Revision Log

adv_packet-parse.c

Revision 517 (checked in by rachel, 6 years ago)	Added OPS_E_UNIMPLEMENTED error Changed cbinfo struct to support stacked errors in callbacks Changed RSA encryption test NOT to enforce writing of multiple packets Changed RSA signature test to use OPS validation
Property svn:keywords set to `Id`

Line
1	/** \file
2	* \brief Parser for OpenPGP packets
3	*/
4
5	#include <openssl/cast.h>
6
7	#include <openpgpsdk/packet.h>
8	#include <openpgpsdk/packet-parse.h>
9	#include <openpgpsdk/keyring.h>
10	#include <openpgpsdk/util.h>
11	#include <openpgpsdk/compress.h>
12	#include <openpgpsdk/errors.h>
13	#include <openpgpsdk/readerwriter.h>
14	#include "openpgpsdk/packet-show.h"
15
16	#include "parse_local.h"
17
18	#include <assert.h>
19	#include <stdarg.h>
20	#include <stdlib.h>
21	#include <string.h>
22	#ifndef WIN32
23	#include <unistd.h>
24	#endif
25	#include <errno.h>
26	#include <limits.h>
27
28	#include <openpgpsdk/final.h>
29
30	typedef struct
31	{
32	// boolean: false once we've done the preamble/MDC checks
33	// and are reading from the plaintext
34	int passed_checks;
35	unsigned char *plaintext;
36	size_t plaintext_available;
37	size_t plaintext_offset;
38	ops_region_t *region;
39	ops_crypt_t *decrypt;
40	} decrypt_se_ip_arg_t;
41
42	/**
43	* limited_read_data reads the specified amount of the subregion's data
44	* into a data_t structure
45	*
46	* \param data Empty structure which will be filled with data
47	* \param len Number of octets to read
48	* \param subregion
49	* \param pinfo How to parse
50	*
51	* \return 1 on success, 0 on failure
52	*/
53	static int limited_read_data(ops_data_t *data,unsigned int len,
54	ops_region_t subregion,ops_parse_info_t pinfo)
55	{
56	data->len = len;
57
58	assert(subregion->length-subregion->length_read >= len);
59
60	data->contents=malloc(data->len);
61	if (!data->contents)
62	return 0;
63
64	if (!ops_limited_read(data->contents, data->len,subregion,&pinfo->errors,
65	&pinfo->rinfo,&pinfo->cbinfo))
66	return 0;
67
68	return 1;
69	}
70
71	/**
72	* read_data reads the remainder of the subregion's data
73	* into a data_t structure
74	*
75	* \param data
76	* \param subregion
77	* \param pinfo
78	*
79	* \return 1 on success, 0 on failure
80	*/
81	static int read_data(ops_data_t data,ops_region_t subregion,
82	ops_parse_info_t *pinfo)
83	{
84	int len;
85
86	len=subregion->length-subregion->length_read;
87
88	if ( len >= 0 ) {
89	return(limited_read_data(data,len,subregion,pinfo));
90	}
91	return 0;
92	}
93
94	/**
95	* Reads the remainder of the subregion as a string.
96	* It is the user's responsibility to free the memory allocated here.
97	*/
98
99	static int read_unsigned_string(unsigned char *str,ops_region_t subregion,
100	ops_parse_info_t *pinfo)
101	{
102	int len=0;
103
104	len=subregion->length-subregion->length_read;
105
106	*str=malloc(len+1);
107	if(!(*str))
108	return 0;
109
110	if(len && !ops_limited_read(*str,len,subregion,&pinfo->errors,
111	&pinfo->rinfo,&pinfo->cbinfo))
112	return 0;
113
114	/! ensure the string is NULL-terminated /
115
116	(*str)[len]=(char) NULL;
117
118	return 1;
119	}
120
121	static int read_string(char *str, ops_region_t subregion, ops_parse_info_t *pinfo)
122	{
123	return (read_unsigned_string((unsigned char **)str, subregion, pinfo));
124	}
125
126	void ops_init_subregion(ops_region_t subregion,ops_region_t region)
127	{
128	memset(subregion,'\0',sizeof *subregion);
129	subregion->parent=region;
130	}
131
132	/! \todo descr for CB macro /
133	/! \todo check other callback functions to check they match this usage /
134	#define CB(cbinfo,t,pc) do { (pc)->tag=(t); if((cbinfo)->cb(pc,(cbinfo)) == OPS_RELEASE_MEMORY) ops_parser_content_free(pc); } while(0)
135	#define CBP(info,t,pc) CB(&(info)->cbinfo,t,pc)
136	/! macro to save typing /
137	#define C content.content
138
139	/! set error code in content and run CallBack to handle error /
140	#define ERRCODE(cbinfo,err) do { C.errcode.errcode=err; CB(cbinfo,OPS_PARSER_ERRCODE,&content); } while(0)
141	#define ERRCODEP(pinfo,err) do { C.errcode.errcode=err; CBP(pinfo,OPS_PARSER_ERRCODE,&content); } while(0)
142	/! set error text in content and run CallBack to handle error, then return /
143	#define ERR(cbinfo,err) do { C.error.error=err; CB(cbinfo,OPS_PARSER_ERROR,&content); return ops_false; } while(0)
144	#define ERRP(info,err) do { C.error.error=err; CBP(info,OPS_PARSER_ERROR,&content); return ops_false; } while(0)
145	/! set error text in content and run CallBack to handle warning, do not return /
146	#define WARN(warn) do { C.error.error=warn; CB(OPS_PARSER_ERROR,&content);; } while(0)
147	#define WARNP(info,warn) do { C.error.error=warn; CBP(info,OPS_PARSER_ERROR,&content); } while(0)
148	#ifdef XXX
149	/! \todo descr ERR1 macro /
150	#define ERR1P(info,fmt,x) do { format_error(&content,(fmt),(x)); CBP(info,OPS_PARSER_ERROR,&content); return ops_false; } while(0)
151	#define ERR2P(info,fmt,x,y) do { format_error(&content,(fmt),(x),(y)); CBP(info,OPS_PARSER_ERROR,&content); return ops_false; } while(0)
152	#define ERR4P(info,fmt,x,y,z,a) do { format_error(&content,(fmt),(x),(y),(z),(a)); CBP(info,OPS_PARSER_ERROR,&content); return ops_false; } while(0)
153	#endif
154
155	/* XXX: replace ops_ptag_t with something more appropriate for limiting
156	reads */
157
158	#ifdef OLD
159	/* Note that this makes the parser non-reentrant, in a limited way */
160	/* It is the caller's responsibility to avoid overflow in the buffer */
161	static void format_error(ops_parser_content_t *content,
162	const char *const fmt,...)
163	{
164	va_list va;
165	static char buf[8192];
166
167	va_start(va,fmt);
168	vsnprintf(buf,sizeof buf,fmt,va);
169	va_end(va);
170	content->content.error.error=buf;
171	}
172	#endif
173
174	/**
175	* low-level function to read data from reader function
176	*
177	* Use this function, rather than calling the reader directly.
178	*
179	* If the accumulate flag is set in *pinfo, the function
180	* adds the read data to the accumulated data, and updates
181	* the accumulated length. This is useful if, for example,
182	* the application wants access to the raw data as well as the
183	* parsed data.
184	*
185	* This function will also try to read the entire amount asked for, but not
186	* if it is over INT_MAX. Obviously many callers will know that they
187	* never ask for that much and so can avoid the extra complexity of
188	* dealing with return codes and filled-in lengths.
189	*
190	* \param *dest
191	* \param *plength
192	* \param flags
193	* \param *pinfo
194	*
195	* \return OPS_R_OK
196	* \return OPS_R_PARTIAL_READ
197	* \return OPS_R_EOF
198	* \return OPS_R_EARLY_EOF
199	*
200	* \sa #ops_reader_ret_t for details of return codes
201	*/
202
203	static int sub_base_read(void dest,size_t length,ops_error_t *errors,
204	ops_reader_info_t rinfo,ops_parse_cb_info_t cbinfo)
205	{
206	size_t n;
207
208	/* reading more than this would look like an error */
209	if(length > INT_MAX)
210	length=INT_MAX;
211
212	for(n=0 ; n < length ; )
213	{
214	int r=rinfo->reader((char*)dest+n,length-n,errors,rinfo,cbinfo);
215
216	assert(r <= (int)(length-n));
217
218	// XXX: should we save the error and return what was read so far?
219	if(r < 0)
220	return r;
221
222	if(r == 0)
223	break;
224
225	n+=r;
226	}
227
228	if(n == 0)
229	return 0;
230
231	if(rinfo->accumulate)
232	{
233	assert(rinfo->asize >= rinfo->alength);
234	if(rinfo->alength+n > rinfo->asize)
235	{
236	rinfo->asize=rinfo->asize*2+n;
237	rinfo->accumulated=realloc(rinfo->accumulated,rinfo->asize);
238	}
239	assert(rinfo->asize >= rinfo->alength+n);
240	memcpy(rinfo->accumulated+rinfo->alength,dest,n);
241	}
242	// we track length anyway, because it is used for packet offsets
243	rinfo->alength+=n;
244	// and also the position
245	rinfo->position+=n;
246
247	return n;
248	}
249
250	int ops_stacked_read(void dest,size_t length,ops_error_t *errors,
251	ops_reader_info_t rinfo,ops_parse_cb_info_t cbinfo)
252	{ return sub_base_read(dest,length,errors,rinfo->next,cbinfo); }
253
254	/* This will do a full read so long as length < MAX_INT */
255	static int base_read(unsigned char *dest,size_t length,
256	ops_parse_info_t *pinfo)
257	{
258	return sub_base_read(dest,length,&pinfo->errors,&pinfo->rinfo,
259	&pinfo->cbinfo);
260	}
261
262	/* Read a full size_t's worth. If the return is < than length, then
263	* last_read tells you why - < 0 for an error, == 0 for EOF /
264
265	static size_t full_read(unsigned char dest,size_t length,int last_read,
266	ops_error_t *errors,ops_reader_info_t rinfo,
267	ops_parse_cb_info_t *cbinfo)
268	{
269	size_t t;
270	int r=0; /* preset in case some loon calls with length == 0 */
271
272	for(t=0 ; t < length ; )
273	{
274	r=sub_base_read(dest+t,length-t,errors,rinfo,cbinfo);
275
276	if(r <= 0)
277	{
278	*last_read=r;
279	return t;
280	}
281
282	t+=r;
283	}
284
285	*last_read=r;
286
287	return t;
288	}
289
290
291
292	/** Read a scalar value of selected length from reader.
293	*
294	* Read an unsigned scalar value from reader in Big Endian representation.
295	*
296	* This function does not know or care about packet boundaries. It
297	* also assumes that an EOF is an error.
298	*
299	* \param *result The scalar value is stored here
300	* \param *reader Our reader
301	* \param length How many bytes to read
302	* \return ops_true on success, ops_false on failure
303	*/
304	static ops_boolean_t _read_scalar(unsigned *result,unsigned length,
305	ops_parse_info_t *pinfo)
306	{
307	unsigned t=0;
308
309	assert (length <= sizeof(*result));
310
311	while(length--)
312	{
313	unsigned char c[1];
314	int r;
315
316	r=base_read(c,1,pinfo);
317	if(r != 1)
318	return ops_false;
319	t=(t << 8)+c[0];
320	}
321
322	*result=t;
323	return ops_true;
324	}
325
326	/** Read bytes from a region within the packet.
327	*
328	* Read length bytes into the buffer pointed to by *dest. Make sure
329	* we do not read over the packet boundary. Updates the Packet Tag's
330	* ops_ptag_t::length_read.
331	*
332	* If length would make us read over the packet boundary, or if
333	* reading fails, we call the callback with an error.
334	*
335	* Note that if the region is indeterminate, this can return a short
336	* read - check region->last_read for the length. EOF is indicated by
337	* a success return and region->last_read == 0 in this case (for a
338	* region of known length, EOF is an error).
339	*
340	* This function makes sure to respect packet boundaries.
341	*
342	* \param *dest The destination buffer
343	* \param length How many bytes to read
344	* \param *region Pointer to packet region
345	* \param *pinfo How to parse, including callback function
346	* \return ops_true on success, ops_false on error
347	*/
348	ops_boolean_t ops_limited_read(unsigned char *dest,size_t length,
349	ops_region_t region,ops_error_t *errors,
350	ops_reader_info_t *rinfo,
351	ops_parse_cb_info_t *cbinfo)
352	{
353	ops_parser_content_t content;
354	size_t r;
355	int lr;
356
357	if(!region->indeterminate && region->length_read+length > region->length)
358	{
359	ERRCODE(cbinfo,OPS_E_P_NOT_ENOUGH_DATA);
360	return 0;
361	}
362
363	r=full_read(dest,length,&lr,errors,rinfo,cbinfo);
364
365	if(lr < 0)
366	{
367	ERRCODE(cbinfo,OPS_E_R_READ_FAILED);
368	return ops_false;
369	}
370
371	if(!region->indeterminate && r != length)
372	{
373	ERRCODE(cbinfo,OPS_E_R_READ_FAILED);
374	return ops_false;
375	}
376
377	region->last_read=r;
378	do
379	{
380	region->length_read+=r;
381	assert(!region->parent \|\| region->length <= region->parent->length);
382	}
383	while((region=region->parent));
384
385	return ops_true;
386	}
387
388	ops_boolean_t ops_stacked_limited_read(unsigned char *dest,unsigned length,
389	ops_region_t *region,
390	ops_error_t **errors,
391	ops_reader_info_t *rinfo,
392	ops_parse_cb_info_t *cbinfo)
393	{ return ops_limited_read(dest,length,region,errors,rinfo->next,cbinfo); }
394
395	static ops_boolean_t limited_read(unsigned char *dest,unsigned length,
396	ops_region_t region,ops_parse_info_t info)
397	{
398	return ops_limited_read(dest,length,region,&info->errors,
399	&info->rinfo,&info->cbinfo);
400	}
401
402	static ops_boolean_t exact_limited_read(unsigned char *dest,unsigned length,
403	ops_region_t *region,
404	ops_parse_info_t *pinfo)
405	{
406	ops_boolean_t ret;
407
408	pinfo->exact_read=ops_true;
409	ret=limited_read(dest,length,region,pinfo);
410	pinfo->exact_read=ops_false;
411
412	return ret;
413	}
414
415	/** Skip over length bytes of this packet.
