1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007, 2009, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
5 * Copyright (C) 2015 g10 Code GmbH
7 * This file is part of GnuPG.
9 * GnuPG is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * GnuPG is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <https://www.gnu.org/licenses/>.
40 /* Maximum length of packets to avoid excessive memory allocation. */
41 #define MAX_KEY_PACKET_LENGTH (256 * 1024)
42 #define MAX_UID_PACKET_LENGTH ( 2 * 1024)
43 #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
44 #define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024)
47 static int mpi_print_mode;
49 static estream_t listfp;
51 static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
52 off_t * retpos, int *skip, IOBUF out, int do_skip
53 #ifdef DEBUG_PARSE_PACKET
54 , const char *dbg_w, const char *dbg_f, int dbg_l
57 static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
58 unsigned long pktlen, int partial);
59 static void skip_packet (IOBUF inp, int pkttype,
60 unsigned long pktlen, int partial);
61 static void *read_rest (IOBUF inp, size_t pktlen);
62 static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
63 static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
65 static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
67 static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
68 PKT_onepass_sig * ops);
69 static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
70 byte * hdr, int hdrlen, PACKET * packet);
71 static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
73 static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
75 static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
77 static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
79 static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
80 PACKET * packet, int new_ctb, int partial);
81 static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
82 PACKET * packet, int new_ctb);
83 static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
84 PACKET * packet, int new_ctb, int partial);
85 static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
86 PACKET * packet, int new_ctb);
87 static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
88 PACKET * packet, int partial);
90 /* Read a 16-bit value in MSB order (big endian) from an iobuf. */
95 a = (unsigned short)iobuf_get_noeof (inp) << 8;
96 a |= iobuf_get_noeof (inp);
101 /* Read a 32-bit value in MSB order (big endian) from an iobuf. */
106 a = (unsigned long)iobuf_get_noeof (inp) << 24;
107 a |= iobuf_get_noeof (inp) << 16;
108 a |= iobuf_get_noeof (inp) << 8;
109 a |= iobuf_get_noeof (inp);
114 /* Read an external representation of an MPI and return the MPI. The
115 external format is a 16-bit unsigned value stored in network byte
116 order giving the number of bits for the following integer. The
117 integer is stored MSB first and is left padded with zero bits to
118 align on a byte boundary.
120 The caller must set *RET_NREAD to the maximum number of bytes to
121 read from the pipeline INP. This function sets *RET_NREAD to be
122 the number of bytes actually read from the pipeline.
124 If SECURE is true, the integer is stored in secure memory
125 (allocated using gcry_xmalloc_secure). */
127 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
130 unsigned int nmax = *ret_nread;
131 unsigned int nbits, nbytes;
140 if ((c = c1 = iobuf_get (inp)) == -1)
145 if ((c = c2 = iobuf_get (inp)) == -1)
149 if (nbits > MAX_EXTERN_MPI_BITS)
151 log_error ("mpi too large (%u bits)\n", nbits);
155 nbytes = (nbits + 7) / 8;
156 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
160 for (i = 0; i < nbytes; i++)
173 if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
181 log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
190 set_packet_list_mode (int mode)
195 /* We use stdout only if invoked by the --list-packets command
196 but switch to stderr in all other cases. This breaks the
197 previous behaviour but that seems to be more of a bug than
198 intentional. I don't believe that any application makes use of
199 this long standing annoying way of printing to stdout except when
200 doing a --list-packets. If this assumption fails, it will be easy
201 to add an option for the listing stream. Note that we initialize
202 it only once; mainly because there is code which switches
203 opt.list_mode back to 1 and we want to have all output to the
204 same stream. The MPI_PRINT_MODE will be enabled if the
205 corresponding debug flag is set or if we are in --list-packets
206 and --verbose is given.
208 Using stderr is not actually very clean because it bypasses the
209 logging code but it is a special thing anyway. I am not sure
210 whether using log_stream() would be better. Perhaps we should
211 enable the list mode only with a special option. */
214 if (opt.list_packets)
230 /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
231 not suitable for signing and encryption. */
233 unknown_pubkey_warning (int algo)
235 static byte unknown_pubkey_algos[256];
237 /* First check whether the algorithm is usable but not suitable for
238 encryption/signing. */
239 if (pubkey_get_npkey (algo))
243 if (!pubkey_get_nsig (algo))
244 log_info ("public key algorithm %s not suitable for %s\n",
245 openpgp_pk_algo_name (algo), "signing");
246 if (!pubkey_get_nenc (algo))
247 log_info ("public key algorithm %s not suitable for %s\n",
248 openpgp_pk_algo_name (algo), "encryption");
254 if (!unknown_pubkey_algos[algo])
257 log_info (_("can't handle public key algorithm %d\n"), algo);
258 unknown_pubkey_algos[algo] = 1;
264 #ifdef DEBUG_PARSE_PACKET
266 dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
272 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
274 while (skip && ! rc);
277 #else /*!DEBUG_PARSE_PACKET*/
279 parse_packet (IOBUF inp, PACKET * pkt)
285 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
287 while (skip && ! rc);
290 #endif /*!DEBUG_PARSE_PACKET*/
294 * Like parse packet, but only return secret or public (sub)key
297 #ifdef DEBUG_PARSE_PACKET
299 dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
300 const char *dbg_f, int dbg_l)
307 parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
310 while (skip && ! rc);
313 #else /*!DEBUG_PARSE_PACKET*/
315 search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
321 rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
323 while (skip && ! rc);
326 #endif /*!DEBUG_PARSE_PACKET*/
330 * Copy all packets from INP to OUT, thereby removing unused spaces.
332 #ifdef DEBUG_PARSE_PACKET
334 dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
340 log_bug ("copy_all_packets: OUT may not be NULL.\n");
348 parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
351 #else /*!DEBUG_PARSE_PACKET*/
353 copy_all_packets (IOBUF inp, IOBUF out)
359 log_bug ("copy_all_packets: OUT may not be NULL.\n");
365 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
368 #endif /*!DEBUG_PARSE_PACKET*/
372 * Copy some packets from INP to OUT, thereby removing unused spaces.
373 * Stop at offset STOPoff (i.e. don't copy packets at this or later
376 #ifdef DEBUG_PARSE_PACKET
378 dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
379 const char *dbg_f, int dbg_l)
385 if (iobuf_tell (inp) >= stopoff)
389 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
390 "some", dbg_f, dbg_l)));
393 #else /*!DEBUG_PARSE_PACKET*/
395 copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
401 if (iobuf_tell (inp) >= stopoff)
405 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
408 #endif /*!DEBUG_PARSE_PACKET*/
412 * Skip over N packets
414 #ifdef DEBUG_PARSE_PACKET
416 dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
421 for (; n && !rc; n--)
424 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
428 #else /*!DEBUG_PARSE_PACKET*/
430 skip_some_packets (IOBUF inp, unsigned n)
435 for (; n && !rc; n--)
438 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
442 #endif /*!DEBUG_PARSE_PACKET*/
445 /* Parse a packet and save it in *PKT.
447 If OUT is not NULL and the packet is valid (its type is not 0),
448 then the header, the initial length field and the packet's contents
449 are written to OUT. In this case, the packet is not saved in *PKT.
451 ONLYKEYPKTS is a simple packet filter. If ONLYKEYPKTS is set to 1,
452 then only public subkey packets, public key packets, private subkey
453 packets and private key packets are parsed. The rest are skipped
454 (i.e., the header and the contents are read from the pipeline and
455 discarded). If ONLYKEYPKTS is set to 2, then in addition to the
456 above 4 types of packets, user id packets are also accepted.
458 DO_SKIP is a more coarse grained filter. Unless ONLYKEYPKTS is set
459 to 2 and the packet is a user id packet, all packets are skipped.
461 Finally, if a packet is invalid (it's type is 0), it is skipped.
463 If a packet is skipped and SKIP is not NULL, then *SKIP is set to
466 Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
467 i.e., the packets are not simply being copied.
469 If RETPOS is not NULL, then the position of INP (as returned by
470 iobuf_tell) is saved there before any data is read from INP.
