKT_SIGNERS_UID:
1411 p = "signer's user ID";
1413 case SIGSUBPKT_REVOC_REASON:
1416 es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1417 es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
1422 es_fputs ("Big Brother's key (ignored): ", listfp);
1427 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1429 es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
1432 case SIGSUBPKT_FEATURES:
1433 es_fputs ("features:", listfp);
1434 for (i = 0; i < length; i++)
1435 es_fprintf (listfp, " %02x", buffer[i]);
1437 case SIGSUBPKT_SIGNATURE:
1438 es_fputs ("signature: ", listfp);
1442 es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1444 buffer[0] == 3 ? buffer[2] : buffer[1],
1445 buffer[0] == 3 ? buffer[15] : buffer[2],
1446 buffer[0] == 3 ? buffer[16] : buffer[3]);
1449 if (type >= 100 && type <= 110)
1450 p = "experimental / private subpacket";
1456 es_fprintf (listfp, "%s)\n", p ? p : "");
1461 * Returns: >= 0 use this offset into buffer
1462 * -1 explicitly reject returning this type
1463 * -2 subpacket too short
1466 parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1470 case SIGSUBPKT_REV_KEY:
1474 case SIGSUBPKT_SIG_CREATED:
1475 case SIGSUBPKT_SIG_EXPIRE:
1476 case SIGSUBPKT_KEY_EXPIRE:
1480 case SIGSUBPKT_KEY_FLAGS:
1481 case SIGSUBPKT_KS_FLAGS:
1482 case SIGSUBPKT_PREF_SYM:
1483 case SIGSUBPKT_PREF_HASH:
1484 case SIGSUBPKT_PREF_COMPR:
1485 case SIGSUBPKT_POLICY:
1486 case SIGSUBPKT_PREF_KS:
1487 case SIGSUBPKT_FEATURES:
1488 case SIGSUBPKT_REGEXP:
1490 case SIGSUBPKT_SIGNATURE:
1491 case SIGSUBPKT_EXPORTABLE:
1492 case SIGSUBPKT_REVOCABLE:
1493 case SIGSUBPKT_REVOC_REASON:
1497 case SIGSUBPKT_ISSUER: /* issuer key ID */
1501 case SIGSUBPKT_ISSUER_FPR: /* issuer key ID */
1505 case SIGSUBPKT_NOTATION:
1506 /* minimum length needed, and the subpacket must be well-formed
1507 where the name length and value length all fit inside the
1510 || 8 + ((buffer[4] << 8) | buffer[5]) +
1511 ((buffer[6] << 8) | buffer[7]) != n)
1514 case SIGSUBPKT_PRIMARY_UID:
1518 case SIGSUBPKT_TRUST:
1529 /* Return true if we understand the critical notation. */
1531 can_handle_critical_notation (const byte * name, size_t len)
1533 if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
1535 if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
1543 can_handle_critical (const byte * buffer, size_t n, int type)
1547 case SIGSUBPKT_NOTATION:
1550 size_t notation_len = ((buffer[4] << 8) | buffer[5]);
1551 if (n - 8 >= notation_len)
1552 return can_handle_critical_notation (buffer + 8, notation_len);
1555 case SIGSUBPKT_SIGNATURE:
1556 case SIGSUBPKT_SIG_CREATED:
1557 case SIGSUBPKT_SIG_EXPIRE:
1558 case SIGSUBPKT_KEY_EXPIRE:
1559 case SIGSUBPKT_EXPORTABLE:
1560 case SIGSUBPKT_REVOCABLE:
1561 case SIGSUBPKT_REV_KEY:
1562 case SIGSUBPKT_ISSUER: /* issuer key ID */
1563 case SIGSUBPKT_ISSUER_FPR: /* issuer fingerprint */
1564 case SIGSUBPKT_PREF_SYM:
1565 case SIGSUBPKT_PREF_HASH:
1566 case SIGSUBPKT_PREF_COMPR:
1567 case SIGSUBPKT_KEY_FLAGS:
1568 case SIGSUBPKT_PRIMARY_UID:
1569 case SIGSUBPKT_FEATURES:
1570 case SIGSUBPKT_TRUST:
1571 case SIGSUBPKT_REGEXP:
1572 /* Is it enough to show the policy or keyserver? */
1573 case SIGSUBPKT_POLICY:
1574 case SIGSUBPKT_PREF_KS:
1584 enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
1585 size_t * ret_n, int *start, int *critical)
1594 int reqseq = start ? *start : 0;
1597 critical = &critical_dummy;
1599 if (!pktbuf || reqseq == -1)
1601 static char dummy[] = "x";
1602 /* Return a value different from NULL to indicate that
1603 * there is no critical bit we do not understand. */
1604 return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
1606 buffer = pktbuf->data;
1607 buflen = pktbuf->len;
1612 if (n == 255) /* 4 byte length header. */
1616 n = buf32_to_size_t (buffer);
1620 else if (n >= 192) /* 4 byte special encoded length header. */
1624 n = ((n - 192) << 8) + *buffer + 192;
1638 if (!(++seq > reqseq))
1640 else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1644 if (n - 1 > buflen + 1)
1646 if (!can_handle_critical (buffer + 1, n - 1, type))
1649 log_info (_("subpacket of type %d has "
1650 "critical bit set\n"), type);
