1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007, 2009, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
39 /* Maximum length of packets to avoid excessive memory allocation. */
40 #define MAX_KEY_PACKET_LENGTH (256 * 1024)
41 #define MAX_UID_PACKET_LENGTH ( 2 * 1024)
42 #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
43 #define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024)
46 static int mpi_print_mode;
48 static estream_t listfp;
50 static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
51 off_t * retpos, int *skip, IOBUF out, int do_skip
52 #ifdef DEBUG_PARSE_PACKET
53 , const char *dbg_w, const char *dbg_f, int dbg_l
56 static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
57 unsigned long pktlen, int partial);
58 static void skip_packet (IOBUF inp, int pkttype,
59 unsigned long pktlen, int partial);
60 static void *read_rest (IOBUF inp, size_t pktlen);
61 static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
62 static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
64 static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
66 static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
67 PKT_onepass_sig * ops);
68 static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
69 byte * hdr, int hdrlen, PACKET * packet);
70 static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
72 static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
74 static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
76 static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
78 static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
79 PACKET * packet, int new_ctb, int partial);
80 static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
81 PACKET * packet, int new_ctb);
82 static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
83 PACKET * packet, int new_ctb, int partial);
84 static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
85 PACKET * packet, int new_ctb);
86 static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
87 PACKET * packet, int partial);
93 a = iobuf_get_noeof (inp) << 8;
94 a |= iobuf_get_noeof (inp);
103 a = iobuf_get_noeof (inp) << 24;
104 a |= iobuf_get_noeof (inp) << 16;
105 a |= iobuf_get_noeof (inp) << 8;
106 a |= iobuf_get_noeof (inp);
111 /* Read an external representation of an mpi and return the MPI. The
112 * external format is a 16 bit unsigned value stored in network byte
113 * order, giving the number of bits for the following integer. The
114 * integer is stored with MSB first (left padded with zeroes to align
115 * on a byte boundary). */
117 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
120 unsigned int nmax = *ret_nread;
121 unsigned int nbits, nbytes;
130 if ((c = c1 = iobuf_get (inp)) == -1)
135 if ((c = c2 = iobuf_get (inp)) == -1)
139 if (nbits > MAX_EXTERN_MPI_BITS)
141 log_error ("mpi too large (%u bits)\n", nbits);
145 nbytes = (nbits + 7) / 8;
146 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
150 for (i = 0; i < nbytes; i++)
152 p[i + 2] = iobuf_get (inp) & 0xff;
158 if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
166 log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
175 set_packet_list_mode (int mode)
179 /* FIXME(gcrypt) mpi_print_mode = DBG_MPI; */
180 /* We use stdout print only if invoked by the --list-packets command
181 but switch to stderr in all other cases. This breaks the
182 previous behaviour but that seems to be more of a bug than
183 intentional. I don't believe that any application makes use of
184 this long standing annoying way of printing to stdout except when
185 doing a --list-packets. If this assumption fails, it will be easy
186 to add an option for the listing stream. Note that we initialize
187 it only once; mainly because some code may switch the option
188 value later back to 1 and we want to have all output to the same
191 Using stderr is not actually very clean because it bypasses the
192 logging code but it is a special thing anyway. I am not sure
193 whether using log_stream() would be better. Perhaps we should
194 enable the list mdoe only with a special option. */
196 listfp = opt.list_packets == 2 ? es_stdout : es_stderr;
202 unknown_pubkey_warning (int algo)
204 static byte unknown_pubkey_algos[256];
206 /* First check whether the algorithm is usable but not suitable for
207 encryption/signing. */
208 if (pubkey_get_npkey (algo))
212 if (!pubkey_get_nsig (algo))
213 log_info ("public key algorithm %s not suitable for %s\n",
214 openpgp_pk_algo_name (algo), "signing");
215 if (!pubkey_get_nenc (algo))
216 log_info ("public key algorithm %s not suitable for %s\n",
217 openpgp_pk_algo_name (algo), "encryption");
223 if (!unknown_pubkey_algos[algo])
226 log_info (_("can't handle public key algorithm %d\n"), algo);
227 unknown_pubkey_algos[algo] = 1;
233 /* Parse a packet and return it in packet structure.
234 * Returns: 0 := valid packet in pkt
235 * -1 := no more packets
237 * Note: The function may return an error and a partly valid packet;
238 * caller must free this packet. */
239 #ifdef DEBUG_PARSE_PACKET
241 dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
247 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
252 #else /*!DEBUG_PARSE_PACKET*/
254 parse_packet (IOBUF inp, PACKET * pkt)
260 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
265 #endif /*!DEBUG_PARSE_PACKET*/
269 * Like parse packet, but only return secret or public (sub)key
272 #ifdef DEBUG_PARSE_PACKET
274 dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
275 const char *dbg_f, int dbg_l)
282 parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
288 #else /*!DEBUG_PARSE_PACKET*/
290 search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
296 rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
301 #endif /*!DEBUG_PARSE_PACKET*/
305 * Copy all packets from INP to OUT, thereby removing unused spaces.
307 #ifdef DEBUG_PARSE_PACKET
309 dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
319 parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
322 #else /*!DEBUG_PARSE_PACKET*/
324 copy_all_packets (IOBUF inp, IOBUF out)
332 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
335 #endif /*!DEBUG_PARSE_PACKET*/
339 * Copy some packets from INP to OUT, thereby removing unused spaces.
340 * Stop at offset STOPoff (i.e. don't copy packets at this or later
343 #ifdef DEBUG_PARSE_PACKET
345 dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
346 const char *dbg_f, int dbg_l)
352 if (iobuf_tell (inp) >= stopoff)
356 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
357 "some", dbg_f, dbg_l)));
360 #else /*!DEBUG_PARSE_PACKET*/
362 copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
368 if (iobuf_tell (inp) >= stopoff)
372 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
375 #endif /*!DEBUG_PARSE_PACKET*/
379 * Skip over N packets
381 #ifdef DEBUG_PARSE_PACKET
383 dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
388 for (; n && !rc; n--)
391 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
395 #else /*!DEBUG_PARSE_PACKET*/
397 skip_some_packets (IOBUF inp, unsigned n)
402 for (; n && !rc; n--)
405 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
409 #endif /*!DEBUG_PARSE_PACKET*/
413 * Parse packet. Stores 1 at SKIP 1 if the packet should be skipped;
414 * this is the case if either ONLYKEYPKTS is set and the parsed packet
415 * isn't a key packet or the packet-type is 0, indicating deleted
416 * stuff. If OUT is not NULL, a special copymode is used.
