int WriteKey(Key *key, char *filename) { FILE *fp = fopen(filename, "r"); fseek(fp, 0, SEEK_END); int fileLen = ftell(fp); rewind(fp); key->size = mtdData_new(key->offesetSize, SizeLength); intToByte(fileLen, key->size.data); key->content = mtdData_new(key->offesetContent, fileLen); fread(key->content.data, 1, fileLen, fp); if (WriteMtd(key->size) < 0 || WriteMtd(key->content) < 0) return -1; fclose(fp); return 0; }
static int readKey( INOUT STREAM *stream, INOUT PGP_INFO *pgpInfo, IN_INT_SHORT_Z const int keyGroupNo, INOUT ERROR_INFO *errorInfo ) { PGP_KEYINFO *keyInfo = &pgpInfo->key; HASHFUNCTION hashFunction; HASHINFO hashInfo; BYTE hash[ CRYPT_MAX_HASHSIZE + 8 ], packetHeader[ 64 + 8 ]; BOOLEAN isPublicKey = TRUE, isPrimaryKey = FALSE; void *pubKeyPayload; long packetLength; int pubKeyPos, pubKeyPayloadPos, endPos, pubKeyPayloadLen; int ctb, length, value, hashSize, iterationCount, status; assert( isWritePtr( stream, sizeof( STREAM ) ) ); assert( isWritePtr( pgpInfo, sizeof( PGP_INFO ) ) ); REQUIRES( keyGroupNo >= 0 && keyGroupNo < MAX_INTLENGTH_SHORT ); REQUIRES( errorInfo != NULL ); /* Process the CTB and packet length */ ctb = sPeek( stream ); if( cryptStatusError( ctb ) ) { /* If there was an error reading the CTB, which is the first byte of the packet group, it means that we've run out of data so we return the status as a not-found error rather than the actual stream status */ return( CRYPT_ERROR_NOTFOUND ); } switch( pgpGetPacketType( ctb ) ) { case PGP_PACKET_SECKEY_SUB: keyInfo = &pgpInfo->subKey; isPublicKey = FALSE; break; case PGP_PACKET_SECKEY: isPublicKey = FALSE; break; case PGP_PACKET_PUBKEY_SUB: keyInfo = &pgpInfo->subKey; break; case PGP_PACKET_PUBKEY: isPrimaryKey = TRUE; break; default: retExt( CRYPT_ERROR_BADDATA, ( CRYPT_ERROR_BADDATA, errorInfo, "Invalid PGP CTB %02X for key packet group %d", ctb, keyGroupNo ) ); } status = pgpReadPacketHeader( stream, NULL, &packetLength, 64 ); if( cryptStatusError( status ) ) { retExt( status, ( status, errorInfo, "Invalid PGP key packet header for key packet group %d", keyGroupNo ) ); } if( packetLength < 64 || packetLength > sMemDataLeft( stream ) ) { retExt( CRYPT_ERROR_BADDATA, ( CRYPT_ERROR_BADDATA, errorInfo, "Invalid PGP key packet length %ld for key packet group %d", packetLength, keyGroupNo ) ); } /* Since there can (in theory) be arbitrary numbers of subkeys and other odds and ends attached to a key and the details of what to do with these things gets a bit vague, we just skip any further subkeys that may be present */ if( keyInfo->pkcAlgo != CRYPT_ALGO_NONE ) { status = sSkip( stream, packetLength ); for( iterationCount = 0; cryptStatusOK( status ) && \ iterationCount < FAILSAFE_ITERATIONS_MED; iterationCount++ ) { status = readUserID( stream, pgpInfo, isPrimaryKey ? &hashInfo : NULL ); } ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED ); if( cryptStatusError( status ) && status != OK_SPECIAL ) { retExt( status, ( status, errorInfo, "Invalid additional PGP subkey information for key " "packet group %d", keyGroupNo ) ); } /* We've skipped the current subkey, we're done */ return( CRYPT_OK ); } /* Determine which bits make up the public and the private key data. The public-key data starts at the version number and includes the date, validity, and public-key components. Since there's no length information included for this data block we have to record bookmarks and then later retroactively calculate the length based on how much data we've read in the meantime: pubKey pubKeyPayload privKey endPos | | | | v v v v +---+---------------------------+-------------------+ |hdr| | Public key | Private key | +---+---------------------------+-------------------+ | |<pubKeyPayloadLen->| | |<----- pubKeyDataLen ----->|<-- privKeyDLen -->| |<--------------- packetLength ---------------->| */ pubKeyPos = stell( stream ); endPos = pubKeyPos + packetLength; ENSURES( endPos > pubKeyPos && endPos < MAX_BUFFER_SIZE ); status = value = sgetc( stream ); if( cryptStatusError( status ) ) return( status ); if( value != PGP_VERSION_2 && value != PGP_VERSION_3 && \ value != PGP_VERSION_OPENPGP ) { /* Unknown version number, skip this packet */ return( OK_SPECIAL ); } pgpInfo->isOpenPGP = ( value == PGP_VERSION_OPENPGP ) ? TRUE : FALSE; /* Build the packet header, which is hashed along with the key components to get the OpenPGP keyID. This is generated anyway when the context is created but we need to generate it here as well in order to locate the key in the first place: byte ctb = 0x99 byte[2] length byte version = 4 byte[4] key generation time [ byte[2] validity time - PGP 2.x only ] byte[] key data We can't add the length or key data yet since we have to parse the key data to know how long it is, so we can only build the static part of the header at this point */ packetHeader[ 0 ] = 0x99; packetHeader[ 3 ] = PGP_VERSION_OPENPGP; /* Read the timestamp and validity period (for PGP 2.x keys) */ status = sread( stream, packetHeader + 4, 4 ); if( !cryptStatusError( status ) && !pgpInfo->isOpenPGP ) status = sSkip( stream, 2 ); if( cryptStatusError( status ) ) return( status ); /* Read the public key components */ pubKeyPayloadPos = stell( stream ); status = readPublicKeyComponents( stream, keyInfo, &length ); if( cryptStatusError( status ) ) { /* If the error status is OK_SPECIAL then the problem was an unrecognised algorithm or something similar so we just skip the packet */ if( status == OK_SPECIAL ) { DEBUG_DIAG(( "Encountered unrecognised algorithm while " "reading key" )); assert( DEBUG_WARN ); return( OK_SPECIAL ); } retExt( status, ( status, errorInfo, "Invalid PGP public-key components for key packet group %d", keyGroupNo ) ); } /* Now that we know where the public key data starts and finishes, we can set up references to it */ keyInfo->pubKeyDataLen = stell( stream ) - pubKeyPos; status = sMemGetDataBlockAbs( stream, pubKeyPos, &keyInfo->pubKeyData, keyInfo->pubKeyDataLen ); if( cryptStatusError( status ) ) { DEBUG_DIAG(( "Couldn't set up reference to key data" )); assert( DEBUG_WARN ); return( status ); } pubKeyPayloadLen = stell( stream ) - pubKeyPayloadPos; status = sMemGetDataBlockAbs( stream, pubKeyPayloadPos, &pubKeyPayload, pubKeyPayloadLen ); if( cryptStatusError( status ) ) { DEBUG_DIAG(( "Couldn't set up reference to key data" )); assert( DEBUG_WARN ); return( status ); } /* Complete the packet header that we read earlier on by adding the length information */ packetHeader[ 1 ] = intToByte( ( ( 1 + 4 + length ) >> 8 ) & 0xFF ); packetHeader[ 2 ] = intToByte( ( 1 + 4 + length ) & 0xFF ); /* Hash the data needed to generate the OpenPGP keyID */ getHashParameters( CRYPT_ALGO_SHA1, 0, &hashFunction, &hashSize ); hashFunction( hashInfo, NULL, 0, packetHeader, 1 + 2 + 1 + 4, HASH_STATE_START ); hashFunction( hashInfo, hash, CRYPT_MAX_HASHSIZE, pubKeyPayload, pubKeyPayloadLen, HASH_STATE_END ); memcpy( keyInfo->openPGPkeyID, hash + hashSize - PGP_KEYID_SIZE, PGP_KEYID_SIZE ); /* If it's a private keyring, process the private key components */ if( !isPublicKey ) { /* Handle decryption information for private-key components if necessary */ status = readPrivateKeyDecryptionInfo( stream, keyInfo ); if( cryptStatusError( status ) ) { /* If the error status is OK_SPECIAL then the problem was an unrecognised algorithm or something similar so we just skip the packet */ if( status == OK_SPECIAL ) { DEBUG_DIAG(( "Encountered unrecognised algorithm while " "reading key" )); assert( DEBUG_WARN ); return( OK_SPECIAL ); } retExt( status, ( status, errorInfo, "Invalid PGP private-key decryption information for " "key packet group %d", keyGroupNo ) ); } /* What's left is the private-key data */ keyInfo->privKeyDataLen = endPos - stell( stream ); status = sMemGetDataBlock( stream, &keyInfo->privKeyData, keyInfo->privKeyDataLen ); if( cryptStatusOK( status ) ) status = sSkip( stream, keyInfo->privKeyDataLen ); if( cryptStatusError( status ) ) return( status ); } /* If it's the primary key, start hashing it in preparation for performing signature checks on subpackets */ if( isPrimaryKey ) { packetHeader[ 0 ] = 0x99; packetHeader[ 1 ] = intToByte( ( keyInfo->pubKeyDataLen >> 8 ) & 0xFF ); packetHeader[ 2 ] = intToByte( keyInfo->pubKeyDataLen & 0xFF ); hashFunction( hashInfo, NULL, 0, packetHeader, 1 + 2, HASH_STATE_START ); hashFunction( hashInfo, NULL, 0, keyInfo->pubKeyData, keyInfo->pubKeyDataLen, HASH_STATE_CONTINUE ); } /* Read any associated subpacket(s), of which the only ones of real interest are the userID packet(s) */ for( iterationCount = 0; cryptStatusOK( status ) && \ iterationCount < FAILSAFE_ITERATIONS_MED; iterationCount++ ) { status = readUserID( stream, pgpInfo, isPrimaryKey ? &hashInfo : NULL ); } ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED ); if( cryptStatusError( status ) && status != OK_SPECIAL ) { retExt( status, ( status, errorInfo, "Invalid PGP userID information for key packet group %d", keyGroupNo ) ); } /* If there's no user ID present, set a generic label */ if( pgpInfo->lastUserID <= 0 ) { pgpInfo->userID[ 0 ] = "PGP key (no user ID found)"; pgpInfo->userIDlen[ 0 ] = 26; pgpInfo->lastUserID = 1; } return( CRYPT_OK ); }