Browse Source

Big changes:

* Working on reading encrypted private keys without a password in raw
  encrypted form and writing it out again this way, when importing other
  keys.

* Fixed some uninitialized variables and objects so that the tests of the
  pEp Engine run without crashing.
master
David Lanzendörfer 11 months ago
parent
commit
dd25e94073
22 changed files with 1388 additions and 1011 deletions
  1. +14
    -4
      include/netpgp.h
  2. +9
    -11
      include/netpgp/create.h
  3. +18
    -28
      include/netpgp/crypto.h
  4. +5
    -3
      include/netpgp/keyring.h
  5. +1
    -1
      include/netpgp/packet-parse.h
  6. +56
    -48
      include/netpgp/packet.h
  7. +5
    -2
      include/netpgp/signature.h
  8. +7
    -10
      include/netpgp/validate.h
  9. +1
    -1
      src/compress.c
  10. +174
    -80
      src/create.c
  11. +44
    -275
      src/crypto.c
  12. +59
    -16
      src/keyring.c
  13. +423
    -228
      src/main.c
  14. +3
    -4
      src/misc.c
  15. +159
    -6
      src/netpgp.c
  16. +14
    -7
      src/openssl_crypto.c
  17. +132
    -79
      src/packet-parse.c
  18. +11
    -23
      src/reader.c
  19. +8
    -8
      src/signature.c
  20. +6
    -4
      src/symmetric.c
  21. +231
    -165
      src/validate.c
  22. +8
    -8
      src/writer.c

+ 14
- 4
include/netpgp.h View File

@ -78,11 +78,17 @@ char *netpgp_export_key(netpgp_t *, char *);
int netpgp_save_secring(netpgp_t *);
int netpgp_save_pubring(netpgp_t *);
/* file management */
int netpgp_decrypt_file(netpgp_t *, const char *, char *, int);
int netpgp_sign_file(netpgp_t *, const char *, const char *, char *, int, int, int);
int netpgp_verify_file(netpgp_t *, const char *, const char *, int);
/* higher level functions */
pgp_memory_t * netpgp_encrypt_and_sign(
netpgp_t *netpgp,
pgp_keyring_t *rcpts,
pgp_seckey_t *seckey,
const char *ptext, size_t psize,
int do_sign,
int armour
); // encrypt and sign to multiple recipients
// TODO: Implement those
/* memory signing and encryption */
int netpgp_sign_memory(netpgp_t *, const char *, char *, size_t, char *, size_t, const unsigned, const unsigned);
int netpgp_verify_memory(netpgp_t *, const void *, const size_t, void *, size_t, const int);
@ -97,6 +103,10 @@ int netpgp_format_json(void *, const char *, const int);
int netpgp_validate_sigs(netpgp_t *);
// helpers
unsigned uint_to_string(const int8_t *src, char **str, unsigned len);
unsigned string_to_uint(const char *str, uint8_t **fpr, size_t *length);
__END_DECLS
#endif /* !NETPGP_H_ */

+ 9
- 11
include/netpgp/create.h View File

@ -79,15 +79,10 @@ void pgp_build_pubkey(pgp_memory_t *, const pgp_pubkey_t *, unsigned);
unsigned pgp_calc_sesskey_checksum(pgp_pk_sesskey_t *, uint8_t *);
unsigned pgp_write_struct_userid(pgp_output_t *, const uint8_t*);
unsigned pgp_write_ss_header(pgp_output_t *, size_t, pgp_content_enum);
unsigned pgp_write_struct_seckey_ptag(const pgp_seckey_t *key,
const uint8_t *passphrase,
const size_t pplen,
pgp_output_t *output,
pgp_content_enum ptag);
unsigned pgp_write_struct_seckey(const pgp_seckey_t *,
const uint8_t *,
const size_t,
pgp_output_t *);
unsigned pgp_write_struct_seckey_ptag(const pgp_seckey_t *key, pgp_output_t *output, pgp_content_enum ptag);
unsigned pgp_write_struct_seckey(const pgp_seckey_t *, pgp_output_t *);
unsigned pgp_write_struct_pubkey(pgp_output_t *, const pgp_pubkey_t *);
unsigned pgp_write_one_pass_sig(pgp_output_t *,
const pgp_seckey_t *,
@ -99,9 +94,12 @@ unsigned pgp_write_litdata(pgp_output_t *,
const pgp_litdata_enum);
pgp_pk_sesskey_t *pgp_create_pk_sesskey(pgp_key_t *, const char *, pgp_pk_sesskey_t *);
unsigned pgp_write_pk_sesskey(pgp_output_t *, pgp_pk_sesskey_t *);
unsigned pgp_write_xfer_key(pgp_output_t *output,
unsigned pgp_write_xfer_key(
pgp_output_t *output,
const pgp_key_t *key,
const unsigned armoured);
const unsigned armoured
);
void pgp_fast_create_userid(uint8_t **, uint8_t *);
unsigned pgp_write_userid(const uint8_t*, pgp_output_t *);


