/*
* parse_subpackets - Parse the subpackets of a Type 4 signature.
* @data: The subpacket data.
+ * @len: The amount of data available to read.
+ * @parselen: The amount of data that was actually parsed.
* @keyid: A pointer to where we should return the keyid.
* @creationtime: A pointer to where we should return the creation time.
*
* processed. If the value of any piece of data is not desired a NULL
* can be passed instead of a pointer to a storage area for that value.
*/
-int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation)
+onak_status_t parse_subpackets(unsigned char *data, size_t len,
+ size_t *parselen, uint64_t *keyid, time_t *creation)
{
int offset = 0;
int length = 0;
log_assert(data != NULL);
+ /* Make sure we actually have the 2 byte length field */
+ if (len < 2) {
+ return ONAK_E_INVALID_PKT;
+ }
+
length = (data[0] << 8) + data[1] + 2;
+ /* If the length is off the end of the data available, it's bogus */
+ if (len < length) {
+ return ONAK_E_INVALID_PKT;
+ }
+
+ *parselen = length;
+
offset = 2;
while (offset < length) {
packetlen = data[offset++];
} else if (packetlen == 255) {
packetlen = data[offset++];
packetlen <<= 8;
- packetlen = data[offset++];
+ packetlen |= data[offset++];
packetlen <<= 8;
- packetlen = data[offset++];
+ packetlen |= data[offset++];
packetlen <<= 8;
- packetlen = data[offset++];
+ packetlen |= data[offset++];
}
switch (data[offset] & 0x7F) {
case OPENPGP_SIGSUB_CREATION:
*creation = data[offset + packetlen - 1];
}
break;
- case OPENPGP_SIGSUB_EXPIRY:
/*
* Signature expiration time. Might want to output this?
*/
break;
- case OPENPGP_SIGSUB_REGEX:
- /*
- * Regular expression for UIDs this sig is over.
- */
- break;
case OPENPGP_SIGSUB_ISSUER:
if (keyid != NULL) {
*keyid = data[offset+packetlen - 8];
*keyid += data[offset+packetlen - 1];
}
break;
+ case OPENPGP_SIGSUB_EXPIRY:
+ case OPENPGP_SIGSUB_EXPORTABLE:
+ case OPENPGP_SIGSUB_TRUSTSIG:
+ case OPENPGP_SIGSUB_REGEX:
+ case OPENPGP_SIGSUB_REVOCABLE:
+ case OPENPGP_SIGSUB_CAPABILITIES:
+ case OPENPGP_SIGSUB_KEYEXPIRY:
+ case OPENPGP_SIGSUB_ARR:
+ case OPENPGP_SIGSUB_PREFSYM:
+ case OPENPGP_SIGSUB_REVOCATION_KEY:
+ case OPENPGP_SIGSUB_ISSUER_UID:
+ case OPENPGP_SIGSUB_URL:
+ case OPENPGP_SIGSUB_ISSUER_FINGER:
case OPENPGP_SIGSUB_NOTATION:
- /*
- * Annotation data.
- */
- break;
-
+ case OPENPGP_SIGSUB_PREFHASH:
+ case OPENPGP_SIGSUB_PREFCOMPRESS:
case OPENPGP_SIGSUB_KEYSERVER:
- /*
- * Key server preferences. Including no-modify.
- */
- break;
+ case OPENPGP_SIGSUB_PREFKEYSERVER:
case OPENPGP_SIGSUB_PRIMARYUID:
- /*
- * Primary UID.
- */
- break;
case OPENPGP_SIGSUB_POLICYURI:
+ case OPENPGP_SIGSUB_KEYFLAGS:
+ case OPENPGP_SIGSUB_SIGNER_UID:
+ case OPENPGP_SIGSUB_REVOKE_REASON:
+ case OPENPGP_SIGSUB_FEATURES:
+ case OPENPGP_SIGSUB_SIGNATURE_TARGET:
+ case OPENPGP_SIGSUB_EMBEDDED_SIG:
/*
- * Policy URI.
+ * Various subpacket types we know about, but don't
+ * currently handle. Some are candidates for being
+ * supported if we add signature checking support.
*/
break;
default:
offset += packetlen;
}
- return length;
+ return ONAK_E_OK;
}
/**
* key or pulls the data directly from v2/3. NULL can be passed for any
* values which aren't cared about.
*/
-void sig_info(struct openpgp_packet *packet, uint64_t *keyid, time_t *creation)
+onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid,
+ time_t *creation)
{
- int length = 0;
-
+ size_t length = 0;
+ onak_status_t res;
+
if (packet != NULL) {
switch (packet->data[0]) {
case 2:
}
break;
case 4:
- length = parse_subpackets(&packet->data[4],
- keyid, creation);
- parse_subpackets(&packet->data[length + 4],
- keyid, creation);
- /*
- * Don't bother to look at the unsigned packets.
- */
+ res = parse_subpackets(&packet->data[4],
+ packet->length - 4,
+ &length, keyid, creation);
+ if (res != ONAK_E_OK) {
+ return res;
+ }
+ res = parse_subpackets(&packet->data[length + 4],
+ packet->length - (4 + length),
+ &length, keyid, creation);
+ if (res != ONAK_E_OK) {
+ return res;
+ }
break;
default:
break;
}
}
- return;
+ return ONAK_E_OK;
}
/**
* keysubkeys takes a public key structure and returns an array of the
* subkey keyids for that key.
*/
-uint64_t *keysubkeys(struct openpgp_publickey *key)
+struct openpgp_fingerprint *keysubkeys(struct openpgp_publickey *key)
{
struct openpgp_signedpacket_list *cursubkey = NULL;
- uint64_t *subkeys = NULL;
+ struct openpgp_fingerprint *subkeys = NULL;
int count = 0;
-
+
if (key != NULL && key->subkeys != NULL) {
subkeys = malloc((spsize(key->subkeys) + 1) *
- sizeof (uint64_t));
+ sizeof (struct openpgp_fingerprint));
cursubkey = key->subkeys;
while (cursubkey != NULL) {
- subkeys[count++] = get_packetid(cursubkey->packet);
+ get_fingerprint(cursubkey->packet, &subkeys[count++]);
cursubkey = cursubkey -> next;
}
- subkeys[count] = 0;
+ subkeys[count].length = 0;
}
return subkeys;