static int
keydb_idx_parse( cdk_stream_t inp, key_idx_t * r_idx )
{
key_idx_t idx;
byte buf[4];
int i;
if( !inp || !r_idx )
return CDK_Inv_Value;
idx = cdk_calloc( 1, sizeof * idx );
if( !idx )
return CDK_Out_Of_Core;
while( !cdk_stream_eof( inp ) ) {
i = cdk_stream_read( inp, buf, 4 );
if( i == CDK_EOF )
break;
idx->offset = _cdk_buftou32( buf );
cdk_stream_read( inp, buf, 4 );
idx->keyid[0] = _cdk_buftou32( buf );
cdk_stream_read( inp, buf, 4 );
idx->keyid[1] = _cdk_buftou32( buf );
cdk_stream_read( inp, idx->fpr, 20 );
#if 0
_cdk_log_debug( "%08lu: keyid=%08lX fpr=", idx->offset,idx->keyid[1] );
for( i = 0; i < 20; i++ )
_cdk_log_debug( "%02X", idx->fpr[i] );
_cdk_log_debug( "\n" );
#endif
break;
}
*r_idx = idx;
return cdk_stream_eof( inp )? CDK_EOF : 0;
}
/**
* cdk_stream_kick_off:
* @inp: the input stream
* @out: the output stream.
*
* Passes the entire data from @inp into the output stream @out
* with all the activated filters.
*/
cdk_error_t
cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
{
byte buf[BUFSIZE];
int nread, nwritten;
cdk_error_t rc;
if (!inp || !out)
{
gnutls_assert ();
return CDK_Inv_Value;
}
rc = CDK_Success;
while (!cdk_stream_eof (inp))
{
nread = cdk_stream_read (inp, buf, DIM (buf));
if (!nread || nread == EOF)
break;
nwritten = cdk_stream_write (out, buf, nread);
if (!nwritten || nwritten == EOF)
{ /* In case of errors, we leave the loop. */
rc = inp->error;
break;
}
}
wipemem (buf, sizeof (buf));
return rc;
}
/* This functions builds an index of the keyring into a separate file
with the name keyring.ext.idx. It contains the offset of all public-
and public subkeys. The format of the file is:
--------
4 octets offset of the packet
8 octets keyid
20 octets fingerprint
--------
We store the keyid and the fingerprint due to the fact we can't get
the keyid from a v3 fingerprint directly.
*/
static int
keydb_idx_build( const char * file )
{
cdk_packet_t pkt;
cdk_stream_t inp, out = NULL;
byte buf[8], fpr[20];
char * fname;
u32 keyid[2];
int rc, pos;
if( !file )
return CDK_Inv_Value;
pkt = cdk_calloc( 1, sizeof * pkt );
if( !pkt )
return CDK_Out_Of_Core;
fname = keydb_idx_mkname( file );
if( !fname ) {
rc = CDK_Out_Of_Core;
goto leave;
}
rc = cdk_stream_open( file, &inp );
if( !rc )
rc = cdk_stream_create( fname, &out );
if( rc )
goto leave;
while( !cdk_stream_eof( inp ) ) {
pos = cdk_stream_tell( inp );
rc = cdk_pkt_read( inp, pkt );
if( rc )
break;
if( pkt->pkttype == CDK_PKT_PUBLIC_KEY
|| pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ) {
_cdk_u32tobuf( pos, buf );
cdk_stream_write( out, buf, 4 );
cdk_pk_get_keyid( pkt->pkt.public_key, keyid );
_cdk_u32tobuf( keyid[0], buf );
_cdk_u32tobuf( keyid[1], buf + 4 );
cdk_stream_write( out, buf, 8 );
cdk_pk_get_fingerprint( pkt->pkt.public_key, fpr );
cdk_stream_write( out, fpr, 20 );
}
cdk_pkt_free( pkt );
cdk_pkt_init( pkt );
}
cdk_stream_close( out );
leave:
cdk_stream_close( inp );
cdk_free( fname );
cdk_free( pkt );
return rc;
}
static cdk_error_t
write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
{
byte buf[BUFSIZE];
size_t size;
cdk_error_t rc;
assert (out);
assert (pt);
/* We consider a packet without a body as an invalid packet.