+ 18
- 28
include/netpgp/crypto.h View File

@ -209,49 +209,41 @@ struct pgp_key_data;
void pgp_writer_push_encrypt(pgp_output_t *,
const struct pgp_key_data *);
unsigned pgp_encrypt_file(pgp_io_t *, const char *, const char *,
const pgp_key_t *,
const unsigned, const unsigned, const char *);
unsigned
pgp_decrypt_file(pgp_io_t *io,
const char *infile,
const char *outfile,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
const unsigned use_armour,
const unsigned allow_overwrite,
int numtries,
char *passphrase
);
pgp_memory_t *
pgp_encrypt_buf(pgp_io_t *, const void *, const size_t,
pgp_encrypt_buf(
pgp_io_t *,
const void *,
const size_t,
const pgp_keyring_t *,
const unsigned, const char *, unsigned);
const unsigned,
const char *,
unsigned);
pgp_memory_t *
pgp_decrypt_buf(pgp_io_t *io,
pgp_decrypt_and_validate_buf(
netpgp_t *netpgp,
pgp_validation_t *result,
const void *input,
const size_t insize,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
const unsigned use_armour,
int numtries,
char *passphrase
key_id_t **recipients_key_ids,
unsigned *recipients_count
);
pgp_memory_t *
pgp_decrypt_and_validate_buf(pgp_io_t *io,
pgp_validate_buf(
netpgp_t *netpgp,
pgp_validation_t *result,
const void *input,
const size_t insize,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
//pgp_keyring_t *secring,
//pgp_keyring_t *pubring,
const unsigned use_armour,
key_id_t **recipients_key_ids,
unsigned *recipients_count);
unsigned *recipients_count
);
/* Keys */
pgp_key_t *pgp_rsa_new_selfsign_key(const int,
@ -314,8 +306,6 @@ struct pgp_cbdata_t {
pgp_io_t *io; /* error/output messages */
pgp_cryptinfo_t cryptinfo; /* used when decrypting */
pgp_printstate_t printstate; /* used to keep printing state */
int numtries; /* # of passphrase attempts */
int gotpass; /* when passphrase entered */
char *passphrase;
};


+ 5
- 3
include/netpgp/keyring.h View File

@ -111,7 +111,7 @@ pgp_pubkey_t *pgp_key_get_pubkey(pgp_key_t *);
unsigned pgp_is_key_secret(pgp_key_t *);
pgp_seckey_t *pgp_get_seckey(pgp_key_t *);
pgp_seckey_t *pgp_get_writable_seckey(pgp_key_t *);
// pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, void *);
pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, char *);
typedef struct netpgp_t netpgp_t;
@ -129,7 +129,9 @@ pgp_keyring_read_from_mem(
pgp_keyring_t *pubring,
pgp_keyring_t *secring,
const unsigned armour,
pgp_memory_t *mem);
pgp_memory_t *mem,
const int import
);
int pgp_keyring_list(pgp_io_t *, const pgp_keyring_t *, const int);
@ -148,6 +150,7 @@ unsigned pgp_update_userid(
// const pgp_subpacket_t *,
// unsigned );
unsigned pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *userid, time_t duration);
pgp_key_t *pgp_keydata_new(void);
@ -175,7 +178,6 @@ unsigned pgp_update_subkey(
pgp_keydata_key_t *subkey,
const pgp_subpacket_t *sigpkt,
pgp_sig_info_t *siginfo);
// int pgp_add_to_secring(pgp_keyring_t *, const pgp_seckey_t *);
int pgp_append_keyring(pgp_keyring_t *, pgp_keyring_t *);


+ 1
- 1
include/netpgp/packet-parse.h View File

@ -134,7 +134,7 @@ pgp_cb_ret_t pgp_stacked_callback(const pgp_packet_t *,
pgp_cbdata_t *);
pgp_reader_t *pgp_readinfo(pgp_stream_t *);
int pgp_parse(pgp_stream_t *, const int);
int pgp_parse(pgp_stream_t *, const int, const int);
/** Used to specify whether subpackets should be returned raw, parsed
* or ignored. */