419 parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
420 int *skip, IOBUF out, int do_skip
421 #ifdef DEBUG_PARSE_PACKET
422 , const char *dbg_w, const char *dbg_f, int dbg_l
426 int rc = 0, c, ctb, pkttype, lenbytes;
427 unsigned long pktlen;
430 int new_ctb = 0, partial = 0;
431 int with_uid = (onlykeypkts == 2);
435 assert (!pkt->pkt.generic);
436 if (retpos || list_mode)
438 pos = iobuf_tell (inp);
443 pos = 0; /* (silence compiler warning) */
445 if ((ctb = iobuf_get (inp)) == -1)
454 log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
455 rc = gpg_error (GPG_ERR_INV_PACKET);
459 new_ctb = !!(ctb & 0x40);
462 pkttype = ctb & 0x3f;
463 if ((c = iobuf_get (inp)) == -1)
465 log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
466 rc = gpg_error (GPG_ERR_INV_PACKET);
476 pktlen = (c - 192) * 256;
477 if ((c = iobuf_get (inp)) == -1)
479 log_error ("%s: 2nd length byte missing\n",
481 rc = gpg_error (GPG_ERR_INV_PACKET);
489 pktlen = (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24;
490 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 16;
491 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 8;
492 if ((c = iobuf_get (inp)) == -1)
494 log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
495 rc = gpg_error (GPG_ERR_INV_PACKET);
498 pktlen |= (hdr[hdrlen++] = c);
500 else /* Partial body length. */
506 case PKT_ENCRYPTED_MDC:
508 iobuf_set_partial_block_mode (inp, c & 0xff);
509 pktlen = 0; /* To indicate partial length. */
514 log_error ("%s: partial length for invalid"
515 " packet type %d\n", iobuf_where (inp), pkttype);
516 rc = gpg_error (GPG_ERR_INV_PACKET);
524 pkttype = (ctb >> 2) & 0xf;
525 lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
528 pktlen = 0; /* Don't know the value. */
529 /* This isn't really partial, but we can treat it the same
530 in a "read until the end" sort of way. */
532 if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
533 && pkttype != PKT_COMPRESSED)
535 log_error ("%s: indeterminate length for invalid"
536 " packet type %d\n", iobuf_where (inp), pkttype);
537 rc = gpg_error (GPG_ERR_INV_PACKET);
543 for (; lenbytes; lenbytes--)
546 pktlen |= hdr[hdrlen++] = iobuf_get_noeof (inp);
551 if (pktlen == (unsigned long) (-1))
553 /* With some probability this is caused by a problem in the
554 * the uncompressing layer - in some error cases it just loops
555 * and spits out 0xff bytes. */
556 log_error ("%s: garbled packet detected\n", iobuf_where (inp));
562 rc = iobuf_write (out, hdr, hdrlen);
564 rc = copy_packet (inp, out, pkttype, pktlen, partial);
568 if (with_uid && pkttype == PKT_USER_ID)
572 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
573 && pkttype != PKT_PUBLIC_KEY
574 && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
576 iobuf_skip_rest (inp, pktlen, partial);
584 #ifdef DEBUG_PARSE_PACKET
585 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
586 iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
587 dbg_w, dbg_f, dbg_l);
589 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
590 iobuf_id (inp), pkttype, pktlen,
591 new_ctb ? " (new_ctb)" : "");
596 es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
597 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
598 partial? " partial":"",
599 new_ctb? " new-ctb":"");
601 pkt->pkttype = pkttype;
602 rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
606 case PKT_PUBLIC_SUBKEY:
608 case PKT_SECRET_SUBKEY:
609 pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
610 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
613 rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
616 rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
619 pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
620 rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
622 case PKT_ONEPASS_SIG:
623 pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
624 rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
627 rc = parse_user_id (inp, pkttype, pktlen, pkt);
630 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
631 rc = parse_attribute (inp, pkttype, pktlen, pkt);
633 case PKT_OLD_COMMENT:
635 rc = parse_comment (inp, pkttype, pktlen, pkt);
638 parse_trust (inp, pkttype, pktlen, pkt);
642 rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
645 rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
648 case PKT_ENCRYPTED_MDC:
649 rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
652 rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
654 case PKT_GPG_CONTROL:
655 rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
658 rc = parse_marker (inp, pkttype, pktlen);
661 skip_packet (inp, pkttype, pktlen, partial);
666 /* FIXME: Do we leak in case of an error? */
667 if (!rc && iobuf_error (inp))
668 rc = GPG_ERR_INV_KEYRING;
670 /* FIXME: We use only the error code for now to avoid problems with
671 callers which have not been checked to always use gpg_err_code()
672 when comparing error codes. */
673 return rc == -1? -1 : gpg_err_code (rc);
678 dump_hex_line (int c, int *i)
682 if (*i && !(*i % 24))
683 es_fprintf (listfp, "\n%4d:", *i);
685 es_putc (' ', listfp);
688 es_fprintf (listfp, " EOF");
690 es_fprintf (listfp, " %02x", c);
696 copy_packet (IOBUF inp, IOBUF out, int pkttype,
697 unsigned long pktlen, int partial)
705 while ((n = iobuf_read (inp, buf, 100)) != -1)
706 if ((rc = iobuf_write (out, buf, n)))
707 return rc; /* write error */
709 else if (!pktlen && pkttype == PKT_COMPRESSED)
711 log_debug ("copy_packet: compressed!\n");
712 /* compressed packet, copy till EOF */
713 while ((n = iobuf_read (inp, buf, 100)) != -1)
714 if ((rc = iobuf_write (out, buf, n)))
715 return rc; /* write error */
719 for (; pktlen; pktlen -= n)
721 n = pktlen > 100 ? 100 : pktlen;
722 n = iobuf_read (inp, buf, n);
724 return gpg_error (GPG_ERR_EOF);
725 if ((rc = iobuf_write (out, buf, n)))
726 return rc; /* write error */
734 skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
738 es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
743 es_fputs ("dump:", listfp);
746 while ((c = iobuf_get (inp)) != -1)
747 dump_hex_line (c, &i);
751 for (; pktlen; pktlen--)
753 dump_hex_line ((c = iobuf_get (inp)), &i);
758 es_putc ('\n', listfp);
762 iobuf_skip_rest (inp, pktlen, partial);
766 /* Read PKTLEN bytes form INP and return them in a newly allocated
767 buffer. In case of an error NULL is returned and a error messages
770 read_rest (IOBUF inp, size_t pktlen)
775 buf = xtrymalloc (pktlen);
778 gpg_error_t err = gpg_error_from_syserror ();
779 log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
782 for (p = buf; pktlen; pktlen--)
787 log_error ("premature eof while reading rest of packet\n");
798 /* Read a special size+body from INP. On success store an opaque MPI
799 with it at R_DATA. On error return an error code and store NULL at
800 R_DATA. Even in the error case store the number of read bytes at
801 R_NREAD. The caller shall pass the remaining size of the packet in
804 read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
