Browse Source

Encrypted private keys

First steps at reintroducing encrypted secret keys.
It's working now but error handling for detecting when a wrong
password has been supplied has to be introduced.
master
David Lanzendörfer 12 months ago
parent
commit
085f434afc
16 changed files with 579 additions and 315 deletions
  1. +5
    -3
      include/netpgp/crypto.h
  2. +9
    -5
      include/netpgp/keyring.h
  3. +1
    -3
      include/netpgp/netpgpsdk.h
  4. +23
    -21
      include/netpgp/packet.h
  5. +20
    -6
      include/netpgp/validate.h
  6. +49
    -7
      src/create.c
  7. +11
    -12
      src/crypto.c
  8. +117
    -44
      src/keyring.c
  9. +37
    -7
      src/main.c
  10. +1
    -1
      src/netpgp.c
  11. +37
    -48
      src/openssl_crypto.c
  12. +77
    -77
      src/packet-parse.c
  13. +4
    -3
      src/packet-show.c
  14. +53
    -39
      src/reader.c
  15. +32
    -10
      src/signature.c
  16. +103
    -29
      src/validate.c

+ 5
- 3
include/netpgp/crypto.h View File

@ -222,7 +222,8 @@ pgp_decrypt_file(pgp_io_t *io,
const unsigned use_armour,
const unsigned allow_overwrite,
int numtries,
pgp_cbfunc_t *getpassfunc);
char *passphrase
);
pgp_memory_t *
pgp_encrypt_buf(pgp_io_t *, const void *, const size_t,
@ -238,7 +239,8 @@ pgp_decrypt_buf(pgp_io_t *io,
pgp_keyring_t *pubring,
const unsigned use_armour,
int numtries,
pgp_cbfunc_t *getpassfunc);
char *passphrase
);
pgp_memory_t *
pgp_decrypt_and_validate_buf(pgp_io_t *io,
@ -298,7 +300,6 @@ struct pgp_cryptinfo_t {
char *passphrase;
pgp_keyring_t *secring;
pgp_key_t *keydata;
pgp_cbfunc_t *getpassphrase;
pgp_keyring_t *pubring;
DYNARRAY(key_id_t, recipients_key_ids);
};
@ -315,6 +316,7 @@ struct pgp_cbdata_t {
pgp_printstate_t printstate; /* used to keep printing state */
int numtries; /* # of passphrase attempts */
int gotpass; /* when passphrase entered */
char *passphrase;
};
/** pgp_hashtype_t */


+ 9
- 5
include/netpgp/keyring.h View File

@ -53,9 +53,9 @@
#ifndef KEYRING_H_
#define KEYRING_H_
#include "packet.h"
#include "packet-parse.h"
#include "memory.h"
#include <netpgp/packet.h>
#include <netpgp/packet-parse.h>
#include <netpgp/memory.h>
enum {
MAX_ID_LENGTH = 128,
@ -113,15 +113,19 @@ pgp_seckey_t *pgp_get_seckey(pgp_key_t *);
pgp_seckey_t *pgp_get_writable_seckey(pgp_key_t *);
// pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, void *);
typedef struct netpgp_t netpgp_t;
unsigned
pgp_keyring_fileread(pgp_io_t *io,
pgp_keyring_fileread(
netpgp_t *netpgp,
pgp_keyring_t *pubring,
pgp_keyring_t *secring,
const unsigned armour,
const char *filename);
unsigned
pgp_keyring_read_from_mem(pgp_io_t *io,
pgp_keyring_read_from_mem(
netpgp_t *netpgp,
pgp_keyring_t *pubring,
pgp_keyring_t *secring,
const unsigned armour,


+ 1
- 3
include/netpgp/netpgpsdk.h View File

@ -41,9 +41,7 @@
void pgp_validate_result_free(pgp_validation_t *);
unsigned
pgp_validate_all_sigs(pgp_validation_t *,
const pgp_keyring_t *,
pgp_cb_ret_t cb(const pgp_packet_t *, pgp_cbdata_t *));
pgp_validate_all_sigs(pgp_validation_t *, const pgp_keyring_t *, pgp_cb_ret_t cb(const pgp_packet_t *, pgp_cbdata_t *));
unsigned pgp_check_sig(const uint8_t *,
unsigned, const pgp_sig_t *, const pgp_pubkey_t *);