+ 56
- 48
include/netpgp/packet.h View File

@ -320,8 +320,8 @@ enum {
};
enum {
PGP_PASSWORD_REQUIRED = -2,
PGP_WRONG_PASSWORD = -3,
PGP_PASSWORD_REQUIRED = 2,
PGP_WRONG_PASSWORD = 3,
};
/** Structure to hold one error code */
@ -542,7 +542,8 @@ typedef enum {
typedef enum {
PGP_S2KS_SIMPLE = 0,
PGP_S2KS_SALTED = 1,
PGP_S2KS_ITERATED_AND_SALTED = 3
PGP_S2KS_ITERATED_AND_SALTED = 3,
PGP_S2KS_GNU_EXT = 101
} pgp_s2k_specifier_t;
/** Symmetric Key Algorithm Numbers.
@ -611,6 +612,48 @@ unsigned pgp_is_hash_alg_supported(const pgp_hash_alg_t *);
/* Max hash size */
#define PGP_MAX_HASH_SIZE 64
#define DYNARRAY(type, arr) \
unsigned arr##c; unsigned arr##vsize; type *arr##s
#define EXPAND_ARRAY(str, arr) do { \
if (str->arr##c == str->arr##vsize) { \
void *__newarr; \
uint8_t *__newarrc; \
unsigned __newsize; \
__newsize = (str->arr##vsize * 2) + 10; \
if ((__newarrc = __newarr = realloc(str->arr##s, \
__newsize * sizeof(*str->arr##s))) == NULL) { \
(void) fprintf(stderr, "EXPAND_ARRAY - bad realloc\n"); \
} else { \
(void) memset(&__newarrc[str->arr##vsize * sizeof(*str->arr##s)], \
0x0, (__newsize - str->arr##vsize) * sizeof(*str->arr##s)); \
str->arr##s = __newarr; \
str->arr##vsize = __newsize; \
} \
} \
} while(/*CONSTCOND*/0)
#define FREE_ARRAY(str, arr) do { \
if (str->arr##s) { \
free(str->arr##s); \
str->arr##s = NULL; \
str->arr##vsize = 0; \
str->arr##c = 0; \
} \
} while(/*CONSTCOND*/0)
#define INIT_ARRAY(str, arr) do { \
str->arr##s = NULL; \
str->arr##vsize = 0; \
str->arr##c = 0; \
} while(/*CONSTCOND*/0)
/** pgp_subpacket_t */
typedef struct pgp_subpacket_t {
size_t length;
uint8_t *raw;
} pgp_subpacket_t;
/** pgp_seckey_t
*/
typedef struct pgp_seckey_t {
@ -627,8 +670,13 @@ typedef struct pgp_seckey_t {
pgp_dsa_seckey_t dsa;
pgp_elgamal_seckey_t elgamal;
} key;
unsigned checksum;
uint8_t *checkhash;
unsigned checksum;
uint8_t *checkhash;
// needed for dealing with encrypted keys
int encrypted;
char *passphrase;
pgp_subpacket_t packet; // raw data
} pgp_seckey_t;
/** Signature Type.
@ -795,12 +843,6 @@ typedef struct pgp_ss_sig_target_t {
pgp_data_t hash;
} pgp_ss_sig_target_t;
/** pgp_subpacket_t */
typedef struct pgp_subpacket_t {
size_t length;
uint8_t *raw;
} pgp_subpacket_t;
/** Types of Compression */
typedef enum {
PGP_C_NONE = 0,
@ -997,6 +1039,7 @@ typedef union {
pgp_dyn_body_t se_ip_data_body;
pgp_fixed_body_t se_data_body;
pgp_get_seckey_t get_seckey;
pgp_seckey_passphrase_t skey_passphrase;
} pgp_contents_t;
/** pgp_packet_t */
@ -1032,42 +1075,6 @@ void pgp_seckey_free(pgp_seckey_t *);
int pgp_seckey_dup(pgp_seckey_t *,pgp_seckey_t *);
void pgp_pk_sesskey_free(pgp_pk_sesskey_t *);
#define DYNARRAY(type, arr) \
unsigned arr##c; unsigned arr##vsize; type *arr##s
#define EXPAND_ARRAY(str, arr) do { \
if (str->arr##c == str->arr##vsize) { \
void *__newarr; \
uint8_t *__newarrc; \
unsigned __newsize; \
__newsize = (str->arr##vsize * 2) + 10; \
if ((__newarrc = __newarr = realloc(str->arr##s, \
__newsize * sizeof(*str->arr##s))) == NULL) { \
(void) fprintf(stderr, "EXPAND_ARRAY - bad realloc\n"); \
} else { \
(void) memset(&__newarrc[str->arr##vsize * sizeof(*str->arr##s)], \
0x0, (__newsize - str->arr##vsize) * sizeof(*str->arr##s)); \
str->arr##s = __newarr; \
str->arr##vsize = __newsize; \
} \
} \
} while(/*CONSTCOND*/0)
#define FREE_ARRAY(str, arr) do { \
if (str->arr##s) { \
free(str->arr##s); \
str->arr##s = NULL; \
str->arr##vsize = 0; \
str->arr##c = 0; \
} \
} while(/*CONSTCOND*/0)
#define INIT_ARRAY(str, arr) do { \
str->arr##s = NULL; \
str->arr##vsize = 0; \
str->arr##c = 0; \
} while(/*CONSTCOND*/0)
/** pgp_keydata_key_t
*/
typedef union {
@ -1094,6 +1101,7 @@ typedef struct pgp_subkeysig_t {
typedef struct pgp_subkey_t {
pgp_keydata_key_t key; /* pubkey/seckey data */
uint8_t id[PGP_KEY_ID_SIZE];
pgp_subpacket_t packet;
} pgp_subkey_t;
typedef struct pgp_directsig_t {
@ -1121,7 +1129,7 @@ struct pgp_key_t {
};
typedef enum {
PGP_VALID,
PGP_VALID = 0,
PGP_WEAK,
PGP_TOOSHORT,
PGP_INVALID,


+ 5
- 2
include/netpgp/signature.h View File

@ -161,7 +161,8 @@ unsigned pgp_writer_use_armored_sig(pgp_output_t *);
void pgp_writer_push_armoured(pgp_output_t *, pgp_armor_type_t);
pgp_memory_t *pgp_sign_buf(pgp_io_t *,
pgp_memory_t *pgp_sign_buf(
pgp_io_t *,
const void *,
const size_t,
const pgp_seckey_t *,
@ -169,7 +170,9 @@ pgp_memory_t *pgp_sign_buf(pgp_io_t *,
const time_t,
const char *,
const unsigned,
const unsigned);
const unsigned,
unsigned*
);
/** \ingroup Core_Create
* needed for signature creation