473 parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
474 int *skip, IOBUF out, int do_skip
475 #ifdef DEBUG_PARSE_PACKET
476 , const char *dbg_w, const char *dbg_f, int dbg_l
480 int rc = 0, c, ctb, pkttype, lenbytes;
481 unsigned long pktlen;
484 int new_ctb = 0, partial = 0;
485 int with_uid = (onlykeypkts == 2);
489 log_assert (!pkt->pkt.generic);
490 if (retpos || list_mode)
492 pos = iobuf_tell (inp);
497 pos = 0; /* (silence compiler warning) */
499 /* The first byte of a packet is the so-called tag. The highest bit
501 if ((ctb = iobuf_get (inp)) == -1)
511 log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
512 rc = gpg_error (GPG_ERR_INV_PACKET);
516 /* Immediately following the header is the length. There are two
517 formats: the old format and the new format. If bit 6 (where the
518 least significant bit is bit 0) is set in the tag, then we are
519 dealing with a new format packet. Otherwise, it is an old format
522 new_ctb = !!(ctb & 0x40);
525 /* Get the packet's type. This is encoded in the 6 least
526 significant bits of the tag. */
527 pkttype = ctb & 0x3f;
529 /* Extract the packet's length. New format packets have 4 ways
530 to encode the packet length. The value of the first byte
531 determines the encoding and partially determines the length.
532 See section 4.2.2 of RFC 4880 for details. */
533 if ((c = iobuf_get (inp)) == -1)
535 log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
536 rc = gpg_error (GPG_ERR_INV_PACKET);
546 pktlen = (c - 192) * 256;
547 if ((c = iobuf_get (inp)) == -1)
549 log_error ("%s: 2nd length byte missing\n",
551 rc = gpg_error (GPG_ERR_INV_PACKET);
562 for (i = 0; i < 4; i ++)
564 if ((c = iobuf_get (inp)) == -1)
566 log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
567 rc = gpg_error (GPG_ERR_INV_PACKET);
570 value[i] = hdr[hdrlen++] = c;
573 pktlen = buf32_to_ulong (value);
575 else /* Partial body length. */
581 case PKT_ENCRYPTED_MDC:
583 iobuf_set_partial_body_length_mode (inp, c & 0xff);
584 pktlen = 0; /* To indicate partial length. */
589 log_error ("%s: partial length invalid for"
590 " packet type %d\n", iobuf_where (inp), pkttype);
591 rc = gpg_error (GPG_ERR_INV_PACKET);
598 /* This is an old format packet. */
600 /* Extract the packet's type. This is encoded in bits 2-5. */
601 pkttype = (ctb >> 2) & 0xf;
603 /* The type of length encoding is encoded in bits 0-1 of the
605 lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
608 pktlen = 0; /* Don't know the value. */
609 /* This isn't really partial, but we can treat it the same
610 in a "read until the end" sort of way. */
612 if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
613 && pkttype != PKT_COMPRESSED)
615 log_error ("%s: indeterminate length for invalid"
616 " packet type %d\n", iobuf_where (inp), pkttype);
617 rc = gpg_error (GPG_ERR_INV_PACKET);
623 for (; lenbytes; lenbytes--)
629 log_error ("%s: length invalid\n", iobuf_where (inp));
630 rc = gpg_error (GPG_ERR_INV_PACKET);
633 pktlen |= hdr[hdrlen++] = c;
638 /* Sometimes the decompressing layer enters an error state in which
639 it simply outputs 0xff for every byte read. If we have a stream
640 of 0xff bytes, then it will be detected as a new format packet
641 with type 63 and a 4-byte encoded length that is 4G-1. Since
642 packets with type 63 are private and we use them as a control
643 packet, which won't be 4 GB, we reject such packets as
645 if (pkttype == 63 && pktlen == 0xFFFFFFFF)
647 /* With some probability this is caused by a problem in the
648 * the uncompressing layer - in some error cases it just loops
649 * and spits out 0xff bytes. */
650 log_error ("%s: garbled packet detected\n", iobuf_where (inp));
656 /* This type of copying won't work if the packet uses a partial
657 body length. (In other words, this only works if HDR is
658 actually the length.) Currently, no callers require this
659 functionality so we just log this as an error. */
662 log_error ("parse: Can't copy partial packet. Aborting.\n");
663 rc = gpg_error (GPG_ERR_INV_PACKET);
667 rc = iobuf_write (out, hdr, hdrlen);
669 rc = copy_packet (inp, out, pkttype, pktlen, partial);
673 if (with_uid && pkttype == PKT_USER_ID)
674 /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
675 even if DO_SKIP is set. */
678 /* type==0 is not allowed. This is an invalid packet. */
680 /* When ONLYKEYPKTS is set, we don't skip keys. */
681 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
682 && pkttype != PKT_PUBLIC_KEY
683 && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
685 iobuf_skip_rest (inp, pktlen, partial);
693 #ifdef DEBUG_PARSE_PACKET
694 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
695 iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
696 dbg_w, dbg_f, dbg_l);
698 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
699 iobuf_id (inp), pkttype, pktlen,
700 new_ctb ? " (new_ctb)" : "");
705 es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
706 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
707 partial? (new_ctb ? " partial" : " indeterminate") :"",
708 new_ctb? " new-ctb":"");
710 pkt->pkttype = pkttype;
711 rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
715 case PKT_PUBLIC_SUBKEY:
717 case PKT_SECRET_SUBKEY:
718 pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
719 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
722 rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
725 rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
728 pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
729 rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
731 case PKT_ONEPASS_SIG:
732 pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
733 rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
736 rc = parse_user_id (inp, pkttype, pktlen, pkt);
739 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
740 rc = parse_attribute (inp, pkttype, pktlen, pkt);
742 case PKT_OLD_COMMENT:
744 rc = parse_comment (inp, pkttype, pktlen, pkt);
747 parse_trust (inp, pkttype, pktlen, pkt);
751 rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
754 rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
757 case PKT_ENCRYPTED_MDC:
758 rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
761 rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
763 case PKT_GPG_CONTROL:
764 rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
767 rc = parse_marker (inp, pkttype, pktlen);
770 /* Unknown packet. Skip it. */
771 skip_packet (inp, pkttype, pktlen, partial);
776 /* FIXME: We leak in case of an error (see the xmalloc's above). */
777 if (!rc && iobuf_error (inp))
778 rc = GPG_ERR_INV_KEYRING;
780 /* FIXME: We use only the error code for now to avoid problems with
781 callers which have not been checked to always use gpg_err_code()
782 when comparing error codes. */
783 return rc == -1? -1 : gpg_err_code (rc);
788 dump_hex_line (int c, int *i)
792 if (*i && !(*i % 24))
793 es_fprintf (listfp, "\n%4d:", *i);
795 es_putc (' ', listfp);
798 es_fprintf (listfp, " EOF");
800 es_fprintf (listfp, " %02x", c);
805 /* Copy the contents of a packet from the pipeline IN to the pipeline
808 The header and length have already been read from INP and the
809 decoded values are given as PKGTYPE and PKTLEN.
811 If the packet is a partial body length packet (RFC 4880, Section
812 4.2.2.4), then iobuf_set_partial_block_modeiobuf_set_partial_block_mode
813 should already have been called on INP and PARTIAL should be set.
815 If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
816 copy until the first EOF is encountered on INP.