416	*
417	* Calls limited_read() to skip over some data.
418	*
419	* This function makes sure to respect packet boundaries.
420	*
421	* \param length How many bytes to skip
422	* \param *region Pointer to packet region
423	* \param *pinfo How to parse
424	* \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limited_read()).
425	*/
426	static int limited_skip(unsigned length,ops_region_t *region,
427	ops_parse_info_t *pinfo)
428	{
429	unsigned char buf[8192];
430
431	while(length)
432	{
433	int n=length%8192;
434	if(!limited_read(buf,n,region,pinfo))
435	return 0;
436	length-=n;
437	}
438	return 1;
439	}
440
441	/** Read a scalar.
442	*
443	* Read a big-endian scalar of length bytes, respecting packet
444	* boundaries (by calling limited_read() to read the raw data).
445	*
446	* This function makes sure to respect packet boundaries.
447	*
448	* \param *dest The scalar value is stored here
449	* \param length How many bytes make up this scalar (at most 4)
450	* \param *region Pointer to current packet region
451	* \param *pinfo How to parse
452	* \param *cb The callback
453	* \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limited_read()).
454	*
455	* \see RFC2440bis-12 3.1
456	*/
457	static int limited_read_scalar(unsigned *dest,unsigned length,
458	ops_region_t *region,
459	ops_parse_info_t *pinfo)
460	{
461	unsigned char c[4];
462	unsigned t;
463	unsigned n;
464
465	assert(length <= 4);
466	assert(sizeof(*dest) >= 4);
467	if(!limited_read(c,length,region,pinfo))
468	return 0;
469
470	for(t=0,n=0 ; n < length ; ++n)
471	t=(t << 8)+c[n];
472	*dest=t;
473
474	return 1;
475	}
476
477	/** Read a scalar.
478	*
479	* Read a big-endian scalar of length bytes, respecting packet
480	* boundaries (by calling limited_read() to read the raw data).
481	*
482	* The value read is stored in a size_t, which is a different size
483	* from an unsigned on some platforms.
484	*
485	* This function makes sure to respect packet boundaries.
486	*
487	* \param *dest The scalar value is stored here
488	* \param length How many bytes make up this scalar (at most 4)
489	* \param *region Pointer to current packet region
490	* \param *pinfo How to parse
491	* \param *cb The callback
492	* \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limited_read()).
493	*
494	* \see RFC2440bis-12 3.1
495	*/
496	static int limited_read_size_t_scalar(size_t *dest,unsigned length,
497	ops_region_t *region,
498	ops_parse_info_t *pinfo)
499	{
500	unsigned tmp;
501
502	assert(sizeof(*dest) >= 4);
503
504	/* Note that because the scalar is at most 4 bytes, we don't care
505	if size_t is bigger than usigned */
506	if(!limited_read_scalar(&tmp,length,region,pinfo))
507	return 0;
508
509	*dest=tmp;
510	return 1;
511	}
512
513	/** Read a timestamp.
514	*
515	* Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar
516	* of 4 bytes.
517	*
518	* This function reads the timestamp using limited_read_scalar().
519	*
520	* This function makes sure to respect packet boundaries.
521	*
522	* \param *dest The timestamp is stored here
523	* \param *ptag Pointer to current packet's Packet Tag.
524	* \param *reader Our reader
525	* \param *cb The callback
526	* \return see limited_read_scalar()
527	*
528	* \see RFC2440bis-12 3.5
529	*/
530	static int limited_read_time(time_t dest,ops_region_t region,
531	ops_parse_info_t *pinfo)
532	{
533	return limited_read_scalar((unsigned *)dest,4,region,pinfo);
534	}
535
536	/** Read a multiprecision integer.
537	*
538	* Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar
539	* indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most
540	* significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is
541	* encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted).
542	*
543	* Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are
544	* supposed to be cleared - I guess. XXX - does anything actually say so?
545	*
546	* This function makes sure to respect packet boundaries.
547	*
548	* \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed
549	* by the caller XXX right ben?
550	* \param *ptag Pointer to current packet's Packet Tag.
551	* \param *reader Our reader
552	* \param *cb The callback
553	* \return 1 on success, 0 on error (by limited_read_scalar() or limited_read() or if the MPI is not properly formed (XXX
554	* see comment below - the callback is called with a OPS_PARSER_ERROR in case of an error)
555	*
556	* \see RFC2440bis-12 3.2
557	*/
558	static int limited_read_mpi(BIGNUM *pbn,ops_region_t region,
559	ops_parse_info_t *pinfo)
560	{
561	unsigned length;
562	unsigned nonzero;
563	unsigned char buf[8192]; /* an MPI has a 2 byte length part. Length
564	is given in bits, so the largest we should
565	ever need for the buffer is 8192 bytes. */
566	ops_parser_content_t content;
567	ops_boolean_t ret;
568
569	pinfo->reading_mpi_length=ops_true;
570	ret=limited_read_scalar(&length,2,region,pinfo);
571	pinfo->reading_mpi_length=ops_false;
572	if(!ret)
573	return 0;
574
575	nonzero=length&7; /* there should be this many zero bits in the MS byte */
576	if(!nonzero)
577	nonzero=8;
578	length=(length+7)/8;
579
580	assert(length <= 8192);
581	if(!limited_read(buf,length,region,pinfo))
582	return 0;
583
584	if((buf[0] >> nonzero) != 0 \|\| !(buf[0]&(1 << (nonzero-1))))
585	{
586	ERRCODEP(pinfo,OPS_E_P_MPI_FORMAT_ERROR); /* XXX: Ben, one part of this constraint does not apply to encrypted MPIs the draft says. -- peter */
587	return 0;
588	}
589
590	*pbn=BN_bin2bn(buf,length,NULL);
591	return 1;
592	}
593
594	/** Read some data with a New-Format length from reader.
595	*
596	* \sa Internet-Draft RFC2440bis-13.txt Section 4.2.2
597	*
598	* \param *length Where the decoded length will be put
599	* \param *pinfo How to parse
600	* \return ops_true if OK, else ops_false
601	*
602	*/
603
604	static ops_boolean_t read_new_length(unsigned length,ops_parse_info_t pinfo)
605	{
606	unsigned char c[1];
607
608	if(base_read(c,1,pinfo) != 1)
609	return ops_false;
610	if(c[0] < 192)
611	{
612	*length=c[0];
613	return ops_true;
614	}
615	if(c[0] < 255)
616	{
617	unsigned t=(c[0]-192) << 8;
618
619	if(base_read(c,1,pinfo) != 1)
620	return ops_false;
621	*length=t+c[0]+192;
622	return ops_true;
623	}
624	return _read_scalar(length,4,pinfo);
625	}
626
627	/** Read the length information for a new format Packet Tag.
628	*
629	* New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and
630	* decodes it to the proper length information.
631	*
632	* This function makes sure to respect packet boundaries.
633	*
634	* \param *length return the length here
635	* \param *ptag Pointer to current packet's Packet Tag.
636	* \param *reader Our reader
637	* \param *cb The callback
638	* \return 1 on success, 0 on error (by limited_read_scalar() or limited_read() or if the MPI is not properly formed (XXX
639	* see comment below)
640	*
641	* \see RFC2440bis-12 4.2.2
642	* \see ops_ptag_t
643	*/
644	static int limited_read_new_length(unsigned length,ops_region_t region,
645	ops_parse_info_t *pinfo)
646	{
647	unsigned char c[1];
648
649	if(!limited_read(c,1,region,pinfo))
650	return 0;
651	if(c[0] < 192)
652	{
653	*length=c[0];
654	return 1;
655	}
656	if(c[0] < 255)
657	{
658	unsigned t=(c[0]-192) << 8;
659
660	if(!limited_read(c,1,region,pinfo))
661	return 0;
662	*length=t+c[0]+192;
663	return 1;
664	}
665	return limited_read_scalar(length,4,region,pinfo);
666	}
667
668	static void data_free(ops_data_t *data)
669	{
670	free(data->contents);
671	data->contents=NULL;
672	data->len=0;
673	}
674
675	static void string_free(char **str)
676	{
677	free(*str);
678	*str=NULL;
679	}
680
681	/! Free packet memory, set pointer to NULL /
682	void ops_packet_free(ops_packet_t *packet)
683	{
684	free(packet->raw);
685	packet->raw=NULL;
686	}
687
688	void ops_headers_free(ops_headers_t *headers)
689	{
690	unsigned n;
691
692	for(n=0 ; n < headers->nheaders ; ++n)
693	{
694	free(headers->headers[n].key);
695	free(headers->headers[n].value);
696	}
697	free(headers->headers);
698	headers->headers=NULL;
699	}
700
701	void ops_signed_cleartext_trailer_free(ops_signed_cleartext_trailer_t *trailer)
702	{
703	free(trailer->hash);
704	trailer->hash=NULL;
705	}
706
707	void ops_cmd_get_passphrase_free(ops_secret_key_passphrase_t *skp)
708	{
709	// \todo check whether skp->passphrase should be static/dynamic
710	if (skp->passphrase && *skp->passphrase)
711	free(*(skp->passphrase));
712	*(skp->passphrase)=NULL;
713	}
714
715	/! Free any memory allocated when parsing the packet content /
716	void ops_parser_content_free(ops_parser_content_t *c)
717	{
718	switch(c->tag)
719	{
720	case OPS_PARSER_PTAG:
721	case OPS_PTAG_CT_COMPRESSED:
722	case OPS_PTAG_SS_CREATION_TIME:
723	case OPS_PTAG_SS_EXPIRATION_TIME:
724	case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
725	case OPS_PTAG_SS_TRUST:
726	case OPS_PTAG_SS_ISSUER_KEY_ID:
727	case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
728	case OPS_PTAG_SS_PRIMARY_USER_ID:
729	case OPS_PTAG_SS_REVOCABLE:
730	case OPS_PTAG_SS_REVOCATION_KEY:
731	case OPS_PTAG_CT_LITERAL_DATA_HEADER:
732	case OPS_PTAG_CT_LITERAL_DATA_BODY:
733	case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY:
734	case OPS_PTAG_CT_UNARMOURED_TEXT:
735	case OPS_PTAG_CT_ARMOUR_TRAILER:
736	case OPS_PTAG_CT_SIGNATURE_HEADER:
737	case OPS_PTAG_CT_SE_DATA_HEADER:
738	case OPS_PTAG_CT_SE_IP_DATA_HEADER:
739	case OPS_PTAG_CT_SE_IP_DATA_BODY:
740	case OPS_PTAG_CT_MDC:
741	case OPS_PARSER_CMD_GET_SECRET_KEY:
742	break;
743
744	case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER:
745	ops_headers_free(&c->content.signed_cleartext_header.headers);
746	break;
747
748	case OPS_PTAG_CT_ARMOUR_HEADER:
749	ops_headers_free(&c->content.armour_header.headers);
750	break;
751
752	case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER:
753	ops_signed_cleartext_trailer_free(&c->content.signed_cleartext_trailer);
754	break;
755
756	case OPS_PTAG_CT_TRUST:
757	ops_trust_free(&c->content.trust);
758	break;
759
760	case OPS_PTAG_CT_SIGNATURE:
761	case OPS_PTAG_CT_SIGNATURE_FOOTER:
762	ops_signature_free(&c->content.signature);
763	break;
764
765	case OPS_PTAG_CT_PUBLIC_KEY:
766	case OPS_PTAG_CT_PUBLIC_SUBKEY:
767	ops_public_key_free(&c->content.public_key);
768	break;
769
770	case OPS_PTAG_CT_USER_ID:
771	ops_user_id_free(&c->content.user_id);
772	break;
773
774	case OPS_PTAG_SS_SIGNERS_USER_ID:
775	ops_user_id_free(&c->content.ss_signers_user_id);
776	break;
777
778	case OPS_PTAG_CT_USER_ATTRIBUTE:
779	ops_user_attribute_free(&c->content.user_attribute);
780	break;
781
782	case OPS_PTAG_SS_PREFERRED_SKA:
783	ops_ss_preferred_ska_free(&c->content.ss_preferred_ska);
784	break;
785
786	case OPS_PTAG_SS_PREFERRED_HASH:
787	ops_ss_preferred_hash_free(&c->content.ss_preferred_hash);
788	break;
789
790	case OPS_PTAG_SS_PREFERRED_COMPRESSION:
791	ops_ss_preferred_compression_free(&c->content.ss_preferred_compression);
792	break;
793
794	case OPS_PTAG_SS_KEY_FLAGS:
795	ops_ss_key_flags_free(&c->content.ss_key_flags);
796	break;
797
798	case OPS_PTAG_SS_KEY_SERVER_PREFS:
799	ops_ss_key_server_prefs_free(&c->content.ss_key_server_prefs);
800	break;
801
802	case OPS_PTAG_SS_FEATURES:
803	ops_ss_features_free(&c->content.ss_features);
804	break;
805
806	case OPS_PTAG_SS_NOTATION_DATA:
807	ops_ss_notation_data_free(&c->content.ss_notation_data);
808	break;
809
810	case OPS_PTAG_SS_REGEXP:
811	ops_ss_regexp_free(&c->content.ss_regexp);
812	break;
813
814	case OPS_PTAG_SS_POLICY_URL:
815	ops_ss_policy_url_free(&c->content.ss_policy_url);
816	break;
817
818	case OPS_PTAG_SS_PREFERRED_KEY_SERVER:
819	ops_ss_preferred_key_server_free(&c->content.ss_preferred_key_server);
820	break;
821
822	case OPS_PTAG_SS_USERDEFINED00:
823	case OPS_PTAG_SS_USERDEFINED01:
824	case OPS_PTAG_SS_USERDEFINED02:
825	case OPS_PTAG_SS_USERDEFINED03:
826	case OPS_PTAG_SS_USERDEFINED04:
827	case OPS_PTAG_SS_USERDEFINED05:
828	case OPS_PTAG_SS_USERDEFINED06:
829	case OPS_PTAG_SS_USERDEFINED07:
830	case OPS_PTAG_SS_USERDEFINED08:
831	case OPS_PTAG_SS_USERDEFINED09:
832	case OPS_PTAG_SS_USERDEFINED10:
833	ops_ss_userdefined_free(&c->content.ss_userdefined);
834	break;