1653 return NULL; /* This is an error. */
1657 else if (reqtype < 0) /* List packets. */
1658 dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1659 type, *critical, buffer, buflen, n);
1660 else if (type == reqtype) /* Found. */
1668 offset = parse_one_sig_subpkt (buffer, n, type);
1672 log_error ("subpacket of type %d too short\n", type);
1681 return buffer + offset;
1686 if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1687 /* Returning NULL means we found a subpacket with the critical bit
1688 set that we don't grok. We've iterated over all the subpackets
1689 and haven't found such a packet so we need to return a non-NULL
1693 /* Critical bit we don't understand. */
1696 return NULL; /* End of packets; not found. */
1700 log_info ("buffer shorter than subpacket\n");
1708 parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
1711 return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
1716 parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
1720 p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
1722 p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
1727 /* Find all revocation keys. Look in hashed area only. */
1729 parse_revkeys (PKT_signature * sig)
1735 if (sig->sig_class != 0x1F)
1738 while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
1741 if (/* The only valid length is 22 bytes. See RFC 4880
1744 /* 0x80 bit must be set on the class. */
1745 && (revkey[0] & 0x80))
1747 sig->revkey = xrealloc (sig->revkey,
1748 sizeof (struct revocation_key) *
1749 (sig->numrevkeys + 1));
1751 /* Copy the individual fields. */
1752 sig->revkey[sig->numrevkeys].class = revkey[0];
1753 sig->revkey[sig->numrevkeys].algid = revkey[1];
1754 memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
1763 parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
1764 PKT_signature * sig)
1774 log_error ("packet(%d) too short\n", pkttype);
1776 es_fputs (":signature packet: [too short]\n", listfp);
1779 sig->version = iobuf_get_noeof (inp);
1781 if (sig->version == 4)
1783 else if (sig->version != 2 && sig->version != 3)
1785 log_error ("packet(%d) with unknown version %d\n",
1786 pkttype, sig->version);
1788 es_fputs (":signature packet: [unknown version]\n", listfp);
1789 rc = gpg_error (GPG_ERR_INV_PACKET);
1797 md5_len = iobuf_get_noeof (inp);
1802 sig->sig_class = iobuf_get_noeof (inp);
1808 sig->timestamp = read_32 (inp);
1810 sig->keyid[0] = read_32 (inp);
1812 sig->keyid[1] = read_32 (inp);
1817 sig->pubkey_algo = iobuf_get_noeof (inp);
1819 sig->digest_algo = iobuf_get_noeof (inp);
1821 sig->flags.exportable = 1;
1822 sig->flags.revocable = 1;
1823 if (is_v4) /* Read subpackets. */
1828 pktlen -= 2; /* Length of hashed data. */
1833 log_error ("signature packet: hashed data too long\n");
1835 es_fputs (":signature packet: [hashed data too long]\n", listfp);
1836 rc = GPG_ERR_INV_PACKET;
1841 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
1842 sig->hashed->size = n;
1843 sig->hashed->len = n;
1844 if (iobuf_read (inp, sig->hashed->data, n) != n)
1846 log_error ("premature eof while reading "
1847 "hashed signature data\n");
1849 es_fputs (":signature packet: [premature eof]\n", listfp);
1858 pktlen -= 2; /* Length of unhashed data. */
1863 log_error ("signature packet: unhashed data too long\n");
1865 es_fputs (":signature packet: [unhashed data too long]\n", listfp);
1866 rc = GPG_ERR_INV_PACKET;
1871 sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
1872 sig->unhashed->size = n;
1873 sig->unhashed->len = n;
1874 if (iobuf_read (inp, sig->unhashed->data, n) != n)
1876 log_error ("premature eof while reading "
1877 "unhashed signature data\n");
1879 es_fputs (":signature packet: [premature eof]\n", listfp);
1889 sig->digest_start[0] = iobuf_get_noeof (inp);
1891 sig->digest_start[1] = iobuf_get_noeof (inp);
1894 if (is_v4 && sig->pubkey_algo) /* Extract required information. */
1899 /* Set sig->flags.unknown_critical if there is a critical bit
1900 * set for packets which we do not understand. */
1901 if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1902 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
1903 sig->flags.unknown_critical = 1;