815 return gpg_error (GPG_ERR_INV_PACKET);
816 c = iobuf_readbyte (inp);
818 return gpg_error (GPG_ERR_INV_PACKET);
822 if (nbytes < 2 || nbytes > 254)
823 return gpg_error (GPG_ERR_INV_PACKET);
825 return gpg_error (GPG_ERR_INV_PACKET);
829 for (i = 0; i < nbytes; i++)
833 return gpg_error (GPG_ERR_INV_PACKET);
838 tmpbuf = xtrymalloc (1 + nbytes);
840 return gpg_error_from_syserror ();
841 memcpy (tmpbuf, buffer, 1 + nbytes);
842 *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
846 return gpg_error_from_syserror ();
852 /* Parse a marker packet. */
854 parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
861 if (iobuf_get (inp) != 'P')
867 if (iobuf_get (inp) != 'G')
873 if (iobuf_get (inp) != 'P')
880 es_fputs (":marker packet: PGP\n", listfp);
885 log_error ("invalid marker packet\n");
887 es_fputs (":marker packet: [invalid]\n", listfp);
888 iobuf_skip_rest (inp, pktlen, 0);
889 return GPG_ERR_INV_PACKET;
894 parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
899 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
903 log_error ("packet(%d) too short\n", pkttype);
905 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
906 rc = gpg_error (GPG_ERR_INV_PACKET);
909 version = iobuf_get_noeof (inp);
913 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
915 es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
916 rc = gpg_error (GPG_ERR_INV_PACKET);
920 { /* (we encode the seskeylen in a byte) */
921 log_error ("packet(%d) too large\n", pkttype);
923 es_fprintf (listfp, ":symkey enc packet: [too large]\n");
924 rc = gpg_error (GPG_ERR_INV_PACKET);
927 cipher_algo = iobuf_get_noeof (inp);
929 s2kmode = iobuf_get_noeof (inp);
931 hash_algo = iobuf_get_noeof (inp);
935 case 0: /* Simple S2K. */
938 case 1: /* Salted S2K. */
941 case 3: /* Iterated+salted S2K. */
945 log_error ("unknown S2K mode %d\n", s2kmode);
947 es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
952 log_error ("packet with S2K %d too short\n", s2kmode);
954 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
955 rc = gpg_error (GPG_ERR_INV_PACKET);
958 seskeylen = pktlen - minlen;
959 k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
961 k->version = version;
962 k->cipher_algo = cipher_algo;
963 k->s2k.mode = s2kmode;
964 k->s2k.hash_algo = hash_algo;
965 if (s2kmode == 1 || s2kmode == 3)
967 for (i = 0; i < 8 && pktlen; i++, pktlen--)
968 k->s2k.salt[i] = iobuf_get_noeof (inp);
972 k->s2k.count = iobuf_get (inp);
975 k->seskeylen = seskeylen;
978 for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
979 k->seskey[i] = iobuf_get_noeof (inp);
981 /* What we're watching out for here is a session key decryptor
982 with no salt. The RFC says that using salt for this is a
984 if (s2kmode != 1 && s2kmode != 3)
985 log_info (_("WARNING: potentially insecure symmetrically"
986 " encrypted session key\n"));
993 ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
994 version, cipher_algo, s2kmode, hash_algo);
996 es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
997 es_fprintf (listfp, "\n");
998 if (s2kmode == 1 || s2kmode == 3)
1000 es_fprintf (listfp, "\tsalt ");
1001 es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
1003 es_fprintf (listfp, ", count %lu (%lu)",
1004 S2K_DECODE_COUNT ((ulong) k->s2k.count),
1005 (ulong) k->s2k.count);
1006 es_fprintf (listfp, "\n");
1011 iobuf_skip_rest (inp, pktlen, 0);
1017 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1024 k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
1027 log_error ("packet(%d) too short\n", pkttype);
1029 es_fputs (":pubkey enc packet: [too short]\n", listfp);
1030 rc = gpg_error (GPG_ERR_INV_PACKET);
1033 k->version = iobuf_get_noeof (inp);
1035 if (k->version != 2 && k->version != 3)
1037 log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
1039 es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
1040 rc = gpg_error (GPG_ERR_INV_PACKET);
1043 k->keyid[0] = read_32 (inp);
1045 k->keyid[1] = read_32 (inp);
1047 k->pubkey_algo = iobuf_get_noeof (inp);
1049 k->throw_keyid = 0; /* Only used as flag for build_packet. */
1052 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
1053 k->version, k->pubkey_algo, (ulong) k->keyid[0],
1054 (ulong) k->keyid[1]);
1056 ndata = pubkey_get_nenc (k->pubkey_algo);
1060 es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
1061 unknown_pubkey_warning (k->pubkey_algo);
1062 k->data[0] = NULL; /* No need to store the encrypted data. */
1066 for (i = 0; i < ndata; i++)
1068 if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
1071 rc = read_size_body (inp, pktlen, &n, k->data+i);
1077 k->data[i] = mpi_read (inp, &n, 0);
1080 rc = gpg_error (GPG_ERR_INV_PACKET);
1086 es_fprintf (listfp, "\tdata: ");
1087 mpi_print (listfp, k->data[i], mpi_print_mode);
1088 es_putc ('\n', listfp);
1094 iobuf_skip_rest (inp, pktlen, 0);
1100 dump_sig_subpkt (int hashed, int type, int critical,
1101 const byte * buffer, size_t buflen, size_t length)
1103 const char *p = NULL;
1106 /* The CERT has warning out with explains how to use GNUPG to detect
1107 * the ARRs - we print our old message here when it is a faked ARR
1108 * and add an additional notice. */
1109 if (type == SIGSUBPKT_ARR && !hashed)
1112 "\tsubpkt %d len %u (additional recipient request)\n"
1113 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
1114 "encrypt to this key and thereby reveal the plaintext to "
1115 "the owner of this ARR key. Detailed info follows:\n",
1116 type, (unsigned) length);
1122 es_fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
1123 critical ? "critical " : "",
1124 hashed ? "hashed " : "", type, (unsigned) length);
1125 if (length > buflen)
1127 es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
1132 case SIGSUBPKT_SIG_CREATED:
1134 es_fprintf (listfp, "sig created %s",
1135 strtimestamp (buffer_to_u32 (buffer)));
1137 case SIGSUBPKT_SIG_EXPIRE:
1140 if (buffer_to_u32 (buffer))
1141 es_fprintf (listfp, "sig expires after %s",
1142 strtimevalue (buffer_to_u32 (buffer)));
1144 es_fprintf (listfp, "sig does not expire");
1147 case SIGSUBPKT_EXPORTABLE:
1149 es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1151 case SIGSUBPKT_TRUST:
1153 p = "[invalid trust subpacket]";
1155 es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1158 case SIGSUBPKT_REGEXP:
1160 p = "[invalid regexp subpacket]";
1163 es_fprintf (listfp, "regular expression: \"");
1164 es_write_sanitized (listfp, buffer, length, "\"", NULL);
1168 case SIGSUBPKT_REVOCABLE:
1170 es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1172 case SIGSUBPKT_KEY_EXPIRE:
1175 if (buffer_to_u32 (buffer))
1176 es_fprintf (listfp, "key expires after %s",
1177 strtimevalue (buffer_to_u32 (buffer)));
1179 es_fprintf (listfp, "key does not expire");
1182 case SIGSUBPKT_PREF_SYM:
1183 es_fputs ("pref-sym-algos:", listfp);
1184 for (i = 0; i < length; i++)
1185 es_fprintf (listfp, " %d", buffer[i]);
1187 case SIGSUBPKT_REV_KEY:
1188 es_fputs ("revocation key: ", listfp);