818 Returns 0 on success and an error code if an error occurs. */
820 copy_packet (IOBUF inp, IOBUF out, int pkttype,
821 unsigned long pktlen, int partial)
829 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
830 if ((rc = iobuf_write (out, buf, n)))
831 return rc; /* write error */
833 else if (!pktlen && pkttype == PKT_COMPRESSED)
835 log_debug ("copy_packet: compressed!\n");
836 /* compressed packet, copy till EOF */
837 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
838 if ((rc = iobuf_write (out, buf, n)))
839 return rc; /* write error */
843 for (; pktlen; pktlen -= n)
845 n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
846 n = iobuf_read (inp, buf, n);
848 return gpg_error (GPG_ERR_EOF);
849 if ((rc = iobuf_write (out, buf, n)))
850 return rc; /* write error */
857 /* Skip an unknown packet. PKTTYPE is the packet's type, PKTLEN is
858 the length of the packet's content and PARTIAL is whether partial
859 body length encoding in used (in this case PKTLEN is ignored). */
861 skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
865 es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
870 es_fputs ("dump:", listfp);
873 while ((c = iobuf_get (inp)) != -1)
874 dump_hex_line (c, &i);
878 for (; pktlen; pktlen--)
880 dump_hex_line ((c = iobuf_get (inp)), &i);
885 es_putc ('\n', listfp);
889 iobuf_skip_rest (inp, pktlen, partial);
893 /* Read PKTLEN bytes form INP and return them in a newly allocated
894 buffer. In case of an error (including reading fewer than PKTLEN
895 bytes from INP before EOF is returned), NULL is returned and an
896 error message is logged. */
898 read_rest (IOBUF inp, size_t pktlen)
903 buf = xtrymalloc (pktlen);
906 gpg_error_t err = gpg_error_from_syserror ();
907 log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
910 for (p = buf; pktlen; pktlen--)
915 log_error ("premature eof while reading rest of packet\n");
926 /* Read a special size+body from INP. On success store an opaque MPI
927 with it at R_DATA. On error return an error code and store NULL at
928 R_DATA. Even in the error case store the number of read bytes at
929 R_NREAD. The caller shall pass the remaining size of the packet in
932 read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
943 return gpg_error (GPG_ERR_INV_PACKET);
944 c = iobuf_readbyte (inp);
946 return gpg_error (GPG_ERR_INV_PACKET);
950 if (nbytes < 2 || nbytes > 254)
951 return gpg_error (GPG_ERR_INV_PACKET);
953 return gpg_error (GPG_ERR_INV_PACKET);
957 for (i = 0; i < nbytes; i++)
961 return gpg_error (GPG_ERR_INV_PACKET);
966 tmpbuf = xtrymalloc (1 + nbytes);
968 return gpg_error_from_syserror ();
969 memcpy (tmpbuf, buffer, 1 + nbytes);
970 *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
974 return gpg_error_from_syserror ();
980 /* Parse a marker packet. */
982 parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
989 if (iobuf_get (inp) != 'P')
995 if (iobuf_get (inp) != 'G')
1001 if (iobuf_get (inp) != 'P')
1008 es_fputs (":marker packet: PGP\n", listfp);
1013 log_error ("invalid marker packet\n");
1015 es_fputs (":marker packet: [invalid]\n", listfp);
1016 iobuf_skip_rest (inp, pktlen, 0);
1017 return GPG_ERR_INV_PACKET;
1022 parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1027 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
1031 log_error ("packet(%d) too short\n", pkttype);
1033 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1034 rc = gpg_error (GPG_ERR_INV_PACKET);
1037 version = iobuf_get_noeof (inp);
1041 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1043 es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
1044 rc = gpg_error (GPG_ERR_INV_PACKET);
1048 { /* (we encode the seskeylen in a byte) */
1049 log_error ("packet(%d) too large\n", pkttype);
1051 es_fprintf (listfp, ":symkey enc packet: [too large]\n");
1052 rc = gpg_error (GPG_ERR_INV_PACKET);
1055 cipher_algo = iobuf_get_noeof (inp);
1057 s2kmode = iobuf_get_noeof (inp);
1059 hash_algo = iobuf_get_noeof (inp);
1063 case 0: /* Simple S2K. */
1066 case 1: /* Salted S2K. */
1069 case 3: /* Iterated+salted S2K. */
1073 log_error ("unknown S2K mode %d\n", s2kmode);
1075 es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
1078 if (minlen > pktlen)
1080 log_error ("packet with S2K %d too short\n", s2kmode);
1082 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1083 rc = gpg_error (GPG_ERR_INV_PACKET);
1086 seskeylen = pktlen - minlen;
1087 k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
1089 k->version = version;
1090 k->cipher_algo = cipher_algo;
1091 k->s2k.mode = s2kmode;
1092 k->s2k.hash_algo = hash_algo;
1093 if (s2kmode == 1 || s2kmode == 3)
1095 for (i = 0; i < 8 && pktlen; i++, pktlen--)
1096 k->s2k.salt[i] = iobuf_get_noeof (inp);
1100 k->s2k.count = iobuf_get (inp);
1103 k->seskeylen = seskeylen;
1106 for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
1107 k->seskey[i] = iobuf_get_noeof (inp);
1109 /* What we're watching out for here is a session key decryptor
1110 with no salt. The RFC says that using salt for this is a
1112 if (s2kmode != 1 && s2kmode != 3)
1113 log_info (_("WARNING: potentially insecure symmetrically"
1114 " encrypted session key\n"));
1116 log_assert (!pktlen);
1121 ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
1122 version, cipher_algo, s2kmode, hash_algo);
1124 es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
1125 es_fprintf (listfp, "\n");
1126 if (s2kmode == 1 || s2kmode == 3)
1128 es_fprintf (listfp, "\tsalt ");
1129 es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
1131 es_fprintf (listfp, ", count %lu (%lu)",
1132 S2K_DECODE_COUNT ((ulong) k->s2k.count),
1133 (ulong) k->s2k.count);
1134 es_fprintf (listfp, "\n");
1139 iobuf_skip_rest (inp, pktlen, 0);
1145 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1152 k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
1155 log_error ("packet(%d) too short\n", pkttype);
1157 es_fputs (":pubkey enc packet: [too short]\n", listfp);
1158 rc = gpg_error (GPG_ERR_INV_PACKET);
1161 k->version = iobuf_get_noeof (inp);
1163 if (k->version != 2 && k->version != 3)
1165 log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
1167 es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
1168 rc = gpg_error (GPG_ERR_INV_PACKET);
1171 k->keyid[0] = read_32 (inp);
1173 k->keyid[1] = read_32 (inp);
1175 k->pubkey_algo = iobuf_get_noeof (inp);
1177 k->throw_keyid = 0; /* Only used as flag for build_packet. */
1180 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
1181 k->version, k->pubkey_algo, (ulong) k->keyid[0],
1182 (ulong) k->keyid[1]);
1184 ndata = pubkey_get_nenc (k->pubkey_algo);
1188 es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
1189 unknown_pubkey_warning (k->pubkey_algo);
1190 k->data[0] = NULL; /* No need to store the encrypted data. */
1194 for (i = 0; i < ndata; i++)
1196 if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
1199 rc = read_size_body (inp, pktlen, &n, k->data+i);
1205 k->data[i] = mpi_read (inp, &n, 0);
1208 rc = gpg_error (GPG_ERR_INV_PACKET);
1214 es_fprintf (listfp, "\tdata: ");
1215 mpi_print (listfp, k->data[i], mpi_print_mode);
1216 es_putc ('\n', listfp);
1222 iobuf_skip_rest (inp, pktlen, 0);
1227 /* Dump a subpacket to LISTFP. BUFFER contains the subpacket in
1228 question and points to the type field in the subpacket header (not
1229 the start of the header). TYPE is the subpacket's type with the
1230 critical bit cleared. CRITICAL is the value of the CRITICAL bit.