1905 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
1907 sig->timestamp = buf32_to_u32 (p);
1908 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1910 log_info ("signature packet without timestamp\n");
1912 p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
1915 sig->keyid[0] = buf32_to_u32 (p);
1916 sig->keyid[1] = buf32_to_u32 (p + 4);
1918 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1920 log_info ("signature packet without keyid\n");
1922 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
1923 if (p && buf32_to_u32 (p))
1924 sig->expiredate = sig->timestamp + buf32_to_u32 (p);
1925 if (sig->expiredate && sig->expiredate <= make_timestamp ())
1926 sig->flags.expired = 1;
1928 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
1930 sig->flags.policy_url = 1;
1932 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
1934 sig->flags.pref_ks = 1;
1936 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
1939 sig->signers_uid = try_make_printable_string (p, len, 0);
1940 if (!sig->signers_uid)
1942 rc = gpg_error_from_syserror ();
1947 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
1949 sig->flags.notation = 1;
1951 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
1953 sig->flags.revocable = 0;
1955 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
1958 sig->trust_depth = p[0];
1959 sig->trust_value = p[1];
1961 /* Only look for a regexp if there is also a trust
1964 parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
1966 /* If the regular expression is of 0 length, there is no
1967 regular expression. */
1969 sig->trust_regexp = NULL;
1972 /* We accept the exportable subpacket from either the hashed or
1973 unhashed areas as older versions of gpg put it in the
1974 unhashed area. In theory, anyway, we should never see this
1975 packet off of a local keyring. */
1977 p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
1979 sig->flags.exportable = 0;
1981 /* Find all revocation keys. */
1982 if (sig->sig_class == 0x1F)
1983 parse_revkeys (sig);
1988 es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1989 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1990 "\tdigest algo %d, begin of digest %02x %02x\n",
1992 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1993 sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
1994 sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
1997 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
1998 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
2002 ndata = pubkey_get_nsig (sig->pubkey_algo);
2006 es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
2007 unknown_pubkey_warning (sig->pubkey_algo);
2009 /* We store the plain material in data[0], so that we are able
2010 * to write it back with build_packet(). */
2011 if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
2013 /* We include a limit to avoid too trivial DoS attacks by
2014 having gpg allocate too much memory. */
2015 log_error ("signature packet: too much data\n");
2016 rc = GPG_ERR_INV_PACKET;
2021 gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
2027 for (i = 0; i < ndata; i++)
2030 sig->data[i] = mpi_read (inp, &n, 0);
2034 es_fprintf (listfp, "\tdata: ");
2035 mpi_print (listfp, sig->data[i], mpi_print_mode);
2036 es_putc ('\n', listfp);
2039 rc = GPG_ERR_INV_PACKET;
2044 iobuf_skip_rest (inp, pktlen, 0);
2048 log_error ("packet(%d) too short\n", pkttype);
2050 es_fputs (":signature packet: [too short]\n", listfp);
2052 iobuf_skip_rest (inp, pktlen, 0);
2054 return GPG_ERR_INV_PACKET;
2059 parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
2060 PKT_onepass_sig * ops)
2067 log_error ("packet(%d) too short\n", pkttype);
2069 es_fputs (":onepass_sig packet: [too short]\n", listfp);
2070 rc = gpg_error (GPG_ERR_INV_PACKET);
2073 version = iobuf_get_noeof (inp);
2077 log_error ("onepass_sig with unknown version %d\n", version);
2079 es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
2080 rc = gpg_error (GPG_ERR_INV_PACKET);
2083 ops->sig_class = iobuf_get_noeof (inp);
2085 ops->digest_algo = iobuf_get_noeof (inp);
2087 ops->pubkey_algo = iobuf_get_noeof (inp);
2089 ops->keyid[0] = read_32 (inp);
2091 ops->keyid[1] = read_32 (inp);