At least one octet must be present. */
if (!pt->len)
return CDK_Inv_Packet;
if (DEBUG_PKT)
_cdk_log_debug ("write_literal:\n");
size = 6 + pt->namelen + pt->len;
rc = pkt_write_head (out, old_ctb, size, CDK_PKT_LITERAL);
if (rc)
return rc;
rc = stream_putc (out, pt->mode);
if (rc)
return rc;
rc = stream_putc (out, pt->namelen);
if (rc)
return rc;
if (pt->namelen > 0)
rc = stream_write (out, pt->name, pt->namelen);
if (!rc)
rc = write_32 (out, pt->timestamp);
if (rc)
return rc;
while (!cdk_stream_eof (pt->buf) && !rc)
{
rc = stream_read (pt->buf, buf, DIM (buf), &size);
if (!rc)
rc = stream_write (out, buf, size);
}
wipemem (buf, sizeof (buf));
return rc;
}
int
_cdk_stream_gets( cdk_stream_t s, char * buf, size_t count )
{
int c, i = 0;
if( !s )
return CDK_Inv_Value;
while( !cdk_stream_eof( s ) && count > 0 ) {
c = cdk_stream_getc( s );
if( c == EOF || c == '\r' || c == '\n' ) {
buf[i++] = '\0';
break;
}
buf[i++] = c;
count--;
}
return i;
}
static cdk_error_t
read_literal (cdk_stream_t inp, size_t pktlen,
cdk_pkt_literal_t * ret_pt, int is_partial)
{
cdk_pkt_literal_t pt = *ret_pt;
size_t nread;
cdk_error_t rc;
if (!inp || !pt)
return CDK_Inv_Value;
if (DEBUG_PKT)
_cdk_log_debug ("read_literal: %d octets\n", pktlen);
pt->mode = cdk_stream_getc (inp);
if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
return CDK_Inv_Packet;
if (cdk_stream_eof (inp))
return CDK_Inv_Packet;
pt->namelen = cdk_stream_getc (inp);
if (pt->namelen > 0)
{
*ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2);
if (!pt)
return CDK_Out_Of_Core;
pt->name = (char*)pt + sizeof(*pt);
rc = stream_read (inp, pt->name, pt->namelen, &nread);
if (rc)
return rc;
if ((int) nread != pt->namelen)
return CDK_Inv_Packet;
pt->name[pt->namelen] = '\0';
}
pt->timestamp = read_32 (inp);
pktlen = pktlen - 6 - pt->namelen;
if (is_partial)
_cdk_stream_set_blockmode (inp, pktlen);
pt->buf = inp;
pt->len = pktlen;
return 0;
}
cdk_error_t
cdk_stream_kick_off( cdk_stream_t inp, cdk_stream_t out )
{
byte buf[8192];
int nread, nwritten;
int rc = 0;
if( !inp || !out )
return CDK_Inv_Value;
while( !cdk_stream_eof( inp ) ) {
nread = cdk_stream_read( inp, buf, sizeof buf-1 );
if( nread == EOF )
break;
nwritten = cdk_stream_write( out, buf, nread );
if( nwritten == EOF )
rc = CDK_File_Error;
}
wipemem( buf, sizeof buf );
return rc;
}
/**
* cdk_pkt_read:
* @inp: the input stream
* @pkt: allocated packet handle to store the packet
*
* Parse the next packet on the @inp stream and return its contents in @pkt.
