1 /* sexp.c - S-Expression handling
2 * Copyright (C) 1999, 2000, 2001, 2002, 2003,
3 * 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc.
4 * Copyright (C) 2013, 2014 g10 Code GmbH
6 * This file is part of Libgcrypt.
8 * Libgcrypt is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser general Public License as
10 * published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * Libgcrypt is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
32 #define GCRYPT_NO_MPI_MACROS 1
36 /* Notes on the internal memory layout.
38 We store an S-expression as one memory buffer with tags, length and
39 value. The simplest list would thus be:
41 /----------+----------+---------+------+-----------+----------\
42 | open_tag | data_tag | datalen | data | close_tag | stop_tag |
43 \----------+----------+---------+------+-----------+----------/
45 Expressed more compact and with an example:
47 /----+----+----+---+----+----\
48 | OT | DT | DL | D | CT | ST | "(foo)"
49 \----+----+----+---+----+----/
51 The open tag must always be the first tag of a list as requires by
52 the S-expression specs. At least data element (data_tag, datalen,
53 data) is required as well. The close_tag finishes the list and
54 would actually be sufficient. For fail-safe reasons a final stop
55 tag is always the last byte in a buffer; it has a value of 0 so
56 that string function accidently applied to an S-expression will
57 never access unallocated data. We do not support display hints and
58 thus don't need to represent them. A list may have more an
59 arbitrary number of data elements but at least one is required.
60 The length of each data must be greater than 0 and has a current
61 limit to 65535 bytes (by means of the DATALEN type).
63 A list with two data elements:
65 /----+----+----+---+----+----+---+----+----\
66 | OT | DT | DL | D | DT | DL | D | CT | ST | "(foo bar)"
67 \----+----+----+---+----+----+---+----+----/
69 In the above example both DL fields have a value of 3.
70 A list of a list with one data element:
72 /----+----+----+----+---+----+----+----\
73 | OT | OT | DT | DL | D | CT | CT | ST | "((foo))"
74 \----+----+----+----+---+----+----+----/
76 A list with one element followed by another list:
78 /----+----+----+---+----+----+----+---+----+----+----\
79 | OT | DT | DL | D | OT | DT | DL | D | CT | CT | ST | "(foo (bar))"
80 \----+----+----+---+----+----+----+---+----+----+----/
84 typedef unsigned short DATALEN;
92 #define ST_DATA 1 /* datalen follows */
93 /*#define ST_HINT 2 datalen follows (currently not used) */
97 /* The atoi macros assume that the buffer has only valid digits. */
98 #define atoi_1(p) (*(p) - '0' )
99 #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
100 *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
101 #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
103 #define TOKEN_SPECIALS "-./_:*+="
105 static gcry_err_code_t
106 do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
107 const char *buffer, size_t length, int argflag,
108 void **arg_list, va_list arg_ptr);
110 static gcry_err_code_t
111 do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
112 const char *buffer, size_t length, int argflag,
113 void **arg_list, ...);
115 /* Return true if P points to a byte containing a whitespace according
116 to the S-expressions definition. */
118 static GPG_ERR_INLINE int
119 whitespacep (const char *p)
123 case ' ': case '\t': case '\v': case '\f': case '\r': case '\n': return 1;
131 dump_mpi( gcry_mpi_t a )
137 fputs("[no MPI]", stderr );
138 else if( gcry_mpi_print( GCRYMPI_FMT_HEX, buffer, &n, a ) )
139 fputs("[MPI too large to print]", stderr );
141 fputs( buffer, stderr );
146 dump_string (const byte *p, size_t n, int delim )
150 if ((*p & 0x80) || iscntrl( *p ) || *p == delim )
154 else if( *p == '\r' )
156 else if( *p == '\f' )
158 else if( *p == '\v' )
160 else if( *p == '\b' )
165 log_printf ("\\x%02x", *p );
168 log_printf ("%c", *p);
174 _gcry_sexp_dump (const gcry_sexp_t a)
182 log_printf ( "[nil]\n");
187 while ( (type = *p) != ST_STOP )
193 log_printf ("%*s[open]\n", 2*indent, "");
199 log_printf ("%*s[close]\n", 2*indent, "");
203 memcpy ( &n, p, sizeof n );
205 log_printf ("%*s[data=\"", 2*indent, "" );
206 dump_string (p, n, '\"' );
207 log_printf ("\"]\n");
212 log_printf ("%*s[unknown tag %d]\n", 2*indent, "", type);
219 /* Pass list through except when it is an empty list - in that case
220 * return NULL and release the passed list. This is used to make sure
221 * that no forbidden empty lists are created.
224 normalize ( gcry_sexp_t list )
234 sexp_release ( list );
237 if ( *p == ST_OPEN && p[1] == ST_CLOSE )
240 sexp_release ( list );
247 /* Create a new S-expression object by reading LENGTH bytes from
248 BUFFER, assuming it is canonical encoded or autodetected encoding
249 when AUTODETECT is set to 1. With FREEFNC not NULL, ownership of
250 the buffer is transferred to the newly created object. FREEFNC
251 should be the freefnc used to release BUFFER; there is no guarantee
252 at which point this function is called; most likey you want to use
253 free() or gcry_free().
