decodekey.c

   1 /*
   2  * decodekey.c - Routines to further decode an OpenPGP key.
   3  *
   4  * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
   5  *
   6  * This program is free software: you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; version 2 of the License.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  13  * more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along with
  16  * this program; if not, write to the Free Software Foundation, Inc., 51
  17  * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  */
  19
  20 #include <assert.h>
  21 #include <stdio.h>
  22 #include <stdlib.h>
  23 #include <string.h>
  24 #include <time.h>
  25
  26 #include "decodekey.h"
  27 #include "hash.h"
  28 #include "keyid.h"
  29 #include "keystructs.h"
  30 #include "ll.h"
  31 #include "openpgp.h"
  32
  33 /*
  34  *      parse_subpackets - Parse the subpackets of a Type 4 signature.
  35  *      @data: The subpacket data.
  36  *      @len: The amount of data available to read.
  37  *      @parselen: The amount of data that was actually parsed.
  38  *      @keyid: A pointer to where we should return the keyid.
  39  *      @creationtime: A pointer to where we should return the creation time.
  40  *
  41  *      This function parses the subkey data of a Type 4 signature and fills
  42  *      in the supplied variables. It also returns the length of the data
  43  *      processed. If the value of any piece of data is not desired a NULL
  44  *      can be passed instead of a pointer to a storage area for that value.
  45  */
  46 onak_status_t parse_subpackets(unsigned char *data, size_t len,
  47                 size_t *parselen, uint64_t *keyid, time_t *creation)
  48 {
  49         int offset = 0;
  50         int length = 0;
  51         int packetlen = 0;
  52
  53         assert(data != NULL);
  54
  55         /* Make sure we actually have the 2 byte length field */
  56         if (len < 2) {
  57                 return ONAK_E_INVALID_PKT;
  58         }
  59
  60         length = (data[0] << 8) + data[1] + 2;
  61
  62         /* If the length is off the end of the data available, it's bogus */
  63         if (len < length) {
  64                 return ONAK_E_INVALID_PKT;
  65         }
  66
  67         *parselen = length;
  68
  69         offset = 2;
  70         while (offset < length) {
  71                 packetlen = data[offset++];
  72                 if (packetlen > 191 && packetlen < 255) {
  73                         packetlen = ((packetlen - 192) << 8) +
  74                                         data[offset++] + 192;
  75                 } else if (packetlen == 255) {
  76                         packetlen = data[offset++];
  77                         packetlen <<= 8;
  78                         packetlen |= data[offset++];
  79                         packetlen <<= 8;
  80                         packetlen |= data[offset++];
  81                         packetlen <<= 8;
  82                         packetlen |= data[offset++];
  83                 }
  84                 /* Check the supplied length is within the remaining data */
  85                 if (packetlen == 0 || (packetlen + offset) > length) {
  86                         return ONAK_E_INVALID_PKT;
  87                 }
  88                 switch (data[offset] & 0x7F) {
  89                 case OPENPGP_SIGSUB_CREATION:
  90                         /*
  91                          * Signature creation time.
  92                          */
  93                         if (creation != NULL) {
  94                                 *creation = data[offset + packetlen - 4];
  95                                 *creation <<= 8;
  96                                 *creation = data[offset + packetlen - 3];
  97                                 *creation <<= 8;
  98                                 *creation = data[offset + packetlen - 2];
  99                                 *creation <<= 8;
 100                                 *creation = data[offset + packetlen - 1];
 101                         }
 102                         break;
 103                         /*
 104                          * Signature expiration time. Might want to output this?