835
836	case OPS_PTAG_SS_RESERVED:
837	ops_ss_reserved_free(&c->content.ss_unknown);
838	break;
839
840	case OPS_PTAG_SS_REVOCATION_REASON:
841	ops_ss_revocation_reason_free(&c->content.ss_revocation_reason);
842	break;
843
844	case OPS_PARSER_PACKET_END:
845	ops_packet_free(&c->content.packet);
846	break;
847
848	case OPS_PARSER_ERROR:
849	case OPS_PARSER_ERRCODE:
850	break;
851
852	case OPS_PTAG_CT_SECRET_KEY:
853	case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY:
854	ops_secret_key_free(&c->content.secret_key);
855	break;
856
857	case OPS_PTAG_CT_PK_SESSION_KEY:
858	case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY:
859	ops_pk_session_key_free(&c->content.pk_session_key);
860	break;
861
862	case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
863	ops_cmd_get_passphrase_free(&c->content.secret_key_passphrase);
864	break;
865
866	default:
867	fprintf(stderr,"Can't free %d (0x%x)\n",c->tag,c->tag);
868	assert(0);
869	}
870	}
871
872	static void free_BN(BIGNUM **pp)
873	{
874	BN_free(*pp);
875	*pp=NULL;
876	}
877
878	void ops_pk_session_key_free(ops_pk_session_key_t *sk)
879	{
880	switch(sk->algorithm)
881	{
882	case OPS_PKA_RSA:
883	free_BN(&sk->parameters.rsa.encrypted_m);
884	break;
885
886	case OPS_PKA_ELGAMAL:
887	free_BN(&sk->parameters.elgamal.g_to_k);
888	free_BN(&sk->parameters.elgamal.encrypted_m);
889	break;
890
891	default:
892	assert(0);
893	}
894	}
895
896	/! Free the memory used when parsing a public key /
897	void ops_public_key_free(ops_public_key_t *p)
898	{
899	switch(p->algorithm)
900	{
901	case OPS_PKA_RSA:
902	case OPS_PKA_RSA_ENCRYPT_ONLY:
903	case OPS_PKA_RSA_SIGN_ONLY:
904	free_BN(&p->key.rsa.n);
905	free_BN(&p->key.rsa.e);
906	break;
907
908	case OPS_PKA_DSA:
909	free_BN(&p->key.dsa.p);
910	free_BN(&p->key.dsa.q);
911	free_BN(&p->key.dsa.g);
912	free_BN(&p->key.dsa.y);
913	break;
914
915	case OPS_PKA_ELGAMAL:
916	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
917	free_BN(&p->key.elgamal.p);
918	free_BN(&p->key.elgamal.g);
919	free_BN(&p->key.elgamal.y);
920	break;
921
922	default:
923	assert(0);
924	}
925	}
926
927	static int parse_public_key_data(ops_public_key_t key,ops_region_t region,
928	ops_parse_info_t *pinfo)
929	{
930	// ops_parser_content_t content;
931	unsigned char c[1];
932
933	assert (region->length_read == 0); /* We should not have read anything so far */
934
935	if(!limited_read(c,1,region,pinfo))
936	return 0;
937	key->version=c[0];
938	if(key->version < 2 \|\| key->version > 4)
939	{
940	OPS_ERROR_1(&pinfo->errors,OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN,
941	"Bad public key version (0x%02x)",key->version);
942	return 0;
943	}
944
945	if(!limited_read_time(&key->creation_time,region,pinfo))
946	return 0;
947
948	key->days_valid=0;
949	if((key->version == 2 \|\| key->version == 3)
950	&& !limited_read_scalar(&key->days_valid,2,region,pinfo))
951	return 0;
952
953	if(!limited_read(c,1,region,pinfo))
954	return 0;
955
956	key->algorithm=c[0];
957
958	switch(key->algorithm)
959	{
960	case OPS_PKA_DSA:
961	if(!limited_read_mpi(&key->key.dsa.p,region,pinfo)
962	\|\| !limited_read_mpi(&key->key.dsa.q,region,pinfo)
963	\|\| !limited_read_mpi(&key->key.dsa.g,region,pinfo)
964	\|\| !limited_read_mpi(&key->key.dsa.y,region,pinfo))
965	return 0;
966	break;
967
968	case OPS_PKA_RSA:
969	case OPS_PKA_RSA_ENCRYPT_ONLY:
970	case OPS_PKA_RSA_SIGN_ONLY:
971	if(!limited_read_mpi(&key->key.rsa.n,region,pinfo)
972	\|\| !limited_read_mpi(&key->key.rsa.e,region,pinfo))
973	return 0;
974	break;
975
976	case OPS_PKA_ELGAMAL:
977	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
978	if(!limited_read_mpi(&key->key.elgamal.p,region,pinfo)
979	\|\| !limited_read_mpi(&key->key.elgamal.g,region,pinfo)
980	\|\| !limited_read_mpi(&key->key.elgamal.y,region,pinfo))
981	return 0;
982	break;
983
984	default:
985	OPS_ERROR_1(&pinfo->errors,OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,"Unsupported Public Key algorithm (%s)",ops_show_pka(key->algorithm));
986	return 0;
987	}
988
989	return 1;
990	}
991
992
993	/** Parse a public key packet.
994	*
995	* This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys.
996	*
997	* Once the key has been parsed successfully, it is passed to the callback.
998	*
999	* \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet.
1000	* \param *reader Our reader
1001	* \param *cb The callback
1002	* \return 1 on success, 0 on error
1003	*
1004	* \see RFC2440bis-12 5.5.2
1005	*/
1006	static int parse_public_key(ops_content_tag_t tag,ops_region_t *region,
1007	ops_parse_info_t *pinfo)
1008	{
1009	ops_parser_content_t content;
1010
1011	if(!parse_public_key_data(&C.public_key,region,pinfo))
1012	return 0;
1013
1014	// XXX: this test should be done for all packets, surely?
1015	if(region->length_read != region->length)
1016	{
1017	OPS_ERROR_1(&pinfo->errors,OPS_E_R_UNCONSUMED_DATA,
1018	"Unconsumed data (%d)", region->length-region->length_read);
1019	return 0;
1020	}
1021
1022	CBP(pinfo,tag,&content);
1023
1024	return 1;
1025	}
1026
1027
1028	/! Free the memory used when parsing this signature sub-packet type /
1029	void ops_ss_regexp_free(ops_ss_regexp_t *regexp)
1030	{
1031	string_free(&regexp->text);
1032	}
1033
1034	/! Free the memory used when parsing this signature sub-packet type /
1035	void ops_ss_policy_url_free(ops_ss_policy_url_t *policy_url)
1036	{
1037	string_free(&policy_url->text);
1038	}
1039
1040	/! Free the memory used when parsing this signature sub-packet type /
1041	void ops_ss_preferred_key_server_free(ops_ss_preferred_key_server_t *preferred_key_server)
1042	{
1043	string_free(&preferred_key_server->text);
1044	}
1045
1046	/! Free the memory used when parsing this packet type /
1047	void ops_user_attribute_free(ops_user_attribute_t *user_att)
1048	{
1049	data_free(&user_att->data);
1050	}
1051
1052	/** Parse one user attribute packet.
1053	*
1054	* User attribute packets contain one or more attribute subpackets.
1055	* For now, handle the whole packet as raw data.
1056	*/
1057
1058	static int parse_user_attribute(ops_region_t region, ops_parse_info_t pinfo)
1059	{
1060
1061	ops_parser_content_t content;
1062
1063	/* xxx- treat as raw data for now. Could break down further
1064	into attribute sub-packets later - rachel */
1065
1066	assert(region->length_read == 0); /* We should not have read anything so far */
1067
1068	if(!read_data(&C.user_attribute.data,region,pinfo))
1069	return 0;
1070
1071	CBP(pinfo,OPS_PTAG_CT_USER_ATTRIBUTE,&content);
1072
1073	return 1;
1074	}
1075
1076	/! Free the memory used when parsing this packet type /
1077	void ops_user_id_free(ops_user_id_t *id)
1078	{
1079	free(id->user_id);
1080	id->user_id=NULL;
1081	}
1082
1083	/** Parse a user id.
1084	*
1085	* This function parses an user id packet, which is basically just a char array the size of the packet.
1086	*
1087	* The char array is to be treated as an UTF-8 string.
1088	*
1089	* The userid gets null terminated by this function. Freeing it is the responsibility of the caller.
1090	*
1091	* Once the userid has been parsed successfully, it is passed to the callback.
1092	*
1093	* \param *ptag Pointer to the Packet Tag. This function should consume the entire packet.
1094	* \param *reader Our reader
1095	* \param *cb The callback
1096	* \return 1 on success, 0 on error
1097	*
1098	* \see RFC2440bis-12 5.11
1099	*/
1100	static int parse_user_id(ops_region_t region,ops_parse_info_t pinfo)
1101	{
1102	ops_parser_content_t content;
1103
1104	assert(region->length_read == 0); /* We should not have read anything so far */
1105
1106	C.user_id.user_id=malloc(region->length+1); /* XXX should we not like check malloc's return value? */
1107
1108	if(region->length && !limited_read(C.user_id.user_id,region->length,region,
1109	pinfo))
1110	return 0;
1111
1112	C.user_id.user_id[region->length]='\0'; /* terminate the string */
1113
1114	CBP(pinfo,OPS_PTAG_CT_USER_ID,&content);
1115
1116	return 1;
1117	}
1118
1119	/**
1120	* \ingroup Memory
1121	*
1122	* Free the memory used when parsing a private/experimental PKA signature
1123	*
1124	* \param unknown_sig
1125	*/
1126	void free_unknown_sig_pka(ops_unknown_signature_t *unknown_sig)
1127	{
1128	data_free(&unknown_sig->data);
1129	}
1130
1131	/**
1132	* \ingroup Memory
1133	*
1134	* Free the memory used when parsing a signature
1135	*
1136	* \param sig
1137	*/
1138	void ops_signature_free(ops_signature_t *sig)
1139	{
1140	switch(sig->key_algorithm)
1141	{
1142	case OPS_PKA_RSA:
1143	case OPS_PKA_RSA_SIGN_ONLY:
1144	free_BN(&sig->signature.rsa.sig);
1145	break;
1146
1147	case OPS_PKA_DSA:
1148	free_BN(&sig->signature.dsa.r);
1149	free_BN(&sig->signature.dsa.s);
1150	break;
1151
1152	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1153	free_BN(&sig->signature.elgamal.r);
1154	free_BN(&sig->signature.elgamal.s);
1155	break;
1156
1157	case OPS_PKA_PRIVATE00:
1158	case OPS_PKA_PRIVATE01:
1159	case OPS_PKA_PRIVATE02:
1160	case OPS_PKA_PRIVATE03:
1161	case OPS_PKA_PRIVATE04:
1162	case OPS_PKA_PRIVATE05:
1163	case OPS_PKA_PRIVATE06:
1164	case OPS_PKA_PRIVATE07:
1165	case OPS_PKA_PRIVATE08:
1166	case OPS_PKA_PRIVATE09:
1167	case OPS_PKA_PRIVATE10:
1168	free_unknown_sig_pka(&sig->signature.unknown);
1169	break;
1170
1171	default:
1172	assert(0);
1173	}
1174	}
1175
1176	/** Parse a version 3 signature.
1177	*
1178	* This function parses an version 3 signature packet, handling RSA and DSA signatures.
1179	*
1180	* Once the signature has been parsed successfully, it is passed to the callback.
1181	*
1182	* \param *ptag Pointer to the Packet Tag. This function should consume the entire packet.
1183	* \param *reader Our reader
1184	* \param *cb The callback
1185	* \return 1 on success, 0 on error
1186	*
1187	* \see RFC2440bis-12 5.2.2
1188	*/
1189	static int parse_v3_signature(ops_region_t *region,
1190	ops_parse_info_t *pinfo)
1191	{
1192	unsigned char c[1];
1193	ops_parser_content_t content;
1194
1195	C.signature.version=OPS_V3;
1196
1197	/* hash info length */
1198	if(!limited_read(c,1,region,pinfo))
1199	return 0;
1200	if(c[0] != 5)
1201	ERRP(pinfo,"bad hash info length");
1202
1203	if(!limited_read(c,1,region,pinfo))
1204	return 0;
1205	C.signature.type=c[0];
1206	/* XXX: check signature type */
1207
1208	if(!limited_read_time(&C.signature.creation_time,region,pinfo))
1209	return 0;
1210	C.signature.creation_time_set=ops_true;
1211
1212	if(!limited_read(C.signature.signer_id,OPS_KEY_ID_SIZE,region,pinfo))
1213	return 0;
1214	C.signature.signer_id_set=ops_true;
1215
1216	if(!limited_read(c,1,region,pinfo))
1217	return 0;
1218	C.signature.key_algorithm=c[0];
1219	/* XXX: check algorithm */
1220
1221	if(!limited_read(c,1,region,pinfo))
1222	return 0;
1223	C.signature.hash_algorithm=c[0];
1224	/* XXX: check algorithm */
1225
1226	if(!limited_read(C.signature.hash2,2,region,pinfo))
1227	return 0;
1228
1229	switch(C.signature.key_algorithm)
1230	{
1231	case OPS_PKA_RSA:
1232	case OPS_PKA_RSA_SIGN_ONLY:
1233	if(!limited_read_mpi(&C.signature.signature.rsa.sig,region,pinfo))
1234	return 0;
1235	break;
1236
1237	case OPS_PKA_DSA:
1238	if(!limited_read_mpi(&C.signature.signature.dsa.r,region,pinfo)
1239	\|\| !limited_read_mpi(&C.signature.signature.dsa.s,region,pinfo))
1240	return 0;
1241	break;
1242
1243	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1244	if(!limited_read_mpi(&C.signature.signature.elgamal.r,region,pinfo)
1245	\|\| !limited_read_mpi(&C.signature.signature.elgamal.s,region,pinfo))
1246	return 0;
1247	break;
1248
1249	default:
1250	OPS_ERROR_1(&pinfo->errors,OPS_E_ALG_UNSUPPORTED_SIGNATURE_KEY_ALG,
1251	"Unsupported signature key algorithm (%s)",
1252	ops_show_pka(C.signature.key_algorithm));
1253	return 0;
1254	}
1255
1256	if(region->length_read != region->length)
1257	{
1258	OPS_ERROR_1(&pinfo->errors,OPS_E_R_UNCONSUMED_DATA,"Unconsumed data (%d)",region->length-region->length_read);
1259	return 0;
1260	}
1261
1262	if(C.signature.signer_id_set)
1263	C.signature.hash=ops_parse_hash_find(pinfo,C.signature.signer_id);
1264
1265	CBP(pinfo,OPS_PTAG_CT_SIGNATURE,&content);
1266
1267	return 1;
1268	}
1269
1270	/** Parse one signature sub-packet.