1231 BUFLEN is the length of the buffer and LENGTH is the length of the
1232 subpacket according to the subpacket's header. */
1234 dump_sig_subpkt (int hashed, int type, int critical,
1235 const byte * buffer, size_t buflen, size_t length)
1237 const char *p = NULL;
1240 /* The CERT has warning out with explains how to use GNUPG to detect
1241 * the ARRs - we print our old message here when it is a faked ARR
1242 * and add an additional notice. */
1243 if (type == SIGSUBPKT_ARR && !hashed)
1246 "\tsubpkt %d len %u (additional recipient request)\n"
1247 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
1248 "encrypt to this key and thereby reveal the plaintext to "
1249 "the owner of this ARR key. Detailed info follows:\n",
1250 type, (unsigned) length);
1256 es_fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
1257 critical ? "critical " : "",
1258 hashed ? "hashed " : "", type, (unsigned) length);
1259 if (length > buflen)
1261 es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
1266 case SIGSUBPKT_SIG_CREATED:
1268 es_fprintf (listfp, "sig created %s",
1269 strtimestamp (buf32_to_u32 (buffer)));
1271 case SIGSUBPKT_SIG_EXPIRE:
1274 if (buf32_to_u32 (buffer))
1275 es_fprintf (listfp, "sig expires after %s",
1276 strtimevalue (buf32_to_u32 (buffer)));
1278 es_fprintf (listfp, "sig does not expire");
1281 case SIGSUBPKT_EXPORTABLE:
1283 es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1285 case SIGSUBPKT_TRUST:
1287 p = "[invalid trust subpacket]";
1289 es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1292 case SIGSUBPKT_REGEXP:
1294 p = "[invalid regexp subpacket]";
1297 es_fprintf (listfp, "regular expression: \"");
1298 es_write_sanitized (listfp, buffer, length, "\"", NULL);
1302 case SIGSUBPKT_REVOCABLE:
1304 es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1306 case SIGSUBPKT_KEY_EXPIRE:
1309 if (buf32_to_u32 (buffer))
1310 es_fprintf (listfp, "key expires after %s",
1311 strtimevalue (buf32_to_u32 (buffer)));
1313 es_fprintf (listfp, "key does not expire");
1316 case SIGSUBPKT_PREF_SYM:
1317 es_fputs ("pref-sym-algos:", listfp);
1318 for (i = 0; i < length; i++)
1319 es_fprintf (listfp, " %d", buffer[i]);
1321 case SIGSUBPKT_REV_KEY:
1322 es_fputs ("revocation key: ", listfp);
1327 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1328 for (i = 2; i < length; i++)
1329 es_fprintf (listfp, "%02X", buffer[i]);
1332 case SIGSUBPKT_ISSUER:
1334 es_fprintf (listfp, "issuer key ID %08lX%08lX",
1335 (ulong) buf32_to_u32 (buffer),
1336 (ulong) buf32_to_u32 (buffer + 4));
1338 case SIGSUBPKT_ISSUER_FPR:
1342 es_fprintf (listfp, "issuer fpr v%d ", buffer[0]);
1343 tmp = bin2hex (buffer+1, length-1, NULL);
1346 es_fputs (tmp, listfp);
1351 case SIGSUBPKT_NOTATION:
1353 es_fputs ("notation: ", listfp);
1358 const byte *s = buffer;
1361 n1 = (s[4] << 8) | s[5];
1362 n2 = (s[6] << 8) | s[7];
1364 if (8 + n1 + n2 != length)
1368 es_write_sanitized (listfp, s, n1, ")", NULL);
1369 es_putc ('=', listfp);
1372 es_write_sanitized (listfp, s + n1, n2, ")", NULL);
1374 p = "[not human readable]";
1379 case SIGSUBPKT_PREF_HASH:
1380 es_fputs ("pref-hash-algos:", listfp);
1381 for (i = 0; i < length; i++)
1382 es_fprintf (listfp, " %d", buffer[i]);
1384 case SIGSUBPKT_PREF_COMPR:
1385 es_fputs ("pref-zip-algos:", listfp);
1386 for (i = 0; i < length; i++)
1387 es_fprintf (listfp, " %d", buffer[i]);
1389 case SIGSUBPKT_KS_FLAGS:
1390 es_fputs ("keyserver preferences:", listfp);
1391 for (i = 0; i < length; i++)
1392 es_fprintf (listfp, " %02X", buffer[i]);
1394 case SIGSUBPKT_PREF_KS:
1395 es_fputs ("preferred keyserver: ", listfp);
1396 es_write_sanitized (listfp, buffer, length, ")", NULL);
1398 case SIGSUBPKT_PRIMARY_UID:
1399 p = "primary user ID";
1401 case SIGSUBPKT_POLICY:
1402 es_fputs ("policy: ", listfp);
1403 es_write_sanitized (listfp, buffer, length, ")", NULL);
1405 case SIGSUBPKT_KEY_FLAGS:
1406 es_fputs ("key flags:", listfp);
1407 for (i = 0; i < length; i++)
1408 es_fprintf (listfp, " %02X", buffer[i]);
1410 case SIGSUBPKT_SIGNERS_UID:
1411 p = "signer's user ID";
1413 case SIGSUBPKT_REVOC_REASON:
1416 es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1417 es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
1422 es_fputs ("Big Brother's key (ignored): ", listfp);
1427 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1429 es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
1432 case SIGSUBPKT_FEATURES:
1433 es_fputs ("features:", listfp);
1434 for (i = 0; i < length; i++)
1435 es_fprintf (listfp, " %02x", buffer[i]);
1437 case SIGSUBPKT_SIGNATURE:
1438 es_fputs ("signature: ", listfp);
1442 es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1444 buffer[0] == 3 ? buffer[2] : buffer[1],
1445 buffer[0] == 3 ? buffer[15] : buffer[2],
1446 buffer[0] == 3 ? buffer[16] : buffer[3]);
1449 if (type >= 100 && type <= 110)
1450 p = "experimental / private subpacket";
1456 es_fprintf (listfp, "%s)\n", p ? p : "");
1461 * Returns: >= 0 use this offset into buffer
1462 * -1 explicitly reject returning this type
1463 * -2 subpacket too short
1466 parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1470 case SIGSUBPKT_REV_KEY:
1474 case SIGSUBPKT_SIG_CREATED:
1475 case SIGSUBPKT_SIG_EXPIRE:
1476 case SIGSUBPKT_KEY_EXPIRE:
1480 case SIGSUBPKT_KEY_FLAGS:
1481 case SIGSUBPKT_KS_FLAGS:
1482 case SIGSUBPKT_PREF_SYM:
1483 case SIGSUBPKT_PREF_HASH:
1484 case SIGSUBPKT_PREF_COMPR:
1485 case SIGSUBPKT_POLICY:
1486 case SIGSUBPKT_PREF_KS:
1487 case SIGSUBPKT_FEATURES:
1488 case SIGSUBPKT_REGEXP:
1490 case SIGSUBPKT_SIGNATURE:
1491 case SIGSUBPKT_EXPORTABLE:
1492 case SIGSUBPKT_REVOCABLE:
1493 case SIGSUBPKT_REVOC_REASON:
1497 case SIGSUBPKT_ISSUER: /* issuer key ID */
1501 case SIGSUBPKT_ISSUER_FPR: /* issuer key ID */
1505 case SIGSUBPKT_NOTATION:
1506 /* minimum length needed, and the subpacket must be well-formed
1507 where the name length and value length all fit inside the
1510 || 8 + ((buffer[4] << 8) | buffer[5]) +
1511 ((buffer[6] << 8) | buffer[7]) != n)
1514 case SIGSUBPKT_PRIMARY_UID:
1518 case SIGSUBPKT_TRUST:
1529 /* Return true if we understand the critical notation. */
1531 can_handle_critical_notation (const byte * name, size_t len)
1533 if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
1535 if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
1543 can_handle_critical (const byte * buffer, size_t n, int type)
1547 case SIGSUBPKT_NOTATION:
1550 size_t notation_len = ((buffer[4] << 8) | buffer[5]);
1551 if (n - 8 >= notation_len)
1552 return can_handle_critical_notation (buffer + 8, notation_len);
1555 case SIGSUBPKT_SIGNATURE:
1556 case SIGSUBPKT_SIG_CREATED:
1557 case SIGSUBPKT_SIG_EXPIRE:
1558 case SIGSUBPKT_KEY_EXPIRE:
1559 case SIGSUBPKT_EXPORTABLE:
1560 case SIGSUBPKT_REVOCABLE:
1561 case SIGSUBPKT_REV_KEY:
1562 case SIGSUBPKT_ISSUER: /* issuer key ID */
1563 case SIGSUBPKT_ISSUER_FPR: /* issuer fingerprint */
1564 case SIGSUBPKT_PREF_SYM:
1565 case SIGSUBPKT_PREF_HASH:
1566 case SIGSUBPKT_PREF_COMPR:
1567 case SIGSUBPKT_KEY_FLAGS:
1568 case SIGSUBPKT_PRIMARY_UID:
1569 case SIGSUBPKT_FEATURES:
1570 case SIGSUBPKT_TRUST:
1571 case SIGSUBPKT_REGEXP:
1572 /* Is it enough to show the policy or keyserver? */
1573 case SIGSUBPKT_POLICY:
1574 case SIGSUBPKT_PREF_KS:
1575 case SIGSUBPKT_REVOC_REASON: /* At least we know about it. */
1585 enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
1586 size_t * ret_n, int *start, int *critical)
1595 int reqseq = start ? *start : 0;
1598 critical = &critical_dummy;
1600 if (!pktbuf || reqseq == -1)
1602 static char dummy[] = "x";
1603 /* Return a value different from NULL to indicate that
1604 * there is no critical bit we do not understand. */
1605 return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
1607 buffer = pktbuf->data;
1608 buflen = pktbuf->len;
1613 if (n == 255) /* 4 byte length header. */
1617 n = buf32_to_size_t (buffer);
1621 else if (n >= 192) /* 4 byte special encoded length header. */
1625 n = ((n - 192) << 8) + *buffer + 192;
