2 * decodekey.c - Routines to further decode an OpenPGP key.
4 * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
25 #include "decodekey.h"
28 #include "keystructs.h"
33 * parse_subpackets - Parse the subpackets of a Type 4 signature.
34 * @data: The subpacket data.
35 * @len: The amount of data available to read.
36 * @parselen: The amount of data that was actually parsed.
37 * @keyid: A pointer to where we should return the keyid.
38 * @creationtime: A pointer to where we should return the creation time.
40 * This function parses the subkey data of a Type 4 signature and fills
41 * in the supplied variables. It also returns the length of the data
42 * processed. If the value of any piece of data is not desired a NULL
43 * can be passed instead of a pointer to a storage area for that value.
45 onak_status_t parse_subpackets(unsigned char *data, size_t len,
46 size_t *parselen, uint64_t *keyid, time_t *creation)
54 /* Make sure we actually have the 2 byte length field */
56 return ONAK_E_INVALID_PKT;
59 length = (data[0] << 8) + data[1] + 2;
61 /* If the length is off the end of the data available, it's bogus */
63 return ONAK_E_INVALID_PKT;
69 while (offset < length) {
70 packetlen = data[offset++];
71 if (packetlen > 191 && packetlen < 255) {
72 packetlen = ((packetlen - 192) << 8) +
74 } else if (packetlen == 255) {
75 packetlen = data[offset++];
77 packetlen |= data[offset++];
79 packetlen |= data[offset++];
81 packetlen |= data[offset++];
83 /* Check the supplied length is within the remaining data */
84 if (packetlen == 0 || (packetlen + offset) > length) {
85 return ONAK_E_INVALID_PKT;
87 switch (data[offset] & 0x7F) {
88 case OPENPGP_SIGSUB_CREATION:
90 * Signature creation time.
92 if (creation != NULL) {
93 *creation = data[offset + packetlen - 4];
95 *creation = data[offset + packetlen - 3];
97 *creation = data[offset + packetlen - 2];
99 *creation = data[offset + packetlen - 1];
103 * Signature expiration time. Might want to output this?
106 case OPENPGP_SIGSUB_ISSUER:
108 *keyid = data[offset+packetlen - 8];
110 *keyid += data[offset+packetlen - 7];
112 *keyid += data[offset+packetlen - 6];
114 *keyid += data[offset+packetlen - 5];
116 *keyid += data[offset+packetlen - 4];
118 *keyid += data[offset+packetlen - 3];
120 *keyid += data[offset+packetlen - 2];
122 *keyid += data[offset+packetlen - 1];
125 case OPENPGP_SIGSUB_EXPIRY:
126 case OPENPGP_SIGSUB_EXPORTABLE:
127 case OPENPGP_SIGSUB_TRUSTSIG:
128 case OPENPGP_SIGSUB_REGEX:
129 case OPENPGP_SIGSUB_REVOCABLE:
130 case OPENPGP_SIGSUB_CAPABILITIES:
131 case OPENPGP_SIGSUB_KEYEXPIRY:
132 case OPENPGP_SIGSUB_ARR:
133 case OPENPGP_SIGSUB_PREFSYM:
134 case OPENPGP_SIGSUB_REVOCATION_KEY:
135 case OPENPGP_SIGSUB_ISSUER_UID:
136 case OPENPGP_SIGSUB_URL:
137 case OPENPGP_SIGSUB_ISSUER_FINGER:
138 case OPENPGP_SIGSUB_NOTATION:
139 case OPENPGP_SIGSUB_PREFHASH:
140 case OPENPGP_SIGSUB_PREFCOMPRESS:
141 case OPENPGP_SIGSUB_KEYSERVER:
142 case OPENPGP_SIGSUB_PREFKEYSERVER:
143 case OPENPGP_SIGSUB_PRIMARYUID:
144 case OPENPGP_SIGSUB_POLICYURI:
145 case OPENPGP_SIGSUB_KEYFLAGS:
146 case OPENPGP_SIGSUB_SIGNER_UID:
147 case OPENPGP_SIGSUB_REVOKE_REASON:
148 case OPENPGP_SIGSUB_FEATURES:
149 case OPENPGP_SIGSUB_SIGNATURE_TARGET:
150 case OPENPGP_SIGSUB_EMBEDDED_SIG:
152 * Various subpacket types we know about, but don't
153 * currently handle. Some are candidates for being
154 * supported if we add signature checking support.