2093 ops->last = iobuf_get_noeof (inp);
2097 ":onepass_sig packet: keyid %08lX%08lX\n"
2098 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
2100 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
2101 version, ops->sig_class,
2102 ops->digest_algo, ops->pubkey_algo, ops->last);
2106 iobuf_skip_rest (inp, pktlen, 0);
2112 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
2113 byte * hdr, int hdrlen, PACKET * pkt)
2115 gpg_error_t err = 0;
2116 int i, version, algorithm;
2117 unsigned long timestamp, expiredate, max_expiredate;
2124 pk = pkt->pkt.public_key; /* PK has been cleared. */
2126 version = iobuf_get_noeof (inp);
2128 if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
2130 /* Early versions of G10 used the old PGP comments packets;
2131 * luckily all those comments are started by a hash. */
2134 es_fprintf (listfp, ":rfc1991 comment packet: \"");
2135 for (; pktlen; pktlen--)
2138 c = iobuf_get (inp);
2140 break; /* Ooops: shorter than indicated. */
2141 if (c >= ' ' && c <= 'z')
2142 es_putc (c, listfp);
2144 es_fprintf (listfp, "\\x%02x", c);
2146 es_fprintf (listfp, "\"\n");
2148 iobuf_skip_rest (inp, pktlen, 0);
2151 else if (version == 4)
2153 /* The only supported version. Use an older gpg
2154 version (i.e. gpg 1.4) to parse v3 packets. */
2156 else if (version == 2 || version == 3)
2158 if (opt.verbose > 1)
2159 log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
2161 es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
2162 pk->version = version;
2163 err = gpg_error (GPG_ERR_LEGACY_KEY);
2168 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
2170 es_fputs (":key packet: [unknown version]\n", listfp);
2171 err = gpg_error (GPG_ERR_INV_PACKET);
2177 log_error ("packet(%d) too short\n", pkttype);
2179 es_fputs (":key packet: [too short]\n", listfp);
2180 err = gpg_error (GPG_ERR_INV_PACKET);
2183 else if (pktlen > MAX_KEY_PACKET_LENGTH)
2185 log_error ("packet(%d) too large\n", pkttype);
2187 es_fputs (":key packet: [too larget]\n", listfp);
2188 err = gpg_error (GPG_ERR_INV_PACKET);
2192 timestamp = read_32 (inp);
2194 expiredate = 0; /* have to get it from the selfsignature */
2196 algorithm = iobuf_get_noeof (inp);
2199 es_fprintf (listfp, ":%s key packet:\n"
2200 "\tversion %d, algo %d, created %lu, expires %lu\n",
2201 pkttype == PKT_PUBLIC_KEY ? "public" :
2202 pkttype == PKT_SECRET_KEY ? "secret" :
2203 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
2204 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
2205 version, algorithm, timestamp, expiredate);
2207 pk->timestamp = timestamp;
2208 pk->expiredate = expiredate;
2209 pk->max_expiredate = max_expiredate;
2210 pk->hdrbytes = hdrlen;
2211 pk->version = version;
2212 pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
2213 pk->pubkey_algo = algorithm;
2215 nskey = pubkey_get_nskey (algorithm);
2216 npkey = pubkey_get_npkey (algorithm);
2220 es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
2221 unknown_pubkey_warning (algorithm);
2226 /* Unknown algorithm - put data into an opaque MPI. */
2227 pk->pkey[0] = gcry_mpi_set_opaque (NULL,
2228 read_rest (inp, pktlen), pktlen * 8);
2234 for (i = 0; i < npkey; i++)
2236 if ( (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
2237 || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
2238 || (algorithm == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
2240 /* Read the OID (i==1) or the KDF params (i==2). */
2242 err = read_size_body (inp, pktlen, &n, pk->pkey+i);
2247 unsigned int n = pktlen;
2248 pk->pkey[i] = mpi_read (inp, &n, 0);
2251 err = gpg_error (GPG_ERR_INV_PACKET);
2257 es_fprintf (listfp, "\tpkey[%d]: ", i);
2258 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2259 if ((algorithm == PUBKEY_ALGO_ECDSA
2260 || algorithm == PUBKEY_ALGO_EDDSA
2261 || algorithm == PUBKEY_ALGO_ECDH) && i==0)
2263 char *curve = openpgp_oid_to_str (pk->pkey[0]);
2264 const char *name = openpgp_oid_to_curve (curve, 0);
2265 es_fprintf (listfp, " %s (%s)", name?name:"", curve);
2268 es_putc ('\n', listfp);
2273 keyid_from_pk (pk, keyid);
2275 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
2277 struct seckey_info *ski;
