2 * Copyright (c) 2008, Dave Korn.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * A copy of the GNU General Public License can be found at
12 * This module contains support utilities to assist in reading and
13 * parsing RFC4880-compliant OpenPGP format signature and key files,
14 * and related constant definitions.
17 * Written by Dave Korn <dave.korn.cygwin@gmail.com>
25 #include "io_stream.h"
27 #include "gpg-packet.h"
29 #include "LogSingleton.h"
32 #define CRYPTODEBUGGING (0)
35 #define ERRKIND __asm__ __volatile__ (".byte 0xcc"); note
36 #define MESSAGE LogBabblePrintf
37 #else /* !CRYPTODEBUGGING */
39 #define MESSAGE while (0) LogBabblePrintf
40 #endif /* CRYPTODEBUGGING */
43 #define ARRAYSIZE(_ar) (sizeof (_ar) / sizeof (_ar[0]))
46 static const struct { char from
; char to
; } RFC4880HashCodesToGPGHashCodes
[] =
48 { RFC4880_HC_MD5
, GCRY_MD_MD5
},
49 { RFC4880_HC_SHA1
, GCRY_MD_SHA1
},
50 { RFC4880_HC_RIPEMD160
, GCRY_MD_RMD160
},
51 { RFC4880_HC_SHA256
, GCRY_MD_SHA256
},
52 { RFC4880_HC_SHA384
, GCRY_MD_SHA384
},
53 { RFC4880_HC_SHA512
, GCRY_MD_SHA512
},
54 { RFC4880_HC_SHA224
, GCRY_MD_SHA224
}
58 pkt_convert_hashcode (char rfc_hash
)
60 for (unsigned int i
= 0; i
< ARRAYSIZE(RFC4880HashCodesToGPGHashCodes
); i
++)
61 if (RFC4880HashCodesToGPGHashCodes
[i
].from
== rfc_hash
)
62 return RFC4880HashCodesToGPGHashCodes
[i
].to
;
67 4.2.2. New Format Packet Lengths
69 New format packets have four possible ways of encoding length:
71 1. A one-octet Body Length header encodes packet lengths of up to 191
74 2. A two-octet Body Length header encodes packet lengths of 192 to
77 3. A five-octet Body Length header encodes packet lengths of up to
78 4,294,967,295 (0xFFFFFFFF) octets in length. (This actually
79 encodes a four-octet scalar number.)
81 4. When the length of the packet body is not known in advance by the
82 issuer, Partial Body Length headers encode a packet of
83 indeterminate length, effectively making it a stream.
85 4.2.2.1. One-Octet Lengths
87 A one-octet Body Length header encodes a length of 0 to 191 octets.
88 This type of length header is recognized because the one octet value
89 is less than 192. The body length is equal to:
93 4.2.2.2. Two-Octet Lengths
95 A two-octet Body Length header encodes a length of 192 to 8383
96 octets. It is recognized because its first octet is in the range 192
97 to 223. The body length is equal to:
99 bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
101 4.2.2.3. Five-Octet Lengths
103 A five-octet Body Length header consists of a single octet holding
104 the value 255, followed by a four-octet scalar. The body length is
107 bodyLen = (2nd_octet << 24) | (3rd_octet << 16) |
108 (4th_octet << 8) | 5th_octet
110 This basic set of one, two, and five-octet lengths is also used
111 internally to some packets.
115 pkt_getlen (io_stream
*file
)
119 ch1
= pkt_getch (file
);
120 // Obviously these two conditions fold into one, but since
121 // one is an error test and the other a range check it's
122 // nice to write them separately and let the compiler take
130 return pkt_getdword (file
);
132 ch2
= pkt_getch (file
);
136 return ((ch1
- 192) << 8) + (ch2
) + 192;
141 3.2. Multiprecision Integers
143 Multiprecision integers (also called MPIs) are unsigned integers used
144 to hold large integers such as the ones used in cryptographic
147 An MPI consists of two pieces: a two-octet scalar that is the length
148 of the MPI in bits followed by a string of octets that contain the
151 These octets form a big-endian number; a big-endian number can be
152 made into an MPI by prefixing it with the appropriate length.
156 (all numbers are in hexadecimal)
158 The string of octets [00 01 01] forms an MPI with the value 1. The
159 string [00 09 01 FF] forms an MPI with the value of 511.
163 The size of an MPI is ((MPI.length + 7) / 8) + 2 octets.
165 The length field of an MPI describes the length starting from its
166 most significant non-zero bit. Thus, the MPI [00 02 01] is not
167 formed correctly. It should be [00 01 01].
169 Unused bits of an MPI MUST be zero.
171 Also note that when an MPI is encrypted, the length refers to the
172 plaintext MPI. It may be ill-formed in its ciphertext.
176 pkt_get_mpi (gcry_mpi_t
*mpiptr
, io_stream
*file
)
178 /* "An MPI consists of two pieces: a two-octet scalar that is the
179 length of the MPI in bits followed by a string of octets that contain
180 the actual integer." */
182 long nbits
= pkt_getword (file
);
187 size_t nbytes
= ((nbits
+ 7) >> 3);
189 unsigned char *tmpbuf
= new unsigned char [nbytes
];
191 if (file
->read (tmpbuf
, nbytes
) != (ssize_t
)nbytes
)
194 gcry_error_t rv
= gcry_mpi_scan (mpiptr
, GCRYMPI_FMT_USG
, tmpbuf
, nbytes
, 0UL);
198 if (rv
!= GPG_ERR_NO_ERROR
)
204 /* Walk the packets in an io_stream. */
206 walk_packets_1 (struct packet_walker
*wlk
)
208 long size_left
= wlk
->size_to_walk
;
209 size_t ostartpos
= wlk
->startpos
;
210 MESSAGE ("walk $%08x bytes at startpos $%08x\n", wlk
->size_to_walk
, wlk
->startpos
);
218 wlk
->pfile
->seek (wlk
->startpos
, IO_SEEK_SET
);
220 if (wlk
->is_subpackets
)
221 packet_len
= pkt_getlen (wlk
->pfile
) - 1;
225 int tag
= pkt_getch (wlk
->pfile
);
226 MESSAGE ("tag $%02x size $%08x\n", tag
, size_left
);
228 if (!wlk
->is_subpackets
&& ((tag
< 0) || !(tag
& 0x80)))
230 ERRKIND (wlk
->owner
, IDS_CRYPTO_ERROR
, tag
, "illegal tag.");
234 if (wlk
->is_subpackets
)
238 packet_type
= tag
& 0x3f;
239 packet_len
= pkt_getlen (wlk
->pfile
);
243 packet_type
= (tag
>> 2) & 0x0f;
247 packet_len
= pkt_getch (wlk
->pfile
);
250 packet_len
= pkt_getword (wlk
->pfile
);
253 packet_len
= pkt_getdword (wlk
->pfile
);
256 ERRKIND (wlk
->owner
, IDS_CRYPTO_ERROR
, tag
, "illegal old tag.");
261 MESSAGE ("type $%02x len $%08x pos $%08x\n", packet_type
, packet_len
,
262 wlk
->pfile
->tell ());
265 ERRKIND (wlk
->owner
, IDS_CRYPTO_ERROR
, packet_len
, "invalid packet");
268 else if (packet_len
> (size_left
- (wlk
->pfile
->tell () - (long)wlk
->startpos
)))
270 ERRKIND (wlk
->owner
, IDS_CRYPTO_ERROR
, packet_len
, "malformed packet");
274 newstartpos
= wlk
->pfile
->tell () + packet_len
;
275 rv
= wlk
->func
? wlk
->func (wlk
, packet_type
, packet_len
, wlk
->startpos
)
280 wlk
->startpos
= newstartpos
;
281 wlk
->pfile
->seek (wlk
->startpos
, IO_SEEK_SET
);
282 size_left
= wlk
->size_to_walk
- (wlk
->startpos
- ostartpos
);
283 MESSAGE ("remaining $%08x nextpos $%08x\n", size_left
, wlk
->startpos
);
288 pkt_walk_packets (io_stream
*packet_file
, packet_walk_cb func
, HWND owner
,
289 size_t startpos
, size_t size_to_walk
, void *userdata
)
291 struct packet_walker wlk
;
292 wlk
.pfile
= packet_file
;
295 wlk
.userdata
= userdata
;
296 wlk
.startpos
= startpos
;
297 wlk
.size_to_walk
= size_to_walk
;
298 wlk
.is_subpackets
= false;
299 walk_packets_1 (&wlk
);
304 pkt_walk_subpackets (io_stream
*packet_file
, packet_walk_cb func
, HWND owner
,
305 size_t startpos
, size_t size_to_walk
, void *userdata
)
307 struct packet_walker wlk
;
308 wlk
.pfile
= packet_file
;
311 wlk
.userdata
= userdata
;
312 wlk
.startpos
= startpos
;
313 wlk
.size_to_walk
= size_to_walk
;
314 wlk
.is_subpackets
= true;
315 walk_packets_1 (&wlk
);