1639 if (!(++seq > reqseq))
1641 else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1645 if (n - 1 > buflen + 1)
1647 if (!can_handle_critical (buffer + 1, n - 1, type))
1650 log_info (_("subpacket of type %d has "
1651 "critical bit set\n"), type);
1654 return NULL; /* This is an error. */
1658 else if (reqtype < 0) /* List packets. */
1659 dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1660 type, *critical, buffer, buflen, n);
1661 else if (type == reqtype) /* Found. */
1669 offset = parse_one_sig_subpkt (buffer, n, type);
1673 log_error ("subpacket of type %d too short\n", type);
1682 return buffer + offset;
1687 if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1688 /* Returning NULL means we found a subpacket with the critical bit
1689 set that we don't grok. We've iterated over all the subpackets
1690 and haven't found such a packet so we need to return a non-NULL
1694 /* Critical bit we don't understand. */
1697 return NULL; /* End of packets; not found. */
1701 log_info ("buffer shorter than subpacket\n");
1709 parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
1712 return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
1717 parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
1721 p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
1723 p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
1728 /* Find all revocation keys. Look in hashed area only. */
1730 parse_revkeys (PKT_signature * sig)
1736 if (sig->sig_class != 0x1F)
1739 while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
1742 if (/* The only valid length is 22 bytes. See RFC 4880
1745 /* 0x80 bit must be set on the class. */
1746 && (revkey[0] & 0x80))
1748 sig->revkey = xrealloc (sig->revkey,
1749 sizeof (struct revocation_key) *
1750 (sig->numrevkeys + 1));
1752 /* Copy the individual fields. */
1753 sig->revkey[sig->numrevkeys].class = revkey[0];
1754 sig->revkey[sig->numrevkeys].algid = revkey[1];
1755 memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
1764 parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
1765 PKT_signature * sig)
1775 log_error ("packet(%d) too short\n", pkttype);
1777 es_fputs (":signature packet: [too short]\n", listfp);
1780 sig->version = iobuf_get_noeof (inp);
1782 if (sig->version == 4)
1784 else if (sig->version != 2 && sig->version != 3)
1786 log_error ("packet(%d) with unknown version %d\n",
1787 pkttype, sig->version);
1789 es_fputs (":signature packet: [unknown version]\n", listfp);
1790 rc = gpg_error (GPG_ERR_INV_PACKET);
1798 md5_len = iobuf_get_noeof (inp);
1803 sig->sig_class = iobuf_get_noeof (inp);
1809 sig->timestamp = read_32 (inp);
1811 sig->keyid[0] = read_32 (inp);
1813 sig->keyid[1] = read_32 (inp);
1818 sig->pubkey_algo = iobuf_get_noeof (inp);
1820 sig->digest_algo = iobuf_get_noeof (inp);
1822 sig->flags.exportable = 1;
1823 sig->flags.revocable = 1;
1824 if (is_v4) /* Read subpackets. */
1829 pktlen -= 2; /* Length of hashed data. */
1834 log_error ("signature packet: hashed data too long\n");
1836 es_fputs (":signature packet: [hashed data too long]\n", listfp);
1837 rc = GPG_ERR_INV_PACKET;
1842 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
1843 sig->hashed->size = n;
1844 sig->hashed->len = n;
1845 if (iobuf_read (inp, sig->hashed->data, n) != n)
1847 log_error ("premature eof while reading "
1848 "hashed signature data\n");
1850 es_fputs (":signature packet: [premature eof]\n", listfp);
1859 pktlen -= 2; /* Length of unhashed data. */
1864 log_error ("signature packet: unhashed data too long\n");
1866 es_fputs (":signature packet: [unhashed data too long]\n", listfp);
1867 rc = GPG_ERR_INV_PACKET;
1872 sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
1873 sig->unhashed->size = n;
1874 sig->unhashed->len = n;
1875 if (iobuf_read (inp, sig->unhashed->data, n) != n)
1877 log_error ("premature eof while reading "
1878 "unhashed signature data\n");
1880 es_fputs (":signature packet: [premature eof]\n", listfp);
1890 sig->digest_start[0] = iobuf_get_noeof (inp);
1892 sig->digest_start[1] = iobuf_get_noeof (inp);
1895 if (is_v4 && sig->pubkey_algo) /* Extract required information. */
1900 /* Set sig->flags.unknown_critical if there is a critical bit
1901 * set for packets which we do not understand. */
1902 if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1903 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
1904 sig->flags.unknown_critical = 1;
1906 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
1908 sig->timestamp = buf32_to_u32 (p);
1909 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1911 log_info ("signature packet without timestamp\n");
1913 p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
1916 sig->keyid[0] = buf32_to_u32 (p);
1917 sig->keyid[1] = buf32_to_u32 (p + 4);
1919 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1921 log_info ("signature packet without keyid\n");
1923 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
1924 if (p && buf32_to_u32 (p))
1925 sig->expiredate = sig->timestamp + buf32_to_u32 (p);
1926 if (sig->expiredate && sig->expiredate <= make_timestamp ())
1927 sig->flags.expired = 1;
1929 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
1931 sig->flags.policy_url = 1;
1933 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
1935 sig->flags.pref_ks = 1;
1937 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
1940 sig->signers_uid = try_make_printable_string (p, len, 0);
1941 if (!sig->signers_uid)
1943 rc = gpg_error_from_syserror ();
1948 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
1950 sig->flags.notation = 1;
1952 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
1954 sig->flags.revocable = 0;
1956 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
1959 sig->trust_depth = p[0];
1960 sig->trust_value = p[1];
1962 /* Only look for a regexp if there is also a trust
1965 parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
1967 /* If the regular expression is of 0 length, there is no
1968 regular expression. */
1970 sig->trust_regexp = NULL;
1973 /* We accept the exportable subpacket from either the hashed or
1974 unhashed areas as older versions of gpg put it in the
1975 unhashed area. In theory, anyway, we should never see this
1976 packet off of a local keyring. */
1978 p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
1980 sig->flags.exportable = 0;
1982 /* Find all revocation keys. */
1983 if (sig->sig_class == 0x1F)
1984 parse_revkeys (sig);
1989 es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1990 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1991 "\tdigest algo %d, begin of digest %02x %02x\n",
1993 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1994 sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
1995 sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
1998 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
1999 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
2003 ndata = pubkey_get_nsig (sig->pubkey_algo);
2007 es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
2008 unknown_pubkey_warning (sig->pubkey_algo);
2010 /* We store the plain material in data[0], so that we are able
2011 * to write it back with build_packet(). */
2012 if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
2014 /* We include a limit to avoid too trivial DoS attacks by
2015 having gpg allocate too much memory. */
2016 log_error ("signature packet: too much data\n");
2017 rc = GPG_ERR_INV_PACKET;
2022 gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
2028 for (i = 0; i < ndata; i++)
2031 sig->data[i] = mpi_read (inp, &n, 0);
2035 es_fprintf (listfp, "\tdata: ");
2036 mpi_print (listfp, sig->data[i], mpi_print_mode);
2037 es_putc ('\n', listfp);
2040 rc = GPG_ERR_INV_PACKET;
2045 iobuf_skip_rest (inp, pktlen, 0);
2049 log_error ("packet(%d) too short\n", pkttype);
2051 es_fputs (":signature packet: [too short]\n", listfp);
2053 iobuf_skip_rest (inp, pktlen, 0);
2055 return GPG_ERR_INV_PACKET;
2060 parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