2283 err = gpg_error (GPG_ERR_INV_PACKET);
2287 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
2288 if (!pk->seckey_info)
2290 err = gpg_error_from_syserror ();
2294 ski->algo = iobuf_get_noeof (inp);
2298 ski->is_protected = 1;
2300 if (ski->algo == 254 || ski->algo == 255)
2304 err = gpg_error (GPG_ERR_INV_PACKET);
2307 ski->sha1chk = (ski->algo == 254);
2308 ski->algo = iobuf_get_noeof (inp);
2310 /* Note that a ski->algo > 110 is illegal, but I'm not
2311 erroring on it here as otherwise there would be no
2312 way to delete such a key. */
2313 ski->s2k.mode = iobuf_get_noeof (inp);
2315 ski->s2k.hash_algo = iobuf_get_noeof (inp);
2317 /* Check for the special GNU extension. */
2318 if (ski->s2k.mode == 101)
2320 for (i = 0; i < 4 && pktlen; i++, pktlen--)
2321 temp[i] = iobuf_get_noeof (inp);
2322 if (i < 4 || memcmp (temp, "GNU", 3))
2325 es_fprintf (listfp, "\tunknown S2K %d\n",
2327 err = gpg_error (GPG_ERR_INV_PACKET);
2330 /* Here we know that it is a GNU extension. What
2331 * follows is the GNU protection mode: All values
2332 * have special meanings and they are mapped to MODE
2333 * with a base of 1000. */
2334 ski->s2k.mode = 1000 + temp[3];
2337 /* Read the salt. */
2338 switch (ski->s2k.mode)
2342 for (i = 0; i < 8 && pktlen; i++, pktlen--)
2343 temp[i] = iobuf_get_noeof (inp);
2346 err = gpg_error (GPG_ERR_INV_PACKET);
2349 memcpy (ski->s2k.salt, temp, 8);
2353 /* Check the mode. */
2354 switch (ski->s2k.mode)
2358 es_fprintf (listfp, "\tsimple S2K");
2362 es_fprintf (listfp, "\tsalted S2K");
2366 es_fprintf (listfp, "\titer+salt S2K");
2370 es_fprintf (listfp, "\tgnu-dummy S2K");
2374 es_fprintf (listfp, "\tgnu-divert-to-card S2K");
2378 es_fprintf (listfp, "\tunknown %sS2K %d\n",
2379 ski->s2k.mode < 1000 ? "" : "GNU ",
2381 err = gpg_error (GPG_ERR_INV_PACKET);
2385 /* Print some info. */
2388 es_fprintf (listfp, ", algo: %d,%s hash: %d",
2390 ski->sha1chk ? " SHA1 protection,"
2391 : " simple checksum,", ski->s2k.hash_algo);
2392 if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
2394 es_fprintf (listfp, ", salt: ");
2395 es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
2397 es_putc ('\n', listfp);
2400 /* Read remaining protection parameters. */
2401 if (ski->s2k.mode == 3)
2405 err = gpg_error (GPG_ERR_INV_PACKET);
2408 ski->s2k.count = iobuf_get (inp);
2411 es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
2412 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
2413 (ulong) ski->s2k.count);
2415 else if (ski->s2k.mode == 1002)
2417 /* Read the serial number. */
2420 err = gpg_error (GPG_ERR_INV_PACKET);
2423 snlen = iobuf_get (inp);
2425 if (pktlen < snlen || snlen == (size_t)(-1))
2427 err = gpg_error (GPG_ERR_INV_PACKET);
2432 else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2434 /* Note that a ski->algo > 110 is illegal, but I'm not
2435 erroring on it here as otherwise there would be no
2436 way to delete such a key. */
2438 ski->s2k.hash_algo = DIGEST_ALGO_MD5;
2440 es_fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2441 ski->algo, ski->s2k.hash_algo);
2444 /* It is really ugly that we don't know the size
2445 * of the IV here in cases we are not aware of the algorithm.
2447 * ski->ivlen = cipher_get_blocksize (ski->algo);
2448 * won't work. The only solution I see is to hardwire it.
2449 * NOTE: if you change the ivlen above 16, don't forget to
2451 ski->ivlen = openpgp_cipher_blocklen (ski->algo);
2452 log_assert (ski->ivlen <= sizeof (temp));
2454 if (ski->s2k.mode == 1001)
2456 else if (ski->s2k.mode == 1002)
2457 ski->ivlen = snlen < 16 ? snlen : 16;
2459 if (pktlen < ski->ivlen)
2461 err = gpg_error (GPG_ERR_INV_PACKET);
2464 for (i = 0; i < ski->ivlen; i++, pktlen--)
2465 temp[i] = iobuf_get_noeof (inp);
2469 ski->s2k.mode == 1002 ? "\tserial-number: "
2470 : "\tprotect IV: ");
2471 for (i = 0; i < ski->ivlen; i++)
2472 es_fprintf (listfp, " %02x", temp[i]);
2473 es_putc ('\n', listfp);
2475 memcpy (ski->iv, temp, ski->ivlen);
2478 /* It does not make sense to read it into secure memory.
2479 * If the user is so careless, not to protect his secret key,
2480 * we can assume, that he operates an open system :=(.