1271	*
1272	* Version 4 signatures can have an arbitrary amount of (hashed and unhashed) subpackets. Subpackets are used to hold
1273	* optional attributes of subpackets.
1274	*
1275	* This function parses one such signature subpacket.
1276	*
1277	* Once the subpacket has been parsed successfully, it is passed to the callback.
1278	*
1279	* \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket.
1280	* \param *reader Our reader
1281	* \param *cb The callback
1282	* \return 1 on success, 0 on error
1283	*
1284	* \see RFC2440bis-12 5.2.3
1285	*/
1286	static int parse_one_signature_subpacket(ops_signature_t *sig,
1287	ops_region_t *region,
1288	ops_parse_info_t *pinfo)
1289	{
1290	ops_region_t subregion;
1291	unsigned char c[1];
1292	ops_parser_content_t content;
1293	unsigned t8,t7;
1294	ops_boolean_t read=ops_true;
1295	unsigned char bool[1];
1296
1297	ops_init_subregion(&subregion,region);
1298	if(!limited_read_new_length(&subregion.length,region,pinfo))
1299	return 0;
1300
1301	if(subregion.length > region->length)
1302	ERRP(pinfo,"Subpacket too long");
1303
1304	if(!limited_read(c,1,&subregion,pinfo))
1305	return 0;
1306
1307	t8=(c[0]&0x7f)/8;
1308	t7=1 << (c[0]&7);
1309
1310	content.critical=c[0] >> 7;
1311	content.tag=OPS_PTAG_SIGNATURE_SUBPACKET_BASE+(c[0]&0x7f);
1312
1313	/* Application wants it delivered raw */
1314	if(pinfo->ss_raw[t8]&t7)
1315	{
1316	C.ss_raw.tag=content.tag;
1317	C.ss_raw.length=subregion.length-1;
1318	C.ss_raw.raw=malloc(C.ss_raw.length);
1319	if(!limited_read(C.ss_raw.raw,C.ss_raw.length,&subregion,pinfo))
1320	return 0;
1321	CBP(pinfo,OPS_PTAG_RAW_SS,&content);
1322	return 1;
1323	}
1324
1325	switch(content.tag)
1326	{
1327	case OPS_PTAG_SS_CREATION_TIME:
1328	case OPS_PTAG_SS_EXPIRATION_TIME:
1329	case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
1330	if(!limited_read_time(&C.ss_time.time,&subregion,pinfo))
1331	return 0;
1332	if(content.tag == OPS_PTAG_SS_CREATION_TIME)
1333	{
1334	sig->creation_time=C.ss_time.time;
1335	sig->creation_time_set=ops_true;
1336	}
1337	break;
1338
1339	case OPS_PTAG_SS_TRUST:
1340	if(!limited_read(&C.ss_trust.level,1,&subregion,pinfo)
1341	\|\| !limited_read(&C.ss_trust.amount,1,&subregion,pinfo))
1342	return 0;
1343	break;
1344
1345	case OPS_PTAG_SS_REVOCABLE:
1346	if(!limited_read(bool,1,&subregion,pinfo))
1347	return 0;
1348	C.ss_revocable.revocable=!!bool;
1349	break;
1350
1351	case OPS_PTAG_SS_ISSUER_KEY_ID:
1352	if(!limited_read(C.ss_issuer_key_id.key_id,OPS_KEY_ID_SIZE,
1353	&subregion,pinfo))
1354	return 0;
1355	memcpy(sig->signer_id,C.ss_issuer_key_id.key_id,OPS_KEY_ID_SIZE);
1356	sig->signer_id_set=ops_true;
1357	break;
1358
1359	case OPS_PTAG_SS_PREFERRED_SKA:
1360	if(!read_data(&C.ss_preferred_ska.data,&subregion,pinfo))
1361	return 0;
1362	break;
1363
1364	case OPS_PTAG_SS_PREFERRED_HASH:
1365	if(!read_data(&C.ss_preferred_hash.data,&subregion,pinfo))
1366	return 0;
1367	break;
1368
1369	case OPS_PTAG_SS_PREFERRED_COMPRESSION:
1370	if(!read_data(&C.ss_preferred_compression.data,&subregion,pinfo))
1371	return 0;
1372	break;
1373
1374	case OPS_PTAG_SS_PRIMARY_USER_ID:
1375	if(!limited_read (bool,1,&subregion,pinfo))
1376	return 0;
1377	C.ss_primary_user_id.primary_user_id = !!bool;
1378	break;
1379
1380	case OPS_PTAG_SS_KEY_FLAGS:
1381	if(!read_data(&C.ss_key_flags.data,&subregion,pinfo))
1382	return 0;
1383	break;
1384
1385	case OPS_PTAG_SS_KEY_SERVER_PREFS:
1386	if(!read_data(&C.ss_key_server_prefs.data,&subregion,pinfo))
1387	return 0;
1388	break;
1389
1390	case OPS_PTAG_SS_FEATURES:
1391	if(!read_data(&C.ss_features.data,&subregion,pinfo))
1392	return 0;
1393	break;
1394
1395	case OPS_PTAG_SS_SIGNERS_USER_ID:
1396	if(!read_unsigned_string(&C.ss_signers_user_id.user_id,&subregion,pinfo))
1397	return 0;
1398	break;
1399
1400	case OPS_PTAG_SS_NOTATION_DATA:
1401	if(!limited_read_data(&C.ss_notation_data.flags,4,&subregion,pinfo))
1402	return 0;
1403	if(!limited_read_size_t_scalar(&C.ss_notation_data.name.len,2,
1404	&subregion,pinfo))
1405	return 0;
1406	if(!limited_read_size_t_scalar(&C.ss_notation_data.value.len,2,
1407	&subregion,pinfo))
1408	return 0;
1409	if(!limited_read_data(&C.ss_notation_data.name,
1410	C.ss_notation_data.name.len,&subregion,pinfo))
1411	return 0;
1412	if(!limited_read_data(&C.ss_notation_data.value,
1413	C.ss_notation_data.value.len,&subregion,pinfo))
1414	return 0;
1415	break;
1416
1417	case OPS_PTAG_SS_POLICY_URL:
1418	if(!read_string(&C.ss_policy_url.text,&subregion,pinfo))
1419	return 0;
1420	break;
1421
1422	case OPS_PTAG_SS_REGEXP:
1423	if(!read_string(&C.ss_regexp.text,&subregion, pinfo))
1424	return 0;
1425	break;
1426
1427	case OPS_PTAG_SS_PREFERRED_KEY_SERVER:
1428	if(!read_string(&C.ss_preferred_key_server.text,&subregion,pinfo))
1429	return 0;
1430	break;
1431
1432	case OPS_PTAG_SS_USERDEFINED00:
1433	case OPS_PTAG_SS_USERDEFINED01:
1434	case OPS_PTAG_SS_USERDEFINED02:
1435	case OPS_PTAG_SS_USERDEFINED03:
1436	case OPS_PTAG_SS_USERDEFINED04:
1437	case OPS_PTAG_SS_USERDEFINED05:
1438	case OPS_PTAG_SS_USERDEFINED06:
1439	case OPS_PTAG_SS_USERDEFINED07:
1440	case OPS_PTAG_SS_USERDEFINED08:
1441	case OPS_PTAG_SS_USERDEFINED09:
1442	case OPS_PTAG_SS_USERDEFINED10:
1443	if(!read_data(&C.ss_userdefined.data,&subregion,pinfo))
1444	return 0;
1445	break;
1446
1447	case OPS_PTAG_SS_RESERVED:
1448	if(!read_data(&C.ss_unknown.data,&subregion,pinfo))
1449	return 0;
1450	break;
1451
1452	case OPS_PTAG_SS_REVOCATION_REASON:
1453	/* first byte is the machine-readable code */
1454	if(!limited_read(&C.ss_revocation_reason.code,1,&subregion,pinfo))
1455	return 0;
1456
1457	/* the rest is a human-readable UTF-8 string */
1458	if(!read_string(&C.ss_revocation_reason.text,&subregion,pinfo))
1459	return 0;
1460	break;
1461
1462	case OPS_PTAG_SS_REVOCATION_KEY:
1463	/* octet 0 = class. Bit 0x80 must be set */
1464	if(!limited_read (&C.ss_revocation_key.class,1,&subregion,pinfo))
1465	return 0;
1466	if(!(C.ss_revocation_key.class&0x80))
1467	{
1468	printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: "
1469	"Bit 0x80 should be set\n");
1470	return 0;
1471	}
1472
1473	/* octet 1 = algid */
1474	if(!limited_read(&C.ss_revocation_key.algid,1,&subregion,pinfo))
1475	return 0;
1476
1477	/* octets 2-21 = fingerprint */
1478	if(!limited_read(&C.ss_revocation_key.fingerprint[0],20,&subregion,
1479	pinfo))
1480	return 0;
1481	break;
1482
1483	default:
1484	if(pinfo->ss_parsed[t8]&t7)
1485	OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_UNKNOWN_SS,
1486	"Unknown signature subpacket type (%d)", c[0]&0x7f);
1487	read=ops_false;
1488	break;
1489	}
1490
1491	/* Application doesn't want it delivered parsed */
1492	if(!(pinfo->ss_parsed[t8]&t7))
1493	{
1494	if(content.critical)
1495	OPS_ERROR_1(&pinfo->errors,OPS_E_PROTO_CRITICAL_SS_IGNORED,
1496	"Critical signature subpacket ignored (%d)",
1497	c[0]&0x7f);
1498	if(!read && !limited_skip(subregion.length-1,&subregion,pinfo))
1499	return 0;
1500	// printf("skipped %d length %d\n",c[0]&0x7f,subregion.length);
1501	if(read)
1502	ops_parser_content_free(&content);
1503	return 1;
1504	}
1505
1506	if(read && subregion.length_read != subregion.length)
1507	{
1508	OPS_ERROR_1(&pinfo->errors,OPS_E_R_UNCONSUMED_DATA,
1509	"Unconsumed data (%d)",
1510	subregion.length-subregion.length_read);
1511	return 0;
1512	}
1513
1514	CBP(pinfo,content.tag,&content);
1515
1516	return 1;
1517	}
1518
1519	/! Free the memory used when parsing this signature sub-packet type /
1520	void ops_ss_preferred_ska_free(ops_ss_preferred_ska_t *ss_preferred_ska)
1521	{
1522	data_free(&ss_preferred_ska->data);
1523	}
1524
1525	/! Free the memory used when parsing this signature sub-packet type /
1526	void ops_ss_preferred_hash_free(ops_ss_preferred_hash_t *ss_preferred_hash)
1527	{
1528	data_free(&ss_preferred_hash->data);
1529	}
1530
1531	/! Free the memory used when parsing this signature sub-packet type /
1532	void ops_ss_preferred_compression_free(ops_ss_preferred_compression_t *ss_preferred_compression)
1533	{
1534	data_free(&ss_preferred_compression->data);
1535	}
1536
1537	/! Free the memory used when parsing this signature sub-packet type /
1538	void ops_ss_key_flags_free(ops_ss_key_flags_t *ss_key_flags)
1539	{
1540	data_free(&ss_key_flags->data);
1541	}
1542
1543	/! Free the memory used when parsing this signature sub-packet type /
1544	void ops_ss_features_free(ops_ss_features_t *ss_features)
1545	{
1546	data_free(&ss_features->data);
1547	}
1548
1549	/! Free the memory used when parsing this signature sub-packet type /
1550	void ops_ss_key_server_prefs_free(ops_ss_key_server_prefs_t *ss_key_server_prefs)
1551	{
1552	data_free(&ss_key_server_prefs->data);
1553	}
1554
1555	/** Parse several signature subpackets.
1556	*
1557	* Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set.
1558	* This function parses this length and then calls parse_one_signature_subpacket() for each subpacket until the
1559	* entire set is consumed.
1560	*
1561	* This function does not call the callback directly, parse_one_signature_subpacket() does for each subpacket.
1562	*
1563	* \param *ptag Pointer to the Packet Tag.
1564	* \param *reader Our reader
1565	* \param *cb The callback
1566	* \return 1 on success, 0 on error
1567	*
1568	* \see RFC2440bis-12 5.2.3
1569	*/
1570	static int parse_signature_subpackets(ops_signature_t *sig,
1571	ops_region_t *region,
1572	ops_parse_info_t *pinfo)
1573	{
1574	ops_region_t subregion;
1575	ops_parser_content_t content;
1576
1577	ops_init_subregion(&subregion,region);
1578	if(!limited_read_scalar(&subregion.length,2,region,pinfo))
1579	return 0;
1580
1581	if(subregion.length > region->length)
1582	ERRP(pinfo,"Subpacket set too long");
1583
1584	while(subregion.length_read < subregion.length)
1585	if(!parse_one_signature_subpacket(sig,&subregion,pinfo))
1586	return 0;
1587
1588	if(subregion.length_read != subregion.length)
1589	{
1590	if(!limited_skip(subregion.length-subregion.length_read,&subregion,
1591	pinfo))
1592	ERRP(pinfo,"Read failed while recovering from subpacket length mismatch");
1593	ERRP(pinfo,"Subpacket length mismatch");
1594	}
1595
1596	return 1;
1597	}
1598
1599	/** Parse a version 4 signature.
1600	*
1601	* This function parses a version 4 signature including all its hashed and unhashed subpackets.
1602	*
1603	* Once the signature packet has been parsed successfully, it is passed to the callback.
1604	*
1605	* \param *ptag Pointer to the Packet Tag.