 105                          */
 106                         break;
 107                 case OPENPGP_SIGSUB_ISSUER:
 108                         if (keyid != NULL) {
 109                                 *keyid = data[offset+packetlen - 8];
 110                                 *keyid <<= 8;
 111                                 *keyid += data[offset+packetlen - 7];
 112                                 *keyid <<= 8;
 113                                 *keyid += data[offset+packetlen - 6];
 114                                 *keyid <<= 8;
 115                                 *keyid += data[offset+packetlen - 5];
 116                                 *keyid <<= 8;
 117                                 *keyid += data[offset+packetlen - 4];
 118                                 *keyid <<= 8;
 119                                 *keyid += data[offset+packetlen - 3];
 120                                 *keyid <<= 8;
 121                                 *keyid += data[offset+packetlen - 2];
 122                                 *keyid <<= 8;
 123                                 *keyid += data[offset+packetlen - 1];
 124                         }
 125                         break;
 126                 case OPENPGP_SIGSUB_EXPIRY:
 127                 case OPENPGP_SIGSUB_EXPORTABLE:
 128                 case OPENPGP_SIGSUB_TRUSTSIG:
 129                 case OPENPGP_SIGSUB_REGEX:
 130                 case OPENPGP_SIGSUB_REVOCABLE:
 131                 case OPENPGP_SIGSUB_CAPABILITIES:
 132                 case OPENPGP_SIGSUB_KEYEXPIRY:
 133                 case OPENPGP_SIGSUB_ARR:
 134                 case OPENPGP_SIGSUB_PREFSYM:
 135                 case OPENPGP_SIGSUB_REVOCATION_KEY:
 136                 case OPENPGP_SIGSUB_ISSUER_UID:
 137                 case OPENPGP_SIGSUB_URL:
 138                 case OPENPGP_SIGSUB_ISSUER_FINGER:
 139                 case OPENPGP_SIGSUB_NOTATION:
 140                 case OPENPGP_SIGSUB_PREFHASH:
 141                 case OPENPGP_SIGSUB_PREFCOMPRESS:
 142                 case OPENPGP_SIGSUB_KEYSERVER:
 143                 case OPENPGP_SIGSUB_PREFKEYSERVER:
 144                 case OPENPGP_SIGSUB_PRIMARYUID:
 145                 case OPENPGP_SIGSUB_POLICYURI:
 146                 case OPENPGP_SIGSUB_KEYFLAGS:
 147                 case OPENPGP_SIGSUB_SIGNER_UID:
 148                 case OPENPGP_SIGSUB_REVOKE_REASON:
 149                 case OPENPGP_SIGSUB_FEATURES:
 150                 case OPENPGP_SIGSUB_SIGNATURE_TARGET:
 151                 case OPENPGP_SIGSUB_EMBEDDED_SIG:
 152                         /*
 153                          * Various subpacket types we know about, but don't
 154                          * currently handle. Some are candidates for being
 155                          * supported if we add signature checking support.
 156                          */
 157                         break;
 158                 default:
 159                         /*
 160                          * We don't care about unrecognized packets unless bit
 161                          * 7 is set in which case we log a major error.
 162                          */
 163                         if (data[offset] & 0x80) {
 164                                 return ONAK_E_UNSUPPORTED_FEATURE;
 165                         }
 166                 }
 167                 offset += packetlen;
 168         }
 169
 170         return ONAK_E_OK;
 171 }
 172
 173 /**
 174  *      keysigs - Return the sigs on a given OpenPGP signature list.
 175  *      @curll: The current linked list. Can be NULL to create a new list.
 176  *      @sigs: The signature list we want the sigs on.
 177  *
 178  *      Returns a linked list of stats_key elements containing the sigs on the
 179  *      supplied OpenPGP packet list.
 180  */
 181 struct ll *keysigs(struct ll *curll,
 182                 struct openpgp_packet_list *sigs)
 183 {
 184         uint64_t keyid = 0;
 185
 186         while (sigs != NULL) {
 187                 keyid = sig_keyid(sigs->packet);
 188                 sigs = sigs->next;
 189                 curll = lladd(curll, createandaddtohash(keyid));
 190         }
 191
 192         return curll;
 193 }
 194
 195 /**
 196  *      sig_info - Get info on a given OpenPGP signature packet
 197  *      @packet: The signature packet
 198  *      @keyid: A pointer for where to return the signature keyid
 199  *      @creation: A pointer for where to return the signature creation time
 200  *
 201  *      Gets any info about a signature packet; parses the subpackets for a v4
 202  *      key or pulls the data directly from v2/3. NULL can be passed for any
 203  *      values which aren't cared about.