2481 * So we put the key into secure memory when we unprotect it. */
2482 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
2484 /* Better set some dummy stuff here. */
2485 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2486 xstrdup ("dummydata"),
2490 else if (ski->is_protected)
2492 if (pktlen < 2) /* At least two bytes for the length. */
2494 err = gpg_error (GPG_ERR_INV_PACKET);
2498 /* Ugly: The length is encrypted too, so we read all stuff
2499 * up to the end of the packet into the first SKEY
2501 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2502 read_rest (inp, pktlen),
2504 /* Mark that MPI as protected - we need this information for
2505 importing a key. The OPAQUE flag can't be used because
2506 we also store public EdDSA values in opaque MPIs. */
2507 if (pk->pkey[npkey])
2508 gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
2511 es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
2515 /* Not encrypted. */
2516 for (i = npkey; i < nskey; i++)
2520 if (pktlen < 2) /* At least two bytes for the length. */
2522 err = gpg_error (GPG_ERR_INV_PACKET);
2526 pk->pkey[i] = mpi_read (inp, &n, 0);
2530 es_fprintf (listfp, "\tskey[%d]: ", i);
2531 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2532 es_putc ('\n', listfp);
2536 err = gpg_error (GPG_ERR_INV_PACKET);
2543 err = gpg_error (GPG_ERR_INV_PACKET);
2546 ski->csum = read_16 (inp);
2549 es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
2553 /* Note that KEYID below has been initialized above in list_mode. */
2555 es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2556 (ulong) keyid[0], (ulong) keyid[1]);
2559 iobuf_skip_rest (inp, pktlen, 0);
2564 /* Attribute subpackets have the same format as v4 signature
2565 subpackets. This is not part of OpenPGP, but is done in several
2566 versions of PGP nevertheless. */
2568 parse_attribute_subpkts (PKT_user_id * uid)
2572 struct user_attribute *attribs = NULL;
2573 const byte *buffer = uid->attrib_data;
2574 int buflen = uid->attrib_len;
2577 xfree (uid->attribs);
2583 if (n == 255) /* 4 byte length header. */
2587 n = buf32_to_size_t (buffer);
2591 else if (n >= 192) /* 2 byte special encoded length header. */
2595 n = ((n - 192) << 8) + *buffer + 192;
2604 /* Too short to encode the subpacket type. */
2606 log_info ("attribute subpacket too short\n");
2610 attribs = xrealloc (attribs,
2611 (count + 1) * sizeof (struct user_attribute));
2612 memset (&attribs[count], 0, sizeof (struct user_attribute));
2619 attribs[count].type = type;
2620 attribs[count].data = buffer;
2621 attribs[count].len = n;
2627 uid->attribs = attribs;
2628 uid->numattribs = count;
2633 log_info ("buffer shorter than attribute subpacket\n");
2634 uid->attribs = attribs;
2635 uid->numattribs = count;
2641 parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2645 /* Cap the size of a user ID at 2k: a value absurdly large enough
2646 that there is no sane user ID string (which is printable text
2647 as of RFC2440bis) that won't fit in it, but yet small enough to
2648 avoid allocation problems. A large pktlen may not be
2649 allocatable, and a very large pktlen could actually cause our
2650 allocation to wrap around in xmalloc to a small number. */
2652 if (pktlen > MAX_UID_PACKET_LENGTH)
2654 log_error ("packet(%d) too large\n", pkttype);
2656 es_fprintf (listfp, ":user ID packet: [too large]\n");
2657 iobuf_skip_rest (inp, pktlen, 0);
2658 return GPG_ERR_INV_PACKET;
2661 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
2662 packet->pkt.user_id->len = pktlen;
2663 packet->pkt.user_id->ref = 1;
2665 p = packet->pkt.user_id->name;
2666 for (; pktlen; pktlen--, p++)
2667 *p = iobuf_get_noeof (inp);
2672 int n = packet->pkt.user_id->len;
2673 es_fprintf (listfp, ":user ID packet: \"");
2674 /* fixme: Hey why don't we replace this with es_write_sanitized?? */
2675 for (p = packet->pkt.user_id->name; n; p++, n--)
2677 if (*p >= ' ' && *p <= 'z')
2678 es_putc (*p, listfp);
2680 es_fprintf (listfp, "\\x%02x", *p);
2682 es_fprintf (listfp, "\"\n");
2689 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
2691 log_assert (max_namelen > 70);
2692 if (uid->numattribs <= 0)
2693 sprintf (uid->name, "[bad attribute packet of size %lu]",
2695 else if (uid->numattribs > 1)
2696 sprintf (uid->name, "[%d attributes of size %lu]",
2697 uid->numattribs, uid->attrib_len);
2700 /* Only one attribute, so list it as the "user id" */
2702 if (uid->attribs->type == ATTRIB_IMAGE)
2707 if (parse_image_header (uid->attribs, &type, &len))
2708 sprintf (uid->name, "[%.20s image of size %lu]",