1606	* \param *reader Our reader
1607	* \param *cb The callback
1608	* \return 1 on success, 0 on error
1609	*
1610	* \see RFC2440bis-12 5.2.3
1611	*/
1612	static int parse_v4_signature(ops_region_t region,ops_parse_info_t pinfo,
1613	size_t v4_hashed_data_start)
1614	{
1615	unsigned char c[1];
1616	ops_parser_content_t content;
1617
1618	memset(&C.signature,'\0',sizeof C.signature);
1619	C.signature.version=OPS_V4;
1620	C.signature.v4_hashed_data_start=v4_hashed_data_start;
1621
1622	if(!limited_read(c,1,region,pinfo))
1623	return 0;
1624	C.signature.type=c[0];
1625	/* XXX: check signature type */
1626
1627	if(!limited_read(c,1,region,pinfo))
1628	return 0;
1629	C.signature.key_algorithm=c[0];
1630	/* XXX: check algorithm */
1631
1632	if(!limited_read(c,1,region,pinfo))
1633	return 0;
1634	C.signature.hash_algorithm=c[0];
1635	/* XXX: check algorithm */
1636
1637	CBP(pinfo,OPS_PTAG_CT_SIGNATURE_HEADER,&content);
1638
1639	if(!parse_signature_subpackets(&C.signature,region,pinfo))
1640	return 0;
1641	C.signature.v4_hashed_data_length=pinfo->rinfo.alength
1642	-C.signature.v4_hashed_data_start;
1643
1644	if(!parse_signature_subpackets(&C.signature,region,pinfo))
1645	return 0;
1646
1647	if(!limited_read(C.signature.hash2,2,region,pinfo))
1648	return 0;
1649
1650	switch(C.signature.key_algorithm)
1651	{
1652	case OPS_PKA_RSA:
1653	if(!limited_read_mpi(&C.signature.signature.rsa.sig,region,pinfo))
1654	return 0;
1655	break;
1656
1657	case OPS_PKA_DSA:
1658	if(!limited_read_mpi(&C.signature.signature.dsa.r,region,pinfo))
1659	ERRP(pinfo,"Error reading DSA r field in signature");
1660	if (!limited_read_mpi(&C.signature.signature.dsa.s,region,pinfo))
1661	ERRP(pinfo,"Error reading DSA s field in signature");
1662	break;
1663
1664	case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1665	if(!limited_read_mpi(&C.signature.signature.elgamal.r,region,pinfo)
1666	\|\| !limited_read_mpi(&C.signature.signature.elgamal.s,region,pinfo))
1667	return 0;
1668	break;
1669
1670	case OPS_PKA_PRIVATE00:
1671	case OPS_PKA_PRIVATE01:
1672	case OPS_PKA_PRIVATE02:
1673	case OPS_PKA_PRIVATE03:
1674	case OPS_PKA_PRIVATE04:
1675	case OPS_PKA_PRIVATE05:
1676	case OPS_PKA_PRIVATE06:
1677	case OPS_PKA_PRIVATE07:
1678	case OPS_PKA_PRIVATE08:
1679	case OPS_PKA_PRIVATE09:
1680	case OPS_PKA_PRIVATE10:
1681	if (!read_data(&C.signature.signature.unknown.data,region,pinfo))
1682	return 0;
1683	break;
1684
1685	default:
1686	OPS_ERROR_1(&pinfo->errors,OPS_E_ALG_UNSUPPORTED_SIGNATURE_KEY_ALG,
1687	"Bad v4 signature key algorithm (%s)",
1688	ops_show_pka(C.signature.key_algorithm));
1689	return 0;
1690	}
1691
1692	if(region->length_read != region->length)
1693	{
1694	OPS_ERROR_1(&pinfo->errors,OPS_E_R_UNCONSUMED_DATA,
1695	"Unconsumed data (%d)",
1696	region->length-region->length_read);
1697	return 0;
1698	}
1699
1700	CBP(pinfo,OPS_PTAG_CT_SIGNATURE_FOOTER,&content);
1701
1702	return 1;
1703	}
1704
1705	/** Parse a signature subpacket.
1706	*
1707	* This function calls the appropriate function to handle v3 or v4 signatures.
1708	*
1709	* Once the signature packet has been parsed successfully, it is passed to the callback.
1710	*
1711	* \param *ptag Pointer to the Packet Tag.
1712	* \param *reader Our reader
1713	* \param *cb The callback
1714	* \return 1 on success, 0 on error
1715	*/
1716	static int parse_signature(ops_region_t region,ops_parse_info_t pinfo)
1717	{
1718	unsigned char c[1];
1719	ops_parser_content_t content;
1720	size_t v4_hashed_data_start;
1721
1722	assert(region->length_read == 0); /* We should not have read anything so far */
1723
1724	memset(&content,'\0',sizeof content);
1725
1726	v4_hashed_data_start=pinfo->rinfo.alength;
1727	if(!limited_read(c,1,region,pinfo))
1728	return 0;
1729
1730	if(c[0] == 2 \|\| c[0] == 3)
1731	return parse_v3_signature(region,pinfo);
1732	else if(c[0] == 4)
1733	return parse_v4_signature(region,pinfo,v4_hashed_data_start);
1734
1735	OPS_ERROR_1(&pinfo->errors,OPS_E_PROTO_BAD_SIGNATURE_VRSN,
1736	"Bad signature version (%d)",c[0]);
1737	return 0;
1738	}
1739
1740	static int parse_compressed(ops_region_t region,ops_parse_info_t pinfo)
1741	{
1742	unsigned char c[1];
1743	ops_parser_content_t content;
1744
1745	if(!limited_read(c,1,region,pinfo))
1746	return 0;
1747
1748	C.compressed.type=c[0];
1749
1750	CBP(pinfo,OPS_PTAG_CT_COMPRESSED,&content);
1751
1752	/* The content of a compressed data packet is more OpenPGP packets
1753	once decompressed, so recursively handle them */
1754
1755	return ops_decompress(region,pinfo,C.compressed.type);
1756	}
1757
1758	static int parse_one_pass(ops_region_t region,ops_parse_info_t pinfo)
1759	{
1760	unsigned char c[1];
1761	ops_parser_content_t content;
1762
1763	if(!limited_read(&C.one_pass_signature.version,1,region,pinfo))
1764	return 0;
1765	if(C.one_pass_signature.version != 3)
1766	{
1767	OPS_ERROR_1(&pinfo->errors,OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN,
1768	"Bad one-pass signature version (%d)",
1769	C.one_pass_signature.version);
1770	return 0;
1771	}
1772
1773	if(!limited_read(c,1,region,pinfo))
1774	return 0;
1775	C.one_pass_signature.sig_type=c[0];
1776
1777	if(!limited_read(c,1,region,pinfo))
1778	return 0;
1779	C.one_pass_signature.hash_algorithm=c[0];
1780
1781	if(!limited_read(c,1,region,pinfo))
1782	return 0;
1783	C.one_pass_signature.key_algorithm=c[0];
1784
1785	if(!limited_read(C.one_pass_signature.keyid,
1786	sizeof C.one_pass_signature.keyid,region,pinfo))
1787	return 0;
1788
1789	if(!limited_read(c,1,region,pinfo))
1790	return 0;
1791	C.one_pass_signature.nested=!!c[0];
1792
1793	CBP(pinfo,OPS_PTAG_CT_ONE_PASS_SIGNATURE,&content);
1794
1795	// XXX: we should, perhaps, let the app choose whether to hash or not
1796	ops_parse_hash_init(pinfo,C.one_pass_signature.hash_algorithm,
1797	C.one_pass_signature.keyid);
1798
1799	return 1;
1800	}
1801
1802	/! Free the memory used when parsing this signature sub-packet type /
1803	void ops_ss_userdefined_free(ops_ss_userdefined_t *ss_userdefined)
1804	{
1805	data_free(&ss_userdefined->data);
1806	}
1807
1808	/! Free the memory used when parsing this signature sub-packet type /
1809	void ops_ss_reserved_free(ops_ss_unknown_t *ss_unknown)
1810	{
1811	data_free(&ss_unknown->data);
1812	}
1813
1814	/! Free the memory used when parsing this signature sub-packet type /
1815	void ops_ss_notation_data_free(ops_ss_notation_data_t *ss_notation_data)
1816	{
1817	data_free(&ss_notation_data->name);
1818	data_free(&ss_notation_data->value);
1819	}
1820
1821	/! Free the memory used when parsing this signature sub-packet type /
1822	void ops_ss_revocation_reason_free(ops_ss_revocation_reason_t *ss_revocation_reason)
1823	{
1824	string_free(&ss_revocation_reason->text);
1825	}
1826
1827	/! Free the memory used when parsing this packet type /
1828	void ops_trust_free(ops_trust_t *trust)
1829	{
1830	data_free(&trust->data);
1831	}
1832
1833	static int
1834	parse_trust (ops_region_t region, ops_parse_info_t pinfo)
1835	{
1836	ops_parser_content_t content;
1837
1838	if(!read_data(&C.trust.data,region,pinfo))
1839	return 0;
1840
1841	CBP(pinfo,OPS_PTAG_CT_TRUST, &content);
1842
1843	return 1;
1844	}
1845
1846	static int parse_literal_data(ops_region_t region,ops_parse_info_t pinfo)
1847	{
1848	ops_parser_content_t content;
1849	unsigned char c[1];
1850
1851	if(!limited_read(c,1,region,pinfo))
1852	return 0;
1853	C.literal_data_header.format=c[0];
1854
1855	if(!limited_read(c,1,region,pinfo))
1856	return 0;
1857	if(!limited_read((unsigned char *)C.literal_data_header.filename,c[0],
1858	region,pinfo))
1859	return 0;
1860	C.literal_data_header.filename[c[0]]='\0';
1861
1862	if(!limited_read_time(&C.literal_data_header.modification_time,region,pinfo))
1863	return 0;
1864
1865	CBP(pinfo,OPS_PTAG_CT_LITERAL_DATA_HEADER,&content);
1866
1867	while(region->length_read < region->length)
1868	{
1869	unsigned l=region->length-region->length_read;
1870
1871	if(l > sizeof C.literal_data_body.data)
1872	l=sizeof C.literal_data_body.data;
1873
1874	if(!limited_read(C.literal_data_body.data,l,region,pinfo))
1875	return 0;
1876
1877	C.literal_data_body.length=l;
1878
1879	ops_parse_hash_data(pinfo,C.literal_data_body.data,l);
1880
1881	CBP(pinfo,OPS_PTAG_CT_LITERAL_DATA_BODY,&content);
1882	}
1883
1884	return 1;
1885	}
1886
1887	/**
1888	* \ingroup Memory
1889	*
1890	* ops_secret_key_free() frees the memory associated with "key". Note that
1891	* the key itself is not freed.
1892	*
1893	* \param key
1894	*/
1895
1896	void ops_secret_key_free(ops_secret_key_t *key)
1897	{
1898	switch(key->public_key.algorithm)
1899	{
1900	case OPS_PKA_RSA:
1901	case OPS_PKA_RSA_ENCRYPT_ONLY:
1902	case OPS_PKA_RSA_SIGN_ONLY:
1903	free_BN(&key->key.rsa.d);
1904	free_BN(&key->key.rsa.p);
1905	free_BN(&key->key.rsa.q);
1906	free_BN(&key->key.rsa.u);
1907	break;
1908
1909	case OPS_PKA_DSA:
1910	free_BN(&key->key.dsa.x);
1911	break;
1912
1913	default:
1914	fprintf(stderr,"Unknown algorithm: %d\n",key->public_key.algorithm);
1915	assert(0);
1916	}
1917
1918	ops_public_key_free(&key->public_key);
1919	}
1920
1921	static int consume_packet(ops_region_t region,ops_parse_info_t pinfo,
1922	ops_boolean_t warn)
1923	{
1924	ops_data_t remainder;
1925	ops_parser_content_t content;
1926
1927	if(region->indeterminate)
1928	ERRP(pinfo,"Can't consume indeterminate packets");
1929
1930	if(read_data(&remainder,region,pinfo))
1931	{
1932	/* now throw it away */
1933	data_free(&remainder);
1934	if(warn)
1935	ERRCODEP(pinfo,OPS_E_P_PACKET_CONSUMED);
1936	}
1937	else if(warn)
1938	WARNP(pinfo,"Problem consuming remainder of error packet.");
1939	else
1940	{
1941	ERRCODEP(pinfo,OPS_E_P_PACKET_NOT_CONSUMED);
1942	return 0;
1943	}
1944
1945	return 1;
1946	}
1947
1948	static int parse_secret_key(ops_region_t region,ops_parse_info_t pinfo)
1949	{
1950	ops_parser_content_t content;
1951	unsigned char c[1];
1952	ops_crypt_t decrypt;
1953	int ret=1;
1954	ops_region_t encregion;
1955	ops_region_t *saved_region=NULL;
1956	size_t checksum_length=2;
1957	ops_hash_t checkhash;
1958	int blocksize;
1959	ops_boolean_t crypted;
1960
1961	memset(&content,'\0',sizeof content);
1962	if(!parse_public_key_data(&C.secret_key.public_key,region,pinfo))
1963	return 0;
1964
1965	pinfo->reading_v3_secret=C.secret_key.public_key.version != OPS_V4;
1966
1967	if(!limited_read(c,1,region,pinfo))
1968	return 0;
1969	C.secret_key.s2k_usage=c[0];
1970
1971	if(C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
1972	checksum_length=20;
1973
1974	if(C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED
1975	\|\| C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
1976	{
1977	if(!limited_read(c,1,region,pinfo))
1978	return 0;
1979	C.secret_key.algorithm=c[0];
1980
1981	if(!limited_read(c,1,region,pinfo))
1982	return 0;
1983	C.secret_key.s2k_specifier=c[0];
1984
1985	assert(C.secret_key.s2k_specifier == OPS_S2KS_SIMPLE
1986	\|\| C.secret_key.s2k_specifier == OPS_S2KS_SALTED
1987	\|\| C.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED);
1988
1989	if(!limited_read(c,1,region,pinfo))
1990	return 0;
1991	C.secret_key.hash_algorithm=c[0];
1992
1993	if(C.secret_key.s2k_specifier != OPS_S2KS_SIMPLE
1994	&& !limited_read(C.secret_key.salt,8,region,pinfo))
1995	return 0;
1996
1997	if(C.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED)
1998	{
1999	if(!limited_read(c,1,region,pinfo))
2000	return 0;
2001	C.secret_key.octet_count=(16+(c[0]&15)) << ((c[0] >> 4)+6);
2002	}
2003	}
2004	else if(C.secret_key.s2k_usage != OPS_S2KU_NONE)
2005	{
2006	// this is V3 style, looks just like a V4 simple hash
2007	C.secret_key.algorithm=C.secret_key.s2k_usage;
2008	C.secret_key.s2k_usage=OPS_S2KU_ENCRYPTED;
2009	C.secret_key.s2k_specifier=OPS_S2KS_SIMPLE;
2010	C.secret_key.hash_algorithm=OPS_HASH_MD5;
2011	}
2012
2013	crypted=C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED
2014	\|\| C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED;
2015
2016	if(crypted)
2017	{
2018	int n;
2019	ops_parser_content_t pc;
2020	char *passphrase;
2021	unsigned char key[OPS_MAX_KEY_SIZE+OPS_MAX_HASH_SIZE];
2022	ops_hash_t hashes[(OPS_MAX_KEY_SIZE+OPS_MIN_HASH_SIZE-1)/OPS_MIN_HASH_SIZE];
2023	int keysize;
2024	int hashsize;
2025	size_t l;
2026
2027	blocksize=ops_block_size(C.secret_key.algorithm);
2028	assert(blocksize > 0 && blocksize <= OPS_MAX_BLOCK_SIZE);
2029
2030	if(!limited_read(C.secret_key.iv,blocksize,region,pinfo))
2031	return 0;
2032
2033	memset(&pc,'\0',sizeof pc);
2034	passphrase=NULL;
2035	pc.content.secret_key_passphrase.passphrase=&passphrase;
2036	pc.content.secret_key_passphrase.secret_key=&C.secret_key;
2037	CBP(pinfo,OPS_PARSER_CMD_GET_SK_PASSPHRASE,&pc);
2038	if(!passphrase)
2039	{
2040	if(!consume_packet(region,pinfo,ops_false))
2041	return 0;
2042
2043	CBP(pinfo,OPS_PTAG_CT_ENCRYPTED_SECRET_KEY,&content);
2044
2045	return 1;
2046	}
2047
2048	keysize=ops_key_size(C.secret_key.algorithm);
2049	assert(keysize > 0 && keysize <= OPS_MAX_KEY_SIZE);
2050
2051	hashsize=ops_hash_size(C.secret_key.hash_algorithm);
2052	assert(hashsize > 0 && hashsize <= OPS_MAX_HASH_SIZE);
2053
2054	for(n=0 ; n*hashsize < keysize ; ++n)
2055	{
2056	int i;
2057
2058	ops_hash_any(&hashes[n],C.secret_key.hash_algorithm);
2059	hashes[n].init(&hashes[n]);
2060	// preload hashes with zeroes...