255 Passing LENGTH and AUTODETECT as 0 is allowed to indicate that
256 BUFFER points to a valid canonical encoded S-expression. A LENGTH
257 of 0 and AUTODETECT 1 indicates that buffer points to a
258 null-terminated string.
260 This function returns 0 and and the pointer to the new object in
261 RETSEXP or an error code in which case RETSEXP is set to NULL. */
263 _gcry_sexp_create (gcry_sexp_t *retsexp, void *buffer, size_t length,
264 int autodetect, void (*freefnc)(void*) )
266 gcry_err_code_t errcode;
270 return GPG_ERR_INV_ARG;
272 if (autodetect < 0 || autodetect > 1 || !buffer)
273 return GPG_ERR_INV_ARG;
275 if (!length && !autodetect)
276 { /* What a brave caller to assume that there is really a canonical
277 encoded S-expression in buffer */
278 length = _gcry_sexp_canon_len (buffer, 0, NULL, &errcode);
282 else if (!length && autodetect)
283 { /* buffer is a string */
284 length = strlen ((char *)buffer);
287 errcode = do_sexp_sscan (&se, NULL, buffer, length, 0, NULL);
294 /* For now we release the buffer immediately. As soon as we
295 have changed the internal represenation of S-expression to
296 the canoncial format - which has the advantage of faster
297 parsing - we will use this function as a closure in our
298 GCRYSEXP object and use the BUFFER directly. */
304 /* Same as gcry_sexp_create but don't transfer ownership */
306 _gcry_sexp_new (gcry_sexp_t *retsexp, const void *buffer, size_t length,
309 return _gcry_sexp_create (retsexp, (void *)buffer, length, autodetect, NULL);
314 * Release resource of the given SEXP object.
317 _gcry_sexp_release( gcry_sexp_t sexp )
321 if (_gcry_is_secure (sexp))
323 /* Extra paranoid wiping. */
324 const byte *p = sexp->d;
327 while ( (type = *p) != ST_STOP )
339 memcpy ( &n, p, sizeof n );
348 wipememory (sexp->d, p - sexp->d);
356 * Make a pair from lists a and b, don't use a or b later on.
357 * Special behaviour: If one is a single element list we put the
358 * element straight into the new pair.
361 _gcry_sexp_cons( const gcry_sexp_t a, const gcry_sexp_t b )
366 /* NYI: Implementation should be quite easy with our new data
374 * Make a list from all items in the array the end of the array is marked
378 _gcry_sexp_alist( const gcry_sexp_t *array )
382 /* NYI: Implementation should be quite easy with our new data
389 * Make a list from all items, the end of list is indicated by a NULL
392 _gcry_sexp_vlist( const gcry_sexp_t a, ... )
395 /* NYI: Implementation should be quite easy with our new data
403 * Append n to the list a
404 * Returns: a new ist (which maybe a)
407 _gcry_sexp_append( const gcry_sexp_t a, const gcry_sexp_t n )
411 /* NYI: Implementation should be quite easy with our new data
418 _gcry_sexp_prepend( const gcry_sexp_t a, const gcry_sexp_t n )
422 /* NYI: Implementation should be quite easy with our new data
431 * Locate token in a list. The token must be the car of a sublist.
432 * Returns: A new list with this sublist or NULL if not found.
435 _gcry_sexp_find_token( const gcry_sexp_t list, const char *tok, size_t toklen )
444 toklen = strlen(tok);
447 while ( *p != ST_STOP )
449 if ( *p == ST_OPEN && p[1] == ST_DATA )
451 const byte *head = p;
454 memcpy ( &n, p, sizeof n );
456 if ( n == toklen && !memcmp( p, tok, toklen ) )
462 /* Look for the end of the list. */
463 for ( p += n; level; p++ )
467 memcpy ( &n, ++p, sizeof n );
469 p--; /* Compensate for later increment. */
471 else if ( *p == ST_OPEN )
475 else if ( *p == ST_CLOSE )
479 else if ( *p == ST_STOP )
486 newlist = xtrymalloc ( sizeof *newlist + n );
489 /* No way to return an error code, so we can only
494 memcpy ( d, head, n ); d += n;
496 return normalize ( newlist );
500 else if ( *p == ST_DATA )
502 memcpy ( &n, ++p, sizeof n ); p += sizeof n;
512 * Return the length of the given list
515 _gcry_sexp_length (const gcry_sexp_t list)
527 while ((type=*p) != ST_STOP)
532 memcpy (&n, p, sizeof n);
537 else if (type == ST_OPEN)
543 else if (type == ST_CLOSE)
552 /* Return the internal lengths offset of LIST. That is the size of
553 the buffer from the first ST_OPEN, which is returned at R_OFF, to
554 the corresponding ST_CLOSE inclusive. */
556 get_internal_buffer (const gcry_sexp_t list, size_t *r_off)
558 const unsigned char *p;
567 while ( (type=*p) != ST_STOP )
572 memcpy (&n, p, sizeof n);
575 else if (type == ST_OPEN)
578 *r_off = (p-1) - list->d;
581 else if ( type == ST_CLOSE )
589 return 0; /* Not a proper list. */
594 /* Extract the n-th element of the given LIST. Returns NULL for
595 no-such-element, a corrupt list, or memory failure. */
597 _gcry_sexp_nth (const gcry_sexp_t list, int number)
605 if (!list || list->d[0] != ST_OPEN)
614 memcpy (&n, ++p, sizeof n);
620 else if (*p == ST_OPEN)
624 else if (*p == ST_CLOSE)