2061 PKT_onepass_sig * ops)
2068 log_error ("packet(%d) too short\n", pkttype);
2070 es_fputs (":onepass_sig packet: [too short]\n", listfp);
2071 rc = gpg_error (GPG_ERR_INV_PACKET);
2074 version = iobuf_get_noeof (inp);
2078 log_error ("onepass_sig with unknown version %d\n", version);
2080 es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
2081 rc = gpg_error (GPG_ERR_INV_PACKET);
2084 ops->sig_class = iobuf_get_noeof (inp);
2086 ops->digest_algo = iobuf_get_noeof (inp);
2088 ops->pubkey_algo = iobuf_get_noeof (inp);
2090 ops->keyid[0] = read_32 (inp);
2092 ops->keyid[1] = read_32 (inp);
2094 ops->last = iobuf_get_noeof (inp);
2098 ":onepass_sig packet: keyid %08lX%08lX\n"
2099 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
2101 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
2102 version, ops->sig_class,
2103 ops->digest_algo, ops->pubkey_algo, ops->last);
2107 iobuf_skip_rest (inp, pktlen, 0);
2113 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
2114 byte * hdr, int hdrlen, PACKET * pkt)
2116 gpg_error_t err = 0;
2117 int i, version, algorithm;
2118 unsigned long timestamp, expiredate, max_expiredate;
2125 pk = pkt->pkt.public_key; /* PK has been cleared. */
2127 version = iobuf_get_noeof (inp);
2129 if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
2131 /* Early versions of G10 used the old PGP comments packets;
2132 * luckily all those comments are started by a hash. */
2135 es_fprintf (listfp, ":rfc1991 comment packet: \"");
2136 for (; pktlen; pktlen--)
2139 c = iobuf_get (inp);
2141 break; /* Ooops: shorter than indicated. */
2142 if (c >= ' ' && c <= 'z')
2143 es_putc (c, listfp);
2145 es_fprintf (listfp, "\\x%02x", c);
2147 es_fprintf (listfp, "\"\n");
2149 iobuf_skip_rest (inp, pktlen, 0);
2152 else if (version == 4)
2154 /* The only supported version. Use an older gpg
2155 version (i.e. gpg 1.4) to parse v3 packets. */
2157 else if (version == 2 || version == 3)
2159 if (opt.verbose > 1)
2160 log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
2162 es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
2163 pk->version = version;
2164 err = gpg_error (GPG_ERR_LEGACY_KEY);
2169 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
2171 es_fputs (":key packet: [unknown version]\n", listfp);
2172 err = gpg_error (GPG_ERR_INV_PACKET);
2178 log_error ("packet(%d) too short\n", pkttype);
2180 es_fputs (":key packet: [too short]\n", listfp);
2181 err = gpg_error (GPG_ERR_INV_PACKET);
2184 else if (pktlen > MAX_KEY_PACKET_LENGTH)
2186 log_error ("packet(%d) too large\n", pkttype);
2188 es_fputs (":key packet: [too larget]\n", listfp);
2189 err = gpg_error (GPG_ERR_INV_PACKET);
2193 timestamp = read_32 (inp);
2195 expiredate = 0; /* have to get it from the selfsignature */
2197 algorithm = iobuf_get_noeof (inp);
2200 es_fprintf (listfp, ":%s key packet:\n"
2201 "\tversion %d, algo %d, created %lu, expires %lu\n",
2202 pkttype == PKT_PUBLIC_KEY ? "public" :
2203 pkttype == PKT_SECRET_KEY ? "secret" :
2204 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
2205 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
2206 version, algorithm, timestamp, expiredate);
2208 pk->timestamp = timestamp;
2209 pk->expiredate = expiredate;
2210 pk->max_expiredate = max_expiredate;
2211 pk->hdrbytes = hdrlen;
2212 pk->version = version;
2213 pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
2214 pk->pubkey_algo = algorithm;
2216 nskey = pubkey_get_nskey (algorithm);
2217 npkey = pubkey_get_npkey (algorithm);
2221 es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
2222 unknown_pubkey_warning (algorithm);
2227 /* Unknown algorithm - put data into an opaque MPI. */
2228 pk->pkey[0] = gcry_mpi_set_opaque (NULL,
2229 read_rest (inp, pktlen), pktlen * 8);
2235 for (i = 0; i < npkey; i++)
2237 if ( (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
2238 || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
2239 || (algorithm == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
2241 /* Read the OID (i==1) or the KDF params (i==2). */
2243 err = read_size_body (inp, pktlen, &n, pk->pkey+i);
2248 unsigned int n = pktlen;
2249 pk->pkey[i] = mpi_read (inp, &n, 0);
2252 err = gpg_error (GPG_ERR_INV_PACKET);
2258 es_fprintf (listfp, "\tpkey[%d]: ", i);
2259 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2260 if ((algorithm == PUBKEY_ALGO_ECDSA
2261 || algorithm == PUBKEY_ALGO_EDDSA
2262 || algorithm == PUBKEY_ALGO_ECDH) && i==0)
2264 char *curve = openpgp_oid_to_str (pk->pkey[0]);
2265 const char *name = openpgp_oid_to_curve (curve, 0);
2266 es_fprintf (listfp, " %s (%s)", name?name:"", curve);
2269 es_putc ('\n', listfp);
2274 keyid_from_pk (pk, keyid);
2276 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
2278 struct seckey_info *ski;
2284 err = gpg_error (GPG_ERR_INV_PACKET);
2288 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
2289 if (!pk->seckey_info)
2291 err = gpg_error_from_syserror ();
2295 ski->algo = iobuf_get_noeof (inp);
2299 ski->is_protected = 1;
2301 if (ski->algo == 254 || ski->algo == 255)
2305 err = gpg_error (GPG_ERR_INV_PACKET);
2308 ski->sha1chk = (ski->algo == 254);
2309 ski->algo = iobuf_get_noeof (inp);
2311 /* Note that a ski->algo > 110 is illegal, but I'm not
2312 erroring on it here as otherwise there would be no
2313 way to delete such a key. */
2314 ski->s2k.mode = iobuf_get_noeof (inp);
2316 ski->s2k.hash_algo = iobuf_get_noeof (inp);
2318 /* Check for the special GNU extension. */
2319 if (ski->s2k.mode == 101)
2321 for (i = 0; i < 4 && pktlen; i++, pktlen--)
2322 temp[i] = iobuf_get_noeof (inp);
2323 if (i < 4 || memcmp (temp, "GNU", 3))
2326 es_fprintf (listfp, "\tunknown S2K %d\n",
2328 err = gpg_error (GPG_ERR_INV_PACKET);
2331 /* Here we know that it is a GNU extension. What
2332 * follows is the GNU protection mode: All values
2333 * have special meanings and they are mapped to MODE
2334 * with a base of 1000. */
2335 ski->s2k.mode = 1000 + temp[3];
2338 /* Read the salt. */
2339 switch (ski->s2k.mode)
2343 for (i = 0; i < 8 && pktlen; i++, pktlen--)
2344 temp[i] = iobuf_get_noeof (inp);
2347 err = gpg_error (GPG_ERR_INV_PACKET);
2350 memcpy (ski->s2k.salt, temp, 8);
2354 /* Check the mode. */
2355 switch (ski->s2k.mode)
2359 es_fprintf (listfp, "\tsimple S2K");
2363 es_fprintf (listfp, "\tsalted S2K");
2367 es_fprintf (listfp, "\titer+salt S2K");
2371 es_fprintf (listfp, "\tgnu-dummy S2K");
2375 es_fprintf (listfp, "\tgnu-divert-to-card S2K");
2379 es_fprintf (listfp, "\tunknown %sS2K %d\n",
2380 ski->s2k.mode < 1000 ? "" : "GNU ",
2382 err = gpg_error (GPG_ERR_INV_PACKET);
2386 /* Print some info. */
2389 es_fprintf (listfp, ", algo: %d,%s hash: %d",
2391 ski->sha1chk ? " SHA1 protection,"
2392 : " simple checksum,", ski->s2k.hash_algo);
2393 if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
2395 es_fprintf (listfp, ", salt: ");
2396 es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
2398 es_putc ('\n', listfp);
2401 /* Read remaining protection parameters. */
2402 if (ski->s2k.mode == 3)
2406 err = gpg_error (GPG_ERR_INV_PACKET);
2409 ski->s2k.count = iobuf_get (inp);
2412 es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
2413 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
2414 (ulong) ski->s2k.count);
2416 else if (ski->s2k.mode == 1002)
2418 /* Read the serial number. */
2421 err = gpg_error (GPG_ERR_INV_PACKET);
2424 snlen = iobuf_get (inp);
2426 if (pktlen < snlen || snlen == (size_t)(-1))
2428 err = gpg_error (GPG_ERR_INV_PACKET);
2433 else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2435 /* Note that a ski->algo > 110 is illegal, but I'm not
2436 erroring on it here as otherwise there would be no
2437 way to delete such a key. */
2439 ski->s2k.hash_algo = DIGEST_ALGO_MD5;
2441 es_fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2442 ski->algo, ski->s2k.hash_algo);
2445 /* It is really ugly that we don't know the size
2446 * of the IV here in cases we are not aware of the algorithm.