2061	for(i=0 ; i < n ; ++i)
2062	hashes[n].add(&hashes[n],(unsigned char *)"",1);
2063	}
2064
2065	l=strlen(passphrase);
2066
2067	for(n=0 ; n*hashsize < keysize ; ++n)
2068	{
2069	unsigned i;
2070
2071	switch(C.secret_key.s2k_specifier)
2072	{
2073	case OPS_S2KS_SALTED:
2074	hashes[n].add(&hashes[n],C.secret_key.salt,OPS_SALT_SIZE);
2075	// flow through...
2076	case OPS_S2KS_SIMPLE:
2077	hashes[n].add(&hashes[n],(unsigned char*)passphrase,l);
2078	break;
2079
2080	case OPS_S2KS_ITERATED_AND_SALTED:
2081	for(i=0 ; i < C.secret_key.octet_count ; i+=l+OPS_SALT_SIZE)
2082	{
2083	int j=l+OPS_SALT_SIZE;
2084
2085	if(i+j > C.secret_key.octet_count && i != 0)
2086	j=C.secret_key.octet_count-i;
2087
2088	hashes[n].add(&hashes[n],C.secret_key.salt,
2089	j > OPS_SALT_SIZE ? OPS_SALT_SIZE : j);
2090	if(j > OPS_SALT_SIZE)
2091	hashes[n].add(&hashes[n],(unsigned char *)passphrase,j-OPS_SALT_SIZE);
2092	}
2093
2094	}
2095	}
2096
2097	for(n=0 ; n*hashsize < keysize ; ++n)
2098	{
2099	int r=hashes[n].finish(&hashes[n],key+n*hashsize);
2100	assert(r == hashsize);
2101	}
2102
2103	free(passphrase);
2104
2105	ops_crypt_any(&decrypt,C.secret_key.algorithm);
2106	decrypt.set_iv(&decrypt,C.secret_key.iv);
2107	decrypt.set_key(&decrypt,key);
2108
2109	ops_reader_push_decrypt(pinfo,&decrypt,region);
2110
2111	/* Since all known encryption for PGP doesn't compress, we can
2112	limit to the same length as the current region (for now).
2113	*/
2114	ops_init_subregion(&encregion,NULL);
2115	encregion.length=region->length-region->length_read;
2116	if(C.secret_key.public_key.version != OPS_V4)
2117	encregion.length-=2;
2118	saved_region=region;
2119	region=&encregion;
2120	}
2121
2122	if(C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
2123	{
2124	ops_hash_sha1(&checkhash);
2125	ops_reader_push_hash(pinfo,&checkhash);
2126	}
2127	else
2128	ops_reader_push_sum16(pinfo);
2129
2130	switch(C.secret_key.public_key.algorithm)
2131	{
2132	case OPS_PKA_RSA:
2133	case OPS_PKA_RSA_ENCRYPT_ONLY:
2134	case OPS_PKA_RSA_SIGN_ONLY:
2135	if(!limited_read_mpi(&C.secret_key.key.rsa.d,region,pinfo)
2136	\|\| !limited_read_mpi(&C.secret_key.key.rsa.p,region,pinfo)
2137	\|\| !limited_read_mpi(&C.secret_key.key.rsa.q,region,pinfo)
2138	\|\| !limited_read_mpi(&C.secret_key.key.rsa.u,region,pinfo))
2139	ret=0;
2140	break;
2141
2142	case OPS_PKA_DSA:
2143	if(!limited_read_mpi(&C.secret_key.key.dsa.x,region,pinfo))
2144	ret=0;
2145	break;
2146
2147	default:
2148	fprintf(stderr,"Unexpected algorithm: %d\n",
2149	C.secret_key.public_key.algorithm);
2150	ret=0;
2151	assert(0);
2152	}
2153
2154	pinfo->reading_v3_secret=ops_false;
2155
2156	if(C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
2157	{
2158	unsigned char hash[20];
2159
2160	ops_reader_pop_hash(pinfo);
2161	checkhash.finish(&checkhash,hash);
2162
2163	if(crypted && C.secret_key.public_key.version != OPS_V4)
2164	{
2165	ops_reader_pop_decrypt(pinfo);
2166	region=saved_region;
2167	}
2168
2169	if(ret)
2170	{
2171	if(!limited_read(C.secret_key.checkhash,20,region,pinfo))
2172	return 0;
2173
2174	if(memcmp(hash,C.secret_key.checkhash,20))
2175	ERRP(pinfo,"Hash mismatch in secret key");
2176	}
2177	}
2178	else
2179	{
2180	unsigned short sum;
2181
2182	sum=ops_reader_pop_sum16(pinfo);
2183
2184	if(crypted && C.secret_key.public_key.version != OPS_V4)
2185	{
2186	ops_reader_pop_decrypt(pinfo);
2187	region=saved_region;
2188	}
2189
2190	if(ret)
2191	{
2192	if(!limited_read_scalar(&C.secret_key.checksum,2,region,
2193	pinfo))
2194	return 0;
2195
2196	if(sum != C.secret_key.checksum)
2197	ERRP(pinfo,"Checksum mismatch in secret key");
2198	}
2199	}
2200
2201	if(crypted && C.secret_key.public_key.version == OPS_V4)
2202	ops_reader_pop_decrypt(pinfo);
2203
2204	assert(!ret \|\| region->length_read == region->length);
2205
2206	if(!ret)
2207	return 0;
2208
2209	CBP(pinfo,OPS_PTAG_CT_SECRET_KEY,&content);
2210
2211	return 1;
2212	}
2213
2214	static int parse_pk_session_key(ops_region_t *region,
2215	ops_parse_info_t *pinfo)
2216	{
2217	int debug=0;
2218	unsigned char c[1];
2219	ops_parser_content_t content;
2220	ops_parser_content_t pc;
2221
2222	int n;
2223	BIGNUM *enc_m;
2224	unsigned k;
2225	const ops_secret_key_t *secret;
2226	unsigned char cs[2];
2227	unsigned char* iv;
2228
2229	// Can't rely on it being CAST5
2230	// \todo FIXME RW
2231	// const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2;
2232	const size_t sz_unencoded_m_buf=1024;
2233	unsigned char unencoded_m_buf[sz_unencoded_m_buf];
2234
2235	if(!limited_read(c,1,region,pinfo))
2236	return 0;
2237	C.pk_session_key.version=c[0];
2238	if(C.pk_session_key.version != OPS_PKSK_V3)
2239	{
2240	OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PKSK_VRSN,
2241	"Bad public-key encrypted session key version (%d)",
2242	C.pk_session_key.version);
2243	return 0;
2244	}
2245
2246	if(!limited_read(C.pk_session_key.key_id,
2247	sizeof C.pk_session_key.key_id,region,pinfo))
2248	return 0;
2249
2250	if (debug)
2251	{
2252	int i;
2253	int x=sizeof C.pk_session_key.key_id;
2254	printf("session key: public key id: x=%d\n",x);
2255	for (i=0; i<x; i++)
2256	printf("%2x ", C.pk_session_key.key_id[i]);
2257	printf("\n");
2258	}
2259
2260	if(!limited_read(c,1,region,pinfo))
2261	return 0;
2262	C.pk_session_key.algorithm=c[0];
2263	switch(C.pk_session_key.algorithm)
2264	{
2265	case OPS_PKA_RSA:
2266	if(!limited_read_mpi(&C.pk_session_key.parameters.rsa.encrypted_m,
2267	region,pinfo))
2268	return 0;
2269	enc_m=C.pk_session_key.parameters.rsa.encrypted_m;
2270	break;
2271
2272	case OPS_PKA_ELGAMAL:
2273	if(!limited_read_mpi(&C.pk_session_key.parameters.elgamal.g_to_k,
2274	region,pinfo)
2275	\|\| !limited_read_mpi(&C.pk_session_key.parameters.elgamal.encrypted_m,
2276	region,pinfo))
2277	return 0;
2278	enc_m=C.pk_session_key.parameters.elgamal.encrypted_m;
2279	break;
2280
2281	default:
2282	OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
2283	"Unknown public key algorithm in session key (%s)",
2284	ops_show_pka(C.pk_session_key.algorithm));
2285	return 0;
2286	}
2287
2288	memset(&pc,'\0',sizeof pc);
2289	secret=NULL;
2290	pc.content.get_secret_key.secret_key=&secret;
2291	pc.content.get_secret_key.pk_session_key=&C.pk_session_key;
2292
2293	CBP(pinfo,OPS_PARSER_CMD_GET_SECRET_KEY,&pc);
2294
2295	if(!secret)
2296	{
2297	CBP(pinfo,OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY,&content);
2298
2299	return 1;
2300	}
2301
2302	// n=ops_decrypt_mpi(buf,sizeof buf,enc_m,secret);
2303	n=ops_decrypt_and_unencode_mpi(unencoded_m_buf,sizeof unencoded_m_buf,enc_m,secret);
2304
2305	if(n < 1)
2306	{
2307	ERRP(pinfo,"decrypted message too short");
2308	return 0;
2309	}
2310
2311	// PKA
2312	C.pk_session_key.symmetric_algorithm=unencoded_m_buf[0];
2313
2314	if (!ops_is_sa_supported(C.pk_session_key.symmetric_algorithm))
2315	{
2316	// ERR1P
2317	OPS_ERROR_1(&pinfo->errors,OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG,
2318	"Symmetric algorithm %s not supported",
2319	ops_show_symmetric_algorithm(C.pk_session_key.symmetric_algorithm));
2320	return 0;
2321	}
2322
2323	k=ops_key_size(C.pk_session_key.symmetric_algorithm);
2324
2325	if((unsigned)n != k+3)
2326	{
2327	OPS_ERROR_2(&pinfo->errors,OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN,
2328	"decrypted message wrong length (got %d expected %d)",
2329	n,k+3);
2330	return 0;
2331	}
2332
2333	assert(k <= sizeof C.pk_session_key.key);
2334
2335	memcpy(C.pk_session_key.key,unencoded_m_buf+1,k);
2336
2337	if (debug)
2338	{
2339	printf("session key recovered (len=%d):\n",k);
2340	unsigned int j;
2341	for(j=0; j<k; j++)
2342	printf("%2x ", C.pk_session_key.key[j]);
2343	printf("\n");
2344	}
2345
2346	C.pk_session_key.checksum=unencoded_m_buf[k+1]+(unencoded_m_buf[k+2] << 8);
2347	if (debug)
2348	{
2349	printf("session key checksum: %2x %2x\n", unencoded_m_buf[k+1], unencoded_m_buf[k+2]);
2350	}
2351
2352	// Check checksum
2353
2354	ops_calc_session_key_checksum(&C.pk_session_key, &cs[0]);
2355	if (unencoded_m_buf[k+1]!=cs[0] \|\| unencoded_m_buf[k+2]!=cs[1])
2356	{
2357	OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SK_CHECKSUM,
2358	"Session key checksum wrong: expected %2x %2x, got %2x %2x",
2359	cs[0], cs[1], unencoded_m_buf[k+1], unencoded_m_buf[k+2]);
2360	return 0;
2361	}
2362
2363	// all is well
2364	CBP(pinfo,OPS_PTAG_CT_PK_SESSION_KEY,&content);
2365
2366	ops_crypt_any(&pinfo->decrypt,C.pk_session_key.symmetric_algorithm);
2367	iv=ops_mallocz(pinfo->decrypt.blocksize);
2368	pinfo->decrypt.set_iv(&pinfo->decrypt, iv);
2369	pinfo->decrypt.set_key(&pinfo->decrypt,C.pk_session_key.key);
2370	ops_encrypt_init(&pinfo->decrypt);
2371	return 1;
2372	}
2373
2374	static int se_ip_data_reader(void dest_, size_t len, ops_error_t *errors,
2375	ops_reader_info_t *rinfo,
2376	ops_parse_cb_info_t *cbinfo)
2377	{
2378	int debug=0;