1193 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1194 for (i = 2; i < length; i++)
1195 es_fprintf (listfp, "%02X", buffer[i]);
1198 case SIGSUBPKT_ISSUER:
1200 es_fprintf (listfp, "issuer key ID %08lX%08lX",
1201 (ulong) buffer_to_u32 (buffer),
1202 (ulong) buffer_to_u32 (buffer + 4));
1204 case SIGSUBPKT_NOTATION:
1206 es_fputs ("notation: ", listfp);
1211 const byte *s = buffer;
1214 n1 = (s[4] << 8) | s[5];
1215 n2 = (s[6] << 8) | s[7];
1217 if (8 + n1 + n2 != length)
1221 es_write_sanitized (listfp, s, n1, ")", NULL);
1222 es_putc ('=', listfp);
1225 es_write_sanitized (listfp, s + n1, n2, ")", NULL);
1227 p = "[not human readable]";
1232 case SIGSUBPKT_PREF_HASH:
1233 es_fputs ("pref-hash-algos:", listfp);
1234 for (i = 0; i < length; i++)
1235 es_fprintf (listfp, " %d", buffer[i]);
1237 case SIGSUBPKT_PREF_COMPR:
1238 es_fputs ("pref-zip-algos:", listfp);
1239 for (i = 0; i < length; i++)
1240 es_fprintf (listfp, " %d", buffer[i]);
1242 case SIGSUBPKT_KS_FLAGS:
1243 es_fputs ("key server preferences:", listfp);
1244 for (i = 0; i < length; i++)
1245 es_fprintf (listfp, " %02X", buffer[i]);
1247 case SIGSUBPKT_PREF_KS:
1248 es_fputs ("preferred key server: ", listfp);
1249 es_write_sanitized (listfp, buffer, length, ")", NULL);
1251 case SIGSUBPKT_PRIMARY_UID:
1252 p = "primary user ID";
1254 case SIGSUBPKT_POLICY:
1255 es_fputs ("policy: ", listfp);
1256 es_write_sanitized (listfp, buffer, length, ")", NULL);
1258 case SIGSUBPKT_KEY_FLAGS:
1259 es_fputs ("key flags:", listfp);
1260 for (i = 0; i < length; i++)
1261 es_fprintf (listfp, " %02X", buffer[i]);
1263 case SIGSUBPKT_SIGNERS_UID:
1264 p = "signer's user ID";
1266 case SIGSUBPKT_REVOC_REASON:
1269 es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1270 es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
1275 es_fputs ("Big Brother's key (ignored): ", listfp);
1280 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1282 es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
1285 case SIGSUBPKT_FEATURES:
1286 es_fputs ("features:", listfp);
1287 for (i = 0; i < length; i++)
1288 es_fprintf (listfp, " %02x", buffer[i]);
1290 case SIGSUBPKT_SIGNATURE:
1291 es_fputs ("signature: ", listfp);
1295 es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1297 buffer[0] == 3 ? buffer[2] : buffer[1],
1298 buffer[0] == 3 ? buffer[15] : buffer[2],
1299 buffer[0] == 3 ? buffer[16] : buffer[3]);
1302 if (type >= 100 && type <= 110)
1303 p = "experimental / private subpacket";
1309 es_fprintf (listfp, "%s)\n", p ? p : "");
1314 * Returns: >= 0 use this offset into buffer
1315 * -1 explicitly reject returning this type
1316 * -2 subpacket too short
1319 parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1323 case SIGSUBPKT_REV_KEY:
1327 case SIGSUBPKT_SIG_CREATED:
1328 case SIGSUBPKT_SIG_EXPIRE:
1329 case SIGSUBPKT_KEY_EXPIRE:
1333 case SIGSUBPKT_KEY_FLAGS:
1334 case SIGSUBPKT_KS_FLAGS:
1335 case SIGSUBPKT_PREF_SYM:
1336 case SIGSUBPKT_PREF_HASH:
1337 case SIGSUBPKT_PREF_COMPR:
1338 case SIGSUBPKT_POLICY:
1339 case SIGSUBPKT_PREF_KS:
1340 case SIGSUBPKT_FEATURES:
1341 case SIGSUBPKT_REGEXP:
1343 case SIGSUBPKT_SIGNATURE:
1344 case SIGSUBPKT_EXPORTABLE:
1345 case SIGSUBPKT_REVOCABLE:
1346 case SIGSUBPKT_REVOC_REASON:
1350 case SIGSUBPKT_ISSUER: /* issuer key ID */
1354 case SIGSUBPKT_NOTATION:
1355 /* minimum length needed, and the subpacket must be well-formed
1356 where the name length and value length all fit inside the
1359 || 8 + ((buffer[4] << 8) | buffer[5]) +
1360 ((buffer[6] << 8) | buffer[7]) != n)
1363 case SIGSUBPKT_PRIMARY_UID:
1367 case SIGSUBPKT_TRUST:
1378 /* Return true if we understand the critical notation. */
1380 can_handle_critical_notation (const byte * name, size_t len)
1382 if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
1384 if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
1392 can_handle_critical (const byte * buffer, size_t n, int type)
1396 case SIGSUBPKT_NOTATION:
1399 size_t notation_len = ((buffer[4] << 8) | buffer[5]);
1400 if (n - 8 >= notation_len)
1401 return can_handle_critical_notation (buffer + 8, notation_len);
1404 case SIGSUBPKT_SIGNATURE:
1405 case SIGSUBPKT_SIG_CREATED:
1406 case SIGSUBPKT_SIG_EXPIRE:
1407 case SIGSUBPKT_KEY_EXPIRE:
1408 case SIGSUBPKT_EXPORTABLE:
1409 case SIGSUBPKT_REVOCABLE:
1410 case SIGSUBPKT_REV_KEY:
1411 case SIGSUBPKT_ISSUER: /* issuer key ID */
1412 case SIGSUBPKT_PREF_SYM:
1413 case SIGSUBPKT_PREF_HASH:
1414 case SIGSUBPKT_PREF_COMPR:
1415 case SIGSUBPKT_KEY_FLAGS:
1416 case SIGSUBPKT_PRIMARY_UID:
1417 case SIGSUBPKT_FEATURES:
1418 case SIGSUBPKT_TRUST:
1419 case SIGSUBPKT_REGEXP:
1420 /* Is it enough to show the policy or keyserver? */
1421 case SIGSUBPKT_POLICY:
1422 case SIGSUBPKT_PREF_KS:
1432 enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
1433 size_t * ret_n, int *start, int *critical)
1442 int reqseq = start ? *start : 0;
1445 critical = &critical_dummy;
1447 if (!pktbuf || reqseq == -1)
1449 static char dummy[] = "x";
1450 /* Return a value different from NULL to indicate that
1451 * there is no critical bit we do not understand. */
1452 return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
1454 buffer = pktbuf->data;
1455 buflen = pktbuf->len;
1460 if (n == 255) /* 4 byte length header. */
1464 n = (buffer[0] << 24) | (buffer[1] << 16)
1465 | (buffer[2] << 8) | buffer[3];
1469 else if (n >= 192) /* 4 byte special encoded length header. */
1473 n = ((n - 192) << 8) + *buffer + 192;
1487 if (!(++seq > reqseq))
1489 else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1493 if (n - 1 > buflen + 1)
1495 if (!can_handle_critical (buffer + 1, n - 1, type))
1498 log_info (_("subpacket of type %d has "
1499 "critical bit set\n"), type);
1502 return NULL; /* This is an error. */
1506 else if (reqtype < 0) /* List packets. */
1507 dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1508 type, *critical, buffer, buflen, n);
1509 else if (type == reqtype) /* Found. */
1517 offset = parse_one_sig_subpkt (buffer, n, type);
1521 log_error ("subpacket of type %d too short\n", type);
1530 return buffer + offset;
1535 if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1536 return buffer; /* Used as True to indicate that there is no. */
1538 /* Critical bit we don't understand. */
1541 return NULL; /* End of packets; not found. */
1545 log_info ("buffer shorter than subpacket\n");
1553 parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
1556 return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
1561 parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype,
1566 p = parse_sig_subpkt (sig->hashed, reqtype, ret_n);
1568 p = parse_sig_subpkt (sig->unhashed, reqtype, ret_n);
1573 /* Find all revocation keys. Look in hashed area only. */
1575 parse_revkeys (PKT_signature * sig)
1577 struct revocation_key *revkey;
1581 if (sig->sig_class != 0x1F)
1585 (struct revocation_key *) enum_sig_subpkt (sig->hashed,
1589 if (len == sizeof (struct revocation_key)
1590 && (revkey->class & 0x80)) /* 0x80 bit must be set. */
