decodekey.c

   1 /*
   2  * decodekey.c - Routines to further decode an OpenPGP key.
   3  *
   4  * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
   5  *
   6  * This program is free software: you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; version 2 of the License.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  13  * more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along with
  16  * this program; if not, write to the Free Software Foundation, Inc., 51
  17  * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  */
  19
  20 #include <stdbool.h>
  21 #include <stdio.h>
  22 #include <stdlib.h>
  23 #include <string.h>
  24 #include <time.h>
  25
  26 #include "decodekey.h"
  27 #include "hash.h"
  28 #include "keyid.h"
  29 #include "keystructs.h"
  30 #include "ll.h"
  31 #include "log.h"
  32 #include "openpgp.h"
  33
  34 /*
  35  *      parse_subpackets - Parse the subpackets of a Type 4 signature.
  36  *      @data: The subpacket data.
  37  *      @len: The amount of data available to read.
  38  *      @parselen: The amount of data that was actually parsed.
  39  *      @keyid: A pointer to where we should return the keyid.
  40  *      @creationtime: A pointer to where we should return the creation time.
  41  *
  42  *      This function parses the subkey data of a Type 4 signature and fills
  43  *      in the supplied variables. It also returns the length of the data
  44  *      processed. If the value of any piece of data is not desired a NULL
  45  *      can be passed instead of a pointer to a storage area for that value.
  46  */
  47 onak_status_t parse_subpackets(unsigned char *data, size_t len,
  48                 size_t *parselen, uint64_t *keyid, time_t *creation)
  49 {
  50         int offset = 0;
  51         int length = 0;
  52         int packetlen = 0;
  53
  54         log_assert(data != NULL);
  55
  56         /* Make sure we actually have the 2 byte length field */
  57         if (len < 2) {
  58                 return ONAK_E_INVALID_PKT;
  59         }
  60
  61         length = (data[0] << 8) + data[1] + 2;
  62
  63         /* If the length is off the end of the data available, it's bogus */
  64         if (len < length) {
  65                 return ONAK_E_INVALID_PKT;
  66         }
  67
  68         *parselen = length;
  69
  70         offset = 2;
  71         while (offset < length) {
  72                 packetlen = data[offset++];
  73                 if (packetlen > 191 && packetlen < 255) {
  74                         packetlen = ((packetlen - 192) << 8) +
  75                                         data[offset++] + 192;
  76                 } else if (packetlen == 255) {
  77                         packetlen = data[offset++];
  78                         packetlen <<= 8;
  79                         packetlen |= data[offset++];
  80                         packetlen <<= 8;
  81                         packetlen |= data[offset++];
  82                         packetlen <<= 8;
  83                         packetlen |= data[offset++];
  84                 }
  85                 /* Check the supplied length is within the remaining data */
  86                 if (packetlen == 0 || (packetlen + offset) > length) {
  87                         return ONAK_E_INVALID_PKT;
  88                 }
  89                 switch (data[offset] & 0x7F) {
  90                 case OPENPGP_SIGSUB_CREATION:
  91                         /*
  92                          * Signature creation time.
  93                          */
  94                         if (creation != NULL) {
  95                                 *creation = data[offset + packetlen - 4];
  96                                 *creation <<= 8;
  97                                 *creation = data[offset + packetlen - 3];
  98                                 *creation <<= 8;
  99                                 *creation = data[offset + packetlen - 2];
 100                                 *creation <<= 8;
 101                                 *creation = data[offset + packetlen - 1];
 102                         }
 103                         break;
 104                         /*
 105                          * Signature expiration time. Might want to output this?