630 else if (*p == ST_STOP)
639 memcpy (&n, p+1, sizeof n);
640 newlist = xtrymalloc (sizeof *newlist + 1 + 1 + sizeof n + n + 1);
645 memcpy (d, p, 1 + sizeof n + n);
646 d += 1 + sizeof n + n;
650 else if (*p == ST_OPEN)
652 const byte *head = p;
659 memcpy (&n, ++p, sizeof n);
663 else if (*p == ST_OPEN)
667 else if (*p == ST_CLOSE)
671 else if (*p == ST_STOP)
678 newlist = xtrymalloc (sizeof *newlist + n);
689 return normalize (newlist);
694 _gcry_sexp_car (const gcry_sexp_t list)
696 return _gcry_sexp_nth (list, 0);
700 /* Helper to get data from the car. The returned value is valid as
701 long as the list is not modified. */
703 do_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen)
715 p++; /* Yep, a list. */
717 return NULL; /* Not a list but N > 0 requested. */
719 /* Skip over N elements. */
724 memcpy ( &n, ++p, sizeof n );
730 else if (*p == ST_OPEN)
734 else if (*p == ST_CLOSE)
740 else if (*p == ST_STOP)
747 /* If this is data, return it. */
750 memcpy ( &n, ++p, sizeof n );
752 return (const char*)p + sizeof n;
759 /* Get data from the car. The returned value is valid as long as the
760 list is not modified. */
762 _gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen )
764 return do_sexp_nth_data (list, number, datalen);
768 /* Get the nth element of a list which needs to be a simple object.
769 The returned value is a malloced buffer and needs to be freed by
770 the caller. This is basically the same as gcry_sexp_nth_data but
771 with an allocated result. */
773 _gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
780 s = do_sexp_nth_data (list, number, &n);
783 buf = xtrymalloc (n);
792 /* Get a string from the car. The returned value is a malloced string
793 and needs to be freed by the caller. */
795 _gcry_sexp_nth_string (const gcry_sexp_t list, int number)
801 s = do_sexp_nth_data (list, number, &n);
802 if (!s || n < 1 || (n+1) < 1)
804 buf = xtrymalloc (n+1);
814 * Get a MPI from the car
817 _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt)
822 if (mpifmt == GCRYMPI_FMT_OPAQUE)
826 p = _gcry_sexp_nth_buffer (list, number, &n);
830 a = _gcry_is_secure (list)? _gcry_mpi_snew (0) : _gcry_mpi_new (0);
832 mpi_set_opaque (a, p, n*8);
841 mpifmt = GCRYMPI_FMT_STD;
843 s = do_sexp_nth_data (list, number, &n);
847 if (_gcry_mpi_scan (&a, mpifmt, s, n, NULL))
859 _gcry_sexp_cdr(const gcry_sexp_t list)
869 if (!list || list->d[0] != ST_OPEN)
878 memcpy ( &n, ++p, sizeof n );
884 else if (*p == ST_OPEN)
888 else if (*p == ST_CLOSE)
894 else if (*p == ST_STOP)
906 memcpy ( &n, ++p, sizeof n );
910 else if (*p == ST_OPEN)
914 else if (*p == ST_CLOSE)
918 else if (*p == ST_STOP)
926 newlist = xtrymalloc (sizeof *newlist + n + 2);
936 return normalize (newlist);
941 _gcry_sexp_cadr ( const gcry_sexp_t list )
945 a = _gcry_sexp_cdr (list);
946 b = _gcry_sexp_car (a);
952 static GPG_ERR_INLINE int
955 if (s >= '0' && s <= '9')
957 else if (s >= 'A' && s <= 'F')
959 else if (s >= 'a' && s <= 'f')
966 struct make_space_ctx
974 static gpg_err_code_t
975 make_space ( struct make_space_ctx *c, size_t n )
977 size_t used = c->pos - c->sexp->d;
979 if ( used + n + sizeof(DATALEN) + 1 >= c->allocated )
985 newsize = c->allocated + 2*(n+sizeof(DATALEN)+1);
986 if (newsize <= c->allocated)
987 return GPG_ERR_TOO_LARGE;
988 newsexp = xtryrealloc ( c->sexp, sizeof *newsexp + newsize - 1);
990 return gpg_err_code_from_errno (errno);
991 c->allocated = newsize;
992 newhead = newsexp->d;
993 c->pos = newhead + used;
1000 /* Unquote STRING of LENGTH and store it into BUF. The surrounding
1001 quotes are must already be removed from STRING. We assume that the
1002 quoted string is syntacillay correct. */
1004 unquote_string (const char *string, size_t length, unsigned char *buf)
1007 const unsigned char *s = (const unsigned char*)string;
1008 unsigned char *d = buf;
1017 case 'b': *d++ = '\b'; break;
1018 case 't': *d++ = '\t'; break;
1019 case 'v': *d++ = '\v'; break;
1020 case 'n': *d++ = '\n'; break;
1021 case 'f': *d++ = '\f'; break;
1022 case 'r': *d++ = '\r'; break;
1023 case '"': *d++ = '\"'; break;
1024 case '\'': *d++ = '\''; break;
1025 case '\\': *d++ = '\\'; break;
1027 case '\r': /* ignore CR[,LF] */
1028 if (n>1 && s[1] == '\n')
1034 case '\n': /* ignore LF[,CR] */
1035 if (n>1 && s[1] == '\r')
1041 case 'x': /* hex value */
1042 if (n>2 && hexdigitp (s+1) && hexdigitp (s+2))
1051 if (n>2 && octdigitp (s) && octdigitp (s+1) && octdigitp (s+2))
1053 *d++ = (atoi_1 (s)*64) + (atoi_1 (s+1)*8) + atoi_1 (s+2);
1061 else if( *s == '\\' )
1071 * Scan the provided buffer and return the S expression in our internal
1072 * format. Returns a newly allocated expression. If erroff is not NULL and
1073 * a parsing error has occurred, the offset into buffer will be returned.
