]> the.earth.li Git - onak.git/blobdiff - sigcheck.c
projects / onak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move key database backends into their own directory
[onak.git] / sigcheck.c
diff --git a/sigcheck.c b/sigcheck.c
index 04f26760b1c3e3dd6fa0a50bd65364fbf1ff4fd1..89b3f92970205df3ff70f629ef201f6bb839c705 100644 (file)
--- a/sigcheck.c
+++ b/sigcheck.c
@@ -36,12 +36,13 @@
 #endif
 #include "sha1x.h"
 
-int check_packet_sighash(struct openpgp_publickey *key,
+onak_status_t calculate_packet_sighash(struct openpgp_publickey *key,
                        struct openpgp_packet *packet,
-                       struct openpgp_packet *sig)
+                       struct openpgp_packet *sig,
+                       uint8_t *hashtype,
+                       uint8_t *hash,
+                       uint8_t **sighash)
 {
-       uint8_t hashtype;
-       uint8_t *sighash;
        size_t siglen, unhashedlen;
        struct sha1_ctx sha1_context;
        struct sha1x_ctx sha1x_context;
@@ -56,13 +57,15 @@ int check_packet_sighash(struct openpgp_publickey *key,
        uint8_t keyheader[5];
        uint8_t packetheader[5];
        uint8_t trailer[10];
-       uint8_t hash[64];
        uint8_t *hashdata[8];
        size_t hashlen[8];
        int chunks, i;
        uint64_t keyid;
        onak_status_t res;
 
+       *hashtype = 0;
+       *sighash = NULL;
+
        switch (sig->data[0]) {
        case 2:
        case 3:
@@ -75,7 +78,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
                hashlen[1] = key->publickey->length;
                chunks = 2;
 
-               hashtype = sig->data[16];
+               *hashtype = sig->data[16];
 
                if (packet != NULL) {
                        if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
@@ -96,7 +99,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
                hashdata[chunks] = &sig->data[2];
                hashlen[chunks] = 5;
                chunks++;
-               sighash = &sig->data[17];
+               *sighash = &sig->data[17];
                break;
        case 4:
                keyheader[0] = 0x99;
@@ -108,8 +111,6 @@ int check_packet_sighash(struct openpgp_publickey *key,
                hashlen[1] = key->publickey->length;
                chunks = 2;
 
-               hashtype = sig->data[3];
-
                /* Check to see if this is an X509 based signature */
                if (sig->data[2] == 0 || sig->data[2] == 100) {
                        size_t len;
@@ -119,8 +120,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
                                                sig->length - 4, &len,
                                                &keyid, NULL);
                        if (res != ONAK_E_OK) {
-                               /* If it parses badly, reject it */
-                               return 0;
+                               return res;
                        }
                        if (keyid == 0 &&
                                        /* No unhashed data */
@@ -133,15 +133,12 @@ int check_packet_sighash(struct openpgp_publickey *key,
                                        sig->data[8 + len] == 0 &&
                                        sig->data[9 + len] == 1 &&
                                        sig->data[10 + len] == 1) {
-                               get_keyid(key, &keyid);
-                               logthing(LOGTHING_DEBUG,
-                                       "Skipping X509 signature on 0x%016"
-                                       PRIX64,
-                                       keyid);
-                               return -1;
+                               return ONAK_E_UNSUPPORTED_FEATURE;
                        }
                }
 
+               *hashtype = sig->data[3];
+
                if (packet != NULL) {
                        if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
                                packetheader[0] = 0x99;
@@ -172,7 +169,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
                        sig->data[5] + 6;;
                if (siglen > sig->length) {
                        /* Signature data exceed packet length, bogus */
-                       return 0;
+                       return ONAK_E_INVALID_PKT;
                }
                chunks++;
 
@@ -188,7 +185,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
 
                unhashedlen = (sig->data[siglen] << 8) +
                        sig->data[siglen + 1];
-               sighash = &sig->data[siglen + unhashedlen + 2];
+               *sighash = &sig->data[siglen + unhashedlen + 2];
                break;
        case 5:
                keyheader[0] = 0x9A;
@@ -202,7 +199,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
                hashlen[1] = key->publickey->length;
                chunks = 2;
 
-               hashtype = sig->data[3];
+               *hashtype = sig->data[3];
 
                if (packet != NULL) {
                        if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
@@ -236,7 +233,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
                        sig->data[5] + 6;;
                if (siglen > sig->length) {
                        /* Signature data exceed packet length, bogus */
-                       return 0;
+                       return ONAK_E_INVALID_PKT;
                }
                chunks++;
 
@@ -256,37 +253,33 @@ int check_packet_sighash(struct openpgp_publickey *key,
 
                unhashedlen = (sig->data[siglen] << 8) +
                        sig->data[siglen + 1];
-               sighash = &sig->data[siglen + unhashedlen + 2];
+               *sighash = &sig->data[siglen + unhashedlen + 2];
                break;
        default:
-               get_keyid(key, &keyid);
-               logthing(LOGTHING_ERROR,
-                       "Unknown signature version %d on 0x%016" PRIX64,
-                       sig->data[0], keyid);
-               return -1;
+               return ONAK_E_UNSUPPORTED_FEATURE;
        }
 
-       switch (hashtype) {
+       switch (*hashtype) {
        case OPENPGP_HASH_MD5:
                md5_init(&md5_context);
                for (i = 0; i < chunks; i++) {
                        md5_update(&md5_context, hashlen[i], hashdata[i]);
                }
-               md5_digest(&md5_context, 16, hash);
+               md5_digest(&md5_context, MD5_DIGEST_SIZE, hash);
                break;
        case OPENPGP_HASH_SHA1:
                sha1_init(&sha1_context);
                for (i = 0; i < chunks; i++) {
                        sha1_update(&sha1_context, hashlen[i], hashdata[i]);
                }
-               sha1_digest(&sha1_context, 20, hash);
+               sha1_digest(&sha1_context, SHA1_DIGEST_SIZE, hash);
                break;
        case OPENPGP_HASH_SHA1X:
                sha1x_init(&sha1x_context);
                for (i = 0; i < chunks; i++) {
                        sha1x_update(&sha1x_context, hashlen[i], hashdata[i]);
                }
-               sha1x_digest(&sha1x_context, 20, hash);
+               sha1x_digest(&sha1x_context, SHA1X_DIGEST_SIZE, hash);
                break;
 #ifdef HAVE_NETTLE
        case OPENPGP_HASH_RIPEMD160:
@@ -332,18 +325,8 @@ int check_packet_sighash(struct openpgp_publickey *key,
                break;
 #endif
        default:
-               get_keyid(key, &keyid);
-               logthing(LOGTHING_ERROR,
-                       "Unsupported signature hash type %d on 0x%016" PRIX64,
-                       hashtype,
-                       keyid);
-               return -1;
+               return ONAK_E_UNSUPPORTED_FEATURE;
        }
 
-       logthing(LOGTHING_DEBUG, "Hash type: %d, %d chunks, "
-               "calculated: %02X%02X / actual: %02X%02X",
-               hashtype, chunks,
-               hash[0], hash[1], sighash[0], sighash[1]);
-
-       return (hash[0] == sighash[0] && hash[1] == sighash[1]);
+       return ONAK_E_OK;
 }
OpenPGP key server