2379
2380	/*
2381	Gets entire SE_IP data packet.
2382	Verifies leading preamble
2383	Verifies trailing MDC packet
2384	Then passes up plaintext as requested
2385	*/
2386
2387	unsigned int n=0;
2388
2389	ops_region_t decrypted_region;
2390
2391	decrypt_se_ip_arg_t *arg=ops_reader_get_arg(rinfo);
2392
2393	if (!arg->passed_checks)
2394	{
2395	unsigned char*buf=NULL;
2396
2397	ops_hash_t hash;
2398	unsigned char hashed[SHA_DIGEST_LENGTH];
2399
2400	size_t b;
2401	size_t sz_preamble;
2402	size_t sz_mdc_hash;
2403	size_t sz_mdc;
2404	size_t sz_plaintext;
2405
2406	unsigned char* preamble;
2407	unsigned char* plaintext;
2408	unsigned char* mdc;
2409	unsigned char* mdc_hash;
2410
2411	ops_hash_any(&hash,OPS_HASH_SHA1);
2412	hash.init(&hash);
2413
2414	ops_init_subregion(&decrypted_region,NULL);
2415	decrypted_region.length = arg->region->length - arg->region->length_read;
2416	buf=ops_mallocz(decrypted_region.length);
2417
2418	// read entire SE IP packet
2419
2420	if (!ops_stacked_limited_read(buf,decrypted_region.length, &decrypted_region,errors,rinfo,cbinfo))
2421	return -1;
2422
2423	if (debug)
2424	{
2425	unsigned int i=0;
2426	fprintf(stderr,"\n\nentire SE IP packet (len=%d):\n",decrypted_region.length);
2427	for (i=0; i<decrypted_region.length; i++)
2428	{
2429	fprintf(stderr,"0x%02x ", buf[i]);
2430	if (!((i+1)%8))
2431	fprintf(stderr,"\n");
2432	}
2433	fprintf(stderr,"\n");
2434	fprintf(stderr,"\n");
2435	}
2436
2437	// verify leading preamble
2438
2439	if (debug)
2440	{
2441	unsigned int i=0;
2442	fprintf(stderr,"\npreamble: ");
2443	for (i=0; i<arg->decrypt->blocksize+2;i++)
2444	fprintf(stderr," 0x%02x", buf[i]);
2445	fprintf(stderr,"\n");
2446	}
2447
2448	b=arg->decrypt->blocksize;
2449	if(buf[b-2] != buf[b] \|\| buf[b-1] != buf[b+1])
2450	{
2451	fprintf(stderr,"Bad symmetric decrypt (%02x%02x vs %02x%02x)\n",
2452	buf[b-2],buf[b-1],buf[b],buf[b+1]);
2453	OPS_ERROR(errors, OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT,"Bad symmetric decrypt when parsing SE IP packet");
2454	return -1;
2455	}
2456
2457	// Verify trailing MDC hash
2458
2459	sz_preamble=arg->decrypt->blocksize+2;
2460	sz_mdc_hash=OPS_SHA1_HASH_SIZE;
2461	sz_mdc=1+1+sz_mdc_hash;
2462	sz_plaintext=decrypted_region.length-sz_preamble-sz_mdc;
2463
2464	preamble=buf;
2465	plaintext=buf+sz_preamble;
2466	mdc=plaintext+sz_plaintext;
2467	mdc_hash=mdc+2;
2468
2469	if (debug)
2470	{
2471	unsigned int i=0;
2472
2473	fprintf(stderr,"\nplaintext (len=%ld): ",sz_plaintext);
2474	for (i=0; i<sz_plaintext;i++)
2475	fprintf(stderr," 0x%02x", plaintext[i]);
2476	fprintf(stderr,"\n");
2477
2478	fprintf(stderr,"\nmdc (len=%ld): ",sz_mdc);
2479	for (i=0; i<sz_mdc;i++)
2480	fprintf(stderr," 0x%02x", mdc[i]);
2481	fprintf(stderr,"\n");
2482	}
2483
2484	ops_calc_mdc_hash(preamble,sz_preamble,plaintext,sz_plaintext,&hashed[0]);
2485	/*
2486	unsigned char c[0];
2487
2488	hash.add(&hash, plaintext, sz_plaintext);
2489	c[0]=0xD3;
2490	hash.add(&hash,&c[0],1); // MDC packet tag
2491	c[0]=0x14;
2492	hash.add(&hash,&c[0],1); // MDC packet len
2493
2494	hash.finish(&hash,&hashed[0]);
2495	*/
2496
2497	if (memcmp(mdc_hash,hashed,OPS_SHA1_HASH_SIZE))
2498	{
2499	fprintf(stderr,"Hash is bad\n");
2500	// ERRP(pinfo,"Bad hash in MDC");
2501	return 0;
2502	}
2503
2504	// all done with the checks
2505	// now can start reading from the plaintext
2506	assert(!arg->plaintext);
2507	arg->plaintext=ops_mallocz(sz_plaintext);
2508	memcpy(arg->plaintext, plaintext, sz_plaintext);
2509	arg->plaintext_available=sz_plaintext;
2510
2511	arg->passed_checks=1;
2512
2513	free(buf);
2514	}
2515
2516	n=len;
2517	if (n > arg->plaintext_available)
2518	n=arg->plaintext_available;
2519
2520	memcpy(dest_, arg->plaintext+arg->plaintext_offset, n);
2521	arg->plaintext_available-=n;
2522	arg->plaintext_offset+=n;
2523	len-=n;
2524
2525	return n;
2526	}
2527
2528	static void se_ip_data_destroyer(ops_reader_info_t *rinfo)
2529	{
2530	decrypt_se_ip_arg_t* arg=ops_reader_get_arg(rinfo);
2531	free (arg->plaintext);
2532	free (arg);
2533	// free(ops_reader_get_arg(rinfo));
2534	}
2535
2536	//void ops_reader_push_se_ip_data(ops_parse_info_t pinfo __attribute__((__unused__)), ops_crypt_t decrypt __attribute__((__unused__)),
2537	// ops_region_t *region __attribute__((__unused__)))
2538	void ops_reader_push_se_ip_data(ops_parse_info_t pinfo, ops_crypt_t decrypt,
2539	ops_region_t *region)
2540	{
2541	decrypt_se_ip_arg_t arg=ops_mallocz(sizeof arg);
2542	arg->region=region;
2543	arg->decrypt=decrypt;
2544
2545	ops_reader_push(pinfo, se_ip_data_reader, se_ip_data_destroyer,arg);
2546	}
2547
2548	void ops_reader_pop_se_ip_data(ops_parse_info_t* pinfo)
2549	{
2550	// decrypt_se_ip_arg_t *arg=ops_reader_get_arg(ops_parse_get_rinfo(pinfo));
2551	// free(arg);
2552	ops_reader_pop(pinfo);
2553	}
2554
2555	// XXX: make this static?
2556	int ops_decrypt_se_data(ops_content_tag_t tag,ops_region_t *region,
2557	ops_parse_info_t *pinfo)
2558	{
2559	int r=1;
2560	ops_crypt_t *decrypt=ops_parse_get_decrypt(pinfo);
2561
2562	if(decrypt)
2563	{
2564	unsigned char buf[OPS_MAX_BLOCK_SIZE+2];
2565	size_t b=decrypt->blocksize;
2566	// ops_parser_content_t content;
2567	ops_region_t encregion;
2568
2569
2570	ops_reader_push_decrypt(pinfo,decrypt,region);
2571
2572	ops_init_subregion(&encregion,NULL);
2573	encregion.length=b+2;
2574
2575	if(!exact_limited_read(buf,b+2,&encregion,pinfo))
2576	return 0;
2577
2578	if(buf[b-2] != buf[b] \|\| buf[b-1] != buf[b+1])
2579	{
2580	ops_reader_pop_decrypt(pinfo);
2581	OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT,
2582	"Bad symmetric decrypt (%02x%02x vs %02x%02x)",
2583	buf[b-2],buf[b-1],buf[b],buf[b+1]);
2584	return 0;
2585	}
2586
2587	if(tag == OPS_PTAG_CT_SE_DATA_BODY)
2588	{
2589	decrypt->decrypt_resync(decrypt);
2590	decrypt->block_encrypt(decrypt,decrypt->civ,decrypt->civ);
2591	}
2592
2593
2594	r=ops_parse(pinfo);
2595
2596	ops_reader_pop_decrypt(pinfo);
2597	}
2598	else
2599	{
2600	ops_parser_content_t content;
2601
2602	while(region->length_read < region->length)
2603	{
2604	unsigned l=region->length-region->length_read;
2605
2606	if(l > sizeof C.se_data_body.data)
2607	l=sizeof C.se_data_body.data;
2608
2609	if(!limited_read(C.se_data_body.data,l,region,pinfo))
2610	return 0;
2611
2612	C.se_data_body.length=l;
2613
2614	CBP(pinfo,tag,&content);
2615	}
2616	}
2617
2618	return r;
2619	}
2620
2621	int ops_decrypt_se_ip_data(ops_content_tag_t tag,ops_region_t *region,
2622	ops_parse_info_t *pinfo)
2623	{
2624	int r=1;
2625	ops_crypt_t *decrypt=ops_parse_get_decrypt(pinfo);
2626
2627	if(decrypt)
2628	{
2629	ops_reader_push_decrypt(pinfo,decrypt,region);
2630	ops_reader_push_se_ip_data(pinfo,decrypt,region);
2631
2632	r=ops_parse(pinfo);
2633
2634	// assert(0);
2635	ops_reader_pop_se_ip_data(pinfo);
2636	ops_reader_pop_decrypt(pinfo);
2637	}
2638	else
2639	{
2640	ops_parser_content_t content;
2641
2642	while(region->length_read < region->length)
2643	{
2644	unsigned l=region->length-region->length_read;
2645
2646	if(l > sizeof C.se_data_body.data)
2647	l=sizeof C.se_data_body.data;
2648
2649	if(!limited_read(C.se_data_body.data,l,region,pinfo))
2650	return 0;
2651
2652	C.se_data_body.length=l;
2653
2654	CBP(pinfo,tag,&content);
2655	}
2656	}
2657
2658	return r;
2659	}
2660
2661	static int parse_se_data(ops_region_t region,ops_parse_info_t pinfo)
2662	{
2663	ops_parser_content_t content;
2664
2665	/* there's no info to go with this, so just announce it */
2666	CBP(pinfo,OPS_PTAG_CT_SE_DATA_HEADER,&content);
2667
2668	/* The content of an encrypted data packet is more OpenPGP packets
2669	once decrypted, so recursively handle them */
2670	return ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY,region,pinfo);
2671	}
2672
2673	static int parse_se_ip_data(ops_region_t region,ops_parse_info_t pinfo)
2674	{
2675	unsigned char c[1];
2676	ops_parser_content_t content;
2677
2678	if(!limited_read(c,1,region,pinfo))
2679	return 0;
2680	C.se_ip_data_header.version=c[0];
2681	assert(C.se_ip_data_header.version == OPS_SE_IP_V1);
2682
2683	/* The content of an encrypted data packet is more OpenPGP packets
2684	once decrypted, so recursively handle them */
2685	return ops_decrypt_se_ip_data(OPS_PTAG_CT_SE_IP_DATA_BODY,region,pinfo);
2686	}
2687
2688	static int parse_mdc(ops_region_t region, ops_parse_info_t pinfo)
2689	{
2690	ops_parser_content_t content;
2691
2692	if (!limited_read((unsigned char *)&C.mdc,OPS_SHA1_HASH_SIZE,region,pinfo))
2693	return 0;
2694
2695	CBP(pinfo,OPS_PTAG_CT_MDC,&content);
2696
2697	return 1;
2698	}
2699
2700	/** Parse one packet.
2701	*
2702	* This function parses the packet tag. It computes the value of the
2703	* content tag and then calls the appropriate function to handle the
2704	* content.
2705	*
2706	* \param *pinfo How to parse
2707	* \param *pktlen On return, will contain number of bytes in packet
2708	* \return 1 on success, 0 on error, -1 on EOF */
2709	static int ops_parse_one_packet(ops_parse_info_t *pinfo,
2710	unsigned long *pktlen)
2711	{
2712	unsigned char ptag[1];
2713	ops_parser_content_t content;
2714	int r;
2715	ops_region_t region;
2716	ops_boolean_t indeterminate=ops_false;
2717
2718	C.ptag.position=pinfo->rinfo.position;
2719
2720	r=base_read(ptag,1,pinfo);
2721
2722	// errors in the base read are effectively EOF.