 204  */
 205 onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid,
 206                 time_t *creation)
 207 {
 208         size_t length = 0;
 209         onak_status_t res;
 210
 211         if (packet != NULL) {
 212                 switch (packet->data[0]) {
 213                 case 2:
 214                 case 3:
 215                         if (keyid != NULL) {
 216                                 *keyid = packet->data[7];
 217                                 *keyid <<= 8;
 218                                 *keyid += packet->data[8];
 219                                 *keyid <<= 8;
 220                                 *keyid += packet->data[9];
 221                                 *keyid <<= 8;
 222                                 *keyid += packet->data[10];
 223                                 *keyid <<= 8;
 224                                 *keyid += packet->data[11];
 225                                 *keyid <<= 8;
 226                                 *keyid += packet->data[12];
 227                                 *keyid <<= 8;
 228                                 *keyid += packet->data[13];
 229                                 *keyid <<= 8;
 230                                 *keyid += packet->data[14];
 231                         }
 232                         if (creation != NULL) {
 233                                 *creation = packet->data[3];
 234                                 *creation <<= 8;
 235                                 *creation = packet->data[4];
 236                                 *creation <<= 8;
 237                                 *creation = packet->data[5];
 238                                 *creation <<= 8;
 239                                 *creation = packet->data[6];
 240                         }
 241                         break;
 242                 case 4:
 243                         res = parse_subpackets(&packet->data[4],
 244                                         packet->length - 4,
 245                                         &length, keyid, creation);
 246                         if (res != ONAK_E_OK) {
 247                                 return res;
 248                         }
 249                         res = parse_subpackets(&packet->data[length + 4],
 250                                         packet->length - (4 + length),
 251                                         &length, keyid, creation);
 252                         if (res != ONAK_E_OK) {
 253                                 return res;
 254                         }
 255                         break;
 256                 default:
 257                         break;
 258                 }
 259         }
 260
 261         return ONAK_E_OK;
 262 }
 263
 264 /**
 265  *      sig_keyid - Return the keyid for a given OpenPGP signature packet.
 266  *      @packet: The signature packet.
 267  *
 268  *      Returns the keyid for the supplied signature packet.
 269  */
 270 uint64_t sig_keyid(struct openpgp_packet *packet)
 271 {
 272         uint64_t keyid = 0;
 273
 274         sig_info(packet, &keyid, NULL);
 275
 276         return keyid;
 277 }
 278
 279
 280 /*
 281  * TODO: Abstract out; all our linked lists should be generic and then we can
 282  * llsize them.
 283  */
 284 int spsize(struct openpgp_signedpacket_list *list)
 285 {
 286         int size = 0;
 287         struct openpgp_signedpacket_list *cur;
 288
 289         for (cur = list; cur != NULL; cur = cur->next, size++) ;
 290
 291         return size;
 292 }
 293
 294 /**
 295  *      keyuids - Takes a key and returns an array of its UIDs
 296  *      @key: The key to get the uids of.
 297  *      @primary: A pointer to store the primary UID in.
 298  *
 299  *      keyuids takes a public key structure and builds an array of the UIDs
 300  *      on the key. It also attempts to work out the primary UID and returns a
 301  *      separate pointer to that particular element of the array.
 302  */
 303 char **keyuids(struct openpgp_publickey *key, char **primary)
 304 {
 305         struct openpgp_signedpacket_list *curuid = NULL;
 306         char buf[1024];
 307         char **uids = NULL;
 308         int count = 0;
 309
 310         if (primary != NULL) {
 311                 *primary = NULL;
 312         }
 313
 314         if (key != NULL && key->uids != NULL) {
 315                 uids = malloc((spsize(key->uids) + 1) * sizeof (char *));
 316
 317                 curuid = key->uids;
 318                 while (curuid != NULL) {
 319                         buf[0] = 0;
 320                         if (curuid->packet->tag == OPENPGP_PACKET_UID) {
 321                                 snprintf(buf, 1023, "%.*s",
 322                                                 (int) curuid->packet->length,
 323                                                 curuid->packet->data);
 324                                 uids[count++] = strdup(buf);
 325                         }
 326                         curuid = curuid -> next;
 327                 }
 328                 uids[count] = NULL;
 329
 330                 /*
 331                  * TODO: Parse subpackets for real primary ID (v4 keys)
 332                  */
 333                 if (primary != NULL) {
 334                         *primary = uids[0];
 335                 }
 336         }
 337
 338         return uids;
 339 }
 340
 341 /**
 342  *      keysubkeys - Takes a key and returns an array of its subkey keyids.
 343  *      @key: The key to get the subkeys of.
 344  *
 345  *      keysubkeys takes a public key structure and returns an array of the
 346  *      subkey keyids for that key.
 347  */
 348 struct openpgp_fingerprint *keysubkeys(struct openpgp_publickey *key)
 349 {
 350         struct openpgp_signedpacket_list *cursubkey = NULL;
 351         struct openpgp_fingerprint       *subkeys = NULL;
 352         int                               count = 0;
 353
 354         if (key != NULL && key->subkeys != NULL) {
 355                 subkeys = malloc((spsize(key->subkeys) + 1) *
 356                                 sizeof (struct openpgp_fingerprint));
 357                 cursubkey = key->subkeys;
 358                 while (cursubkey != NULL) {
 359                         get_fingerprint(cursubkey->packet, &subkeys[count++]);
 360                         cursubkey = cursubkey -> next;
 361                 }
 362                 subkeys[count].length = 0;
 363         }
 364
 365         return subkeys;
 366 }