 106                          */
 107                         break;
 108                 case OPENPGP_SIGSUB_ISSUER:
 109                         if (keyid != NULL) {
 110                                 *keyid = data[offset+packetlen - 8];
 111                                 *keyid <<= 8;
 112                                 *keyid += data[offset+packetlen - 7];
 113                                 *keyid <<= 8;
 114                                 *keyid += data[offset+packetlen - 6];
 115                                 *keyid <<= 8;
 116                                 *keyid += data[offset+packetlen - 5];
 117                                 *keyid <<= 8;
 118                                 *keyid += data[offset+packetlen - 4];
 119                                 *keyid <<= 8;
 120                                 *keyid += data[offset+packetlen - 3];
 121                                 *keyid <<= 8;
 122                                 *keyid += data[offset+packetlen - 2];
 123                                 *keyid <<= 8;
 124                                 *keyid += data[offset+packetlen - 1];
 125                         }
 126                         break;
 127                 case OPENPGP_SIGSUB_EXPIRY:
 128                 case OPENPGP_SIGSUB_EXPORTABLE:
 129                 case OPENPGP_SIGSUB_TRUSTSIG:
 130                 case OPENPGP_SIGSUB_REGEX:
 131                 case OPENPGP_SIGSUB_REVOCABLE:
 132                 case OPENPGP_SIGSUB_CAPABILITIES:
 133                 case OPENPGP_SIGSUB_KEYEXPIRY:
 134                 case OPENPGP_SIGSUB_ARR:
 135                 case OPENPGP_SIGSUB_PREFSYM:
 136                 case OPENPGP_SIGSUB_REVOCATION_KEY:
 137                 case OPENPGP_SIGSUB_ISSUER_UID:
 138                 case OPENPGP_SIGSUB_URL:
 139                 case OPENPGP_SIGSUB_ISSUER_FINGER:
 140                 case OPENPGP_SIGSUB_NOTATION:
 141                 case OPENPGP_SIGSUB_PREFHASH:
 142                 case OPENPGP_SIGSUB_PREFCOMPRESS:
 143                 case OPENPGP_SIGSUB_KEYSERVER:
 144                 case OPENPGP_SIGSUB_PREFKEYSERVER:
 145                 case OPENPGP_SIGSUB_PRIMARYUID:
 146                 case OPENPGP_SIGSUB_POLICYURI:
 147                 case OPENPGP_SIGSUB_KEYFLAGS:
 148                 case OPENPGP_SIGSUB_SIGNER_UID:
 149                 case OPENPGP_SIGSUB_REVOKE_REASON:
 150                 case OPENPGP_SIGSUB_FEATURES:
 151                 case OPENPGP_SIGSUB_SIGNATURE_TARGET:
 152                 case OPENPGP_SIGSUB_EMBEDDED_SIG:
 153                         /*
 154                          * Various subpacket types we know about, but don't
 155                          * currently handle. Some are candidates for being
 156                          * supported if we add signature checking support.
 157                          */
 158                         break;
 159                 default:
 160                         /*
 161                          * We don't care about unrecognized packets unless bit
 162                          * 7 is set in which case we log a major error.
 163                          */
 164                         if (data[offset] & 0x80) {
 165                                 logthing(LOGTHING_CRITICAL,
 166                                 "Critical subpacket type not parsed: 0x%X",
 167                                         data[offset]);
 168                         }
 169
 170                 }
 171                 offset += packetlen;
 172         }
 173
 174         return ONAK_E_OK;
 175 }
 176
 177 /**
 178  *      keysigs - Return the sigs on a given OpenPGP signature list.
 179  *      @curll: The current linked list. Can be NULL to create a new list.
 180  *      @sigs: The signature list we want the sigs on.
 181  *
 182  *      Returns a linked list of stats_key elements containing the sigs on the
 183  *      supplied OpenPGP packet list.
 184  */
 185 struct ll *keysigs(struct ll *curll,
 186                 struct openpgp_packet_list *sigs)
 187 {
 188         uint64_t keyid = 0;
 189
 190         while (sigs != NULL) {
 191                 keyid = sig_keyid(sigs->packet);
 192                 sigs = sigs->next;
 193                 curll = lladd(curll, createandaddtohash(keyid));
 194         }
 195
 196         return curll;
 197 }
 198
 199 /**
 200  *      sig_info - Get info on a given OpenPGP signature packet
 201  *      @packet: The signature packet
 202  *      @keyid: A pointer for where to return the signature keyid
 203  *      @creation: A pointer for where to return the signature creation time
 204  *
 205  *      Gets any info about a signature packet; parses the subpackets for a v4
 206  *      key or pulls the data directly from v2/3. NULL can be passed for any
 207  *      values which aren't cared about.