2709 image_type_to_string (type, 1), (ulong) len);
2711 sprintf (uid->name, "[invalid image]");
2714 sprintf (uid->name, "[unknown attribute of size %lu]",
2715 (ulong) uid->attribs->len);
2718 uid->len = strlen (uid->name);
2723 parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
2730 /* We better cap the size of an attribute packet to make DoS not too
2731 easy. 16MB should be more then enough for one attribute packet
2733 if (pktlen > MAX_ATTR_PACKET_LENGTH)
2735 log_error ("packet(%d) too large\n", pkttype);
2737 es_fprintf (listfp, ":attribute packet: [too large]\n");
2738 iobuf_skip_rest (inp, pktlen, 0);
2739 return GPG_ERR_INV_PACKET;
2742 #define EXTRA_UID_NAME_SPACE 71
2743 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
2744 + EXTRA_UID_NAME_SPACE);
2745 packet->pkt.user_id->ref = 1;
2746 packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
2747 packet->pkt.user_id->attrib_len = pktlen;
2749 p = packet->pkt.user_id->attrib_data;
2750 for (; pktlen; pktlen--, p++)
2751 *p = iobuf_get_noeof (inp);
2753 /* Now parse out the individual attribute subpackets. This is
2754 somewhat pointless since there is only one currently defined
2755 attribute type (jpeg), but it is correct by the spec. */
2756 parse_attribute_subpkts (packet->pkt.user_id);
2758 make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2762 es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
2769 parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2773 /* Cap comment packet at a reasonable value to avoid an integer
2774 overflow in the malloc below. Comment packets are actually not
2775 anymore define my OpenPGP and we even stopped to use our
2776 private comment packet. */
2777 if (pktlen > MAX_COMMENT_PACKET_LENGTH)
2779 log_error ("packet(%d) too large\n", pkttype);
2781 es_fprintf (listfp, ":%scomment packet: [too large]\n",
2782 pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
2783 iobuf_skip_rest (inp, pktlen, 0);
2784 return GPG_ERR_INV_PACKET;
2786 packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
2787 packet->pkt.comment->len = pktlen;
2788 p = packet->pkt.comment->data;
2789 for (; pktlen; pktlen--, p++)
2790 *p = iobuf_get_noeof (inp);
2794 int n = packet->pkt.comment->len;
2795 es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
2796 "OpenPGP draft " : "");
2797 for (p = packet->pkt.comment->data; n; p++, n--)
2799 if (*p >= ' ' && *p <= 'z')
2800 es_putc (*p, listfp);
2802 es_fprintf (listfp, "\\x%02x", *p);
2804 es_fprintf (listfp, "\"\n");
2811 parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
2817 pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
2820 c = iobuf_get_noeof (inp);
2822 pkt->pkt.ring_trust->trustval = c;
2823 pkt->pkt.ring_trust->sigcache = 0;
2824 if (!c && pktlen == 1)
2826 c = iobuf_get_noeof (inp);
2828 /* We require that bit 7 of the sigcache is 0 (easier eof
2831 pkt->pkt.ring_trust->sigcache = c;
2834 es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2835 pkt->pkt.ring_trust->trustval,
2836 pkt->pkt.ring_trust->sigcache);
2840 pkt->pkt.ring_trust->trustval = 0;
2841 pkt->pkt.ring_trust->sigcache = 0;
2843 es_fprintf (listfp, ":trust packet: empty\n");
2845 iobuf_skip_rest (inp, pktlen, 0);
2850 parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
2851 PACKET * pkt, int new_ctb, int partial)
2859 if (!partial && pktlen < 6)
2861 log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
2863 es_fputs (":literal data packet: [too short]\n", listfp);
2864 rc = gpg_error (GPG_ERR_INV_PACKET);
2867 mode = iobuf_get_noeof (inp);
2870 namelen = iobuf_get_noeof (inp);
2873 /* Note that namelen will never exceed 255 bytes. */
2874 pt = pkt->pkt.plaintext =
2875 xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
2876 pt->new_ctb = new_ctb;
2878 pt->namelen = namelen;
2879 pt->is_partial = partial;
2882 for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
2883 pt->name[i] = iobuf_get_noeof (inp);
2887 for (i = 0; i < namelen; i++)
2888 if ((c = iobuf_get (inp)) == -1)
2893 pt->timestamp = read_32 (inp);
2901 es_fprintf (listfp, ":literal data packet:\n"
2902 "\tmode %c (%X), created %lu, name=\"",
2903 mode >= ' ' && mode < 'z' ? mode : '?', mode,
2904 (ulong) pt->timestamp);
2905 for (p = pt->name, i = 0; i < namelen; p++, i++)
2907 if (*p >= ' ' && *p <= 'z')
2908 es_putc (*p, listfp);
2910 es_fprintf (listfp, "\\x%02x", *p);
2912 es_fprintf (listfp, "\",\n\traw data: ");
2914 es_fprintf (listfp, "unknown length\n");
2916 es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
2925 parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