1074 * If ARGFLAG is true, the function supports some printf like
1078 * %s - string (no autoswitch to secure allocation)
1079 * %d - integer stored as string (no autoswitch to secure allocation)
1080 * %b - memory buffer; this takes _two_ arguments: an integer with the
1081 * length of the buffer and a pointer to the buffer.
1082 * %S - Copy an gcry_sexp_t here. The S-expression needs to be a
1083 * regular one, starting with a parenthesis.
1084 * (no autoswitch to secure allocation)
1085 * all other format elements are currently not defined and return an error.
1086 * this includes the "%%" sequence becauce the percent sign is not an
1087 * allowed character.
1088 * FIXME: We should find a way to store the secure-MPIs not in the string
1089 * but as reference to somewhere - this can help us to save huge amounts
1090 * of secure memory. The problem is, that if only one element is secure, all
1091 * other elements are automagicaly copied to secure memory too, so the most
1092 * common operation gcry_sexp_cdr_mpi() will always return a secure MPI
1093 * regardless whether it is needed or not.
1095 static gpg_err_code_t
1096 do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
1097 const char *buffer, size_t length, int argflag,
1098 void **arg_list, va_list arg_ptr)
1100 gcry_err_code_t err = 0;
1101 static const char tokenchars[] =
1102 "abcdefghijklmnopqrstuvwxyz"
1103 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1104 "0123456789-./_:*+=";
1107 const char *digptr = NULL;
1108 const char *quoted = NULL;
1109 const char *tokenp = NULL;
1110 const char *hexfmt = NULL;
1111 const char *base64 = NULL;
1112 const char *disphint = NULL;
1113 const char *percent = NULL;
1117 size_t dummy_erroff;
1118 struct make_space_ctx c;
1119 int arg_counter = 0;
1123 erroff = &dummy_erroff;
1125 /* Depending on whether ARG_LIST is non-zero or not, this macro gives
1126 us the next argument, either from the variable argument list as
1127 specified by ARG_PTR or from the argument array ARG_LIST. */
1128 #define ARG_NEXT(storage, type) \
1132 storage = va_arg (arg_ptr, type); \
1134 storage = *((type *) (arg_list[arg_counter++])); \
1138 /* The MAKE_SPACE macro is used before each store operation to
1139 ensure that the buffer is large enough. It requires a global
1140 context named C and jumps out to the label LEAVE on error! It
1141 also sets ERROFF using the variables BUFFER and P. */
1142 #define MAKE_SPACE(n) do { \
1143 gpg_err_code_t _ms_err = make_space (&c, (n)); \
1147 *erroff = p - buffer; \
1152 /* The STORE_LEN macro is used to store the length N at buffer P. */
1153 #define STORE_LEN(p,n) do { \
1154 DATALEN ashort = (n); \
1155 memcpy ( (p), &ashort, sizeof(ashort) ); \
1156 (p) += sizeof (ashort); \
1159 /* We assume that the internal representation takes less memory than
1160 the provided one. However, we add space for one extra datalen so
1161 that the code which does the ST_CLOSE can use MAKE_SPACE */
1162 c.allocated = length + sizeof(DATALEN);
1163 if (buffer && length && _gcry_is_secure (buffer))
1164 c.sexp = xtrymalloc_secure (sizeof *c.sexp + c.allocated - 1);
1166 c.sexp = xtrymalloc (sizeof *c.sexp + c.allocated - 1);
1169 err = gpg_err_code_from_errno (errno);
1175 for (p = buffer, n = length; n; p++, n--)
1177 if (tokenp && !hexfmt)
1179 if (strchr (tokenchars, *p))
1183 datalen = p - tokenp;
1184 MAKE_SPACE (datalen);
1186 STORE_LEN (c.pos, datalen);
1187 memcpy (c.pos, tokenp, datalen);
1199 case 'b': case 't': case 'v': case 'n': case 'f':
1200 case 'r': case '"': case '\'': case '\\':
1204 case '0': case '1': case '2': case '3': case '4':
1205 case '5': case '6': case '7':
1207 && (p[1] >= '0') && (p[1] <= '7')
1208 && (p[2] >= '0') && (p[2] <= '7')))
1210 *erroff = p - buffer;
1211 /* Invalid octal value. */
1212 err = GPG_ERR_SEXP_BAD_QUOTATION;
1221 if (!((n > 2) && hexdigitp (p+1) && hexdigitp (p+2)))
1223 *erroff = p - buffer;
1224 /* Invalid hex value. */
1225 err = GPG_ERR_SEXP_BAD_QUOTATION;
1234 /* ignore CR[,LF] */
1235 if (n && (p[1] == '\n'))
1244 /* ignore LF[,CR] */
1245 if (n && (p[1] == '\r'))
1254 *erroff = p - buffer;
1255 /* Invalid quoted string escape. */
1256 err = GPG_ERR_SEXP_BAD_QUOTATION;
1260 else if (*p == '\\')