+ 23
- 21
include/netpgp/packet.h View File

@ -245,35 +245,30 @@ typedef enum {
PGP_PTAG_SS_TRUST = 0x200 + 5, /* trust signature */
PGP_PTAG_SS_REGEXP = 0x200 + 6, /* regular expression */
PGP_PTAG_SS_REVOCABLE = 0x200 + 7, /* revocable */
PGP_PTAG_SS_KEY_EXPIRY = 0x200 + 9, /* key expiration
* time */
PGP_PTAG_SS_RESERVED = 0x200 + 10, /* reserved */
PGP_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* preferred symmetric
* algs */
PGP_PTAG_SS_KEY_EXPIRY = 0x200 + 9, /* key expiration time */
PGP_PTAG_SS_ARR = 0x200 + 10, /* Additional recipient request */
PGP_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* preferred symmetric algs */
PGP_PTAG_SS_REVOCATION_KEY = 0x200 + 12, /* revocation key */
PGP_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16, /* issuer key ID */
PGP_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* notation data */
PGP_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* preferred hash
* algs */
PGP_PTAG_SS_PREF_COMPRESS = 0x200 + 22, /* preferred
* compression
* algorithms */
PGP_PTAG_SS_KEYSERV_PREFS = 0x200 + 23, /* key server
* preferences */
PGP_PTAG_SS_PREF_KEYSERV = 0x200 + 24, /* Preferred Key
* Server */
PGP_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* preferred hash algs */
PGP_PTAG_SS_PREF_COMPRESS = 0x200 + 22, /* preferred compression algorithms */
PGP_PTAG_SS_KEYSERV_PREFS = 0x200 + 23, /* key server preferences */
PGP_PTAG_SS_PREF_KEYSERV = 0x200 + 24, /* Preferred Key Server */
PGP_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* primary User ID */
PGP_PTAG_SS_POLICY_URI = 0x200 + 26, /* Policy URI */
PGP_PTAG_SS_KEY_FLAGS = 0x200 + 27, /* key flags */
PGP_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28, /* Signer's User ID */
PGP_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* reason for
* revocation */
PGP_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* reason for revocation */
PGP_PTAG_SS_FEATURES = 0x200 + 30, /* features */
PGP_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31, /* signature target */
PGP_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32, /* embedded signature */
PGP_PTAG_SS_ISSUER_FPR = 0x200 + 33, /* issuer finger print */
PGP_PTAG_SS_PREF_AEAD = 0x200 + 34, /* Preferred AEAD algorithms. */
PGP_PTAG_SS_ATTST_SIGS = 0x200 + 37, /* Attested Certifications. */
PGP_PTAG_SS_KEY_BLOCK = 0x200 + 38, /* Entire key used. */
PGP_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* internal or
* user-defined */
PGP_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* internal or user-defined */
PGP_PTAG_SS_USERDEFINED01 = 0x200 + 101,
PGP_PTAG_SS_USERDEFINED02 = 0x200 + 102,
PGP_PTAG_SS_USERDEFINED03 = 0x200 + 103,
@ -324,6 +319,11 @@ enum {
PGP_REVOCATION_NO_LONGER_VALID = 0x20
};
enum {
PGP_PASSWORD_REQUIRED = -2,
PGP_WRONG_PASSWORD = -3,
};
/** Structure to hold one error code */
typedef struct {
pgp_errcode_t errcode;
@ -726,8 +726,8 @@ typedef struct pgp_sig_info_t {
time_t duration; /* number of seconds it's valid for */
time_t key_expiry; /* number of seconds key is valid for */
uint8_t key_flags;
uint8_t signer_id[PGP_KEY_ID_SIZE]; /* Eight-octet key ID
* of signer */
uint8_t signer_id[PGP_KEY_ID_SIZE]; /* Eight-octet key ID of signer */
uint8_t signer_fpr[PGP_FINGERPRINT_SIZE]; /* Eight-octet key ID of signer */
pgp_pubkey_alg_t key_alg; /* public key algorithm number */
pgp_hash_alg_t hash_alg; /* hashing algorithm number */
union {
@ -740,6 +740,7 @@ typedef struct pgp_sig_info_t {
uint8_t *v4_hashed;
unsigned birthtime_set:1;
unsigned signer_id_set:1;
unsigned signer_fpr_set:1;
unsigned duration_set:1;
unsigned key_expiry_set:1;
unsigned key_flags_set:1;
@ -958,6 +959,7 @@ typedef union {
unsigned ss_revocable;
time_t ss_time;
uint8_t ss_issuer[PGP_KEY_ID_SIZE];
uint8_t ss_issuer_fpr[PGP_FINGERPRINT_SIZE];
pgp_ss_notation_t ss_notation;
pgp_subpacket_t packet;
pgp_compression_type_t compressed;
@ -974,6 +976,7 @@ typedef union {
pgp_ss_revocation_key_t ss_revocation_key;
pgp_data_t ss_userdef;
pgp_data_t ss_unknown;
pgp_data_t ss_arr;
pgp_litdata_header_t litdata_header;
pgp_litdata_body_t litdata_body;
pgp_dyn_body_t mdc;
@ -990,7 +993,6 @@ typedef union {
struct pgp_hash_t *cleartext_trailer;
pgp_dyn_body_t unarmoured_text;
pgp_pk_sesskey_t pk_sesskey;
pgp_seckey_passphrase_t skey_passphrase;
unsigned se_ip_data_header;
pgp_dyn_body_t se_ip_data_body;
pgp_fixed_body_t se_data_body;


+ 20
- 6
include/netpgp/validate.h View File

@ -49,6 +49,14 @@
#ifndef VALIDATE_H_
#define VALIDATE_H_ 1
#include <netpgp.h>
typedef struct {
const pgp_key_t *key;
unsigned packet;
unsigned offset;
} validate_reader_t;
/** Struct used with the validate_key_cb callback */
typedef struct validate_key_cb_t{
pgp_content_enum type; /* type of key */
@ -68,8 +76,7 @@ typedef struct validate_key_cb_t{
uint8_t hash[PGP_MAX_HASH_SIZE];
const pgp_keyring_t *keyring;
pgp_validation_t *result;
pgp_cb_ret_t(*getpassphrase) (const pgp_packet_t *,
pgp_cbdata_t *);
char *passphrase;
unsigned not_commited; /* tells on_valid it is first commit of that key */
pgp_sig_info_t valid_sig_info; /* store last valid sig info */
@ -81,6 +88,8 @@ typedef struct validate_key_cb_t{
} validate_key_cb_t;
void pgp_keydata_reader_set(pgp_stream_t *, const pgp_key_t *);
/** Struct use with the validate_data_cb callback */
typedef struct {
enum {
@ -131,18 +140,23 @@ pgp_cb_ret_t validate_data_cb(const pgp_packet_t *, pgp_cbdata_t *);
void pgp_free_sig_info(pgp_sig_info_t *);
unsigned
pgp_filter_keys_fileread(pgp_io_t *io,
pgp_filter_keys_fileread(
netpgp_t *netpgp,
pgp_keyring_t *destpubring,
pgp_keyring_t *destsecring,
pgp_keyring_t *certring,
const unsigned armour,
const char *filename);
const char *filename
);
unsigned
pgp_filter_keys_from_mem(pgp_io_t *io,
pgp_filter_keys_from_mem(
netpgp_t *netpgp,
pgp_keyring_t *destpubring,
pgp_keyring_t *destsecring,
pgp_keyring_t *certring,
const unsigned armour,
pgp_memory_t *mem);
pgp_memory_t *mem
);
#endif /* !VALIDATE_H_ */

+ 49
- 7
src/create.c View File

@ -698,14 +698,56 @@ pgp_write_xfer_key(pgp_output_t *output,
\param output Output stream
*/
/* TODO have encrypted key export again
unsigned
void
pgp_write_xfer_seckey(pgp_output_t *output,
const pgp_key_t *key,
const uint8_t *passphrase,
const size_t pplen,
unsigned armoured)
*/
const pgp_key_t *key,
const unsigned armoured)
{
unsigned /*i,*/ j;
if (armoured) {
pgp_writer_push_armoured(output, PGP_PGP_PUBLIC_KEY_BLOCK);
}
/* public key */
if (!pgp_write_struct_pubkey(output, &key->key.pubkey)) {
return 0;
}
/* TODO: revocation signatures go here */
/* TODO : fix this */
// /* user ids and corresponding signatures */
// for (i = 0; i < key->uidc; i++) {
// if (!pgp_write_struct_userid(output, key->uids[i])) {
// return 0;
// }
// for (j = 0; j < key->packetc; j++) {
// if (!pgp_write(output, key->packets[j].raw, (unsigned)key->packets[j].length)) {
// return 0;
// }
// }
// }
/* until fixed, output all raw subpackets, except 1st, the key itself */
/*for (j = 1; j < key->packetc; j++) {
if (!pgp_write(output, key->packets[j].raw,
(unsigned)key->packets[j].length)) {
return;
}
}*/
/* TODO: user attributes and corresponding signatures */
/*
* subkey packets and corresponding signatures and optional
* revocation
*/
if (armoured) {
pgp_writer_info_finalise(&output->errors, &output->writer);
pgp_writer_pop(output);
}
}
/**
* \ingroup Core_Create


+ 11
- 12
src/crypto.c View File

@ -122,7 +122,7 @@ pgp_decrypt_decode_mpi(uint8_t *buf,
#if defined(HAVE_OPENSSL)
BN_bn2bin(encmpi, encmpibuf);
#elif defined(HAVE_GSKSSL)
memcpy(encmpibuf,encmpi->data,encmpi->length);
memcpy(encmpibuf,encmpi->data,encmpi->length);
#endif
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted", encmpibuf, 16);
@ -170,8 +170,8 @@ pgp_decrypt_decode_mpi(uint8_t *buf,
(void) BN_bn2bin(g_to_k, gkbuf);
(void) BN_bn2bin(encmpi, encmpibuf);
#elif defined(HAVE_GSKSSL)
memcpy(gkbuf,g_to_k->data,g_to_k->length);
memcpy(encmpibuf,encmpi->data,encmpi->length);
memcpy(gkbuf,g_to_k->data,g_to_k->length);
memcpy(encmpibuf,encmpi->data,encmpi->length);
#endif
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted", encmpibuf, 16);
@ -356,8 +356,8 @@ write_parsed_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
return pgp_get_seckey_cb(pkt, cbinfo);
case PGP_GET_PASSPHRASE:
if (cbinfo->cryptinfo.getpassphrase) {
return cbinfo->cryptinfo.getpassphrase(pkt, cbinfo);
if(cbinfo->cryptinfo.passphrase) {
cbinfo->passphrase=strdup(cbinfo->cryptinfo.passphrase);
}
break;
@ -518,7 +518,7 @@ pgp_decrypt_file(pgp_io_t *io,
const unsigned use_armour,
const unsigned allow_overwrite,
int numtries,
pgp_cbfunc_t *getpassfunc)
char *passphrase)
{
pgp_stream_t *parse = NULL;
const int printerrors = 1;
@ -577,7 +577,7 @@ pgp_decrypt_file(pgp_io_t *io,
/* setup keyring and passphrase callback */
parse->cbinfo.cryptinfo.secring = secring;
parse->cbinfo.cryptinfo.getpassphrase = getpassfunc;
parse->cbinfo.cryptinfo.passphrase = strdup(passphrase);
parse->cbinfo.cryptinfo.pubring = pubring;
parse->cbinfo.numtries = numtries;
@ -618,7 +618,7 @@ pgp_decrypt_buf(pgp_io_t *io,
pgp_keyring_t *pubring,
const unsigned use_armour,
int numtries,
pgp_cbfunc_t *getpassfunc)
char *passphrase)
{
pgp_stream_t *parse = NULL;
pgp_memory_t *outmem;
@ -646,7 +646,7 @@ pgp_decrypt_buf(pgp_io_t *io,
/* setup keyring and passphrase callback */
parse->cbinfo.cryptinfo.secring = secring;
parse->cbinfo.cryptinfo.pubring = pubring;
parse->cbinfo.cryptinfo.getpassphrase = getpassfunc;
parse->cbinfo.cryptinfo.passphrase = strdup(passphrase);
parse->cbinfo.numtries = numtries;
/* Set up armour/passphrase options */
@ -715,8 +715,7 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
{
// historical code bloat...
int numtries = -1;
pgp_cbfunc_t *getpassfunc = NULL;
validate_data_cb_t validation;
pgp_stream_t *stream = NULL;
pgp_memory_t *outmem;
@ -751,7 +750,7 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
/* setup keyring and passphrase callback */
stream->cbinfo.cryptinfo.secring = secring;
stream->cbinfo.cryptinfo.pubring = pubring;
stream->cbinfo.cryptinfo.getpassphrase = getpassfunc;
stream->cbinfo.cryptinfo.passphrase = NULL;
stream->cbinfo.numtries = numtries;
/* Set up armour */


+ 117
- 44
src/keyring.c View File

@ -76,6 +76,8 @@ __RCSID("$NetBSD$");
#include <unistd.h>
#endif
#include <netpgp.h>
#include <netpgp/types.h>
#include <netpgp/keyring.h>
#include <netpgp/packet-parse.h>
@ -272,27 +274,24 @@ pgp_key_find_key_conds(
unsigned checkrevoke,
unsigned checkexpiry)
{
unsigned subkeyidx = 0;
unsigned subkeysigidx = 0;
unsigned directsigidx = 0;
int32_t res = -2; /* Not found */
int32_t lastgood;
unsigned subkeyidx = 0;
unsigned subkeysigidx = 0;
unsigned directsigidx = 0;
int32_t res = -1; /* Not found */
int32_t lastgood;
pgp_subkey_t *subkeyp;
pgp_subkeysig_t *subkeysigp;
pgp_directsig_t *directsigp;
time_t youngest;
time_t youngest;
youngest = 0;
/* check pubkey first */
if(!keycond || keycond(pgp_key_get_pubkey(key), key->pubkeyid, keycondarg)){
int32_t uidres;
/* Loop over key's direct sigs */
directsigp = key->directsigs;
for (directsigidx = 0 ; directsigidx < key->directsigc;
directsigidx++, directsigp++)
for (directsigidx = 0 ; directsigidx < key->directsigc; directsigidx++, directsigp++)
{
/* if direct is revoked */
if(directsigp->siginfo.type == PGP_SIG_REV_KEY)
@ -300,10 +299,8 @@ pgp_key_find_key_conds(
/* ignore revocation if secret */
if(!checkrevoke)
continue;
return -2; /* Key is globally revoked, no result */
}
/* in sig validity time frame */
if(!checkexpiry || siginfo_in_time(&directsigp->siginfo))
{
@ -319,11 +316,7 @@ pgp_key_find_key_conds(
}
}
}
uidres = pgp_key_find_uid_cond(
key, NULL, NULL, sigcond, sigcondarg, &youngest,
checkrevoke, checkexpiry);
uidres = pgp_key_find_uid_cond(key, NULL, NULL, sigcond, sigcondarg, &youngest, checkrevoke, checkexpiry);
/* if matching uid sig, then primary is matching key */
if(uidres != -1){
res = -1;
@ -335,7 +328,6 @@ pgp_key_find_key_conds(
for (subkeyidx = 0 ; subkeyidx < key->subkeyc; subkeyidx++, subkeyp++)
{
lastgood = res;
subkeysigp = key->subkeysigs;
/* Skip this subkey if key condition not met */
@ -343,8 +335,7 @@ pgp_key_find_key_conds(
continue;
/* Loop over key's subkeys sigs */
for (subkeysigidx = 0 ; subkeysigidx < key->subkeysigc;
subkeysigidx++, subkeysigp++)
for (subkeysigidx = 0 ; subkeysigidx < key->subkeysigc; subkeysigidx++, subkeysigp++)
{
/* matching selected subkey */
if(subkeysigp->subkey == subkeyidx)
@ -368,7 +359,7 @@ pgp_key_find_key_conds(
if(!sigcond || sigcond(&subkeysigp->siginfo, sigcondarg))
{
/* youngest signature is deciding */
if(subkeysigp->siginfo.birthtime > youngest)
if(subkeysigp->siginfo.birthtime >= youngest)
{
youngest = subkeysigp->siginfo.birthtime;
res = subkeyidx;
@ -468,8 +459,7 @@ static unsigned is_signing_role(const pgp_sig_info_t *siginfo, void *arg)
pgp_pubkey_t *
pgp_key_get_sigkey(pgp_key_t *key)
{
int32_t subkeyidx =
pgp_key_find_key_conds(key, NULL, NULL, &is_signing_role, NULL, 0, 0);
int32_t subkeyidx = pgp_key_find_key_conds(key, NULL, NULL, &is_signing_role, NULL, 0, 0);
return key_get_pubkey_from_subidx(key, NULL, subkeyidx);
}
@ -477,8 +467,7 @@ pgp_key_get_sigkey(pgp_key_t *key)
pgp_seckey_t *
pgp_key_get_certkey(pgp_key_t *key)
{
int32_t subkeyidx =
pgp_key_find_key_conds(key, NULL, NULL, &is_signing_role, NULL, 1, 0);
int32_t subkeyidx = pgp_key_find_key_conds(key, NULL, NULL, &is_signing_role, NULL, 1, 0);
return key_get_seckey_from_subidx(key, NULL, subkeyidx);
}
@ -490,18 +479,14 @@ static unsigned is_encryption_role(const pgp_sig_info_t *siginfo, void *arg)
pgp_pubkey_t *
pgp_key_get_enckey(pgp_key_t *key, const uint8_t **id)
{
int32_t subkeyidx =
pgp_key_find_key_conds(key, NULL, NULL, &is_encryption_role, NULL, 1, 0);
int32_t subkeyidx = pgp_key_find_key_conds(key, NULL, NULL, &is_encryption_role, NULL, 1, 0);
return key_get_pubkey_from_subidx(key, id, subkeyidx);
}
pgp_seckey_t *
pgp_key_get_deckey(pgp_key_t *key, const uint8_t **id)
{
int32_t subkeyidx =
pgp_key_find_key_conds(key, NULL, NULL, &is_encryption_role, NULL, 0, 0);
int32_t subkeyidx = pgp_key_find_key_conds(key, NULL, NULL, &is_encryption_role, NULL, 0, 0);
return key_get_seckey_from_subidx(key, id, subkeyidx);
}
@ -594,13 +579,11 @@ const pgp_key_rating_t pgp_key_get_rating(pgp_key_t *key)
if(res == PGP_VALID)
{
if(pgp_key_find_key_conds(
key, NULL, NULL, NULL, NULL, 1, 0) == -2)
if(pgp_key_find_key_conds(key, NULL, NULL, NULL, NULL, 1, 0) == -2)
{
return PGP_REVOKED;
}
if(pgp_key_find_key_conds(
key, NULL, NULL, NULL, NULL, 0, 1) == -2)
if(pgp_key_find_key_conds(key, NULL, NULL, NULL, NULL, 0, 1) == -2)
{
return PGP_EXPIRED;
}
@ -669,6 +652,90 @@ typedef struct {
pgp_seckey_t *seckey;
} decrypt_t;
static pgp_cb_ret_t
decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
{
const pgp_contents_t *content = &pkt->u;
decrypt_t *decrypt;
//char pass[MAX_PASSPHRASE_LENGTH];
decrypt = pgp_callback_arg(cbinfo);
switch (pkt->tag) {
case PGP_PARSER_PTAG:
case PGP_PTAG_CT_USER_ID:
case PGP_PTAG_CT_SIGNATURE:
case PGP_PTAG_CT_SIGNATURE_HEADER:
case PGP_PTAG_CT_SIGNATURE_FOOTER:
case PGP_PTAG_CT_TRUST:
case PGP_GET_PASSPHRASE:
break;
case PGP_PARSER_ERRCODE:
switch (content->errcode.errcode) {
case PGP_E_P_MPI_FORMAT_ERROR:
/* Generally this means a bad passphrase */
fprintf(stderr, "Bad passphrase!\n");
return PGP_RELEASE_MEMORY;
case PGP_E_P_PACKET_CONSUMED:
/* And this is because of an error we've accepted */
return PGP_RELEASE_MEMORY;
default:
break;
}
(void) fprintf(stderr, "parse error: %s\n",
pgp_errcode(content->errcode.errcode));
return PGP_FINISHED;
case PGP_PARSER_ERROR:
fprintf(stderr, "parse error: %s\n", content->error);
return PGP_FINISHED;
case PGP_PTAG_CT_SECRET_KEY:
if ((decrypt->seckey = calloc(1, sizeof(*decrypt->seckey))) == NULL) {
(void) fprintf(stderr, "decrypt_cb: bad alloc\n");
return PGP_FINISHED;
}
decrypt->seckey->checkhash = calloc(1, PGP_CHECKHASH_SIZE);
*decrypt->seckey = content->seckey; /* XXX WTF ? */
return PGP_KEEP_MEMORY;
case PGP_PARSER_PACKET_END:
/* nothing to do */
break;
default:
fprintf(stderr, "Unexpected tag %d (0x%x)\n", pkt->tag,
pkt->tag);
return PGP_FINISHED;
}
return PGP_RELEASE_MEMORY;
}
/**
\ingroup Core_Keys
\brief Decrypts secret key from given keydata with given passphrase
\param key Key from which to get secret key
\param passphrase Passphrase to use to decrypt secret key
\return secret key
*/
pgp_seckey_t *
pgp_decrypt_seckey(const pgp_key_t *key, char *passphrase)
{
pgp_stream_t *stream;
decrypt_t decrypt;
(void) memset(&decrypt, 0x0, sizeof(decrypt));
decrypt.key = key;
decrypt.passphrase = passphrase;
stream = pgp_new(sizeof(*stream));
pgp_keydata_reader_set(stream, key);
pgp_set_callback(stream, decrypt_cb, &decrypt);
stream->readinfo.accumulate = 1;
pgp_parse(stream, 1);
return decrypt.seckey;
}
/* \todo check where userid pointers are copied */
/**
\ingroup Core_Keys
@ -873,14 +940,16 @@ pgp_keydata_init(pgp_key_t *keydata, const pgp_content_enum type)
*/
unsigned
pgp_keyring_fileread(pgp_io_t *io,
pgp_keyring_fileread(
netpgp_t *netpgp,
pgp_keyring_t *pubring,
pgp_keyring_t *secring,
const unsigned armour,
const char *filename)
const char *filename
)
{
return pgp_filter_keys_fileread(
io,
netpgp,
pubring,
secring,
NULL /*certring -> self cert */,
@ -912,13 +981,15 @@ pgp_keyring_fileread(pgp_io_t *io,
\sa pgp_keyring_free
*/
unsigned
pgp_keyring_read_from_mem(pgp_io_t *io,
pgp_keyring_read_from_mem(
netpgp_t *netpgp,
pgp_keyring_t *pubring,
pgp_keyring_t *secring,
const unsigned armour,
pgp_memory_t *mem)
{
return pgp_filter_keys_from_mem(io,
return pgp_filter_keys_from_mem(
netpgp,
pubring,
secring,
NULL /* certring -> self certification */,
@ -1070,13 +1141,15 @@ pgp_getkeybyfpr(pgp_io_t *io, const pgp_keyring_t *keyring,
unsigned checkexpiry)
{
int32_t subkeyidx;
pgp_key_t *key;
pgp_fingerprint_t *kfp;
for ( ; keyring && *from < keyring->keyc; *from += 1) {
pgp_key_t *key = &keyring->keys[*from];
pgp_fingerprint_t *kfp = &key->pubkeyfpr;
if (kfp->length == length &&
memcmp(kfp->fingerprint, fpr, length) == 0) {
key = &keyring->keys[*from];
kfp = &key->pubkeyfpr;
if (kfp->length == length && memcmp(kfp->fingerprint, fpr, length) == 0) {
if(checkrevoke || checkexpiry){
subkeyidx = pgp_key_find_key_conds(key, NULL, NULL, NULL, NULL, checkrevoke, checkexpiry);
printf("Found key, subkeyidx=%d\n",subkeyidx);
if (subkeyidx == -2) return NULL;
}
if (pubkey) {


+ 37
- 7
src/main.c View File

@ -47,6 +47,8 @@
#include <string.h>
#include <unistd.h>
#include <netpgp.h>
#include <netpgp/netpgpsdk.h>
#include <netpgp/netpgpdefs.h>
#include <netpgp/crypto.h>
@ -78,7 +80,10 @@ static const char *usage =
"\t[--keyring=<keyring>] AND/OR\n"
"\t[--userid=<userid>] AND/OR\n"
"\t[--maxmemalloc=<number of bytes>] AND/OR\n"
"\t[--verbose]\n";
"\t[--verbose]\n"
"\t[--debug=filename.c]\n"
"\t[--password=password]\n"
;
enum optdefs {
/* commands */
@ -110,6 +115,7 @@ enum optdefs {
DURATION,
BIRTHTIME,
CIPHER,
PASSWORD,
/* debug */
OPS_DEBUG
@ -164,6 +170,7 @@ static struct option options[] = {
{"duration", required_argument, NULL, DURATION},
{"expiry", required_argument, NULL, DURATION},
{"cipher", required_argument, NULL, CIPHER},
{"password", required_argument, NULL, PASSWORD},
{ NULL, 0, NULL, 0},
};
@ -341,6 +348,8 @@ import_key(netpgp_t *netpgp, prog_t *p, char *f)
uint8_t* out;
uint8_t *in;
pgp_memory_t *mem;
pgp_io_t *io;
int ret;
mem = pgp_memory_new();
if (mem == NULL)
@ -349,11 +358,27 @@ import_key(netpgp_t *netpgp, prog_t *p, char *f)
if(f==NULL) {
size = stdin_to_mem(netpgp, &in, &out, &maxsize);
pgp_memory_add(mem, in, size);
//if (pgp_keyring_read_from_mem(netpgp->io, netpgp->pubring, netpgp->secring, p->armour, mem) == 0) return 1;
pgp_keyring_read_from_mem(netpgp->io, netpgp->pubring, netpgp->secring, 1, mem);
ret=pgp_keyring_read_from_mem(netpgp, netpgp->pubring, netpgp->secring, p->armour, mem);
} else {
//if(pgp_keyring_fileread(netpgp->io, netpgp->pubring, netpgp->secring, p->armour, f) == 0) return 1;
pgp_keyring_fileread(netpgp->io, netpgp->pubring, netpgp->secring, 1, f);
ret=pgp_keyring_fileread(netpgp, netpgp->pubring, netpgp->secring, p->armour, f);
}
switch(ret) {
case 0:
printf("Foo\n");
break;
case PGP_PASSWORD_REQUIRED:
printf("Password required!\n");
return 1;
case PGP_WRONG_PASSWORD:
printf("Wrong password!\n");
return 1;
default:
printf("Successfully imported!\n");
break;
}
// save rings
@ -381,6 +406,7 @@ netpgp_cmd(netpgp_t *netpgp, prog_t *p, char *f)
int i;
char *cipher;
char *userid;
char *password;
pgp_key_t key;
switch (p->cmd) {
@ -404,15 +430,16 @@ netpgp_cmd(netpgp_t *netpgp, prog_t *p, char *f)
return 0;
case DECRYPT:
password=netpgp_getvar(netpgp, "password");
if (f == NULL) {
cc = stdin_to_mem(netpgp, &in, &out, &maxsize);
ret = pgp_decrypt_buf(netpgp->io, in, cc, netpgp->secring, netpgp->pubring, p->armour, 0, &ask_password );
ret = pgp_decrypt_buf(netpgp->io, in, cc, netpgp->secring, netpgp->pubring, p->armour, 0, password );
ret = show_output(out, ret, "Bad memory decryption");
free(in);
free(out);
return ret;
}
return pgp_decrypt_file(netpgp->io, f, p->output, netpgp->secring, netpgp->pubring, p->armour, 0, 3, &ask_password);
return pgp_decrypt_file(netpgp->io, f, p->output, netpgp->secring, netpgp->pubring, p->armour, 0, 3, password);
case CLEARSIGN: // TODO: Reintroduce this
return 0;
@ -540,6 +567,9 @@ setoption(netpgp_t *netpgp, prog_t *p, int val, char *arg, int *homeset)
}
netpgp_setvar(netpgp, "userid", arg);
break;
case PASSWORD:
netpgp_setvar(netpgp, "password", arg);
break;
case ARMOUR:
p->armour = 1;
break;


+ 1
- 1
src/netpgp.c View File

@ -203,7 +203,7 @@ readkeyring(netpgp_t *netpgp,
(void) snprintf(f, sizeof(f), "%s/%s.gpg", homedir, name);
filename = f;
}
pgp_keyring_fileread(netpgp->io, pubring, secring, 0, filename);
pgp_keyring_fileread(netpgp, pubring, secring, 0, filename);
netpgp_setvar(netpgp, name, filename);
return 1;
}


+ 37
- 48
src/openssl_crypto.c View File

@ -474,15 +474,15 @@ pgp_rsa_public_decrypt(uint8_t *out,
size_t length,
const pgp_rsa_pubkey_t *pubkey)
{
RSA *orsa;
int n;
RSA *orsa;
int n;
orsa = RSA_new();
RSA_set0_key(orsa,
BN_dup(pubkey->n),
BN_dup(pubkey->e),
NULL);
BN_dup(pubkey->e)
);
n = RSA_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
@ -515,23 +515,16 @@ pgp_rsa_private_encrypt(uint8_t *out,
RSA_set0_key(orsa,
BN_dup(pubkey->n),
BN_dup(pubkey->e),
BN_dup(seckey->d));
/* p and q are round the other way in openssl */
RSA_set0_factors(orsa,
/* q */ BN_dup(seckey->p),
/* p */ BN_dup(seckey->q));
BN_dup(seckey->d),
BN_dup(pubkey->e)
);
/* debug
if (RSA_check_key(orsa) != 1) {
(void) fprintf(stderr, "RSA_check_key is not set\n");
return 0;
}
end debug */
n = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
n = RSA_public_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
RSA_free(orsa);
@ -592,41 +585,33 @@ pgp_rsa_private_decrypt(uint8_t *out,
const pgp_rsa_seckey_t *seckey,
const pgp_rsa_pubkey_t *pubkey)
{
RSA *keypair;
int n;
char errbuf[1024];
RSA *orsa;
int n;
char errbuf[1024];
keypair = RSA_new();
RSA_set0_key(keypair,
orsa = RSA_new();
RSA_set0_key(orsa,
BN_dup(pubkey->n),
BN_dup(pubkey->e),
BN_dup(seckey->d));
RSA_set0_factors(keypair,
BN_dup(seckey->p),
BN_dup(seckey->q));
BN_dup(pubkey->e),
BN_dup(seckey->d)
);
/* debug
if (RSA_check_key(keypair) != 1) {
(void) fprintf(stderr, "RSA_check_key is not set\n");
return 0;
}
end debug */
/*printf("len d: %ld\n", BN_num_bytes(seckey->d));
printf("len: %ld\n", length);
printf("d\n");
BN_print_fp(stdout,seckey->d);
printf("\nn\n");
BN_print_fp(stdout,pubkey->n);
printf("\n\n");*/
n = RSA_private_decrypt((int)length, in, out, keypair, RSA_NO_PADDING);
n = RSA_private_decrypt(length, in, out, orsa, RSA_NO_PADDING);
if (pgp_get_debug_level(__FILE__)) {
printf("pgp_rsa_private_decrypt: n=%d\n",n);
}
errbuf[0] = '\0';
if (n == -1) {
unsigned long err = ERR_get_error();
ERR_error_string(err, &errbuf[0]);
(void) fprintf(stderr, "openssl error : %s\n", errbuf);
BIO *fd_out;
fd_out = BIO_new_fd(fileno(stderr), BIO_NOCLOSE);
ERR_print_errors(fd_out);
}
RSA_free(keypair);
RSA_free(orsa);
return n;
}
@ -645,8 +630,8 @@ pgp_rsa_public_encrypt(uint8_t *out,
size_t length,
const pgp_rsa_pubkey_t *pubkey)
{
RSA *orsa;
int n;
RSA *orsa;
int n;
/* printf("pgp_rsa_public_encrypt: length=%ld\n", length); */
@ -656,9 +641,13 @@ pgp_rsa_public_encrypt(uint8_t *out,
BN_dup(pubkey->e),
NULL);
/* printf("len: %ld\n", length); */
/* pgp_print_bn("n: ", orsa->n); */
/* pgp_print_bn("e: ", orsa->e); */
/*printf("len: %ld\n", length);
printf("n\n");
BN_print_fp(stdout,pubkey->n);
printf("\e\n");
BN_print_fp(stdout,pubkey->e);
printf("\n\n");*/
n = RSA_public_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
if (n == -1) {


+ 77
- 77
src/packet-parse.c View File

@ -974,19 +974,6 @@ cleartext_trailer_free(struct pgp_hash_t **trailer)
*trailer = NULL;
}
/**
\ingroup Core_Create
\brief Free allocated memory
*/
static void
cmd_get_passphrase_free(pgp_seckey_passphrase_t *skp)
{
if (skp->passphrase && *skp->passphrase) {
free(*skp->passphrase);
*skp->passphrase = NULL;
}
}
/**
\ingroup Core_Create
\brief Free allocated memory
@ -1139,8 +1126,12 @@ pgp_free_sig_info(pgp_sig_info_t *info)
printf("%s:%d, %s: Elliptic curves pub(%d)\n",__FILE__,__LINE__,__FUNCTION__,info->key_alg);
break;
case PGP_PKA_NOTHING:
/* nothing to dup */
break;
default:
(void) fprintf(stderr, "info-free: bad info-type\n");
(void) fprintf(stderr, "info-free: bad info-type (%d)\n",info->key_alg);
}
memset(info, 0, sizeof(pgp_sig_info_t));
}
@ -1168,6 +1159,7 @@ pgp_parser_content_free(pgp_packet_t *c)
case PGP_PTAG_SS_KEY_EXPIRY:
case PGP_PTAG_SS_TRUST:
case PGP_PTAG_SS_ISSUER_KEY_ID:
case PGP_PTAG_SS_ISSUER_FPR:
case PGP_PTAG_CT_1_PASS_SIG:
case PGP_PTAG_SS_PRIMARY_USER_ID:
case PGP_PTAG_SS_REVOCABLE:
@ -1278,7 +1270,7 @@ pgp_parser_content_free(pgp_packet_t *c)
pgp_data_free(&c->u.ss_userdef);
break;
case PGP_PTAG_SS_RESERVED:
case PGP_PTAG_SS_ARR:
pgp_data_free(&c->u.ss_unknown);
break;
@ -1309,7 +1301,7 @@ pgp_parser_content_free(pgp_packet_t *c)
break;
case PGP_GET_PASSPHRASE:
cmd_get_passphrase_free(&c->u.skey_passphrase);
// TODO: Cleanup
break;
default:
@ -1886,20 +1878,17 @@ parse_one_sig_subpacket(pgp_sig_t *sig,
unsigned doread = 1;
unsigned t8;
unsigned t7;
pgp_init_subregion(&subregion, region);
if (!limited_read_new_length(&subregion.length, region, stream)) {
if (!limited_read_new_length(&subregion.length, region, stream))
return 0;
}
if (subregion.length > region->length) {
if (subregion.length > region->length)
ERRP(&stream->cbinfo, pkt, "Subpacket too long");
}
if (!limread(&c, 1, &subregion, stream)) {
if (!limread(&c, 1, &subregion, stream))
return 0;
}
//t8 = ( c & 0x7f ) / 8;
t8 = c / 8;
t7 = 1 << (c & 7);
@ -1915,19 +1904,33 @@ parse_one_sig_subpacket(pgp_sig_t *sig,
(void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n");
return 0;
}
if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length,
&subregion, stream)) {
if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length, &subregion, stream)) {
return 0;
}
CALLBACK(PGP_PTAG_RAW_SS, &stream->cbinfo, &pkt);
return 1;
}
char v;
switch (pkt.tag) {
case PGP_PTAG_SS_PREF_AEAD:
if (!limread(&v, 1, &subregion, stream))
return 0;
break;
case PGP_PTAG_SS_ATTST_SIGS:
break;
case PGP_PTAG_SS_KEY_BLOCK:
if (!limread(&v, 1, &subregion, stream))
return 0;
break;
case PGP_PTAG_SS_CREATION_TIME:
case PGP_PTAG_SS_EXPIRATION_TIME:
case PGP_PTAG_SS_KEY_EXPIRY:
if (!limited_read_time(&pkt.u.ss_time, &subregion, stream))
if (!limited_read_time(&pkt.u.ss_time, &subregion, stream)) {
return 0;
}
if (pkt.tag == PGP_PTAG_SS_CREATION_TIME) {
sig->info.birthtime = pkt.u.ss_time;
sig->info.birthtime_set = 1;
@ -1956,6 +1959,18 @@ parse_one_sig_subpacket(pgp_sig_t *sig,
pkt.u.ss_revocable = !!bools;
break;
case PGP_PTAG_SS_ISSUER_FPR:
uint8_t issuer_vers;
if (!limread(&issuer_vers, 1, &subregion, stream)) {
return 0;
}
if (!limread(pkt.u.ss_issuer_fpr, PGP_FINGERPRINT_SIZE, &subregion, stream)) {
return 0;
}
(void) memcpy(sig->info.signer_fpr, pkt.u.ss_issuer_fpr, PGP_FINGERPRINT_SIZE);
sig->info.signer_fpr_set = 1;
break;
case PGP_PTAG_SS_ISSUER_KEY_ID:
if (!limread(pkt.u.ss_issuer, PGP_KEY_ID_SIZE, &subregion, stream)) {
return 0;
@ -2085,10 +2100,13 @@ parse_one_sig_subpacket(pgp_sig_t *sig,
}
break;
case PGP_PTAG_SS_RESERVED:
if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) {
case PGP_PTAG_SS_ARR:
uint8_t testbuf[1024];
//if (!limread_data(&pkt.u.ss_arr, 20, &subregion, stream)) {
if (!limread_data(testbuf, 20, &subregion, stream)) {
return 0;
}
hexdump(stdout,"pkt.u.ss_arr",testbuf,20);
break;
case PGP_PTAG_SS_REVOCATION_REASON:
@ -2147,6 +2165,7 @@ parse_one_sig_subpacket(pgp_sig_t *sig,
if (!(stream->ss_parsed[t8] & t7)) {
if (pkt.critical) {
PGP_ERROR_1(&stream->errors, PGP_E_PROTO_CRITICAL_SS_IGNORED, "Critical signature subpacket ignored (%d)", c);
PGP_ERROR_1(&stream->errors, PGP_E_PROTO_CRITICAL_SS_IGNORED, "Package tag=%x", pkt.tag);
}
if (!doread &&
!limskip(subregion.length - 1, &subregion, stream)) {
@ -2662,10 +2681,7 @@ pgp_seckey_free(pgp_seckey_t *key)
break;
default:
(void) fprintf(stderr,
"pgp_seckey_free: Unknown algorithm: %d (%s)\n",
key->pubkey.alg,
pgp_show_pka(key->pubkey.alg));
(void) fprintf(stderr, "pgp_seckey_free: Unknown algorithm: %d (%s)\n", key->pubkey.alg, pgp_show_pka(key->pubkey.alg));
}
free(key->checkhash);
pgp_pubkey_free(&key->pubkey);
@ -2783,7 +2799,6 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
}
if (pgp_get_debug_level(__FILE__)) {
printf(stderr, "parse_seckey: public key parsed\n");
//pgp_print_pubkey(&pkt.u.seckey.pubkey);
}
//stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != PGP_V4);
if (pkt.u.seckey.pubkey.version != PGP_V4){
@ -2812,8 +2827,7 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
case PGP_S2KS_ITERATED_AND_SALTED:
break;
default:
(void) fprintf(stderr,
"parse_seckey: bad seckey\n");
(void) fprintf(stderr, "parse_seckey: bad seckey (%x)\n",pkt.u.seckey.s2k_specifier);
return 0;
}
if (!limread(&c, 1, region, stream)) {
@ -2844,22 +2858,21 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED;
if (crypted) {
pgp_packet_t seckey;
pgp_packet_t seckey;
pgp_hash_t hashes[(PGP_MAX_KEY_SIZE + PGP_MIN_HASH_SIZE - 1) / PGP_MIN_HASH_SIZE];
unsigned passlen;
unsigned passlen;
uint8_t key[PGP_MAX_KEY_SIZE + PGP_MAX_HASH_SIZE];
char *passphrase;
int hashsize;
int keysize;
int n;
char *passphrase;
int hashsize;
int keysize;
int n,i;
if (pgp_get_debug_level(__FILE__)) {
(void) fprintf(stderr, "crypted seckey\n");
}
blocksize = pgp_block_size(pkt.u.seckey.alg);
if (blocksize == 0 || blocksize > PGP_MAX_BLOCK_SIZE) {
(void) fprintf(stderr,
"parse_seckey: bad blocksize\n");
(void) fprintf(stderr, "parse_seckey: bad blocksize\n");
return 0;
}
@ -2868,28 +2881,23 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
}
(void) memset(&seckey, 0x0, sizeof(seckey));
passphrase = NULL;
seckey.u.skey_passphrase.passphrase = &passphrase;
seckey.u.skey_passphrase.seckey = &pkt.u.seckey;
CALLBACK(PGP_GET_PASSPHRASE, &stream->cbinfo, &seckey);
if(stream->cbinfo.passphrase) {
passphrase=strdup(stream->cbinfo.passphrase);
}
if (!passphrase) {
if (pgp_get_debug_level(__FILE__)) {
/* \todo make into proper error */
(void) fprintf(stderr,
"parse_seckey: can't get passphrase\n");
(void) fprintf(stderr, "parse_seckey: can't get passphrase\n");
}
if (!consume_packet(region, stream, 0)) {
return 0;
return PGP_PASSWORD_REQUIRED;
}
CALLBACK(PGP_PTAG_CT_ENCRYPTED_SECRET_KEY,
&stream->cbinfo, &pkt);
return 1;
CALLBACK(PGP_PTAG_CT_ENCRYPTED_SECRET_KEY, &stream->cbinfo, &pkt);
return PGP_PASSWORD_REQUIRED;
}
keysize = pgp_key_size(pkt.u.seckey.alg);
if (keysize == 0 || keysize > PGP_MAX_KEY_SIZE) {
(void) fprintf(stderr,
"parse_seckey: bad keysize\n");
(void) fprintf(stderr, "parse_seckey: bad keysize\n");
return 0;
}
@ -2897,14 +2905,11 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
pkt.u.seckey.hash_alg = PGP_HASH_SHA1;
hashsize = pgp_hash_size(pkt.u.seckey.hash_alg);
if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) {
(void) fprintf(stderr,
"parse_seckey: bad hashsize\n");
(void) fprintf(stderr, "parse_seckey: bad hashsize\n");
return 0;
}
for (n = 0; n * hashsize < keysize; ++n) {
int i;
pgp_hash_any(&hashes[n], pkt.u.seckey.hash_alg);
if (!hashes[n].init(&hashes[n])) {
(void) fprintf(stderr, "parse_seckey: bad alloc\n");
@ -2918,8 +2923,6 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
}
passlen = (unsigned)strlen(passphrase);
for (n = 0; n * hashsize < keysize; ++n) {
unsigned i;
switch (pkt.u.seckey.s2k_specifier) {
case PGP_S2KS_SALTED:
hashes[n].add(&hashes[n], pkt.u.seckey.salt, PGP_SALT_SIZE);
@ -2955,8 +2958,7 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
}
}
pgp_forget(passphrase, passlen);
//pgp_forget(passphrase, passlen);
pgp_crypt_any(&decrypt, pkt.u.seckey.alg);
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "input iv", pkt.u.seckey.iv, pgp_block_size(pkt.u.seckey.alg));
@ -3006,6 +3008,7 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
case PGP_PKA_ECDH:
// TODO
printf("%s:%d, %s: Elliptic curves pub(%d)\n",__FILE__,__LINE__,__FUNCTION__,pkt.u.seckey.pubkey.alg);
ret = 0;
break;
case PGP_PKA_RSA:
@ -3065,10 +3068,9 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
return 0;
}
if (memcmp(hash, pkt.u.seckey.checkhash,
PGP_CHECKHASH_SIZE) != 0) {
ERRP(&stream->cbinfo, pkt,
"Hash mismatch in secret key");
if (memcmp(hash, pkt.u.seckey.checkhash, PGP_CHECKHASH_SIZE) != 0) {
ERRP(&stream->cbinfo, pkt, "Hash mismatch in secret key");
return 0;
}
}
} else {
@ -3081,13 +3083,11 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
region = saved_region;
}
if (ret) {
if (!limread_scalar(&pkt.u.seckey.checksum, 2,
region, stream))
if (!limread_scalar(&pkt.u.seckey.checksum, 2, region, stream)) {
return 0;
}
if (sum != pkt.u.seckey.checksum) {
ERRP(&stream->cbinfo, pkt,
"Checksum mismatch in secret key");
ERRP(&stream->cbinfo, pkt, "Checksum mismatch in secret key");
}
}
}
@ -3104,7 +3104,7 @@ parse_seckey(pgp_content_enum tag, pgp_region_t *region, pgp_stream_t *stream)
return 0;
}
if (!ret) {
return 0;
return PGP_WRONG_PASSWORD;
}
CALLBACK(tag, &stream->cbinfo, &pkt);
if (pgp_get_debug_level(__FILE__)) {
@ -3599,7 +3599,7 @@ parse_packet(pgp_stream_t *stream, uint32_t *pktlen)
}
stream->readinfo.alength = 0;
return (ret < 0) ? -1 : (ret) ? 1 : 0;
return (ret < 0) ? ret : (ret) ? 1 : 0;
}
/**
@ -3638,11 +3638,11 @@ pgp_parse(pgp_stream_t *stream, const int perrors)
int r;
do {
r = parse_packet(stream, &pktlen);
} while (r != -1);
} while (r > 0);
if (perrors) {
pgp_print_errors(stream->errors);
}
return (stream->errors == NULL);
return r;
}
/**