**/
cdk_error_t
cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
{
int ctb, is_newctb;
int pkttype;
size_t pktlen = 0, pktsize = 0, is_partial = 0;
cdk_error_t rc;
if (!inp || !pkt)
return CDK_Inv_Value;
ctb = cdk_stream_getc (inp);
if (cdk_stream_eof (inp) || ctb == EOF)
return CDK_EOF;
else if (!ctb)
return CDK_Inv_Packet;
pktsize++;
if (!(ctb & 0x80))
{
_cdk_log_info ("cdk_pkt_read: no openpgp data found. "
"(ctb=%02X; fpos=%02X)\n", ctb, cdk_stream_tell (inp));
return CDK_Inv_Packet;
}
if (ctb & 0x40) /* RFC2440 packet format. */
{
pkttype = ctb & 0x3f;
is_newctb = 1;
}
else /* the old RFC1991 packet format. */
{
pkttype = ctb & 0x3f;
pkttype >>= 2;
is_newctb = 0;
}
if (pkttype > 63)
{
_cdk_log_info ("cdk_pkt_read: unknown type %d\n", pkttype);
return CDK_Inv_Packet;
}
if (is_newctb)
read_new_length (inp, &pktlen, &pktsize, &is_partial);
else
read_old_length (inp, ctb, &pktlen, &pktsize);
pkt->pkttype = pkttype;
pkt->pktlen = pktlen;
pkt->pktsize = pktsize + pktlen;
pkt->old_ctb = is_newctb ? 0 : 1;
rc = 0;
switch (pkt->pkttype)
{
case CDK_PKT_ATTRIBUTE:
pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
+ pkt->pktlen + 16 + 1);
if (!pkt->pkt.user_id)
return CDK_Out_Of_Core;
pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
rc = read_attribute (inp, pktlen, pkt->pkt.user_id);
pkt->pkttype = CDK_PKT_ATTRIBUTE;
break;
case CDK_PKT_USER_ID:
pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
+ pkt->pktlen + 1);
if (!pkt->pkt.user_id)
return CDK_Out_Of_Core;
pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
rc = read_user_id (inp, pktlen, pkt->pkt.user_id);
break;
case CDK_PKT_PUBLIC_KEY:
pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
if (!pkt->pkt.public_key)
return CDK_Out_Of_Core;
rc = read_public_key (inp, pktlen, pkt->pkt.public_key);
break;
case CDK_PKT_PUBLIC_SUBKEY:
pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
if (!pkt->pkt.public_key)
return CDK_Out_Of_Core;
rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key);
break;
case CDK_PKT_SECRET_KEY:
pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
if (!pkt->pkt.secret_key)
return CDK_Out_Of_Core;
pkt->pkt.secret_key->pk = cdk_calloc (1,
sizeof *pkt->pkt.secret_key->pk);
if (!pkt->pkt.secret_key->pk)
return CDK_Out_Of_Core;
rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key);
break;
case CDK_PKT_SECRET_SUBKEY:
pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
if (!pkt->pkt.secret_key)
return CDK_Out_Of_Core;
pkt->pkt.secret_key->pk = cdk_calloc (1,
sizeof *pkt->pkt.secret_key->pk);
if (!pkt->pkt.secret_key->pk)
return CDK_Out_Of_Core;
rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key);
break;
case CDK_PKT_LITERAL:
pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
if (!pkt->pkt.literal)
return CDK_Out_Of_Core;
rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial);
break;
case CDK_PKT_ONEPASS_SIG:
pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
if (!pkt->pkt.onepass_sig)
return CDK_Out_Of_Core;
rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig);
break;
case CDK_PKT_SIGNATURE:
pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
if (!pkt->pkt.signature)
return CDK_Out_Of_Core;
rc = read_signature (inp, pktlen, pkt->pkt.signature);
break;
case CDK_PKT_PUBKEY_ENC:
pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
if (!pkt->pkt.pubkey_enc)