+ 7
- 10
include/netpgp/validate.h View File

@ -76,7 +76,6 @@ typedef struct validate_key_cb_t{
uint8_t hash[PGP_MAX_HASH_SIZE];
const pgp_keyring_t *keyring;
pgp_validation_t *result;
char *passphrase;
unsigned not_commited; /* tells on_valid it is first commit of that key */
pgp_sig_info_t valid_sig_info; /* store last valid sig info */
@ -114,13 +113,6 @@ unsigned check_binary_sig(const uint8_t *,
const pgp_sig_t *,
const pgp_pubkey_t *);
unsigned pgp_validate_file(pgp_io_t *,
pgp_validation_t *,
const char *,
const char *,
const int,
const pgp_keyring_t *);
unsigned pgp_validate_mem(pgp_io_t *,
pgp_validation_t *,
pgp_memory_t *,
@ -146,7 +138,8 @@ pgp_filter_keys_fileread(
pgp_keyring_t *destsecring,
pgp_keyring_t *certring,
const unsigned armour,
const char *filename
const char *filename,
const int import
);
unsigned
@ -156,7 +149,11 @@ pgp_filter_keys_from_mem(
pgp_keyring_t *destsecring,
pgp_keyring_t *certring,
const unsigned armour,
pgp_memory_t *mem
pgp_memory_t *mem,
const int import
);
void netpgp_set_validation_password(char *);
char *netpgp_get_validation_password();
#endif /* !VALIDATE_H_ */

+ 1
- 1
src/compress.c View File

@ -400,7 +400,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
return 0;
}
ret = pgp_parse(stream, !printerrors);
ret = pgp_parse(stream, !printerrors, 0);
pgp_reader_pop(stream);