1262 else if (*p == '\"')
1264 /* Keep it easy - we know that the unquoted string will
1266 unsigned char *save;
1269 quoted++; /* Skip leading quote. */
1270 MAKE_SPACE (p - quoted);
1273 STORE_LEN (c.pos, 0); /* Will be fixed up later. */
1274 len = unquote_string (quoted, p - quoted, c.pos);
1276 STORE_LEN (save, len);
1288 *erroff = p - buffer;
1289 err = GPG_ERR_SEXP_ODD_HEX_NUMBERS;
1293 datalen = hexcount / 2;
1294 MAKE_SPACE (datalen);
1296 STORE_LEN (c.pos, datalen);
1297 for (hexfmt++; hexfmt < p; hexfmt++)
1301 if (whitespacep (hexfmt))
1303 tmpc = hextonibble (*(const unsigned char*)hexfmt);
1304 for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++)
1309 tmpc += hextonibble (*(const unsigned char*)hexfmt);
1315 else if (!whitespacep (p))
1317 *erroff = p - buffer;
1318 err = GPG_ERR_SEXP_BAD_HEX_CHAR;
1333 datalen = atoi (digptr); /* FIXME: check for overflow. */
1335 if (datalen > n - 1)
1337 *erroff = p - buffer;
1338 /* Buffer too short. */
1339 err = GPG_ERR_SEXP_STRING_TOO_LONG;
1342 /* Make a new list entry. */
1343 MAKE_SPACE (datalen);
1345 STORE_LEN (c.pos, datalen);
1346 memcpy (c.pos, p + 1, datalen);
1351 else if (*p == '\"')
1353 digptr = NULL; /* We ignore the optional length. */
1359 digptr = NULL; /* We ignore the optional length. */
1365 digptr = NULL; /* We ignore the optional length. */
1370 *erroff = p - buffer;
1371 err = GPG_ERR_SEXP_INV_LEN_SPEC;
1377 if (*p == 'm' || *p == 'M')
1379 /* Insert an MPI. */
1382 int mpifmt = *p == 'm'? GCRYMPI_FMT_STD: GCRYMPI_FMT_USG;
1384 ARG_NEXT (m, gcry_mpi_t);
1386 if (mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE))
1391 mp = mpi_get_opaque (m, &nbits);
1396 if (!_gcry_is_secure (c.sexp->d)
1397 && mpi_get_flag (m, GCRYMPI_FLAG_SECURE))
1399 /* We have to switch to secure allocation. */
1400 gcry_sexp_t newsexp;
1403 newsexp = xtrymalloc_secure (sizeof *newsexp
1407 err = gpg_err_code_from_errno (errno);
1410 newhead = newsexp->d;
1411 memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
1412 c.pos = newhead + (c.pos - c.sexp->d);
1418 STORE_LEN (c.pos, nm);
1419 memcpy (c.pos, mp, nm);
1425 if (_gcry_mpi_print (mpifmt, NULL, 0, &nm, m))
1429 if (!_gcry_is_secure (c.sexp->d)
1430 && mpi_get_flag ( m, GCRYMPI_FLAG_SECURE))
1432 /* We have to switch to secure allocation. */
1433 gcry_sexp_t newsexp;
1436 newsexp = xtrymalloc_secure (sizeof *newsexp
1440 err = gpg_err_code_from_errno (errno);
1443 newhead = newsexp->d;
1444 memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
1445 c.pos = newhead + (c.pos - c.sexp->d);
1451 STORE_LEN (c.pos, nm);
1452 if (_gcry_mpi_print (mpifmt, c.pos, nm, &nm, m))
1459 /* Insert an string. */
1463 ARG_NEXT (astr, const char *);
1464 alen = strlen (astr);
1468 STORE_LEN (c.pos, alen);
1469 memcpy (c.pos, astr, alen);
1474 /* Insert a memory buffer. */
1478 ARG_NEXT (alen, int);
1479 ARG_NEXT (astr, const char *);
1483 && !_gcry_is_secure (c.sexp->d)
1484 && _gcry_is_secure (astr))
1486 /* We have to switch to secure allocation. */
1487 gcry_sexp_t newsexp;
1490 newsexp = xtrymalloc_secure (sizeof *newsexp
1494 err = gpg_err_code_from_errno (errno);
1497 newhead = newsexp->d;
1498 memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
1499 c.pos = newhead + (c.pos - c.sexp->d);
1505 STORE_LEN (c.pos, alen);
1506 memcpy (c.pos, astr, alen);
1511 /* Insert an integer as string. */
1516 ARG_NEXT (aint, int);
1517 sprintf (buf, "%d", aint);
1518 alen = strlen (buf);
1521 STORE_LEN (c.pos, alen);
1522 memcpy (c.pos, buf, alen);
1527 /* Insert an unsigned integer as string. */
1532 ARG_NEXT (aint, unsigned int);
1533 sprintf (buf, "%u", aint);
1534 alen = strlen (buf);
1537 STORE_LEN (c.pos, alen);
1538 memcpy (c.pos, buf, alen);
1543 /* Insert a gcry_sexp_t. */
1547 ARG_NEXT (asexp, gcry_sexp_t);
1548 alen = get_internal_buffer (asexp, &aoff);
1552 memcpy (c.pos, asexp->d + aoff, alen);
1558 *erroff = p - buffer;
1559 /* Invalid format specifier. */
1560 err = GPG_ERR_SEXP_INV_LEN_SPEC;
1569 *erroff = p - buffer;
1570 /* Open display hint. */
1571 err = GPG_ERR_SEXP_UNMATCHED_DH;
1583 *erroff = p - buffer;
1584 /* Open display hint. */
1585 err = GPG_ERR_SEXP_UNMATCHED_DH;
1589 *c.pos++ = ST_CLOSE;
1592 else if (*p == '\"')
1608 *erroff = p - buffer;