2448 * ski->ivlen = cipher_get_blocksize (ski->algo);
2449 * won't work. The only solution I see is to hardwire it.
2450 * NOTE: if you change the ivlen above 16, don't forget to
2452 ski->ivlen = openpgp_cipher_blocklen (ski->algo);
2453 log_assert (ski->ivlen <= sizeof (temp));
2455 if (ski->s2k.mode == 1001)
2457 else if (ski->s2k.mode == 1002)
2458 ski->ivlen = snlen < 16 ? snlen : 16;
2460 if (pktlen < ski->ivlen)
2462 err = gpg_error (GPG_ERR_INV_PACKET);
2465 for (i = 0; i < ski->ivlen; i++, pktlen--)
2466 temp[i] = iobuf_get_noeof (inp);
2470 ski->s2k.mode == 1002 ? "\tserial-number: "
2471 : "\tprotect IV: ");
2472 for (i = 0; i < ski->ivlen; i++)
2473 es_fprintf (listfp, " %02x", temp[i]);
2474 es_putc ('\n', listfp);
2476 memcpy (ski->iv, temp, ski->ivlen);
2479 /* It does not make sense to read it into secure memory.
2480 * If the user is so careless, not to protect his secret key,
2481 * we can assume, that he operates an open system :=(.
2482 * So we put the key into secure memory when we unprotect it. */
2483 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
2485 /* Better set some dummy stuff here. */
2486 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2487 xstrdup ("dummydata"),
2491 else if (ski->is_protected)
2493 if (pktlen < 2) /* At least two bytes for the length. */
2495 err = gpg_error (GPG_ERR_INV_PACKET);
2499 /* Ugly: The length is encrypted too, so we read all stuff
2500 * up to the end of the packet into the first SKEY
2502 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2503 read_rest (inp, pktlen),
2505 /* Mark that MPI as protected - we need this information for
2506 importing a key. The OPAQUE flag can't be used because
2507 we also store public EdDSA values in opaque MPIs. */
2508 if (pk->pkey[npkey])
2509 gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
2512 es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
2516 /* Not encrypted. */
2517 for (i = npkey; i < nskey; i++)
2521 if (pktlen < 2) /* At least two bytes for the length. */
2523 err = gpg_error (GPG_ERR_INV_PACKET);
2527 pk->pkey[i] = mpi_read (inp, &n, 0);
2531 es_fprintf (listfp, "\tskey[%d]: ", i);
2532 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2533 es_putc ('\n', listfp);
2537 err = gpg_error (GPG_ERR_INV_PACKET);
2544 err = gpg_error (GPG_ERR_INV_PACKET);
2547 ski->csum = read_16 (inp);
2550 es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
2554 /* Note that KEYID below has been initialized above in list_mode. */
2556 es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2557 (ulong) keyid[0], (ulong) keyid[1]);
2560 iobuf_skip_rest (inp, pktlen, 0);
2565 /* Attribute subpackets have the same format as v4 signature
2566 subpackets. This is not part of OpenPGP, but is done in several
2567 versions of PGP nevertheless. */
2569 parse_attribute_subpkts (PKT_user_id * uid)
2573 struct user_attribute *attribs = NULL;
2574 const byte *buffer = uid->attrib_data;
2575 int buflen = uid->attrib_len;
2578 xfree (uid->attribs);
2584 if (n == 255) /* 4 byte length header. */
2588 n = buf32_to_size_t (buffer);
2592 else if (n >= 192) /* 2 byte special encoded length header. */
2596 n = ((n - 192) << 8) + *buffer + 192;
2605 /* Too short to encode the subpacket type. */
2607 log_info ("attribute subpacket too short\n");
2611 attribs = xrealloc (attribs,
2612 (count + 1) * sizeof (struct user_attribute));
2613 memset (&attribs[count], 0, sizeof (struct user_attribute));
2620 attribs[count].type = type;
2621 attribs[count].data = buffer;
2622 attribs[count].len = n;
2628 uid->attribs = attribs;
2629 uid->numattribs = count;
2634 log_info ("buffer shorter than attribute subpacket\n");
2635 uid->attribs = attribs;
2636 uid->numattribs = count;
2642 parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2646 /* Cap the size of a user ID at 2k: a value absurdly large enough
2647 that there is no sane user ID string (which is printable text
2648 as of RFC2440bis) that won't fit in it, but yet small enough to
2649 avoid allocation problems. A large pktlen may not be
2650 allocatable, and a very large pktlen could actually cause our
2651 allocation to wrap around in xmalloc to a small number. */
2653 if (pktlen > MAX_UID_PACKET_LENGTH)
2655 log_error ("packet(%d) too large\n", pkttype);
2657 es_fprintf (listfp, ":user ID packet: [too large]\n");
2658 iobuf_skip_rest (inp, pktlen, 0);
2659 return GPG_ERR_INV_PACKET;
2662 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
2663 packet->pkt.user_id->len = pktlen;
2664 packet->pkt.user_id->ref = 1;
2666 p = packet->pkt.user_id->name;
2667 for (; pktlen; pktlen--, p++)
2668 *p = iobuf_get_noeof (inp);
2673 int n = packet->pkt.user_id->len;
2674 es_fprintf (listfp, ":user ID packet: \"");
2675 /* fixme: Hey why don't we replace this with es_write_sanitized?? */
2676 for (p = packet->pkt.user_id->name; n; p++, n--)
2678 if (*p >= ' ' && *p <= 'z')
2679 es_putc (*p, listfp);
2681 es_fprintf (listfp, "\\x%02x", *p);
2683 es_fprintf (listfp, "\"\n");
2690 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
2692 log_assert (max_namelen > 70);
2693 if (uid->numattribs <= 0)
2694 sprintf (uid->name, "[bad attribute packet of size %lu]",
2696 else if (uid->numattribs > 1)
2697 sprintf (uid->name, "[%d attributes of size %lu]",
2698 uid->numattribs, uid->attrib_len);
2701 /* Only one attribute, so list it as the "user id" */
2703 if (uid->attribs->type == ATTRIB_IMAGE)
2708 if (parse_image_header (uid->attribs, &type, &len))
2709 sprintf (uid->name, "[%.20s image of size %lu]",
2710 image_type_to_string (type, 1), (ulong) len);
2712 sprintf (uid->name, "[invalid image]");
2715 sprintf (uid->name, "[unknown attribute of size %lu]",
2716 (ulong) uid->attribs->len);
2719 uid->len = strlen (uid->name);
2724 parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
2731 /* We better cap the size of an attribute packet to make DoS not too
2732 easy. 16MB should be more then enough for one attribute packet
2734 if (pktlen > MAX_ATTR_PACKET_LENGTH)
2736 log_error ("packet(%d) too large\n", pkttype);
2738 es_fprintf (listfp, ":attribute packet: [too large]\n");
2739 iobuf_skip_rest (inp, pktlen, 0);
2740 return GPG_ERR_INV_PACKET;
2743 #define EXTRA_UID_NAME_SPACE 71
2744 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
2745 + EXTRA_UID_NAME_SPACE);
2746 packet->pkt.user_id->ref = 1;
2747 packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
2748 packet->pkt.user_id->attrib_len = pktlen;
2750 p = packet->pkt.user_id->attrib_data;
2751 for (; pktlen; pktlen--, p++)
2752 *p = iobuf_get_noeof (inp);
2754 /* Now parse out the individual attribute subpackets. This is
2755 somewhat pointless since there is only one currently defined
2756 attribute type (jpeg), but it is correct by the spec. */
2757 parse_attribute_subpkts (packet->pkt.user_id);
2759 make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2763 es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
2770 parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2774 /* Cap comment packet at a reasonable value to avoid an integer
2775 overflow in the malloc below. Comment packets are actually not
2776 anymore define my OpenPGP and we even stopped to use our
2777 private comment packet. */
2778 if (pktlen > MAX_COMMENT_PACKET_LENGTH)
2780 log_error ("packet(%d) too large\n", pkttype);