1592 sig->revkey = xrealloc (sig->revkey,
1593 sizeof (struct revocation_key *) *
1594 (sig->numrevkeys + 1));
1595 sig->revkey[sig->numrevkeys] = revkey;
1603 parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
1604 PKT_signature * sig)
1614 log_error ("packet(%d) too short\n", pkttype);
1616 es_fputs (":signature packet: [too short]\n", listfp);
1619 sig->version = iobuf_get_noeof (inp);
1621 if (sig->version == 4)
1623 else if (sig->version != 2 && sig->version != 3)
1625 log_error ("packet(%d) with unknown version %d\n",
1626 pkttype, sig->version);
1628 es_fputs (":signature packet: [unknown version]\n", listfp);
1629 rc = gpg_error (GPG_ERR_INV_PACKET);
1635 md5_len = iobuf_get_noeof (inp);
1638 sig->sig_class = iobuf_get_noeof (inp);
1642 sig->timestamp = read_32 (inp);
1644 sig->keyid[0] = read_32 (inp);
1646 sig->keyid[1] = read_32 (inp);
1649 sig->pubkey_algo = iobuf_get_noeof (inp);
1651 sig->digest_algo = iobuf_get_noeof (inp);
1653 sig->flags.exportable = 1;
1654 sig->flags.revocable = 1;
1655 if (is_v4) /* Read subpackets. */
1658 pktlen -= 2; /* Length of hashed data. */
1661 log_error ("signature packet: hashed data too long\n");
1663 es_fputs (":signature packet: [hashed data too long]\n", listfp);
1664 rc = GPG_ERR_INV_PACKET;
1669 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
1670 sig->hashed->size = n;
1671 sig->hashed->len = n;
1672 if (iobuf_read (inp, sig->hashed->data, n) != n)
1674 log_error ("premature eof while reading "
1675 "hashed signature data\n");
1677 es_fputs (":signature packet: [premature eof]\n", listfp);
1684 pktlen -= 2; /* Length of unhashed data. */
1687 log_error ("signature packet: unhashed data too long\n");
1689 es_fputs (":signature packet: [unhashed data too long]\n", listfp);
1690 rc = GPG_ERR_INV_PACKET;
1695 sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
1696 sig->unhashed->size = n;
1697 sig->unhashed->len = n;
1698 if (iobuf_read (inp, sig->unhashed->data, n) != n)
1700 log_error ("premature eof while reading "
1701 "unhashed signature data\n");
1703 es_fputs (":signature packet: [premature eof]\n", listfp);
1711 if (pktlen < 5) /* Sanity check. */
1713 log_error ("packet(%d) too short\n", pkttype);
1715 es_fputs (":signature packet: [too short]\n", listfp);
1716 rc = GPG_ERR_INV_PACKET;
1720 sig->digest_start[0] = iobuf_get_noeof (inp);
1722 sig->digest_start[1] = iobuf_get_noeof (inp);
1725 if (is_v4 && sig->pubkey_algo) /* Extract required information. */
1730 /* Set sig->flags.unknown_critical if there is a critical bit
1731 * set for packets which we do not understand. */
1732 if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1733 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
1734 sig->flags.unknown_critical = 1;
1736 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
1738 sig->timestamp = buffer_to_u32 (p);
1739 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1741 log_info ("signature packet without timestamp\n");
1743 p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER, NULL);
1746 sig->keyid[0] = buffer_to_u32 (p);
1747 sig->keyid[1] = buffer_to_u32 (p + 4);
1749 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1751 log_info ("signature packet without keyid\n");
1753 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
1754 if (p && buffer_to_u32 (p))
1755 sig->expiredate = sig->timestamp + buffer_to_u32 (p);
1756 if (sig->expiredate && sig->expiredate <= make_timestamp ())
1757 sig->flags.expired = 1;
1759 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
1761 sig->flags.policy_url = 1;
1763 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
1765 sig->flags.pref_ks = 1;
1767 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
1769 sig->flags.notation = 1;
1771 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
1773 sig->flags.revocable = 0;
1775 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
1778 sig->trust_depth = p[0];
1779 sig->trust_value = p[1];
1781 /* Only look for a regexp if there is also a trust
1784 parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
1786 /* If the regular expression is of 0 length, there is no
1787 regular expression. */
1789 sig->trust_regexp = NULL;
1792 /* We accept the exportable subpacket from either the hashed or
1793 unhashed areas as older versions of gpg put it in the
1794 unhashed area. In theory, anyway, we should never see this
1795 packet off of a local keyring. */
1797 p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE, NULL);
1799 sig->flags.exportable = 0;
1801 /* Find all revocation keys. */
1802 if (sig->sig_class == 0x1F)
1803 parse_revkeys (sig);
1808 es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1809 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1810 "\tdigest algo %d, begin of digest %02x %02x\n",
1812 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1813 sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
1814 sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
1817 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
1818 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
1822 ndata = pubkey_get_nsig (sig->pubkey_algo);
1826 es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
1827 unknown_pubkey_warning (sig->pubkey_algo);
1829 /* We store the plain material in data[0], so that we are able
1830 * to write it back with build_packet(). */
1831 if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
1833 /* We include a limit to avoid too trivial DoS attacks by
1834 having gpg allocate too much memory. */
1835 log_error ("signature packet: too much data\n");
1836 rc = GPG_ERR_INV_PACKET;
1841 gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
1847 for (i = 0; i < ndata; i++)
1850 sig->data[i] = mpi_read (inp, &n, 0);
1854 es_fprintf (listfp, "\tdata: ");
1855 mpi_print (listfp, sig->data[i], mpi_print_mode);
1856 es_putc ('\n', listfp);
1859 rc = GPG_ERR_INV_PACKET;
1864 iobuf_skip_rest (inp, pktlen, 0);
1870 parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
1871 PKT_onepass_sig * ops)
1878 log_error ("packet(%d) too short\n", pkttype);
1880 es_fputs (":onepass_sig packet: [too short]\n", listfp);
1881 rc = gpg_error (GPG_ERR_INV_PACKET);
1884 version = iobuf_get_noeof (inp);
1888 log_error ("onepass_sig with unknown version %d\n", version);
1890 es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
1891 rc = gpg_error (GPG_ERR_INV_PACKET);
1894 ops->sig_class = iobuf_get_noeof (inp);
1896 ops->digest_algo = iobuf_get_noeof (inp);
1898 ops->pubkey_algo = iobuf_get_noeof (inp);
1900 ops->keyid[0] = read_32 (inp);
1902 ops->keyid[1] = read_32 (inp);
1904 ops->last = iobuf_get_noeof (inp);
1908 ":onepass_sig packet: keyid %08lX%08lX\n"
1909 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
1911 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
1912 version, ops->sig_class,
1913 ops->digest_algo, ops->pubkey_algo, ops->last);
1917 iobuf_skip_rest (inp, pktlen, 0);
1923 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