1609 /* Open display hint. */
1610 err = GPG_ERR_SEXP_NESTED_DH;
1619 *erroff = p - buffer;
1620 /* Open display hint. */
1621 err = GPG_ERR_SEXP_UNMATCHED_DH;
1626 else if (digitp (p))
1630 /* A length may not begin with zero. */
1631 *erroff = p - buffer;
1632 err = GPG_ERR_SEXP_ZERO_PREFIX;
1637 else if (strchr (tokenchars, *p))
1639 else if (whitespacep (p))
1643 /* fixme: handle rescanning: we can do this by saving our
1644 current state and start over at p+1 -- Hmmm. At this
1645 point here we are in a well defined state, so we don't
1646 need to save it. Great. */
1647 *erroff = p - buffer;
1648 err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
1651 else if (strchr ("&\\", *p))
1653 /* Reserved punctuation. */
1654 *erroff = p - buffer;
1655 err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
1658 else if (argflag && (*p == '%'))
1662 /* Bad or unavailable. */
1663 *erroff = p - buffer;
1664 err = GPG_ERR_SEXP_BAD_CHARACTER;
1672 err = GPG_ERR_SEXP_UNMATCHED_PAREN;
1677 /* Error -> deallocate. */
1680 /* Extra paranoid wipe on error. */
1681 if (_gcry_is_secure (c.sexp))
1682 wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1);
1685 /* This might be expected by existing code... */
1689 *retsexp = normalize (c.sexp);
1697 static gpg_err_code_t
1698 do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
1699 const char *buffer, size_t length, int argflag,
1700 void **arg_list, ...)
1705 va_start (arg_ptr, arg_list);
1706 rc = do_vsexp_sscan (retsexp, erroff, buffer, length, argflag,
1715 _gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, const char *format, ...)
1720 va_start (arg_ptr, format);
1721 rc = do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1,
1730 _gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
1731 const char *format, va_list arg_ptr)
1733 return do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1,
1738 /* Like gcry_sexp_build, but uses an array instead of variable
1739 function arguments. */
1741 _gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
1742 const char *format, void **arg_list)
1744 return do_sexp_sscan (retsexp, erroff, format, strlen(format), 1, arg_list);
1749 _gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
1750 const char *buffer, size_t length)
1752 return do_sexp_sscan (retsexp, erroff, buffer, length, 0, NULL);
1756 /* Figure out a suitable encoding for BUFFER of LENGTH.
1762 suitable_encoding (const unsigned char *buffer, size_t length)
1764 const unsigned char *s;
1765 int maybe_token = 1;
1771 return 0; /* If the MSB is set we assume that buffer represents a
1774 return 0; /* Starting with a zero is pretty much a binary string. */
1776 for (s=buffer; length; s++, length--)
1778 if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0))
1779 && !strchr ("\b\t\v\n\f\r\"\'\\", *s))
1780 return 0; /*binary*/
1782 && !alphap (s) && !digitp (s) && !strchr (TOKEN_SPECIALS, *s))
1786 if ( maybe_token && !digitp (s) )
1793 convert_to_hex (const unsigned char *src, size_t len, char *dest)
1800 for (i=0; i < len; i++, dest += 2 )
1801 sprintf (dest, "%02X", src[i]);
1808 convert_to_string (const unsigned char *s, size_t len, char *dest)
1814 for (; len; len--, s++ )
1818 case '\b': *p++ = '\\'; *p++ = 'b'; break;
1819 case '\t': *p++ = '\\'; *p++ = 't'; break;
1820 case '\v': *p++ = '\\'; *p++ = 'v'; break;
1821 case '\n': *p++ = '\\'; *p++ = 'n'; break;
1822 case '\f': *p++ = '\\'; *p++ = 'f'; break;
1823 case '\r': *p++ = '\\'; *p++ = 'r'; break;
1824 case '\"': *p++ = '\\'; *p++ = '\"'; break;
1825 case '\'': *p++ = '\\'; *p++ = '\''; break;
1826 case '\\': *p++ = '\\'; *p++ = '\\'; break;
1828 if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
1830 sprintf (p, "\\x%02x", *s);
1843 for (; len; len--, s++ )
1855 case '\\': count += 2; break;
1857 if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
1870 convert_to_token (const unsigned char *src, size_t len, char *dest)
1873 memcpy (dest, src, len);
1879 * Print SEXP to buffer using the MODE. Returns the length of the
1880 * SEXP in buffer or 0 if the buffer is too short (We have at least an
1881 * empty list consisting of 2 bytes). If a buffer of NULL is provided,
1882 * the required length is returned.