159 * We don't care about unrecognized packets unless bit
160 * 7 is set in which case we log a major error.
162 if (data[offset] & 0x80) {
163 return ONAK_E_UNSUPPORTED_FEATURE;
173 * keysigs - Return the sigs on a given OpenPGP signature list.
174 * @curll: The current linked list. Can be NULL to create a new list.
175 * @sigs: The signature list we want the sigs on.
177 * Returns a linked list of stats_key elements containing the sigs on the
178 * supplied OpenPGP packet list.
180 struct ll *keysigs(struct ll *curll,
181 struct openpgp_packet_list *sigs)
185 while (sigs != NULL) {
186 keyid = sig_keyid(sigs->packet);
188 curll = lladd(curll, createandaddtohash(keyid));
195 * sig_info - Get info on a given OpenPGP signature packet
196 * @packet: The signature packet
197 * @keyid: A pointer for where to return the signature keyid
198 * @creation: A pointer for where to return the signature creation time
200 * Gets any info about a signature packet; parses the subpackets for a v4
201 * key or pulls the data directly from v2/3. NULL can be passed for any
202 * values which aren't cared about.
204 onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid,
210 if (packet != NULL) {
211 switch (packet->data[0]) {
215 *keyid = packet->data[7];
217 *keyid += packet->data[8];
219 *keyid += packet->data[9];
221 *keyid += packet->data[10];
223 *keyid += packet->data[11];
225 *keyid += packet->data[12];
227 *keyid += packet->data[13];
229 *keyid += packet->data[14];
231 if (creation != NULL) {
232 *creation = packet->data[3];
234 *creation = packet->data[4];
236 *creation = packet->data[5];
238 *creation = packet->data[6];
242 res = parse_subpackets(&packet->data[4],
244 &length, keyid, creation);
245 if (res != ONAK_E_OK) {
248 res = parse_subpackets(&packet->data[length + 4],
249 packet->length - (4 + length),
250 &length, keyid, creation);
251 if (res != ONAK_E_OK) {
264 * sig_keyid - Return the keyid for a given OpenPGP signature packet.
265 * @packet: The signature packet.
267 * Returns the keyid for the supplied signature packet.
269 uint64_t sig_keyid(struct openpgp_packet *packet)
273 sig_info(packet, &keyid, NULL);
280 * TODO: Abstract out; all our linked lists should be generic and then we can
283 int spsize(struct openpgp_signedpacket_list *list)
286 struct openpgp_signedpacket_list *cur;
288 for (cur = list; cur != NULL; cur = cur->next, size++) ;
294 * keyuids - Takes a key and returns an array of its UIDs
295 * @key: The key to get the uids of.
296 * @primary: A pointer to store the primary UID in.
298 * keyuids takes a public key structure and builds an array of the UIDs
299 * on the key. It also attempts to work out the primary UID and returns a
300 * separate pointer to that particular element of the array.
302 char **keyuids(struct openpgp_publickey *key, char **primary)
304 struct openpgp_signedpacket_list *curuid = NULL;
309 if (primary != NULL) {
313 if (key != NULL && key->uids != NULL) {
314 uids = malloc((spsize(key->uids) + 1) * sizeof (char *));
317 while (curuid != NULL) {
319 if (curuid->packet->tag == OPENPGP_PACKET_UID) {
320 snprintf(buf, 1023, "%.*s",
321 (int) curuid->packet->length,
322 curuid->packet->data);
323 uids[count++] = strdup(buf);
325 curuid = curuid -> next;
330 * TODO: Parse subpackets for real primary ID (v4 keys)
332 if (primary != NULL) {
341 * keysubkeys - Takes a key and returns an array of its subkey keyids.
342 * @key: The key to get the subkeys of.
344 * keysubkeys takes a public key structure and returns an array of the
345 * subkey keyids for that key.
347 struct openpgp_fingerprint *keysubkeys(struct openpgp_publickey *key)
349 struct openpgp_signedpacket_list *cursubkey = NULL;
350 struct openpgp_fingerprint *subkeys = NULL;
353 if (key != NULL && key->subkeys != NULL) {
354 subkeys = malloc((spsize(key->subkeys) + 1) *
355 sizeof (struct openpgp_fingerprint));
356 cursubkey = key->subkeys;
357 while (cursubkey != NULL) {
358 get_fingerprint(cursubkey->packet, &subkeys[count++]);
359 cursubkey = cursubkey -> next;
361 subkeys[count].length = 0;