X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=decodekey.c;h=0ff0625929849713a2597bf36769f009badab90c;hp=606b091f941237ec173cedf64b10b0c6aa1eb29f;hb=adc800dbc424a1e246dd4a82a0c2e88eeda25531;hpb=348e7d134e9243fd72cf8fbe366c77c1571faec1 diff --git a/decodekey.c b/decodekey.c index 606b091..0ff0625 100644 --- a/decodekey.c +++ b/decodekey.c @@ -2,9 +2,21 @@ * decodekey.c - Routines to further decode an OpenPGP key. * * Copyright 2002-2008 Jonathan McDowell + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . */ -#include +#include #include #include #include @@ -15,11 +27,13 @@ #include "keyid.h" #include "keystructs.h" #include "ll.h" -#include "log.h" +#include "openpgp.h" /* * parse_subpackets - Parse the subpackets of a Type 4 signature. * @data: The subpacket data. + * @len: The amount of data available to read. + * @parselen: The amount of data that was actually parsed. * @keyid: A pointer to where we should return the keyid. * @creationtime: A pointer to where we should return the creation time. * @@ -28,16 +42,29 @@ * processed. If the value of any piece of data is not desired a NULL * can be passed instead of a pointer to a storage area for that value. */ -int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation) +onak_status_t parse_subpackets(unsigned char *data, size_t len, + size_t *parselen, uint64_t *keyid, time_t *creation) { int offset = 0; int length = 0; int packetlen = 0; - log_assert(data != NULL); + assert(data != NULL); + + /* Make sure we actually have the 2 byte length field */ + if (len < 2) { + return ONAK_E_INVALID_PKT; + } length = (data[0] << 8) + data[1] + 2; + /* If the length is off the end of the data available, it's bogus */ + if (len < length) { + return ONAK_E_INVALID_PKT; + } + + *parselen = length; + offset = 2; while (offset < length) { packetlen = data[offset++]; @@ -47,14 +74,18 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation) } else if (packetlen == 255) { packetlen = data[offset++]; packetlen <<= 8; - packetlen = data[offset++]; + packetlen |= data[offset++]; packetlen <<= 8; - packetlen = data[offset++]; + packetlen |= data[offset++]; packetlen <<= 8; - packetlen = data[offset++]; + packetlen |= data[offset++]; + } + /* Check the supplied length is within the remaining data */ + if (packetlen == 0 || (packetlen + offset) > length) { + return ONAK_E_INVALID_PKT; } switch (data[offset] & 0x7F) { - case 2: + case OPENPGP_SIGSUB_CREATION: /* * Signature creation time. */ @@ -68,17 +99,11 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation) *creation = data[offset + packetlen - 1]; } break; - case 3: /* * Signature expiration time. Might want to output this? */ break; - case 6: - /* - * Regular expression for UIDs this sig is over. - */ - break; - case 16: + case OPENPGP_SIGSUB_ISSUER: if (keyid != NULL) { *keyid = data[offset+packetlen - 8]; *keyid <<= 8; @@ -97,25 +122,36 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation) *keyid += data[offset+packetlen - 1]; } break; - case 20: - /* - * Annotation data. - */ - break; - - case 23: - /* - * Key server preferences. Including no-modify. - */ - break; - case 25: - /* - * Primary UID. - */ - break; - case 26: + case OPENPGP_SIGSUB_EXPIRY: + case OPENPGP_SIGSUB_EXPORTABLE: + case OPENPGP_SIGSUB_TRUSTSIG: + case OPENPGP_SIGSUB_REGEX: + case OPENPGP_SIGSUB_REVOCABLE: + case OPENPGP_SIGSUB_CAPABILITIES: + case OPENPGP_SIGSUB_KEYEXPIRY: + case OPENPGP_SIGSUB_ARR: + case OPENPGP_SIGSUB_PREFSYM: + case OPENPGP_SIGSUB_REVOCATION_KEY: + case OPENPGP_SIGSUB_ISSUER_UID: + case OPENPGP_SIGSUB_URL: + case OPENPGP_SIGSUB_ISSUER_FINGER: + case OPENPGP_SIGSUB_NOTATION: + case OPENPGP_SIGSUB_PREFHASH: + case OPENPGP_SIGSUB_PREFCOMPRESS: + case OPENPGP_SIGSUB_KEYSERVER: + case OPENPGP_SIGSUB_PREFKEYSERVER: + case OPENPGP_SIGSUB_PRIMARYUID: + case OPENPGP_SIGSUB_POLICYURI: + case OPENPGP_SIGSUB_KEYFLAGS: + case OPENPGP_SIGSUB_SIGNER_UID: + case OPENPGP_SIGSUB_REVOKE_REASON: + case OPENPGP_SIGSUB_FEATURES: + case OPENPGP_SIGSUB_SIGNATURE_TARGET: + case OPENPGP_SIGSUB_EMBEDDED_SIG: /* - * Policy URI. + * Various subpacket types we know about, but don't + * currently handle. Some are candidates for being + * supported if we add signature checking support. */ break; default: @@ -124,38 +160,13 @@ int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation) * 7 is set in which case we log a major error. */ if (data[offset] & 0x80) { - logthing(LOGTHING_CRITICAL, - "Critical subpacket type not parsed: 0x%X", - data[offset]); + return ONAK_E_UNSUPPORTED_FEATURE; } - } offset += packetlen; } - return length; -} - -/** - * keysigs - Return the sigs on a given OpenPGP signature list. - * @curll: The current linked list. Can be NULL to create a new list. - * @sigs: The signature list we want the sigs on. - * - * Returns a linked list of stats_key elements containing the sigs on the - * supplied OpenPGP packet list. - */ -struct ll *keysigs(struct ll *curll, - struct openpgp_packet_list *sigs) -{ - uint64_t keyid = 0; - - while (sigs != NULL) { - keyid = sig_keyid(sigs->packet); - sigs = sigs->next; - curll = lladd(curll, createandaddtohash(keyid)); - } - - return curll; + return ONAK_E_OK; } /** @@ -168,10 +179,12 @@ struct ll *keysigs(struct ll *curll, * key or pulls the data directly from v2/3. NULL can be passed for any * values which aren't cared about. */ -void sig_info(struct openpgp_packet *packet, uint64_t *keyid, time_t *creation) +onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid, + time_t *creation) { - int length = 0; - + size_t length = 0; + onak_status_t res; + if (packet != NULL) { switch (packet->data[0]) { case 2: @@ -204,20 +217,25 @@ void sig_info(struct openpgp_packet *packet, uint64_t *keyid, time_t *creation) } break; case 4: - length = parse_subpackets(&packet->data[4], - keyid, creation); - parse_subpackets(&packet->data[length + 4], - keyid, creation); - /* - * Don't bother to look at the unsigned packets. - */ + res = parse_subpackets(&packet->data[4], + packet->length - 4, + &length, keyid, creation); + if (res != ONAK_E_OK) { + return res; + } + res = parse_subpackets(&packet->data[length + 4], + packet->length - (4 + length), + &length, keyid, creation); + if (res != ONAK_E_OK) { + return res; + } break; default: break; } } - return; + return ONAK_E_OK; } /** @@ -276,7 +294,7 @@ char **keyuids(struct openpgp_publickey *key, char **primary) curuid = key->uids; while (curuid != NULL) { buf[0] = 0; - if (curuid->packet->tag == 13) { + if (curuid->packet->tag == OPENPGP_PACKET_UID) { snprintf(buf, 1023, "%.*s", (int) curuid->packet->length, curuid->packet->data); @@ -304,21 +322,21 @@ char **keyuids(struct openpgp_publickey *key, char **primary) * keysubkeys takes a public key structure and returns an array of the * subkey keyids for that key. */ -uint64_t *keysubkeys(struct openpgp_publickey *key) +struct openpgp_fingerprint *keysubkeys(struct openpgp_publickey *key) { struct openpgp_signedpacket_list *cursubkey = NULL; - uint64_t *subkeys = NULL; + struct openpgp_fingerprint *subkeys = NULL; int count = 0; - + if (key != NULL && key->subkeys != NULL) { subkeys = malloc((spsize(key->subkeys) + 1) * - sizeof (uint64_t)); + sizeof (struct openpgp_fingerprint)); cursubkey = key->subkeys; while (cursubkey != NULL) { - subkeys[count++] = get_packetid(cursubkey->packet); + get_fingerprint(cursubkey->packet, &subkeys[count++]); cursubkey = cursubkey -> next; } - subkeys[count] = 0; + subkeys[count].length = 0; } return subkeys;