1885 _gcry_sexp_sprint (const gcry_sexp_t list, int mode,
1886 void *buffer, size_t maxlength )
1888 static unsigned char empty[3] = { ST_OPEN, ST_CLOSE, ST_STOP };
1889 const unsigned char *s;
1896 s = list? list->d : empty;
1898 while ( *s != ST_STOP )
1904 if ( mode != GCRYSEXP_FMT_CANON )
1913 if ( len >= maxlength )
1915 if ( mode != GCRYSEXP_FMT_CANON )
1919 for (i=0; i < indent; i++)
1931 if ( len >= maxlength )
1936 if (*s != ST_OPEN && *s != ST_STOP && mode != GCRYSEXP_FMT_CANON)
1942 if (len >= maxlength)
1945 for (i=0; i < indent; i++)
1952 memcpy ( &n, s, sizeof n ); s += sizeof n;
1953 if (mode == GCRYSEXP_FMT_ADVANCED)
1958 switch ( (type=suitable_encoding (s, n)))
1960 case 1: nn = convert_to_string (s, n, NULL); break;
1961 case 2: nn = convert_to_token (s, n, NULL); break;
1962 default: nn = convert_to_hex (s, n, NULL); break;
1967 if (len >= maxlength)
1971 case 1: convert_to_string (s, n, d); break;
1972 case 2: convert_to_token (s, n, d); break;
1973 default: convert_to_hex (s, n, d); break;
1977 if (s[n] != ST_CLOSE)
1982 if (len >= maxlength)
1990 sprintf (numbuf, "%u:", (unsigned int)n );
1991 len += strlen (numbuf) + n;
1994 if ( len >= maxlength )
1996 d = stpcpy ( d, numbuf );
1997 memcpy ( d, s, n ); d += n;
2006 if ( mode != GCRYSEXP_FMT_CANON )
2011 if ( len >= maxlength )
2018 if ( len >= maxlength )
2020 *d++ = 0; /* for convenience we make a C string */
2023 len++; /* we need one byte more for this */
2029 /* Scan a canonical encoded buffer with implicit length values and
2030 return the actual length this S-expression uses. For a valid S-Exp
2031 it should never return 0. If LENGTH is not zero, the maximum
2032 length to scan is given - this can be used for syntax checks of
2033 data passed from outside. errorcode and erroff may both be passed as
2036 _gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
2037 size_t *erroff, gcry_err_code_t *errcode)
2039 const unsigned char *p;
2040 const unsigned char *disphint = NULL;
2041 unsigned int datalen = 0;
2042 size_t dummy_erroff;
2043 gcry_err_code_t dummy_errcode;
2048 erroff = &dummy_erroff;
2050 errcode = &dummy_errcode;
2052 *errcode = GPG_ERR_NO_ERROR;
2058 *errcode = GPG_ERR_SEXP_NOT_CANONICAL;
2062 for (p=buffer; ; p++, count++ )
2064 if (length && count >= length)
2067 *errcode = GPG_ERR_SEXP_STRING_TOO_LONG;
2075 if (length && (count+datalen) >= length)
2078 *errcode = GPG_ERR_SEXP_STRING_TOO_LONG;
2086 datalen = datalen*10 + atoi_1(p);
2090 *errcode = GPG_ERR_SEXP_INV_LEN_SPEC;
2099 *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
2109 *errcode = GPG_ERR_SEXP_UNMATCHED_PAREN;
2115 *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
2119 return ++count; /* ready */
2126 *errcode = GPG_ERR_SEXP_NESTED_DH;
2136 *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
2141 else if (digitp (p) )
2146 *errcode = GPG_ERR_SEXP_ZERO_PREFIX;
2149 datalen = atoi_1 (p);
2151 else if (*p == '&' || *p == '\\')
2154 *errcode = GPG_ERR_SEXP_UNEXPECTED_PUNC;
2160 *errcode = GPG_ERR_SEXP_BAD_CHARACTER;
2167 /* Extract MPIs from an s-expression using a list of parameters. The
2168 * names of these parameters are given by the string LIST. Some
2169 * special characters may be given to control the conversion:
2171 * + :: Switch to unsigned integer format (default).
2172 * - :: Switch to standard signed format.
2173 * / :: Switch to opaque format.
2174 * & :: Switch to buffer descriptor mode - see below.
2175 * ? :: The previous parameter is optional.
2177 * In general parameter names are single letters. To use a string for
2178 * a parameter name, enclose the name in single quotes.