2782 es_fprintf (listfp, ":%scomment packet: [too large]\n",
2783 pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
2784 iobuf_skip_rest (inp, pktlen, 0);
2785 return GPG_ERR_INV_PACKET;
2787 packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
2788 packet->pkt.comment->len = pktlen;
2789 p = packet->pkt.comment->data;
2790 for (; pktlen; pktlen--, p++)
2791 *p = iobuf_get_noeof (inp);
2795 int n = packet->pkt.comment->len;
2796 es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
2797 "OpenPGP draft " : "");
2798 for (p = packet->pkt.comment->data; n; p++, n--)
2800 if (*p >= ' ' && *p <= 'z')
2801 es_putc (*p, listfp);
2803 es_fprintf (listfp, "\\x%02x", *p);
2805 es_fprintf (listfp, "\"\n");
2812 parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
2818 pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
2821 c = iobuf_get_noeof (inp);
2823 pkt->pkt.ring_trust->trustval = c;
2824 pkt->pkt.ring_trust->sigcache = 0;
2825 if (!c && pktlen == 1)
2827 c = iobuf_get_noeof (inp);
2829 /* We require that bit 7 of the sigcache is 0 (easier eof
2832 pkt->pkt.ring_trust->sigcache = c;
2835 es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2836 pkt->pkt.ring_trust->trustval,
2837 pkt->pkt.ring_trust->sigcache);
2841 pkt->pkt.ring_trust->trustval = 0;
2842 pkt->pkt.ring_trust->sigcache = 0;
2844 es_fprintf (listfp, ":trust packet: empty\n");
2846 iobuf_skip_rest (inp, pktlen, 0);
2851 parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
2852 PACKET * pkt, int new_ctb, int partial)
2860 if (!partial && pktlen < 6)
2862 log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
2864 es_fputs (":literal data packet: [too short]\n", listfp);
2865 rc = gpg_error (GPG_ERR_INV_PACKET);
2868 mode = iobuf_get_noeof (inp);
2871 namelen = iobuf_get_noeof (inp);
2874 /* Note that namelen will never exceed 255 bytes. */
2875 pt = pkt->pkt.plaintext =
2876 xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
2877 pt->new_ctb = new_ctb;
2879 pt->namelen = namelen;
2880 pt->is_partial = partial;
2883 for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
2884 pt->name[i] = iobuf_get_noeof (inp);
2888 for (i = 0; i < namelen; i++)
2889 if ((c = iobuf_get (inp)) == -1)
2894 pt->timestamp = read_32 (inp);
2902 es_fprintf (listfp, ":literal data packet:\n"
2903 "\tmode %c (%X), created %lu, name=\"",
2904 mode >= ' ' && mode < 'z' ? mode : '?', mode,
2905 (ulong) pt->timestamp);
2906 for (p = pt->name, i = 0; i < namelen; p++, i++)
2908 if (*p >= ' ' && *p <= 'z')
2909 es_putc (*p, listfp);
2911 es_fprintf (listfp, "\\x%02x", *p);
2913 es_fprintf (listfp, "\",\n\traw data: ");
2915 es_fprintf (listfp, "unknown length\n");
2917 es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
2926 parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
2927 PACKET * pkt, int new_ctb)
2931 /* PKTLEN is here 0, but data follows (this should be the last
2932 object in a file or the compress algorithm should know the
2937 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2938 zd->algorithm = iobuf_get_noeof (inp);
2939 zd->len = 0; /* not used */
2940 zd->new_ctb = new_ctb;
2943 es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2949 parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
2950 PACKET * pkt, int new_ctb, int partial)
2954 unsigned long orig_pktlen = pktlen;
2956 ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
2957 /* ed->len is set below. */
2958 ed->extralen = 0; /* Unknown here; only used in build_packet. */
2960 ed->new_ctb = new_ctb;
2961 ed->is_partial = partial;
2962 if (pkttype == PKT_ENCRYPTED_MDC)
2964 /* Fixme: add some pktlen sanity checks. */
2967 version = iobuf_get_noeof (inp);
2972 log_error ("encrypted_mdc packet with unknown version %d\n",
2975 es_fputs (":encrypted data packet: [unknown version]\n", listfp);
2976 /*skip_rest(inp, pktlen); should we really do this? */
2977 rc = gpg_error (GPG_ERR_INV_PACKET);
2980 ed->mdc_method = DIGEST_ALGO_SHA1;
2985 /* A basic sanity check. We need at least an 8 byte IV plus the 2
2986 detection bytes. Note that we don't known the algorithm and thus
2987 we may only check against the minimum blocksize. */
2988 if (orig_pktlen && pktlen < 10)
2990 /* Actually this is blocksize+2. */
2991 log_error ("packet(%d) too short\n", pkttype);
2993 es_fputs (":encrypted data packet: [too short]\n", listfp);
2994 rc = GPG_ERR_INV_PACKET;
2995 iobuf_skip_rest (inp, pktlen, partial);
2999 /* Store the remaining length of the encrypted data (i.e. without
3000 the MDC version number but with the IV etc.). This value is
3001 required during decryption. */
3007 es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
3010 es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
3012 es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
3022 /* Note, that this code is not anymore used in real life because the
3023 MDC checking is now done right after the decryption in
3026 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
3027 PACKET * pkt, int new_ctb)
3035 mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
3037 es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
3038 if (!new_ctb || pktlen != 20)
3040 log_error ("mdc_packet with invalid encoding\n");
3041 rc = gpg_error (GPG_ERR_INV_PACKET);
3045 for (; pktlen; pktlen--, p++)
3046 *p = iobuf_get_noeof (inp);
3054 * This packet is internally generated by us (in armor.c) to transfer
3055 * some information to the lower layer. To make sure that this packet
3056 * is really a GPG faked one and not one coming from outside, we
3057 * first check that there is a unique tag in it.
3059 * The format of such a control packet is:
3060 * n byte session marker
3061 * 1 byte control type CTRLPKT_xxxxx
3062 * m byte control data
3065 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
3066 PACKET * packet, int partial)
3069 const byte *sesmark;
3076 es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
3078 sesmark = get_session_marker (&sesmarklen);
3079 if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
3081 for (i = 0; i < sesmarklen; i++, pktlen--)
3083 if (sesmark[i] != iobuf_get_noeof (inp))
3087 goto skipit; /* Definitely too large. We skip it to avoid an
3088 overflow in the malloc. */
3090 es_fputs ("- gpg control packet", listfp);
3092 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3094 packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
3096 packet->pkt.gpg_control->datalen = pktlen;
3097 p = packet->pkt.gpg_control->data;
3098 for (; pktlen; pktlen--, p++)
3099 *p = iobuf_get_noeof (inp);
3109 es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
3112 while ((c = iobuf_get (inp)) != -1)
3113 dump_hex_line (c, &i);
3117 for (; pktlen; pktlen--)
3119 dump_hex_line ((c = iobuf_get (inp)), &i);
3124 es_putc ('\n', listfp);
3126 iobuf_skip_rest (inp, pktlen, 0);
3127 return gpg_error (GPG_ERR_INV_PACKET);
3131 /* Create a GPG control packet to be used internally as a placeholder. */
3133 create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
3138 packet = xmalloc (sizeof *packet);
3139 init_packet (packet);
3140 packet->pkttype = PKT_GPG_CONTROL;
3141 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3143 packet->pkt.gpg_control->control = type;
3144 packet->pkt.gpg_control->datalen = datalen;
3145 p = packet->pkt.gpg_control->data;
3146 for (; datalen; datalen--, p++)