 208  */
 209 onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid,
 210                 time_t *creation)
 211 {
 212         size_t length = 0;
 213         onak_status_t res;
 214
 215         if (packet != NULL) {
 216                 switch (packet->data[0]) {
 217                 case 2:
 218                 case 3:
 219                         if (keyid != NULL) {
 220                                 *keyid = packet->data[7];
 221                                 *keyid <<= 8;
 222                                 *keyid += packet->data[8];
 223                                 *keyid <<= 8;
 224                                 *keyid += packet->data[9];
 225                                 *keyid <<= 8;
 226                                 *keyid += packet->data[10];
 227                                 *keyid <<= 8;
 228                                 *keyid += packet->data[11];
 229                                 *keyid <<= 8;
 230                                 *keyid += packet->data[12];
 231                                 *keyid <<= 8;
 232                                 *keyid += packet->data[13];
 233                                 *keyid <<= 8;
 234                                 *keyid += packet->data[14];
 235                         }
 236                         if (creation != NULL) {
 237                                 *creation = packet->data[3];
 238                                 *creation <<= 8;
 239                                 *creation = packet->data[4];
 240                                 *creation <<= 8;
 241                                 *creation = packet->data[5];
 242                                 *creation <<= 8;
 243                                 *creation = packet->data[6];
 244                         }
 245                         break;
 246                 case 4:
 247                         res = parse_subpackets(&packet->data[4],
 248                                         packet->length - 4,
 249                                         &length, keyid, creation);
 250                         if (res != ONAK_E_OK) {
 251                                 return res;
 252                         }
 253                         res = parse_subpackets(&packet->data[length + 4],
 254                                         packet->length - (4 + length),
 255                                         &length, keyid, creation);
 256                         if (res != ONAK_E_OK) {
 257                                 return res;
 258                         }
 259                         break;
 260                 default:
 261                         break;
 262                 }
 263         }
 264
 265         return ONAK_E_OK;
 266 }
 267
 268 /**
 269  *      sig_keyid - Return the keyid for a given OpenPGP signature packet.
 270  *      @packet: The signature packet.
 271  *
 272  *      Returns the keyid for the supplied signature packet.
 273  */
 274 uint64_t sig_keyid(struct openpgp_packet *packet)
 275 {
 276         uint64_t keyid = 0;
 277
 278         sig_info(packet, &keyid, NULL);
 279
 280         return keyid;
 281 }
 282
 283
 284 /*
 285  * TODO: Abstract out; all our linked lists should be generic and then we can
 286  * llsize them.
 287  */
 288 int spsize(struct openpgp_signedpacket_list *list)
 289 {
 290         int size = 0;
 291         struct openpgp_signedpacket_list *cur;
 292
 293         for (cur = list; cur != NULL; cur = cur->next, size++) ;
 294
 295         return size;
 296 }
 297
 298 /**
 299  *      keyuids - Takes a key and returns an array of its UIDs
 300  *      @key: The key to get the uids of.
 301  *      @primary: A pointer to store the primary UID in.
 302  *
 303  *      keyuids takes a public key structure and builds an array of the UIDs
 304  *      on the key. It also attempts to work out the primary UID and returns a
 305  *      separate pointer to that particular element of the array.
 306  */
 307 char **keyuids(struct openpgp_publickey *key, char **primary)
 308 {
 309         struct openpgp_signedpacket_list *curuid = NULL;
 310         char buf[1024];
 311         char **uids = NULL;
 312         int count = 0;
 313
 314         if (primary != NULL) {
 315                 *primary = NULL;
 316         }
 317
 318         if (key != NULL && key->uids != NULL) {
 319                 uids = malloc((spsize(key->uids) + 1) * sizeof (char *));
 320
 321                 curuid = key->uids;
 322                 while (curuid != NULL) {
 323                         buf[0] = 0;
 324                         if (curuid->packet->tag == OPENPGP_PACKET_UID) {
 325                                 snprintf(buf, 1023, "%.*s",
 326                                                 (int) curuid->packet->length,
 327                                                 curuid->packet->data);
 328                                 uids[count++] = strdup(buf);
 329                         }
 330                         curuid = curuid -> next;
 331                 }
 332                 uids[count] = NULL;
 333
 334                 /*
 335                  * TODO: Parse subpackets for real primary ID (v4 keys)
 336                  */
 337                 if (primary != NULL) {
 338                         *primary = uids[0];
 339                 }
 340         }
 341
 342         return uids;
 343 }
 344
 345 /**
 346  *      keysubkeys - Takes a key and returns an array of its subkey keyids.
 347  *      @key: The key to get the subkeys of.
 348  *
 349  *      keysubkeys takes a public key structure and returns an array of the
 350  *      subkey keyids for that key.
 351  */
 352 struct openpgp_fingerprint *keysubkeys(struct openpgp_publickey *key)
 353 {
 354         struct openpgp_signedpacket_list *cursubkey = NULL;
 355         struct openpgp_fingerprint       *subkeys = NULL;
 356         int                               count = 0;
 357
 358         if (key != NULL && key->subkeys != NULL) {
 359                 subkeys = malloc((spsize(key->subkeys) + 1) *
 360                                 sizeof (struct openpgp_fingerprint));
 361                 cursubkey = key->subkeys;
 362                 while (cursubkey != NULL) {
 363                         get_fingerprint(cursubkey->packet, &subkeys[count++]);
 364                         cursubkey = cursubkey -> next;
 365                 }
 366                 subkeys[count].length = 0;
 367         }
 368
 369         return subkeys;
 370 }