return CDK_Out_Of_Core;
rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc);
break;
case CDK_PKT_COMPRESSED:
pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed);
if (!pkt->pkt.compressed)
return CDK_Out_Of_Core;
rc = read_compressed (inp, pktlen, pkt->pkt.compressed);
break;
case CDK_PKT_MDC:
pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
if (!pkt->pkt.mdc)
return CDK_Out_Of_Core;
rc = read_mdc (inp, pkt->pkt.mdc);
break;
default:
/* Skip all packets we don't understand */
skip_packet (inp, pktlen);
break;
}
return rc;
}
static cdk_error_t
file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
{
cdk_stream_t inp = NULL, out = NULL, tmp = NULL;
digest_hd_st md;
char buf[512], chk[512];
const char *s;
int i, is_signed = 0, nbytes;
int digest_algo = 0;
int err;
cdk_error_t rc;
memset(&md, 0, sizeof(md));
if (output)
{
rc = cdk_stream_create (output, &out);
if (rc)
return rc;
}
rc = cdk_stream_open (file, &inp);
if (rc)
{
if (output)
cdk_stream_close (out);
return rc;
}
s = "-----BEGIN PGP SIGNED MESSAGE-----";
while (!cdk_stream_eof (inp))
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
break;
if (!strncmp (buf, s, strlen (s)))
{
is_signed = 1;
break;
}
}
if (cdk_stream_eof (inp) && !is_signed)
{
rc = CDK_Armor_Error;
goto leave;
}
while (!cdk_stream_eof (inp))
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
break;
if (nbytes == 1) /* Empty line */
break;
else if (!strncmp (buf, "Hash: ", 6))
{
for (i = 0; digest_table[i].name; i++)
{
if (!strcmp (buf + 6, digest_table[i].name))
{
digest_algo = digest_table[i].algo;
break;
}
}
}
}
if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0)
{
rc = CDK_Inv_Algo;
goto leave;
}
if (!digest_algo)
digest_algo = GNUTLS_DIG_MD5;
err = _gnutls_hash_init (&md, digest_algo);
if (err < 0)
{
rc = map_gnutls_error (err);
goto leave;
}
s = "-----BEGIN PGP SIGNATURE-----";
while (!cdk_stream_eof (inp))
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
break;
if (!strncmp (buf, s, strlen (s)))
break;
else
{
cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1);
i = strncmp (chk, s, strlen (s));
if (strlen (buf) == 0 && i == 0)
continue; /* skip last '\n' */
_cdk_trim_string (buf, i == 0 ? 0 : 1);
_gnutls_hash (&md, buf, strlen (buf));
}
if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */
memmove (buf, buf + 2, nbytes - 2);
if (out)
{
if (strstr (buf, "\r\n"))
buf[strlen (buf) - 2] = '\0';
cdk_stream_write (out, buf, strlen (buf));
_cdk_stream_puts (out, _cdk_armor_get_lineend ());
}
}
/* We create a temporary stream object to store the
signature data in there. */
rc = cdk_stream_tmp_new (&tmp);
if (rc)
goto leave;
s = "-----BEGIN PGP SIGNATURE-----\n";
_cdk_stream_puts (tmp, s);
while (!cdk_stream_eof (inp))
{
nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
if (!nbytes || nbytes == -1)
break;
if (nbytes < (int) (DIM (buf) - 3))
{
buf[nbytes - 1] = '\n';
buf[nbytes] = '\0';
}
cdk_stream_write (tmp, buf, nbytes);
}
/* FIXME: This code is not very elegant. */
cdk_stream_tmp_set_mode (tmp, STREAMCTL_READ);
cdk_stream_seek (tmp, 0);
cdk_stream_set_armor_flag (tmp, 0);
cdk_stream_read (tmp, NULL, 0);
/* the digest handle will be closed there. */
rc = _cdk_proc_packets (hd, tmp, NULL, NULL, NULL, &md);
leave:
_gnutls_hash_deinit (&md, NULL);
cdk_stream_close (out);
cdk_stream_close (tmp);
cdk_stream_close (inp);
return rc;
}