1924 byte * hdr, int hdrlen, PACKET * pkt)
1926 gpg_error_t err = 0;
1927 int i, version, algorithm;
1928 unsigned long timestamp, expiredate, max_expiredate;
1935 pk = pkt->pkt.public_key; /* PK has been cleared. */
1937 version = iobuf_get_noeof (inp);
1939 if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
1941 /* Early versions of G10 used the old PGP comments packets;
1942 * luckily all those comments are started by a hash. */
1945 es_fprintf (listfp, ":rfc1991 comment packet: \"");
1946 for (; pktlen; pktlen--)
1949 c = iobuf_get (inp);
1951 break; /* Ooops: shorter than indicated. */
1952 if (c >= ' ' && c <= 'z')
1953 es_putc (c, listfp);
1955 es_fprintf (listfp, "\\x%02x", c);
1957 es_fprintf (listfp, "\"\n");
1959 iobuf_skip_rest (inp, pktlen, 0);
1962 else if (version == 4)
1964 /* The only supported version. Use an older gpg
1965 version (i.e. gpg 1.4) to parse v3 packets. */
1967 else if (version == 2 || version == 3)
1969 if (opt.verbose > 1)
1970 log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
1972 es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
1973 pk->version = version;
1974 err = gpg_error (GPG_ERR_LEGACY_KEY);
1979 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1981 es_fputs (":key packet: [unknown version]\n", listfp);
1982 err = gpg_error (GPG_ERR_INV_PACKET);
1988 log_error ("packet(%d) too short\n", pkttype);
1990 es_fputs (":key packet: [too short]\n", listfp);
1991 err = gpg_error (GPG_ERR_INV_PACKET);
1994 else if (pktlen > MAX_KEY_PACKET_LENGTH)
1996 log_error ("packet(%d) too large\n", pkttype);
1998 es_fputs (":key packet: [too larget]\n", listfp);
1999 err = gpg_error (GPG_ERR_INV_PACKET);
2003 timestamp = read_32 (inp);
2005 expiredate = 0; /* have to get it from the selfsignature */
2007 algorithm = iobuf_get_noeof (inp);
2010 es_fprintf (listfp, ":%s key packet:\n"
2011 "\tversion %d, algo %d, created %lu, expires %lu\n",
2012 pkttype == PKT_PUBLIC_KEY ? "public" :
2013 pkttype == PKT_SECRET_KEY ? "secret" :
2014 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
2015 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
2016 version, algorithm, timestamp, expiredate);
2018 pk->timestamp = timestamp;
2019 pk->expiredate = expiredate;
2020 pk->max_expiredate = max_expiredate;
2021 pk->hdrbytes = hdrlen;
2022 pk->version = version;
2023 pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
2024 pk->pubkey_algo = algorithm;
2026 nskey = pubkey_get_nskey (algorithm);
2027 npkey = pubkey_get_npkey (algorithm);
2031 es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
2032 unknown_pubkey_warning (algorithm);
2037 /* Unknown algorithm - put data into an opaque MPI. */
2038 pk->pkey[0] = gcry_mpi_set_opaque (NULL,
2039 read_rest (inp, pktlen), pktlen * 8);
2045 for (i = 0; i < npkey; i++)
2047 if ( (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
2048 || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
2049 || (algorithm == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
2051 /* Read the OID (i==1) or the KDF params (i==2). */
2053 err = read_size_body (inp, pktlen, &n, pk->pkey+i);
2058 unsigned int n = pktlen;
2059 pk->pkey[i] = mpi_read (inp, &n, 0);
2062 err = gpg_error (GPG_ERR_INV_PACKET);
2068 es_fprintf (listfp, "\tpkey[%d]: ", i);
2069 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2070 if ((algorithm == PUBKEY_ALGO_ECDSA
2071 || algorithm == PUBKEY_ALGO_EDDSA
2072 || algorithm == PUBKEY_ALGO_ECDH) && i==0)
2074 char *curve = openpgp_oid_to_str (pk->pkey[0]);
2075 es_fprintf (listfp, " %s (%s)",
2076 openpgp_oid_to_curve (curve), curve);
2079 es_putc ('\n', listfp);
2084 keyid_from_pk (pk, keyid);
2086 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
2088 struct seckey_info *ski;
2092 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
2093 if (!pk->seckey_info)
2095 err = gpg_error_from_syserror ();
2099 ski->algo = iobuf_get_noeof (inp);
2103 ski->is_protected = 1;
2105 if (ski->algo == 254 || ski->algo == 255)
2109 err = gpg_error (GPG_ERR_INV_PACKET);
2112 ski->sha1chk = (ski->algo == 254);
2113 ski->algo = iobuf_get_noeof (inp);
2115 /* Note that a ski->algo > 110 is illegal, but I'm not
2116 erroring on it here as otherwise there would be no
2117 way to delete such a key. */
2118 ski->s2k.mode = iobuf_get_noeof (inp);
2120 ski->s2k.hash_algo = iobuf_get_noeof (inp);
2122 /* Check for the special GNU extension. */
2123 if (ski->s2k.mode == 101)
2125 for (i = 0; i < 4 && pktlen; i++, pktlen--)
2126 temp[i] = iobuf_get_noeof (inp);
2127 if (i < 4 || memcmp (temp, "GNU", 3))
2130 es_fprintf (listfp, "\tunknown S2K %d\n",
2132 err = gpg_error (GPG_ERR_INV_PACKET);
2135 /* Here we know that it is a GNU extension. What
2136 * follows is the GNU protection mode: All values
2137 * have special meanings and they are mapped to MODE
2138 * with a base of 1000. */
2139 ski->s2k.mode = 1000 + temp[3];
2142 /* Read the salt. */
2143 switch (ski->s2k.mode)
2147 for (i = 0; i < 8 && pktlen; i++, pktlen--)
2148 temp[i] = iobuf_get_noeof (inp);
2149 memcpy (ski->s2k.salt, temp, 8);
2153 /* Check the mode. */
2154 switch (ski->s2k.mode)
2158 es_fprintf (listfp, "\tsimple S2K");
2162 es_fprintf (listfp, "\tsalted S2K");
2166 es_fprintf (listfp, "\titer+salt S2K");
2170 es_fprintf (listfp, "\tgnu-dummy S2K");
2174 es_fprintf (listfp, "\tgnu-divert-to-card S2K");
2178 es_fprintf (listfp, "\tunknown %sS2K %d\n",
2179 ski->s2k.mode < 1000 ? "" : "GNU ",
2181 err = gpg_error (GPG_ERR_INV_PACKET);
2185 /* Print some info. */
2188 es_fprintf (listfp, ", algo: %d,%s hash: %d",
2190 ski->sha1chk ? " SHA1 protection,"
2191 : " simple checksum,", ski->s2k.hash_algo);
2192 if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
2194 es_fprintf (listfp, ", salt: ");
2195 es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
2197 es_putc ('\n', listfp);
2200 /* Read remaining protection parameters. */
2201 if (ski->s2k.mode == 3)
2205 err = gpg_error (GPG_ERR_INV_PACKET);
2208 ski->s2k.count = iobuf_get (inp);
2211 es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
2212 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
2213 (ulong) ski->s2k.count);
2215 else if (ski->s2k.mode == 1002)
2217 /* Read the serial number. */
2220 err = gpg_error (GPG_ERR_INV_PACKET);
2223 snlen = iobuf_get (inp);
2225 if (pktlen < snlen || snlen == (size_t)(-1))
2227 err = gpg_error (GPG_ERR_INV_PACKET);
2232 else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2234 /* Note that a ski->algo > 110 is illegal, but I'm not
2235 erroring on it here as otherwise there would be no
2236 way to delete such a key. */
2238 ski->s2k.hash_algo = DIGEST_ALGO_MD5;
2240 es_fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2241 ski->algo, ski->s2k.hash_algo);
2244 /* It is really ugly that we don't know the size
2245 * of the IV here in cases we are not aware of the algorithm.
2247 * ski->ivlen = cipher_get_blocksize (ski->algo);
2248 * won't work. The only solution I see is to hardwire it.