+ 174
- 80
src/create.c View File

@ -231,7 +231,7 @@ pubkey_length(const pgp_pubkey_t *key)
static unsigned
seckey_length(const pgp_seckey_t *key)
{
int len;
int len = 0;
switch (key->pubkey.alg) {
case PGP_PKA_EDDSA:
@ -239,22 +239,31 @@ seckey_length(const pgp_seckey_t *key)
// TODO
printf("%s:%d, %s: Elliptic curves pub(%d)\n",__FILE__,__LINE__,__FUNCTION__,key->pubkey.alg);
break;
case PGP_PKA_DSA:
return (unsigned)(mpi_length(key->key.dsa.x) + pubkey_length(&key->pubkey));
case PGP_PKA_RSA:
len = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) +
mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u);
len =
mpi_length(key->key.dsa.x)
+ pubkey_length(&key->pubkey);
break;
return (unsigned)(len + pubkey_length(&key->pubkey));
case PGP_PKA_RSA:
len =
mpi_length(key->key.rsa.d)
+ mpi_length(key->key.rsa.p)
+ mpi_length(key->key.rsa.q)
+ mpi_length(key->key.rsa.u)
+ pubkey_length(&key->pubkey);
break;
case PGP_PKA_ELGAMAL:
return (unsigned)(
mpi_length(key->key.dsa.x) + pubkey_length(&key->pubkey));
len =
mpi_length(key->key.dsa.x)
+ pubkey_length(&key->pubkey);
default:
(void) fprintf(stderr, "seckey_length: unknown key algorithm\n");
}
return 0;
return len;
}
#ifdef HAVE_OPENSSL
@ -332,17 +341,15 @@ write_pubkey_body(const pgp_pubkey_t *key, pgp_output_t *output)
* verification.
*/
static unsigned
write_seckey_body(const pgp_seckey_t *key,
const uint8_t *passphrase,
const size_t pplen,
pgp_output_t *output)
write_seckey_body(const pgp_seckey_t *key, pgp_output_t *output)
{
/* RFC4880 Section 5.5.3 Secret-Key Packet Formats */
pgp_crypt_t crypted;
pgp_hash_t hash;
pgp_hash_t hash;
unsigned done = 0;
unsigned i = 0;
uint8_t sesskey[CAST_KEY_LENGTH];
memset(&hash, 0, sizeof(pgp_hash_t));
if (!write_pubkey_body(&key->pubkey, output)) {
return 0;
@ -355,17 +362,15 @@ write_seckey_body(const pgp_seckey_t *key,
(void) fprintf(stderr, "write_seckey_body: s2k usage\n");
return 0;
}
if (key->alg != PGP_SA_CAST5) {
(void) fprintf(stderr, "write_seckey_body: algorithm\n");
return 0;
}
if (!pgp_write_scalar(output, (unsigned)key->alg, 1)) {
return 0;
}
if (key->s2k_specifier != PGP_S2KS_SIMPLE &&
key->s2k_specifier != PGP_S2KS_SALTED) {
if (
key->s2k_specifier != PGP_S2KS_SIMPLE &&
key->s2k_specifier != PGP_S2KS_ITERATED_AND_SALTED &&
key->s2k_specifier != PGP_S2KS_SALTED
) {
/* = 1 \todo could also be iterated-and-salted */
(void) fprintf(stderr, "write_seckey_body: s2k spec\n");
return 0;
@ -382,6 +387,12 @@ write_seckey_body(const pgp_seckey_t *key,
/* nothing more to do */
break;
/*
* \todo case PGP_S2KS_ITERATED_AND_SALTED: // 8-octet salt
* value // 1-octet count break;
*/
case PGP_S2KS_ITERATED_AND_SALTED:
case PGP_S2KS_SALTED:
/* 8-octet salt value */
pgp_random(__UNCONST(&key->salt[0]), PGP_SALT_SIZE);
@ -390,15 +401,8 @@ write_seckey_body(const pgp_seckey_t *key,
}
break;
/*
* \todo case PGP_S2KS_ITERATED_AND_SALTED: // 8-octet salt
* value // 1-octet count break;
*/
default:
(void) fprintf(stderr,
"invalid/unsupported s2k specifier %d\n",
key->s2k_specifier);
(void) fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier);
return 0;
}
@ -414,9 +418,10 @@ write_seckey_body(const pgp_seckey_t *key,
switch (key->s2k_specifier) {
case PGP_S2KS_SIMPLE:
case PGP_S2KS_SALTED:
/* RFC4880: section 3.7.1.1 and 3.7.1.2 */
case PGP_S2KS_ITERATED_AND_SALTED:
/* RFC4880: section 3.7.1.1 and 3.7.1.2 and 3.7.1.3 */
for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) {
for (done = 0, i = 0; done < pgp_key_size(key->alg); i++) {
unsigned hashsize;
unsigned j;
unsigned needed;
@ -424,10 +429,9 @@ write_seckey_body(const pgp_seckey_t *key,
uint8_t zero = 0;
uint8_t *hashed;
/* Hard-coded SHA1 for session key */
pgp_hash_any(&hash, PGP_HASH_SHA1);
pgp_hash_any(&hash, key->hash_alg);
hashsize = pgp_hash_size(key->hash_alg);
needed = CAST_KEY_LENGTH - done;
needed = pgp_key_size(key->alg) - done;
size = MIN(needed, hashsize);
if ((hashed = calloc(1, hashsize)) == NULL) {
(void) fprintf(stderr, "write_seckey_body: bad alloc\n");