2180 * Unless in gcry_buffer_t mode for each parameter name a pointer to
2181 * an MPI variable is expected and finally a NULL is expected.
2184 * _gcry_sexp_extract_param (key, NULL, "n/x+ed",
2185 * &mpi_n, &mpi_x, &mpi_e, NULL)
2187 * This stores the parameter "N" from KEY as an unsigned MPI into
2188 * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the
2189 * parameter "E" again as an unsigned MPI into MPI_E.
2191 * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor
2192 * is expected instead of a pointer to an MPI. The caller may use two
2193 * different operation modes: If the DATA field of the provided buffer
2194 * descriptor is NULL, the function allocates a new buffer and stores
2195 * it at DATA; the other fields are set accordingly with OFF being 0.
2196 * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF
2197 * describe a buffer where to but the data; on return the LEN field
2198 * receives the number of bytes copied to that buffer; if the buffer
2199 * is too small, the function immediately returns with an error code
2200 * (and LEN set to 0).
2202 * PATH is an optional string used to locate a token. The exclamation
2203 * mark separated tokens are used to via gcry_sexp_find_token to find
2204 * a start point inside SEXP.
2206 * The function returns NULL on success. On error an error code is
2207 * returned and the passed MPIs are either unchanged or set to NULL.
2210 _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
2211 const char *list, va_list arg_ptr)
2215 gcry_mpi_t *array[20];
2216 char arrayisdesc[20];
2219 int mode = '+'; /* Default to GCRYMPI_FMT_USG. */
2220 gcry_sexp_t freethis = NULL;
2222 memset (arrayisdesc, 0, sizeof arrayisdesc);
2224 /* First copy all the args into an array. This is required so that
2225 we are able to release already allocated MPIs if later an error
2227 for (s=list, idx=0; *s && idx < DIM (array); s++)
2229 if (*s == '&' || *s == '+' || *s == '-' || *s == '/' || *s == '?')
2231 else if (whitespacep (s))
2238 s2 = strchr (s, '\'');
2241 /* Closing quote not found or empty string. */
2242 return GPG_ERR_SYNTAX;
2246 array[idx] = va_arg (arg_ptr, gcry_mpi_t *);
2248 return GPG_ERR_MISSING_VALUE; /* NULL pointer given. */
2253 return GPG_ERR_LIMIT_REACHED; /* Too many list elements. */
2254 if (va_arg (arg_ptr, gcry_mpi_t *))
2255 return GPG_ERR_INV_ARG; /* Not enough list elemends. */
2258 while (path && *path)
2262 s = strchr (path, '!');
2265 rc = GPG_ERR_NOT_FOUND;
2268 n = s? s - path : 0;
2269 l1 = _gcry_sexp_find_token (sexp, path, n);
2272 rc = GPG_ERR_NOT_FOUND;
2275 sexp = l1; l1 = NULL;
2276 sexp_release (freethis);
2285 /* Now extract all parameters. */
2286 for (s=list, idx=0; *s; s++)
2288 if (*s == '&' || *s == '+' || *s == '-' || *s == '/')
2290 else if (whitespacep (s))
2293 ; /* Only used via lookahead. */
2298 /* Find closing quote, find token, set S to closing quote. */
2300 s2 = strchr (s, '\'');
2303 /* Closing quote not found or empty string. */
2304 rc = GPG_ERR_SYNTAX;
2307 l1 = _gcry_sexp_find_token (sexp, s, s2 - s);
2311 l1 = _gcry_sexp_find_token (sexp, s, 1);
2313 if (!l1 && s[1] == '?')
2315 /* Optional element not found. */
2318 gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
2331 rc = GPG_ERR_NO_OBJ; /* List element not found. */
2338 gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
2345 pbuf = _gcry_sexp_nth_data (l1, 1, &nbuf);
2348 rc = GPG_ERR_INV_OBJ;
2351 if (spec->off + nbuf > spec->size)
2353 rc = GPG_ERR_BUFFER_TOO_SHORT;
2356 memcpy ((char*)spec->data + spec->off, pbuf, nbuf);
2358 arrayisdesc[idx] = 1;
2362 spec->data = _gcry_sexp_nth_buffer (l1, 1, &spec->size);
2365 rc = GPG_ERR_INV_OBJ; /* Or out of core. */
2368 spec->len = spec->size;
2370 arrayisdesc[idx] = 2;
2373 else if (mode == '/')
2374 *array[idx] = _gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_OPAQUE);
2375 else if (mode == '-')
2376 *array[idx] = _gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_STD);
2378 *array[idx] = _gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
2379 sexp_release (l1); l1 = NULL;
2382 rc = GPG_ERR_INV_OBJ; /* Conversion failed. */
2390 sexp_release (freethis);
2394 sexp_release (freethis);
2398 if (!arrayisdesc[idx])
2400 _gcry_mpi_release (*array[idx]);
2403 else if (!arrayisdesc[idx] == 1)
2405 /* Caller provided buffer. */
2406 gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
2411 /* We might have allocated a buffer. */
2412 gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
2415 spec->size = spec->off = spec->len = 0;
2422 _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
2423 const char *list, ...)
2428 va_start (arg_ptr, list);
2429 rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
2431 return gpg_error (rc);
projects / libgcrypt.git / blob