2249 * NOTE: if you change the ivlen above 16, don't forget to
2251 ski->ivlen = openpgp_cipher_blocklen (ski->algo);
2252 assert (ski->ivlen <= sizeof (temp));
2254 if (ski->s2k.mode == 1001)
2256 else if (ski->s2k.mode == 1002)
2257 ski->ivlen = snlen < 16 ? snlen : 16;
2259 if (pktlen < ski->ivlen)
2261 err = gpg_error (GPG_ERR_INV_PACKET);
2264 for (i = 0; i < ski->ivlen && pktlen; i++, pktlen--)
2265 temp[i] = iobuf_get_noeof (inp);
2269 ski->s2k.mode == 1002 ? "\tserial-number: "
2270 : "\tprotect IV: ");
2271 for (i = 0; i < ski->ivlen; i++)
2272 es_fprintf (listfp, " %02x", temp[i]);
2273 es_putc ('\n', listfp);
2275 memcpy (ski->iv, temp, ski->ivlen);
2278 /* It does not make sense to read it into secure memory.
2279 * If the user is so careless, not to protect his secret key,
2280 * we can assume, that he operates an open system :=(.
2281 * So we put the key into secure memory when we unprotect it. */
2282 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
2284 /* Better set some dummy stuff here. */
2285 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2286 xstrdup ("dummydata"),
2290 else if (ski->is_protected)
2292 /* Ugly: The length is encrypted too, so we read all stuff
2293 * up to the end of the packet into the first SKEY
2295 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2296 read_rest (inp, pktlen),
2298 /* Mark that MPI as protected - we need this information for
2299 importing a key. The OPAQUE flag can't be used because
2300 we also store public EdDSA values in opaque MPIs. */
2301 if (pk->pkey[npkey])
2302 gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
2305 es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
2309 /* Not encrypted. */
2310 for (i = npkey; i < nskey; i++)
2312 unsigned int n = pktlen;
2313 pk->pkey[i] = mpi_read (inp, &n, 0);
2317 es_fprintf (listfp, "\tskey[%d]: ", i);
2318 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2319 es_putc ('\n', listfp);
2323 err = gpg_error (GPG_ERR_INV_PACKET);
2328 ski->csum = read_16 (inp);
2331 es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
2336 es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2337 (ulong) keyid[0], (ulong) keyid[1]);
2340 iobuf_skip_rest (inp, pktlen, 0);
2345 /* Attribute subpackets have the same format as v4 signature
2346 subpackets. This is not part of OpenPGP, but is done in several
2347 versions of PGP nevertheless. */
2349 parse_attribute_subpkts (PKT_user_id * uid)
2353 struct user_attribute *attribs = NULL;
2354 const byte *buffer = uid->attrib_data;
2355 int buflen = uid->attrib_len;
2358 xfree (uid->attribs);
2364 if (n == 255) /* 4 byte length header. */
2368 n = (buffer[0] << 24) | (buffer[1] << 16)
2369 | (buffer[2] << 8) | buffer[3];
2373 else if (n >= 192) /* 2 byte special encoded length header. */
2377 n = ((n - 192) << 8) + *buffer + 192;
2386 /* Too short to encode the subpacket type. */
2388 log_info ("attribute subpacket too short\n");
2392 attribs = xrealloc (attribs,
2393 (count + 1) * sizeof (struct user_attribute));
2394 memset (&attribs[count], 0, sizeof (struct user_attribute));
2401 attribs[count].type = type;
2402 attribs[count].data = buffer;
2403 attribs[count].len = n;
2409 uid->attribs = attribs;
2410 uid->numattribs = count;
2415 log_info ("buffer shorter than attribute subpacket\n");
2416 uid->attribs = attribs;
2417 uid->numattribs = count;
2423 parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2427 /* Cap the size of a user ID at 2k: a value absurdly large enough
2428 that there is no sane user ID string (which is printable text
2429 as of RFC2440bis) that won't fit in it, but yet small enough to
2430 avoid allocation problems. A large pktlen may not be
2431 allocatable, and a very large pktlen could actually cause our
2432 allocation to wrap around in xmalloc to a small number. */
2434 if (pktlen > MAX_UID_PACKET_LENGTH)
2436 log_error ("packet(%d) too large\n", pkttype);
2438 es_fprintf (listfp, ":user ID packet: [too large]\n");
2439 iobuf_skip_rest (inp, pktlen, 0);
2440 return GPG_ERR_INV_PACKET;
2443 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
2444 packet->pkt.user_id->len = pktlen;
2445 packet->pkt.user_id->ref = 1;
2447 p = packet->pkt.user_id->name;
2448 for (; pktlen; pktlen--, p++)
2449 *p = iobuf_get_noeof (inp);
2454 int n = packet->pkt.user_id->len;
2455 es_fprintf (listfp, ":user ID packet: \"");
2456 /* fixme: Hey why don't we replace this with es_write_sanitized?? */
2457 for (p = packet->pkt.user_id->name; n; p++, n--)
2459 if (*p >= ' ' && *p <= 'z')
2460 es_putc (*p, listfp);
2462 es_fprintf (listfp, "\\x%02x", *p);
2464 es_fprintf (listfp, "\"\n");
2471 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
2473 assert (max_namelen > 70);
2474 if (uid->numattribs <= 0)
2475 sprintf (uid->name, "[bad attribute packet of size %lu]",
2477 else if (uid->numattribs > 1)
2478 sprintf (uid->name, "[%d attributes of size %lu]",
2479 uid->numattribs, uid->attrib_len);
2482 /* Only one attribute, so list it as the "user id" */
2484 if (uid->attribs->type == ATTRIB_IMAGE)
2489 if (parse_image_header (uid->attribs, &type, &len))
2490 sprintf (uid->name, "[%.20s image of size %lu]",
2491 image_type_to_string (type, 1), (ulong) len);
2493 sprintf (uid->name, "[invalid image]");
2496 sprintf (uid->name, "[unknown attribute of size %lu]",
2497 (ulong) uid->attribs->len);
2500 uid->len = strlen (uid->name);
2505 parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
2512 /* We better cap the size of an attribute packet to make DoS not too
2513 easy. 16MB should be more then enough for one attribute packet
2515 if (pktlen > MAX_ATTR_PACKET_LENGTH)
2517 log_error ("packet(%d) too large\n", pkttype);
2519 es_fprintf (listfp, ":attribute packet: [too large]\n");
2520 iobuf_skip_rest (inp, pktlen, 0);
2521 return GPG_ERR_INV_PACKET;
2524 #define EXTRA_UID_NAME_SPACE 71
2525 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
2526 + EXTRA_UID_NAME_SPACE);
2527 packet->pkt.user_id->ref = 1;
2528 packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
2529 packet->pkt.user_id->attrib_len = pktlen;
2531 p = packet->pkt.user_id->attrib_data;
2532 for (; pktlen; pktlen--, p++)
2533 *p = iobuf_get_noeof (inp);
2535 /* Now parse out the individual attribute subpackets. This is
2536 somewhat pointless since there is only one currently defined
2537 attribute type (jpeg), but it is correct by the spec. */
2538 parse_attribute_subpkts (packet->pkt.user_id);
2540 make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2544 es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
2551 parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2555 /* Cap comment packet at a reasonable value to avoid an integer
2556 overflow in the malloc below. Comment packets are actually not
2557 anymore define my OpenPGP and we even stopped to use our
2558 private comment packet. */
2559 if (pktlen > MAX_COMMENT_PACKET_LENGTH)
2561 log_error ("packet(%d) too large\n", pkttype);
2563 es_fprintf (listfp, ":%scomment packet: [too large]\n",
2564 pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
2565 iobuf_skip_rest (inp, pktlen, 0);
2566 return GPG_ERR_INV_PACKET;