@ -454,7 +458,7 @@ write_seckey_body(const pgp_seckey_t *key,
if (key->s2k_specifier == PGP_S2KS_SALTED) {
hash.add(&hash, key->salt, PGP_SALT_SIZE);
}
hash.add(&hash, passphrase, (unsigned)pplen);
hash.add(&hash, key->passphrase, strlen(key->passphrase));
hash.finish(&hash, hashed);
/*
@ -465,19 +469,15 @@ write_seckey_body(const pgp_seckey_t *key,
hashed, (unsigned)size);
done += (unsigned)size;
free(hashed);
if (done > CAST_KEY_LENGTH) {
(void) fprintf(stderr,
"write_seckey_body: short add\n");
if (done > pgp_key_size(key->alg) ) {
(void) fprintf(stderr, "write_seckey_body: short add\n");
return 0;
}
}
break;
//if ( key->s2k_specifier == PGP_S2KS_ITERATED_AND_SALTED )
/*
* \todo case PGP_S2KS_ITERATED_AND_SALTED: * 8-octet salt
* value * 1-octet count break;
*/
break;
default:
(void) fprintf(stderr,
@ -495,7 +495,7 @@ write_seckey_body(const pgp_seckey_t *key,
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "writing: iv=", key->iv, pgp_block_size(key->alg));
hexdump(stderr, "key= ", sesskey, CAST_KEY_LENGTH);
hexdump(stderr, "key= ", sesskey, pgp_key_size(key->alg));
(void) fprintf(stderr, "\nturning encryption on...\n");
}
pgp_push_enc_crypt(output, &crypted);
@ -571,6 +571,108 @@ pgp_write_struct_pubkey(pgp_output_t *output, const pgp_pubkey_t *key)
return pgp_write_struct_pubkey_ptag(output, key, PGP_PTAG_CT_PUBLIC_KEY);
}
/**
* \ingroup Core_WritePackets
* \brief Writes a Secret Key packet.
* \param key The secret key
* \param passphrase The passphrase
* \param pplen Length of passphrase
* \param output
* \return 1 if OK; else 0
*/
unsigned
pgp_write_struct_crypted_seckey_ptag(const pgp_seckey_t *key, pgp_output_t *output, pgp_content_enum ptag)
{
int length = 0;
if (key->pubkey.version != 4) {
(void) fprintf(stderr, "pgp_write_struct_seckey: public key version\n");
return 0;
}
/* Ref: RFC4880 Section 5.5.3 */
/* pubkey, excluding MPIs */
length += 1 + 4 + 1;
/* s2k usage */
length += 1;
switch (key->s2k_usage) {
case PGP_S2KU_NONE:
/* nothing to add */
break;
case PGP_S2KU_ENCRYPTED_AND_HASHED: /* 254 */
case PGP_S2KU_ENCRYPTED: /* 255 */
/* Ref: RFC4880 Section 3.7 */
length += 1; /* s2k_specifier */
switch (key->s2k_specifier) {
case PGP_S2KS_SIMPLE:
length += 1; /* hash algorithm */
break;
case PGP_S2KS_SALTED:
length += 1 + 8; /* hash algorithm + salt */
break;
case PGP_S2KS_ITERATED_AND_SALTED:
length += 1 + 8 + 1; /* hash algorithm, salt +
* count */
break;
default:
(void) fprintf(stderr,
"pgp_write_struct_seckey: s2k spec\n");
return 0;
}
break;
default:
(void) fprintf(stderr,
"pgp_write_struct_seckey: s2k usage\n");
return 0;
}
/* IV */
if (key->s2k_usage) {
length += pgp_block_size(key->alg);
}
/* checksum or hash */
switch (key->s2k_usage) {
case PGP_S2KU_NONE:
case PGP_S2KU_ENCRYPTED:
length += 2;
break;
case PGP_S2KU_ENCRYPTED_AND_HASHED:
length += PGP_CHECKHASH_SIZE;
break;
default:
(void) fprintf(stderr,
"pgp_write_struct_seckey: s2k cksum usage\n");
return 0;
}
/* secret key and public key MPIs */
//length += (unsigned)seckey_length(key);
pgp_write_ptag(output, ptag);
if (!write_pubkey_body(&key->pubkey, output)) {
return 0;
}
//&&
/* pgp_write_length(output,1+4+1+1+seckey_length(key)+2) && */
// pgp_write_length(output, (unsigned)length) &&
// write_seckey_body(key, output);
return 1;
}
/**
\ingroup HighLevel_KeyWrite
@ -597,6 +699,7 @@ pgp_write_xfer_key(pgp_output_t *output,
unsigned subkeyidx = 0;
unsigned subkeysigidx = 0;
pgp_subkeysig_t *subkeysigp;
int i;
if (armoured) {
pgp_writer_push_armoured(output, (key->type == PGP_PTAG_CT_PUBLIC_KEY)?PGP_PGP_PUBLIC_KEY_BLOCK:PGP_PGP_PRIVATE_KEY_BLOCK);
@ -607,8 +710,12 @@ pgp_write_xfer_key(pgp_output_t *output,
if (!pgp_write_struct_pubkey(output, &key->key.pubkey)) {
return 0;
}
}else{
if (!pgp_write_struct_seckey(&key->key.seckey, (const uint8_t *)"", 0, output)) {
} else {
if ( key->key.seckey.encrypted ) {
if (!pgp_write_struct_crypted_seckey_ptag(&key->key.seckey, output, PGP_PTAG_CT_SECRET_KEY)) {
return 0;
}