2926 PACKET * pkt, int new_ctb)
2930 /* PKTLEN is here 0, but data follows (this should be the last
2931 object in a file or the compress algorithm should know the
2936 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2937 zd->algorithm = iobuf_get_noeof (inp);
2938 zd->len = 0; /* not used */
2939 zd->new_ctb = new_ctb;
2942 es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2948 parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
2949 PACKET * pkt, int new_ctb, int partial)
2953 unsigned long orig_pktlen = pktlen;
2955 ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
2956 /* ed->len is set below. */
2957 ed->extralen = 0; /* Unknown here; only used in build_packet. */
2959 ed->new_ctb = new_ctb;
2960 ed->is_partial = partial;
2961 if (pkttype == PKT_ENCRYPTED_MDC)
2963 /* Fixme: add some pktlen sanity checks. */
2966 version = iobuf_get_noeof (inp);
2971 log_error ("encrypted_mdc packet with unknown version %d\n",
2974 es_fputs (":encrypted data packet: [unknown version]\n", listfp);
2975 /*skip_rest(inp, pktlen); should we really do this? */
2976 rc = gpg_error (GPG_ERR_INV_PACKET);
2979 ed->mdc_method = DIGEST_ALGO_SHA1;
2984 /* A basic sanity check. We need at least an 8 byte IV plus the 2
2985 detection bytes. Note that we don't known the algorithm and thus
2986 we may only check against the minimum blocksize. */
2987 if (orig_pktlen && pktlen < 10)
2989 /* Actually this is blocksize+2. */
2990 log_error ("packet(%d) too short\n", pkttype);
2992 es_fputs (":encrypted data packet: [too short]\n", listfp);
2993 rc = GPG_ERR_INV_PACKET;
2994 iobuf_skip_rest (inp, pktlen, partial);
2998 /* Store the remaining length of the encrypted data (i.e. without
2999 the MDC version number but with the IV etc.). This value is
3000 required during decryption. */
3006 es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
3009 es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
3011 es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
3021 /* Note, that this code is not anymore used in real life because the
3022 MDC checking is now done right after the decryption in
3025 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
3026 PACKET * pkt, int new_ctb)
3034 mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
3036 es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
3037 if (!new_ctb || pktlen != 20)
3039 log_error ("mdc_packet with invalid encoding\n");
3040 rc = gpg_error (GPG_ERR_INV_PACKET);
3044 for (; pktlen; pktlen--, p++)
3045 *p = iobuf_get_noeof (inp);
3053 * This packet is internally generated by us (in armor.c) to transfer
3054 * some information to the lower layer. To make sure that this packet
3055 * is really a GPG faked one and not one coming from outside, we
3056 * first check that there is a unique tag in it.
3058 * The format of such a control packet is:
3059 * n byte session marker
3060 * 1 byte control type CTRLPKT_xxxxx
3061 * m byte control data
3064 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
3065 PACKET * packet, int partial)
3068 const byte *sesmark;
3075 es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
3077 sesmark = get_session_marker (&sesmarklen);
3078 if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
3080 for (i = 0; i < sesmarklen; i++, pktlen--)
3082 if (sesmark[i] != iobuf_get_noeof (inp))
3086 goto skipit; /* Definitely too large. We skip it to avoid an
3087 overflow in the malloc. */
3089 es_fputs ("- gpg control packet", listfp);
3091 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3093 packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
3095 packet->pkt.gpg_control->datalen = pktlen;
3096 p = packet->pkt.gpg_control->data;
3097 for (; pktlen; pktlen--, p++)
3098 *p = iobuf_get_noeof (inp);
3108 es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
3111 while ((c = iobuf_get (inp)) != -1)
3112 dump_hex_line (c, &i);
3116 for (; pktlen; pktlen--)
3118 dump_hex_line ((c = iobuf_get (inp)), &i);
3123 es_putc ('\n', listfp);
3125 iobuf_skip_rest (inp, pktlen, 0);
3126 return gpg_error (GPG_ERR_INV_PACKET);
3130 /* Create a GPG control packet to be used internally as a placeholder. */
3132 create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
3137 packet = xmalloc (sizeof *packet);
3138 init_packet (packet);
3139 packet->pkttype = PKT_GPG_CONTROL;
3140 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3142 packet->pkt.gpg_control->control = type;
3143 packet->pkt.gpg_control->datalen = datalen;
3144 p = packet->pkt.gpg_control->data;
3145 for (; datalen; datalen--, p++)