2568 packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
2569 packet->pkt.comment->len = pktlen;
2570 p = packet->pkt.comment->data;
2571 for (; pktlen; pktlen--, p++)
2572 *p = iobuf_get_noeof (inp);
2576 int n = packet->pkt.comment->len;
2577 es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
2578 "OpenPGP draft " : "");
2579 for (p = packet->pkt.comment->data; n; p++, n--)
2581 if (*p >= ' ' && *p <= 'z')
2582 es_putc (*p, listfp);
2584 es_fprintf (listfp, "\\x%02x", *p);
2586 es_fprintf (listfp, "\"\n");
2593 parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
2599 pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
2602 c = iobuf_get_noeof (inp);
2604 pkt->pkt.ring_trust->trustval = c;
2605 pkt->pkt.ring_trust->sigcache = 0;
2606 if (!c && pktlen == 1)
2608 c = iobuf_get_noeof (inp);
2610 /* We require that bit 7 of the sigcache is 0 (easier eof
2613 pkt->pkt.ring_trust->sigcache = c;
2616 es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2617 pkt->pkt.ring_trust->trustval,
2618 pkt->pkt.ring_trust->sigcache);
2622 pkt->pkt.ring_trust->trustval = 0;
2623 pkt->pkt.ring_trust->sigcache = 0;
2625 es_fprintf (listfp, ":trust packet: empty\n");
2627 iobuf_skip_rest (inp, pktlen, 0);
2632 parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
2633 PACKET * pkt, int new_ctb, int partial)
2641 if (!partial && pktlen < 6)
2643 log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
2645 es_fputs (":literal data packet: [too short]\n", listfp);
2646 rc = gpg_error (GPG_ERR_INV_PACKET);
2649 mode = iobuf_get_noeof (inp);
2652 namelen = iobuf_get_noeof (inp);
2655 /* Note that namelen will never exceed 255 bytes. */
2656 pt = pkt->pkt.plaintext =
2657 xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
2658 pt->new_ctb = new_ctb;
2660 pt->namelen = namelen;
2661 pt->is_partial = partial;
2664 for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
2665 pt->name[i] = iobuf_get_noeof (inp);
2669 for (i = 0; i < namelen; i++)
2670 if ((c = iobuf_get (inp)) == -1)
2675 pt->timestamp = read_32 (inp);
2684 es_fprintf (listfp, ":literal data packet:\n"
2685 "\tmode %c (%X), created %lu, name=\"",
2686 mode >= ' ' && mode < 'z' ? mode : '?', mode,
2687 (ulong) pt->timestamp);
2688 for (p = pt->name, i = 0; i < namelen; p++, i++)
2690 if (*p >= ' ' && *p <= 'z')
2691 es_putc (*p, listfp);
2693 es_fprintf (listfp, "\\x%02x", *p);
2695 es_fprintf (listfp, "\",\n\traw data: ");
2697 es_fprintf (listfp, "unknown length\n");
2699 es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
2708 parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
2709 PACKET * pkt, int new_ctb)
2713 /* PKTLEN is here 0, but data follows (this should be the last
2714 object in a file or the compress algorithm should know the
2719 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2720 zd->algorithm = iobuf_get_noeof (inp);
2721 zd->len = 0; /* not used */
2722 zd->new_ctb = new_ctb;
2725 es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2731 parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
2732 PACKET * pkt, int new_ctb, int partial)
2736 unsigned long orig_pktlen = pktlen;
2738 ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
2739 /* ed->len is set below. */
2740 ed->extralen = 0; /* Unknown here; only used in build_packet. */
2742 ed->new_ctb = new_ctb;
2743 ed->is_partial = partial;
2744 if (pkttype == PKT_ENCRYPTED_MDC)
2746 /* Fixme: add some pktlen sanity checks. */
2749 version = iobuf_get_noeof (inp);
2754 log_error ("encrypted_mdc packet with unknown version %d\n",
2757 es_fputs (":encrypted data packet: [unknown version]\n", listfp);
2758 /*skip_rest(inp, pktlen); should we really do this? */
2759 rc = gpg_error (GPG_ERR_INV_PACKET);
2762 ed->mdc_method = DIGEST_ALGO_SHA1;
2767 /* A basic sanity check. We need at least an 8 byte IV plus the 2
2768 detection bytes. Note that we don't known the algorithm and thus
2769 we may only check against the minimum blocksize. */
2770 if (orig_pktlen && pktlen < 10)
2772 /* Actually this is blocksize+2. */
2773 log_error ("packet(%d) too short\n", pkttype);
2775 es_fputs (":encrypted data packet: [too short]\n", listfp);
2776 rc = GPG_ERR_INV_PACKET;
2777 iobuf_skip_rest (inp, pktlen, partial);
2781 /* Store the remaining length of the encrypted data (i.e. without
2782 the MDC version number but with the IV etc.). This value is
2783 required during decryption. */
2789 es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
2792 es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
2794 es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
2804 /* Note, that this code is not anymore used in real life because the
2805 MDC checking is now done right after the decryption in
2808 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
2809 PACKET * pkt, int new_ctb)
2817 mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
2819 es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
2820 if (!new_ctb || pktlen != 20)
2822 log_error ("mdc_packet with invalid encoding\n");
2823 rc = gpg_error (GPG_ERR_INV_PACKET);
2827 for (; pktlen; pktlen--, p++)
2828 *p = iobuf_get_noeof (inp);
2836 * This packet is internally generated by us (ibn armor.c) to transfer
2837 * some information to the lower layer. To make sure that this packet
2838 * is really a GPG faked one and not one comming from outside, we
2839 * first check that there is a unique tag in it.
2841 * The format of such a control packet is:
2842 * n byte session marker
2843 * 1 byte control type CTRLPKT_xxxxx
2844 * m byte control data
2847 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
2848 PACKET * packet, int partial)
2851 const byte *sesmark;
2858 es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
2860 sesmark = get_session_marker (&sesmarklen);
2861 if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
2863 for (i = 0; i < sesmarklen; i++, pktlen--)
2865 if (sesmark[i] != iobuf_get_noeof (inp))
2869 goto skipit; /* Definitely too large. We skip it to avoid an
2870 overflow in the malloc. */
2872 puts ("- gpg control packet");
2874 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
2876 packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
2878 packet->pkt.gpg_control->datalen = pktlen;
2879 p = packet->pkt.gpg_control->data;
2880 for (; pktlen; pktlen--, p++)
2881 *p = iobuf_get_noeof (inp);
2891 es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
2894 while ((c = iobuf_get (inp)) != -1)
2895 dump_hex_line (c, &i);
2899 for (; pktlen; pktlen--)
2901 dump_hex_line ((c = iobuf_get (inp)), &i);
2906 es_putc ('\n', listfp);
2908 iobuf_skip_rest (inp, pktlen, 0);
2909 return gpg_error (GPG_ERR_INV_PACKET);
2913 /* Create a GPG control packet to be used internally as a placeholder. */
2915 create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
2920 packet = xmalloc (sizeof *packet);
2921 init_packet (packet);
2922 packet->pkttype = PKT_GPG_CONTROL;
2923 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
2925 packet->pkt.gpg_control->control = type;
2926 packet->pkt.gpg_control->datalen = datalen;
2927 p = packet->pkt.gpg_control->data;
2928 for (; datalen; datalen--, p++)
projects / gnupg.git / blob