} else if (!pgp_write_struct_seckey(&key->key.seckey, output)) {
return 0;
}
}
@ -647,27 +754,27 @@ pgp_write_xfer_key(pgp_output_t *output,
/* Loop over key's subkeys */
subkeyp = key->subkeys;
printf("Having %d subkeys\n", key->subkeyc);
for (subkeyidx = 0 ; subkeyidx < key->subkeyc; subkeyidx++, subkeyp++)
{
if (key->type == PGP_PTAG_CT_PUBLIC_KEY) {
if (!pgp_write_struct_pubkey_ptag(
output, &subkeyp->key.pubkey,
PGP_PTAG_CT_PUBLIC_SUBKEY)) {
if (!pgp_write_struct_pubkey_ptag( output, &subkeyp->key.pubkey, PGP_PTAG_CT_PUBLIC_SUBKEY)) {
return 0;
}
}else{
if (!pgp_write_struct_seckey_ptag(
/* TODO support passphrase again */
&subkeyp->key.seckey, (const uint8_t *)"", 0, output,
PGP_PTAG_CT_SECRET_SUBKEY)) {
} else {
if ( key->key.seckey.encrypted ) {
if (!pgp_write_struct_crypted_seckey_ptag( &subkeyp->key.seckey, output, PGP_PTAG_CT_SECRET_SUBKEY)) {
return 0;
}
} else
if (!pgp_write_struct_seckey_ptag( &subkeyp->key.seckey, output, PGP_PTAG_CT_SECRET_SUBKEY)) {
return 0;
}
}
/* Loop over key's subkeys sigs */
subkeysigp = key->subkeysigs;
for (subkeysigidx = 0 ; subkeysigidx < key->subkeysigc;
subkeysigidx++, subkeysigp++)
for (subkeysigidx = 0 ; subkeysigidx < key->subkeysigc; subkeysigidx++, subkeysigp++)
{
/* matching selected subkey */
if(subkeysigp->subkey == subkeyidx)
@ -780,17 +887,12 @@ pgp_build_pubkey(pgp_memory_t *out, const pgp_pubkey_t *key, unsigned make_packe
* \return 1 if OK; else 0
*/
unsigned
pgp_write_struct_seckey_ptag(const pgp_seckey_t *key,
const uint8_t *passphrase,
const size_t pplen,
pgp_output_t *output,
pgp_content_enum ptag)
pgp_write_struct_seckey_ptag(const pgp_seckey_t *key, pgp_output_t *output, pgp_content_enum ptag)
{
int length = 0;
int length = 0;
if (key->pubkey.version != 4) {
(void) fprintf(stderr,
"pgp_write_struct_seckey: public key version\n");
(void) fprintf(stderr, "pgp_write_struct_seckey: public key version\n");
return 0;
}
@ -844,6 +946,7 @@ pgp_write_struct_seckey_ptag(const pgp_seckey_t *key,
if (key->s2k_usage) {
length += pgp_block_size(key->alg);
}
/* checksum or hash */
switch (key->s2k_usage) {
case PGP_S2KU_NONE:
@ -863,21 +966,16 @@ pgp_write_struct_seckey_ptag(const pgp_seckey_t *key,
/* secret key and public key MPIs */
length += (unsigned)seckey_length(key);
return pgp_write_ptag(output, ptag) &&
/* pgp_write_length(output,1+4+1+1+seckey_length(key)+2) && */
pgp_write_length(output, (unsigned)length) &&
write_seckey_body(key, passphrase, pplen, output);
write_seckey_body(key, output);
}
unsigned
pgp_write_struct_seckey(const pgp_seckey_t *key,
const uint8_t *passphrase,
const size_t pplen,
pgp_output_t *output)
pgp_write_struct_seckey(const pgp_seckey_t *key, pgp_output_t *output)
{
return pgp_write_struct_seckey_ptag(
key, passphrase, pplen, output, PGP_PTAG_CT_SECRET_KEY);
return pgp_write_struct_seckey_ptag(key, output, PGP_PTAG_CT_SECRET_KEY);
}
/**
* \ingroup Core_Create
@ -1098,21 +1196,18 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
break;
}
if ((encoded_m_buf = calloc(1, sz_encoded_m_buf)) == NULL) {
(void) fprintf(stderr,
"pgp_create_pk_sesskey: can't allocate\n");
(void) fprintf(stderr, "pgp_create_pk_sesskey: can't allocate\n");
free(unencoded_m_buf);
return NULL;
}
if ((sesskey = calloc(1, sizeof(*sesskey))) == NULL) {
(void) fprintf(stderr,
"pgp_create_pk_sesskey: can't allocate\n");
(void) fprintf(stderr, "pgp_create_pk_sesskey: can't allocate\n");
free(unencoded_m_buf);
free(encoded_m_buf);
return NULL;
}
if (key->type != PGP_PTAG_CT_PUBLIC_KEY) {
(void) fprintf(stderr,
"pgp_create_pk_sesskey: bad type\n");
(void) fprintf(stderr, "pgp_create_pk_sesskey: bad type (%d)\n", key->type);
free(unencoded_m_buf);
free(encoded_m_buf);
free(sesskey);
@ -1136,8 +1231,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
case PGP_PKA_ELGAMAL:
break;
default:
(void) fprintf(stderr,
"pgp_create_pk_sesskey: bad pubkey algorithm\n");
(void) fprintf(stderr, "pgp_create_pk_sesskey: bad pubkey algorithm\n");
free(unencoded_m_buf);
free(encoded_m_buf);
free(sesskey);