+ 4
- 3
src/packet-show.c View File

@ -94,14 +94,14 @@ static pgp_map_t packet_tag_map[] =
{PGP_PTAG_CT_RESERVED2, "reserved2"},
{PGP_PTAG_CT_RESERVED3, "reserved3"},
{PGP_PTAG_CT_USER_ATTR, "User Attribute"},
{PGP_PTAG_CT_SE_IP_DATA,
"Symmetric Encrypted and Integrity Protected Data"},
{PGP_PTAG_CT_SE_IP_DATA, "Symmetric Encrypted and Integrity Protected Data"},
{PGP_PTAG_CT_MDC, "Modification Detection Code"},
{PGP_PARSER_PTAG, "PGP_PARSER_PTAG"},
{PGP_PTAG_RAW_SS, "PGP_PTAG_RAW_SS"},
{PGP_PTAG_SS_ALL, "PGP_PTAG_SS_ALL"},
{PGP_PARSER_PACKET_END, "PGP_PARSER_PACKET_END"},
{PGP_PTAG_SIG_SUBPKT_BASE, "PGP_PTAG_SIG_SUBPKT_BASE"},
{PGP_PTAG_SS_ISSUER_FPR, "SS: Signature Issuer Fingerprint"},
{PGP_PTAG_SS_CREATION_TIME, "SS: Signature Creation Time"},
{PGP_PTAG_SS_EXPIRATION_TIME, "SS: Signature Expiration Time"},
{PGP_PTAG_SS_EXPORT_CERT, "SS: Exportable Certification"},
@ -109,7 +109,7 @@ static pgp_map_t packet_tag_map[] =
{PGP_PTAG_SS_REGEXP, "SS: Regular Expression"},
{PGP_PTAG_SS_REVOCABLE, "SS: Revocable"},
{PGP_PTAG_SS_KEY_EXPIRY, "SS: Key Expiration Time"},
{PGP_PTAG_SS_RESERVED, "SS: Reserved"},
{PGP_PTAG_SS_ARR, "SS: Additional recipient request"},
{PGP_PTAG_SS_PREFERRED_SKA, "SS: Preferred Secret Key Algorithm"},
{PGP_PTAG_SS_REVOCATION_KEY, "SS: Revocation Key"},
{PGP_PTAG_SS_ISSUER_KEY_ID, "SS: Issuer Key Id"},