2723	if(r <= 0)
2724	return -1;
2725
2726	*pktlen=0;
2727
2728	if(!(*ptag&OPS_PTAG_ALWAYS_SET))
2729	{
2730	C.error.error="Format error (ptag bit not set)";
2731	CBP(pinfo,OPS_PARSER_ERROR,&content);
2732	return 0;
2733	}
2734	C.ptag.new_format=!!(*ptag&OPS_PTAG_NEW_FORMAT);
2735	if(C.ptag.new_format)
2736	{
2737	C.ptag.content_tag=*ptag&OPS_PTAG_NF_CONTENT_TAG_MASK;
2738	C.ptag.length_type=0;
2739	if(!read_new_length(&C.ptag.length,pinfo))
2740	return 0;
2741
2742	}
2743	else
2744	{
2745	ops_boolean_t rb;
2746
2747	C.ptag.content_tag=(*ptag&OPS_PTAG_OF_CONTENT_TAG_MASK)
2748	>> OPS_PTAG_OF_CONTENT_TAG_SHIFT;
2749	C.ptag.length_type=*ptag&OPS_PTAG_OF_LENGTH_TYPE_MASK;
2750	switch(C.ptag.length_type)
2751	{
2752	case OPS_PTAG_OF_LT_ONE_BYTE:
2753	rb=_read_scalar(&C.ptag.length,1,pinfo);
2754	break;
2755
2756	case OPS_PTAG_OF_LT_TWO_BYTE:
2757	rb=_read_scalar(&C.ptag.length,2,pinfo);
2758	break;
2759
2760	case OPS_PTAG_OF_LT_FOUR_BYTE:
2761	rb=_read_scalar(&C.ptag.length,4,pinfo);
2762	break;
2763
2764	case OPS_PTAG_OF_LT_INDETERMINATE:
2765	C.ptag.length=0;
2766	indeterminate=ops_true;
2767	rb=ops_true;
2768	break;
2769	}
2770	if(!rb)
2771	return 0;
2772	}
2773
2774	CBP(pinfo,OPS_PARSER_PTAG,&content);
2775
2776	ops_init_subregion(&region,NULL);
2777	region.length=C.ptag.length;
2778	region.indeterminate=indeterminate;
2779	switch(C.ptag.content_tag)
2780	{
2781	case OPS_PTAG_CT_SIGNATURE:
2782	r=parse_signature(&region,pinfo);
2783	break;
2784
2785	case OPS_PTAG_CT_PUBLIC_KEY:
2786	case OPS_PTAG_CT_PUBLIC_SUBKEY:
2787	r=parse_public_key(C.ptag.content_tag,&region,pinfo);
2788	break;
2789
2790	case OPS_PTAG_CT_TRUST:
2791	r=parse_trust(&region, pinfo);
2792	break;
2793
2794	case OPS_PTAG_CT_USER_ID:
2795	r=parse_user_id(&region,pinfo);
2796	break;
2797
2798	case OPS_PTAG_CT_COMPRESSED:
2799	r=parse_compressed(&region,pinfo);
2800	break;
2801
2802	case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
2803	r=parse_one_pass(&region,pinfo);
2804	break;
2805
2806	case OPS_PTAG_CT_LITERAL_DATA:
2807	r=parse_literal_data(&region,pinfo);
2808	break;
2809
2810	case OPS_PTAG_CT_USER_ATTRIBUTE:
2811	r=parse_user_attribute(&region,pinfo);
2812	break;
2813
2814	case OPS_PTAG_CT_SECRET_KEY:
2815	r=parse_secret_key(&region,pinfo);
2816	break;
2817
2818	case OPS_PTAG_CT_SECRET_SUBKEY:
2819	r=parse_secret_key(&region,pinfo);
2820	break;
2821
2822	case OPS_PTAG_CT_PK_SESSION_KEY:
2823	r=parse_pk_session_key(&region,pinfo);
2824	break;
2825
2826	case OPS_PTAG_CT_SE_DATA:
2827	r=parse_se_data(&region,pinfo);
2828	break;
2829
2830	case OPS_PTAG_CT_SE_IP_DATA:
2831	r=parse_se_ip_data(&region,pinfo);
2832	break;
2833
2834	case OPS_PTAG_CT_MDC:
2835	r=parse_mdc(&region, pinfo);
2836	break;
2837
2838	default:
2839	OPS_ERROR_1(&pinfo->errors,OPS_E_P_UNKNOWN_TAG,
2840	"Unknown content tag 0x%x", C.ptag.content_tag);
2841	r=0;
2842	}
2843
2844	/* Ensure that the entire packet has been consumed */
2845
2846	if(region.length != region.length_read && !region.indeterminate)
2847	if(!consume_packet(&region,pinfo,ops_false))
2848	r=-1;
2849
2850	/* set pktlen */
2851
2852	*pktlen=pinfo->rinfo.alength;
2853
2854	/* do callback on entire packet, if desired and there was no error */
2855
2856	if(r > 0 && pinfo->rinfo.accumulate)
2857	{
2858	C.packet.length=pinfo->rinfo.alength;
2859	C.packet.raw=pinfo->rinfo.accumulated;
2860	pinfo->rinfo.accumulated=NULL;
2861	pinfo->rinfo.asize=0;
2862	CBP(pinfo,OPS_PARSER_PACKET_END,&content);
2863	}
2864	pinfo->rinfo.alength=0;
2865
2866	if(r < 0)
2867	return -1;
2868
2869	return r ? 1 : 0;
2870	}
2871
2872	/**
2873	* \ingroup Parse
2874	*
2875	* ops_parse() parses packets from an input stream until EOF or error.
2876	*
2877	* All the necessary information for parsing should have been set up by the
2878	* calling function in "*pinfo" beforehand.
2879	*
2880	* That information includes :
2881	*
2882	* - a "reader" function to be used to get the data to be parsed
2883	*
2884	* - a "callback" function to be called when this library has identified
2885	* a parseable object within the data
2886	*
2887	* - whether the calling function wants the signature subpackets returned raw, parsed or not at all.
2888	*
2889	* \sa See Detailed Description for usage.
2890	*
2891	* \param *pinfo How to parse
2892	* \return 1 on success in all packets, 0 on error in any packet
2893	* \todo Add some error checking to make sure *pinfo contains a sensible setup?
2894	*/
2895
2896	int ops_parse(ops_parse_info_t *pinfo)
2897	{
2898	int r;
2899	unsigned long pktlen;
2900
2901	do
2902	{
2903	r=ops_parse_one_packet(pinfo,&pktlen);
2904	} while (r != -1);
2905
2906	return pinfo->errors ? 0 : 1;
2907	}
2908
2909	#if 0
2910	/**
2911	*
2912	* \return 1 if success, 0 otherwise
2913	* XXX may not now be needed? RW
2914	*/
2915
2916	int ops_parse_errs(ops_parse_info_t pinfo, ops_ulong_list_t errs)
2917	{
2918	unsigned err;
2919	int r;
2920	unsigned long pktlen;
2921	ops_reader_fd_arg_t *arg;
2922	int orig_acc;
2923
2924	/* can only handle ops_reader_fd for now */
2925
2926	if (pinfo->rinfo.reader != ops_reader_fd)
2927	{
2928	fprintf(stderr,"ops_parse_errs: can only handle ops_reader_fd\n");
2929	return 0;
2930	}
2931
2932	arg=pinfo->rinfo.arg;
2933
2934	/* store current state of accumulate flag */
2935
2936	orig_acc=pinfo->rinfo.accumulate;
2937
2938	/* set accumulate flag */
2939
2940	pinfo->rinfo.accumulate=1;
2941
2942	/* now parse each error in turn. */
2943
2944	for(err=0; err < errs->used ; err++)
2945	{
2946
2947	// printf("\n*\n* Error at offset %lu \n***\n",errs->ulongs[err]);
2948
2949	/* move stream to offset of error */
2950
2951	r=lseek(arg->fd,errs->ulongs[err],SEEK_SET);
2952	if (r==-1)
2953	{
2954	printf("error %d in first lseek to offset\n", errno);
2955	return 0;
2956	}
2957
2958	/* parse packet */
2959
2960	ops_parse_one_packet(pinfo,&pktlen);
2961
2962	}
2963
2964	/* restore accumulate flag original value */
2965	pinfo->rinfo.accumulate=orig_acc;
2966
2967	return 1;
2968	}
2969	#endif
2970
2971	/**
2972	* \ingroup Parse
2973	*
2974	* ops_parse_options() specifies whether one or more signature
2975	* subpacket types should be returned parsed or raw or ignored.
2976	*
2977	* \param pinfo Pointer to previously allocated structure
2978	* \param tag Packet tag. OPS_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag
2979	* \param type Parse type
2980	* \todo XXX: Make all packet types optional, not just subpackets */
2981	void ops_parse_options(ops_parse_info_t *pinfo,
2982	ops_content_tag_t tag,
2983	ops_parse_type_t type)
2984	{
2985	int t8,t7;
2986
2987	if(tag == OPS_PTAG_SS_ALL)
2988	{
2989	int n;
2990
2991	for(n=0 ; n < 256 ; ++n)
2992	ops_parse_options(pinfo,OPS_PTAG_SIGNATURE_SUBPACKET_BASE+n,
2993	type);
2994	return;
2995	}
2996
2997	assert(tag >= OPS_PTAG_SIGNATURE_SUBPACKET_BASE
2998	&& tag <= OPS_PTAG_SIGNATURE_SUBPACKET_BASE+NTAGS-1);
2999	t8=(tag-OPS_PTAG_SIGNATURE_SUBPACKET_BASE)/8;
3000	t7=1 << ((tag-OPS_PTAG_SIGNATURE_SUBPACKET_BASE)&7);
3001	switch(type)
3002	{
3003	case OPS_PARSE_RAW:
3004	pinfo->ss_raw[t8] \|= t7;
3005	pinfo->ss_parsed[t8] &= ~t7;
3006	break;
3007
3008	case OPS_PARSE_PARSED:
3009	pinfo->ss_raw[t8] &= ~t7;
3010	pinfo->ss_parsed[t8] \|= t7;
3011	break;
3012
3013	case OPS_PARSE_IGNORE:
3014	pinfo->ss_raw[t8] &= ~t7;
3015	pinfo->ss_parsed[t8] &= ~t7;
3016	break;
3017	}
3018	}
3019
3020	ops_parse_info_t *ops_parse_info_new(void)
3021	{ return ops_mallocz(sizeof(ops_parse_info_t)); }
3022
3023	void ops_parse_info_delete(ops_parse_info_t *pinfo)
3024	{
3025	ops_parse_cb_info_t cbinfo,next;
3026
3027	for(cbinfo=pinfo->cbinfo.next ; cbinfo ; cbinfo=next)
3028	{
3029	next=cbinfo->next;
3030	free(cbinfo);
3031	}
3032	if(pinfo->rinfo.destroyer)
3033	pinfo->rinfo.destroyer(&pinfo->rinfo);
3034	ops_free_errors(pinfo->errors);
3035	if(pinfo->rinfo.accumulated)
3036	free(pinfo->rinfo.accumulated);
3037	free(pinfo);
3038	}
3039
3040	ops_reader_info_t ops_parse_get_rinfo(ops_parse_info_t pinfo)
3041	{ return &pinfo->rinfo; }
3042
3043	void ops_parse_cb_set(ops_parse_info_t pinfo,ops_parse_cb_t cb,void *arg)
3044	{
3045	pinfo->cbinfo.cb=cb;
3046	pinfo->cbinfo.arg=arg;
3047	pinfo->cbinfo.errors=&pinfo->errors;
3048	}
3049
3050	void ops_parse_cb_push(ops_parse_info_t pinfo,ops_parse_cb_t cb,void *arg)
3051	{
3052	ops_parse_cb_info_t cbinfo=malloc(sizeof cbinfo);
3053
3054	*cbinfo=pinfo->cbinfo;
3055	pinfo->cbinfo.next=cbinfo;
3056	ops_parse_cb_set(pinfo,cb,arg);
3057	}
3058
3059	void ops_parse_cb_get_arg(ops_parse_cb_info_t cbinfo)
3060	{ return cbinfo->arg; }
3061
3062	void ops_parse_cb_get_errors(ops_parse_cb_info_t cbinfo)
3063	{ return cbinfo->errors; }
3064
3065	ops_parse_cb_return_t ops_parse_cb(const ops_parser_content_t *content,
3066	ops_parse_cb_info_t *cbinfo)
3067	{
3068	if(cbinfo->cb)
3069	return cbinfo->cb(content,cbinfo);
3070	else
3071	return OPS_FINISHED;
3072	}
3073
3074	ops_parse_cb_return_t ops_parse_stacked_cb(const ops_parser_content_t *content,
3075	ops_parse_cb_info_t *cbinfo)
3076	{ return ops_parse_cb(content,cbinfo->next); }
3077
3078	/**
3079	* \brief
3080	* \param pinfo
3081	* \param reader
3082	* \param arg
3083	*/
3084	void ops_reader_set(ops_parse_info_t pinfo,ops_reader_t reader,ops_reader_destroyer_t destroyer,void arg)
3085	{
3086	pinfo->rinfo.reader=reader;
3087	pinfo->rinfo.destroyer=destroyer;
3088	pinfo->rinfo.arg=arg;
3089	}
3090
3091	/**
3092	* \brief
3093	* \param pinfo
3094	* \param reader
3095	* \param arg
3096	*/
3097	void ops_reader_push(ops_parse_info_t pinfo,ops_reader_t reader,ops_reader_destroyer_t destroyer,void arg)
3098	{
3099	ops_reader_info_t rinfo=malloc(sizeof rinfo);
3100
3101	*rinfo=pinfo->rinfo;
3102	memset(&pinfo->rinfo,'\0',sizeof pinfo->rinfo);
3103	pinfo->rinfo.next=rinfo;
3104	pinfo->rinfo.pinfo=pinfo;
3105
3106	ops_reader_set(pinfo,reader,destroyer,arg);
3107	}
3108
3109	/**
3110	* \param pinfo
3111	*/
3112	void ops_reader_pop(ops_parse_info_t *pinfo)
3113	{
3114	ops_reader_info_t *next=pinfo->rinfo.next;
3115
3116	pinfo->rinfo=*next;
3117	free(next);
3118	}
3119
3120	void ops_reader_get_arg(ops_reader_info_t rinfo)
3121	{ return rinfo->arg; }
3122
3123	void ops_reader_get_arg_from_pinfo(ops_parse_info_t pinfo)
3124	{ return pinfo->rinfo.arg; }
3125
3126	ops_error_t ops_parse_info_get_errors(ops_parse_info_t pinfo)
3127	{ return pinfo->errors; }
3128
3129	ops_crypt_t ops_parse_get_decrypt(ops_parse_info_t pinfo)
3130	{
3131	if(pinfo->decrypt.algorithm)
3132	return &pinfo->decrypt;
3133	return NULL;
3134	}
3135
3136	// XXX: this could be improved by sharing all hashes that are the
3137	// same, then duping them just before checking the signature.
3138	void ops_parse_hash_init(ops_parse_info_t *pinfo,ops_hash_algorithm_t type,
3139	const unsigned char *keyid)
3140	{
3141	ops_parse_hash_info_t *hash;
3142
3143	pinfo->hashes=realloc(pinfo->hashes,
3144	(pinfo->nhashes+1)sizeof pinfo->hashes);
3145	hash=&pinfo->hashes[pinfo->nhashes++];
3146
3147	ops_hash_any(&hash->hash,type);
3148	hash->hash.init(&hash->hash);
3149	memcpy(hash->keyid,keyid,sizeof hash->keyid);
3150	}
3151
3152	void ops_parse_hash_data(ops_parse_info_t pinfo,const void data,
3153	size_t length)
3154	{
3155	size_t n;
3156
3157	for(n=0 ; n < pinfo->nhashes ; ++n)
3158	pinfo->hashes[n].hash.add(&pinfo->hashes[n].hash,data,length);
3159	}
3160
3161	ops_hash_t ops_parse_hash_find(ops_parse_info_t pinfo,
3162	const unsigned char keyid[OPS_KEY_ID_SIZE])
3163	{
3164	size_t n;
3165
3166	for(n=0 ; n < pinfo->nhashes ; ++n)
3167	if(!memcmp(pinfo->hashes[n].keyid,keyid,OPS_KEY_ID_SIZE))
3168	return &pinfo->hashes[n].hash;
3169	return NULL;
3170	}
3171
3172	/* vim:set textwidth=120: */
3173	/* vim:set ts=8: */

Note: See TracBrowser for help on using the browser.

root/openpgpsdk/trunk/src/advanced/adv_packet-parse.c

Download in other formats: