decodekey.c

   1 /*
   2  * decodekey.c - Routines to further decode an OpenPGP key.
   3  *
   4  * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
   5  *
   6  * This program is free software: you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; version 2 of the License.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  13  * more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along with
  16  * this program.  If not, see <https://www.gnu.org/licenses/>.
  17  */
  18
  19 #include <assert.h>
  20 #include <stdio.h>
  21 #include <stdlib.h>
  22 #include <string.h>
  23 #include <time.h>
  24
  25 #include "decodekey.h"
  26 #include "hash.h"
  27 #include "keyid.h"
  28 #include "keystructs.h"
  29 #include "ll.h"
  30 #include "openpgp.h"
  31
  32 /*
  33  *      parse_subpackets - Parse the subpackets of a Type 4 signature.
  34  *      @data: The subpacket data.
  35  *      @len: The amount of data available to read.
  36  *      @parselen: The amount of data that was actually parsed.
  37  *      @keyid: A pointer to where we should return the keyid.
  38  *      @creationtime: A pointer to where we should return the creation time.
  39  *
  40  *      This function parses the subkey data of a Type 4 signature and fills
  41  *      in the supplied variables. It also returns the length of the data
  42  *      processed. If the value of any piece of data is not desired a NULL
  43  *      can be passed instead of a pointer to a storage area for that value.
  44  */
  45 onak_status_t parse_subpackets(unsigned char *data, size_t len,
  46                 size_t *parselen, uint64_t *keyid, time_t *creation)
  47 {
  48         int offset = 0;
  49         int length = 0;
  50         int packetlen = 0;
  51         struct openpgp_fingerprint fp;
  52         int i;
  53
  54         assert(data != NULL);
  55
  56         /* Make sure we actually have the 2 byte length field */
  57         if (len < 2) {
  58                 return ONAK_E_INVALID_PKT;
  59         }
  60
  61         length = (data[0] << 8) + data[1] + 2;
  62
  63         /* If the length is off the end of the data available, it's bogus */
  64         if (len < length) {
  65                 return ONAK_E_INVALID_PKT;
  66         }
  67
  68         *parselen = length;
  69
  70         offset = 2;
  71         while (offset < length) {
  72                 packetlen = data[offset++];
  73                 if (packetlen > 191 && packetlen < 255) {
  74                         packetlen = ((packetlen - 192) << 8) +
  75                                         data[offset++] + 192;
  76                 } else if (packetlen == 255) {
  77                         packetlen = data[offset++];
  78                         packetlen <<= 8;
  79                         packetlen |= data[offset++];
  80                         packetlen <<= 8;
  81                         packetlen |= data[offset++];
  82                         packetlen <<= 8;
  83                         packetlen |= data[offset++];
  84                 }
  85                 /* Check the supplied length is within the remaining data */
  86                 if (packetlen == 0 || (packetlen + offset) > length) {
  87                         return ONAK_E_INVALID_PKT;
  88                 }
  89                 switch (data[offset] & 0x7F) {
  90                 case OPENPGP_SIGSUB_CREATION:
  91                         /*
  92                          * Signature creation time.
  93                          */
  94                         if (creation != NULL) {
  95                                 *creation = data[offset + packetlen - 4];
  96                                 *creation <<= 8;
  97                                 *creation = data[offset + packetlen - 3];
  98                                 *creation <<= 8;
  99                                 *creation = data[offset + packetlen - 2];
 100                                 *creation <<= 8;
 101                                 *creation = data[offset + packetlen - 1];
 102                         }
 103                         break;
 104                         /*
 105                          * Signature expiration time. Might want to output this?
 106                          */
 107                         break;
 108                 case OPENPGP_SIGSUB_ISSUER:
 109                         if (keyid != NULL) {
 110                                 *keyid = data[offset+packetlen - 8];
 111                                 *keyid <<= 8;
 112                                 *keyid += data[offset+packetlen - 7];
 113                                 *keyid <<= 8;
 114                                 *keyid += data[offset+packetlen - 6];
 115                                 *keyid <<= 8;
 116                                 *keyid += data[offset+packetlen - 5];
 117                                 *keyid <<= 8;
 118                                 *keyid += data[offset+packetlen - 4];
 119                                 *keyid <<= 8;
 120                                 *keyid += data[offset+packetlen - 3];
 121                                 *keyid <<= 8;
 122                                 *keyid += data[offset+packetlen - 2];
 123                                 *keyid <<= 8;
 124                                 *keyid += data[offset+packetlen - 1];
 125                         }
 126                         break;
 127                 case OPENPGP_SIGSUB_ISSUER_FINGER:
 128                         if ((packetlen - 2) <= MAX_FINGERPRINT_LEN &&
 129                                         keyid != NULL) {
 130                                 fp.length = packetlen - 2;
 131                                 for (i = 0; i < fp.length; i++) {
 132                                         fp.fp[i] = data[offset + i + 2];
 133                                 }
 134                                 *keyid = fingerprint2keyid(&fp);
 135                         }
 136                         break;
 137                 case OPENPGP_SIGSUB_EXPIRY:
 138                 case OPENPGP_SIGSUB_EXPORTABLE:
 139                 case OPENPGP_SIGSUB_TRUSTSIG:
 140                 case OPENPGP_SIGSUB_REGEX:
 141                 case OPENPGP_SIGSUB_REVOCABLE:
 142                 case OPENPGP_SIGSUB_CAPABILITIES:
 143                 case OPENPGP_SIGSUB_KEYEXPIRY:
 144                 case OPENPGP_SIGSUB_ARR:
 145                 case OPENPGP_SIGSUB_PREFSYM:
 146                 case OPENPGP_SIGSUB_REVOCATION_KEY:
 147                 case OPENPGP_SIGSUB_ISSUER_UID:
 148                 case OPENPGP_SIGSUB_URL:
 149                 case OPENPGP_SIGSUB_X_ISSUER_FINGER:
 150                 case OPENPGP_SIGSUB_NOTATION:
 151                 case OPENPGP_SIGSUB_PREFHASH:
 152                 case OPENPGP_SIGSUB_PREFCOMPRESS:
 153                 case OPENPGP_SIGSUB_KEYSERVER:
 154                 case OPENPGP_SIGSUB_PREFKEYSERVER:
 155                 case OPENPGP_SIGSUB_PRIMARYUID:
 156                 case OPENPGP_SIGSUB_POLICYURI:
 157                 case OPENPGP_SIGSUB_KEYFLAGS:
 158                 case OPENPGP_SIGSUB_SIGNER_UID:
 159                 case OPENPGP_SIGSUB_REVOKE_REASON:
 160                 case OPENPGP_SIGSUB_FEATURES:
 161                 case OPENPGP_SIGSUB_SIGNATURE_TARGET:
 162                 case OPENPGP_SIGSUB_EMBEDDED_SIG:
 163                         /*
 164                          * Various subpacket types we know about, but don't
 165                          * currently handle. Some are candidates for being
 166                          * supported if we add signature checking support.
 167                          */
 168                         break;
 169                 default:
 170                         /*
 171                          * We don't care about unrecognized packets unless bit
 172                          * 7 is set in which case we log a major error.
 173                          */
 174                         if (data[offset] & 0x80) {
 175                                 return ONAK_E_UNSUPPORTED_FEATURE;
 176                         }
 177                 }
 178                 offset += packetlen;
 179         }
 180
 181         return ONAK_E_OK;
 182 }
 183
 184 /**
 185  *      sig_info - Get info on a given OpenPGP signature packet
 186  *      @packet: The signature packet
 187  *      @keyid: A pointer for where to return the signature keyid
 188  *      @creation: A pointer for where to return the signature creation time
 189  *
 190  *      Gets any info about a signature packet; parses the subpackets for a v4
 191  *      key or pulls the data directly from v2/3. NULL can be passed for any
 192  *      values which aren't cared about.
 193  */
 194 onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid,
 195                 time_t *creation)
 196 {
 197         size_t length = 0;
 198         onak_status_t res;
 199
 200         if (packet != NULL) {
 201                 switch (packet->data[0]) {
 202                 case 2:
 203                 case 3:
 204                         if (keyid != NULL) {
 205                                 *keyid = packet->data[7];
 206                                 *keyid <<= 8;
 207                                 *keyid += packet->data[8];
 208                                 *keyid <<= 8;
 209                                 *keyid += packet->data[9];
 210                                 *keyid <<= 8;
 211                                 *keyid += packet->data[10];
 212                                 *keyid <<= 8;
 213                                 *keyid += packet->data[11];
 214                                 *keyid <<= 8;
 215                                 *keyid += packet->data[12];
 216                                 *keyid <<= 8;
 217                                 *keyid += packet->data[13];
 218                                 *keyid <<= 8;
 219                                 *keyid += packet->data[14];
 220                         }
 221                         if (creation != NULL) {
 222                                 *creation = packet->data[3];
 223                                 *creation <<= 8;
 224                                 *creation = packet->data[4];
 225                                 *creation <<= 8;
 226                                 *creation = packet->data[5];
 227                                 *creation <<= 8;
 228                                 *creation = packet->data[6];
 229                         }
 230                         break;
 231                 case 4:
 232                 case 5:
 233                         if (keyid != NULL) {
 234                                 *keyid = 0;
 235                         }
 236                         res = parse_subpackets(&packet->data[4],
 237                                         packet->length - 4,
 238                                         &length, keyid, creation);
 239                         if (res != ONAK_E_OK) {
 240                                 return res;
 241                         }
 242                         /*
 243                          * Only look at the unhashed subpackets if we want the
 244                          * keyid and it wasn't in the signed subpacket
 245                          * section.
 246                          */
 247                         if (keyid != NULL && *keyid == 0) {
 248                                 res = parse_subpackets(&packet->data[length + 4],
 249                                                 packet->length - (4 + length),
 250                                                 &length, keyid, NULL);
 251                                 if (res != ONAK_E_OK) {
 252                                         return res;
 253                                 }
 254                         }
 255                         break;
 256                 default:
 257                         break;
 258                 }
 259         }
 260
 261         return ONAK_E_OK;
 262 }
 263
 264 /**
 265  *      sig_keyid - Return the keyid for a given OpenPGP signature packet.
 266  *      @packet: The signature packet.
 267  *
 268  *      Returns the keyid for the supplied signature packet.
 269  */
 270 uint64_t sig_keyid(struct openpgp_packet *packet)
 271 {
 272         uint64_t keyid = 0;
 273
 274         sig_info(packet, &keyid, NULL);
 275
 276         return keyid;
 277 }
 278
 279
 280 /*
 281  * TODO: Abstract out; all our linked lists should be generic and then we can
 282  * llsize them.
 283  */
 284 int spsize(struct openpgp_signedpacket_list *list)
 285 {
 286         int size = 0;
 287         struct openpgp_signedpacket_list *cur;
 288
 289         for (cur = list; cur != NULL; cur = cur->next, size++) ;
 290
 291         return size;
 292 }
 293
 294 /**
 295  *      keyuids - Takes a key and returns an array of its UIDs
 296  *      @key: The key to get the uids of.
 297  *      @primary: A pointer to store the primary UID in.
 298  *
 299  *      keyuids takes a public key structure and builds an array of the UIDs
 300  *      on the key. It also attempts to work out the primary UID and returns a
 301  *      separate pointer to that particular element of the array.
 302  */
 303 char **keyuids(struct openpgp_publickey *key, char **primary)
 304 {
 305         struct openpgp_signedpacket_list *curuid = NULL;
 306         char buf[1024];
 307         char **uids = NULL;
 308         int count = 0;
 309
 310         if (primary != NULL) {
 311                 *primary = NULL;
 312         }
 313
 314         if (key != NULL && key->uids != NULL) {
 315                 uids = malloc((spsize(key->uids) + 1) * sizeof (char *));
 316
 317                 curuid = key->uids;
 318                 while (curuid != NULL) {
 319                         buf[0] = 0;
 320                         if (curuid->packet->tag == OPENPGP_PACKET_UID) {
 321                                 snprintf(buf, 1023, "%.*s",
 322                                                 (int) curuid->packet->length,
 323                                                 curuid->packet->data);
 324                                 uids[count++] = strdup(buf);
 325                         }
 326                         curuid = curuid -> next;
 327                 }
 328                 uids[count] = NULL;
 329
 330                 /*
 331                  * TODO: Parse subpackets for real primary ID (v4 keys)
 332                  */
 333                 if (primary != NULL) {
 334                         *primary = uids[0];
 335                 }
 336         }
 337
 338         return uids;
 339 }
 340
 341 /**
 342  *      keysubkeys - Takes a key and returns an array of its subkey keyids.
 343  *      @key: The key to get the subkeys of.
 344  *
 345  *      keysubkeys takes a public key structure and returns an array of the
 346  *      subkey keyids for that key.
 347  */
 348 struct openpgp_fingerprint *keysubkeys(struct openpgp_publickey *key)
 349 {
 350         struct openpgp_signedpacket_list *cursubkey = NULL;
 351         struct openpgp_fingerprint       *subkeys = NULL;
 352         int                               count = 0;
 353
 354         if (key != NULL && key->subkeys != NULL) {
 355                 subkeys = malloc((spsize(key->subkeys) + 1) *
 356                                 sizeof (struct openpgp_fingerprint));
 357                 cursubkey = key->subkeys;
 358                 while (cursubkey != NULL) {
 359                         get_fingerprint(cursubkey->packet, &subkeys[count++]);
 360                         cursubkey = cursubkey -> next;
 361                 }
 362                 subkeys[count].length = 0;
 363         }
 364
 365         return subkeys;
 366 }
 367
 368 enum onak_oid onak_parse_oid(uint8_t *buf, size_t len)
 369 {
 370         enum onak_oid oid;
 371
 372         /* Elliptic curve key size is based on OID */
 373         if (len == 0 || (buf[0] >= len)) {
 374                 oid = ONAK_OID_INVALID;
 375         /* Curve25519 / 1.3.6.1.4.1.3029.1.5.1 */
 376         } else if ((buf[0] == 10) &&
 377                         (buf[1] == 0x2B) && (buf[2] == 0x06) &&
 378                         (buf[3] == 0x01) && (buf[4] == 0x04) &&
 379                         (buf[5] == 0x01) && (buf[6] == 0x97) &&
 380                         (buf[7] == 0x55) && (buf[8] == 0x01) &&
 381                         (buf[9] == 0x05) && (buf[10] == 0x01)) {
 382                 oid = ONAK_OID_CURVE25519;
 383         /* Ed25519 / 1.3.6.1.4.1.11591.15.1 */
 384         } else if ((buf[0] == 9) &&
 385                         (buf[1] == 0x2B) && (buf[2] == 0x06) &&
 386                         (buf[3] == 0x01) && (buf[4] == 0x04) &&
 387                         (buf[5] == 0x01) && (buf[6] == 0xDA) &&
 388                         (buf[7] == 0x47) && (buf[8] == 0x0F) &&
 389                         (buf[9] == 0x01)) {
 390                 oid = ONAK_OID_ED25519;
 391         /* nistp256 / 1.2.840.10045.3.1.7 */
 392         } else if ((buf[0] == 8) &&
 393                         (buf[1] == 0x2A) && (buf[2] == 0x86) &&
 394                         (buf[3] == 0x48) && (buf[4] == 0xCE) &&
 395                         (buf[5] == 0x3D) && (buf[6] == 0x03) &&
 396                         (buf[7] == 0x01) && (buf[8] == 0x07)) {
 397                 oid = ONAK_OID_NISTP256;
 398         /* nistp384 / 1.3.132.0.34 */
 399         } else if ((buf[0] == 5) &&
 400                         (buf[1] == 0x2B) && (buf[2] == 0x81) &&
 401                         (buf[3] == 0x04) && (buf[4] == 0x00) &&
 402                         (buf[5] == 0x22)) {
 403                 oid = ONAK_OID_NISTP384;
 404         /* nistp521 / 1.3.132.0.35 */
 405         } else if ((buf[0] == 5) &&
 406                         (buf[1] == 0x2B) && (buf[2] == 0x81) &&
 407                         (buf[3] == 0x04) && (buf[4] == 0x00) &&
 408                         (buf[5] == 0x23)) {
 409                 oid = ONAK_OID_NISTP521;
 410         /* brainpoolP256r1 / 1.3.36.3.3.2.8.1.1.7 */
 411         } else if ((buf[0] == 9) &&
 412                         (buf[1] == 0x2B) && (buf[2] == 0x24) &&
 413                         (buf[3] == 0x03) && (buf[4] == 0x03) &&
 414                         (buf[5] == 0x02) && (buf[6] == 0x08) &&
 415                         (buf[7] == 0x01) && (buf[8] == 0x01) &&
 416                         (buf[9] == 0x07)) {
 417                 oid = ONAK_OID_BRAINPOOLP256R1;
 418         /* brainpoolP384r1 / 1.3.36.3.3.2.8.1.1.11 */
 419         } else if ((buf[0] == 9) &&
 420                         (buf[1] == 0x2B) && (buf[2] == 0x24) &&
 421                         (buf[3] == 0x03) && (buf[4] == 0x03) &&
 422                         (buf[5] == 0x02) && (buf[6] == 0x08) &&
 423                         (buf[7] == 0x01) && (buf[8] == 0x01) &&
 424                         (buf[9] == 0x0B)) {
 425                 oid = ONAK_OID_BRAINPOOLP384R1;
 426         /* brainpoolP512r1 / 1.3.36.3.3.2.8.1.1.13 */
 427         } else if ((buf[0] == 9) &&
 428                         (buf[1] == 0x2B) && (buf[2] == 0x24) &&
 429                         (buf[3] == 0x03) && (buf[4] == 0x03) &&
 430                         (buf[5] == 0x02) && (buf[6] == 0x08) &&
 431                         (buf[7] == 0x01) && (buf[8] == 0x01) &&
 432                         (buf[9] == 0x0D)) {
 433                 oid = ONAK_OID_BRAINPOOLP512R1;
 434         /* secp256k1 / 1.3.132.0.10 */
 435         } else if ((buf[0] == 5) &&
 436                         (buf[1] == 0x2B) && (buf[2] == 0x81) &&
 437                         (buf[3] == 0x04) && (buf[4] == 0x00) &&
 438                         (buf[5] == 0x0A)) {
 439                 oid = ONAK_OID_SECP256K1;
 440         } else {
 441                 oid = ONAK_OID_UNKNOWN;
 442         }
 443
 444         return oid;
 445 }