+ 44
- 275
src/crypto.c View File

@ -99,7 +99,6 @@ pgp_decrypt_decode_mpi(uint8_t *buf,
#endif
const pgp_seckey_t *seckey)
{
printf("%s\n",__FUNCTION__);
unsigned mpisize;
uint8_t encmpibuf[NETPGP_BUFSIZ];
uint8_t mpibuf[NETPGP_BUFSIZ];
@ -231,7 +230,6 @@ pgp_rsa_encrypt_mpi(const uint8_t *encoded_m_buf,
const pgp_pubkey_t * pubkey,
pgp_pk_sesskey_params_t * skp)
{
printf("%s\n",__FUNCTION__);
uint8_t encmpibuf[NETPGP_BUFSIZ];
int n;
@ -326,7 +324,7 @@ pgp_elgamal_encrypt_mpi(const uint8_t *encoded_m_buf,
static pgp_cb_ret_t
write_parsed_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
{
const pgp_contents_t *content = &pkt->u;
const pgp_contents_t *content = &pkt->u;
if (pgp_get_debug_level(__FILE__)) {
printf("write_parsed_cb: ");
@ -356,10 +354,15 @@ write_parsed_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
return pgp_get_seckey_cb(pkt, cbinfo);
case PGP_GET_PASSPHRASE:
printf("%s:%d\n",__FILE__,__LINE__);
if(cbinfo->cryptinfo.passphrase) {
cbinfo->passphrase=strdup(cbinfo->cryptinfo.passphrase);
}
break;
return PGP_KEEP_MEMORY;
case PGP_PTAG_CT_ENCRYPTED_SECRET_KEY:
printf("%s:%d\n",__FILE__,__LINE__);
return PGP_KEEP_MEMORY;
case PGP_PTAG_CT_LITDATA_BODY:
return pgp_litdata_cb(pkt, cbinfo);
@ -390,74 +393,6 @@ write_parsed_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
return PGP_RELEASE_MEMORY;
}
/**
\ingroup HighLevel_Crypto
Encrypt a file
\param infile Name of file to be encrypted
\param outfile Name of file to write to. If NULL, name is constructed from infile
\param pubkey Public Key to encrypt file for
\param use_armour Write armoured text, if set
\param allow_overwrite Allow output file to be overwrwritten if it exists
\return 1 if OK; else 0
*/
unsigned
pgp_encrypt_file(pgp_io_t *io,
const char *infile,
const char *outfile,
const pgp_key_t *key,
const unsigned use_armour,
const unsigned allow_overwrite,
const char *cipher)
{
pgp_output_t *output;
pgp_memory_t *inmem;
pgp_keyring_t *rcpts;
int fd_out;
__PGP_USED(io);
inmem = pgp_memory_new();
if (!pgp_mem_readfile(inmem, infile)) {
return 0;
}
fd_out = pgp_setup_file_write(&output, outfile, allow_overwrite);
if (fd_out < 0) {
pgp_memory_free(inmem);
return 0;
}
/* set armoured/not armoured here */
if (use_armour) {
pgp_writer_push_armor_msg(output);
}
if ((rcpts = calloc(1, sizeof(*rcpts))) == NULL) {
(void) fprintf(io->errs,
"netpgp_encrypt_buf: out of memory to create recipients list\n");
return 0;
}
pgp_keyring_add(rcpts, key);
if(rcpts->keys == NULL){
(void) fprintf(io->errs,
"netpgp_encrypt_buf: out of memory to add recipient\n");
return 0;
}
/* Push the encrypted writer */
if (!pgp_push_enc_se_ip(output, rcpts, cipher, 0)) {
pgp_memory_free(inmem);
return 0;
}
pgp_keyring_free(rcpts);
/* This does the writing */
pgp_write(output, pgp_mem_data(inmem), (unsigned)pgp_mem_len(inmem));
/* tidy up */
pgp_memory_free(inmem);
pgp_teardown_file_write(output, fd_out);
return 1;
}
/* encrypt the contents of the input buffer, and return the mem structure */
pgp_memory_t *
pgp_encrypt_buf(pgp_io_t *io,
@ -473,8 +408,7 @@ pgp_encrypt_buf(pgp_io_t *io,
__PGP_USED(io);
if (input == NULL) {
(void) fprintf(io->errs,
"pgp_encrypt_buf: null memory\n");
(void) fprintf(io->errs, "pgp_encrypt_buf: null memory\n");
return 0;
}
@ -498,180 +432,6 @@ pgp_encrypt_buf(pgp_io_t *io,
return outmem;
}
/**
\ingroup HighLevel_Crypto
\brief Decrypt a file.
\param infile Name of file to be decrypted
\param outfile Name of file to write to. If NULL, the filename is constructed from the input filename, following GPG conventions.
\param keyring Keyring to use
\param use_armour Expect armoured text, if set
\param allow_overwrite Allow output file to overwritten, if set.
\param getpassfunc Callback to use to get passphrase
*/
unsigned
pgp_decrypt_file(pgp_io_t *io,
const char *infile,
const char *outfile,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
const unsigned use_armour,
const unsigned allow_overwrite,
int numtries,
char *passphrase)
{
pgp_stream_t *parse = NULL;
const int printerrors = 1;
char *filename = NULL;
int fd_in;
int fd_out;
/* setup for reading from given input file */
fd_in = pgp_setup_file_read(io, &parse, infile,
NULL,
write_parsed_cb,
0);
if (fd_in < 0) {
perror(infile);
return 0;
}
/* setup output filename */
if (outfile) {
fd_out = pgp_setup_file_write(&parse->cbinfo.output, outfile,
allow_overwrite);
if (fd_out < 0) {
perror(outfile);
pgp_teardown_file_read(parse, fd_in);
return 0;
}
} else {
const int suffixlen = 4;
const char *suffix = infile + strlen(infile) - suffixlen;
unsigned filenamelen;
if (strcmp(suffix, ".gpg") == 0 ||
strcmp(suffix, ".asc") == 0) {
filenamelen = (unsigned)(strlen(infile) - strlen(suffix));
if ((filename = calloc(1, filenamelen + 1)) == NULL) {
(void) fprintf(stderr, "can't allocate %" PRIsize "d bytes\n",
(size_t)(filenamelen + 1));
return 0;
}
memcpy(filename, infile, filenamelen);
filename[filenamelen] = 0x0;
}
fd_out = pgp_setup_file_write(&parse->cbinfo.output,
filename, allow_overwrite);
if (fd_out < 0) {
perror(filename);
free(filename);
pgp_teardown_file_read(parse, fd_in);
return 0;
}
}
/* \todo check for suffix matching armour param */
/* setup for writing decrypted contents to given output file */
/* setup keyring and passphrase callback */
parse->cbinfo.cryptinfo.secring = secring;
parse->cbinfo.cryptinfo.passphrase = strdup(passphrase);
parse->cbinfo.cryptinfo.pubring = pubring;
parse->cbinfo.numtries = numtries;
/* Set up armour/passphrase options */
if (use_armour) {
pgp_reader_push_dearmour(parse);
}
/* Do it */
pgp_parse(parse, printerrors);
/* Unsetup */
if (use_armour) {
pgp_reader_pop_dearmour(parse);
}
/* if we didn't get the passphrase, unlink output file */
if (!parse->cbinfo.gotpass) {
(void) unlink((filename) ? filename : outfile);
}
if (filename) {
pgp_teardown_file_write(parse->cbinfo.output, fd_out);
free(filename);
}
pgp_teardown_file_read(parse, fd_in);
/* \todo cleardown crypt */
return 1;
}
/* decrypt an area of memory */
pgp_memory_t *
pgp_decrypt_buf(pgp_io_t *io,
const void *input,
const size_t insize,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
const unsigned use_armour,
int numtries,
char *passphrase)
{
pgp_stream_t *parse = NULL;
pgp_memory_t *outmem;
pgp_memory_t *inmem;
const int printerrors = 1;
if (input == NULL) {
(void) fprintf(io->errs,
"pgp_encrypt_buf: null memory\n");
return 0;
}
inmem = pgp_memory_new();
pgp_memory_add(inmem, input, insize);
/* set up to read from memory */
pgp_setup_memory_read(io, &parse, inmem,
NULL,
write_parsed_cb,
0);
/* setup for writing decrypted contents to given output file */
pgp_setup_memory_write(&parse->cbinfo.output, &outmem, insize);
/* setup keyring and passphrase callback */
parse->cbinfo.cryptinfo.secring = secring;
parse->cbinfo.cryptinfo.pubring = pubring;
parse->cbinfo.cryptinfo.passphrase = strdup(passphrase);
parse->cbinfo.numtries = numtries;
/* Set up armour/passphrase options */
if (use_armour) {
pgp_reader_push_dearmour(parse);
}
/* Do it */
pgp_parse(parse, printerrors);
/* Unsetup */
if (use_armour) {
pgp_reader_pop_dearmour(parse);
}
/* tidy up */
pgp_teardown_memory_read(parse, inmem);
pgp_writer_close(parse->cbinfo.output);
pgp_output_delete(parse->cbinfo.output);
/* if we didn't get the passphrase, return NULL */
return (parse->cbinfo.gotpass) ? outmem : NULL;
}
/* Special callback for decrypt and validate */
static pgp_cb_ret_t
pgp_decrypt_and_validate_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
@ -703,28 +463,28 @@ pgp_decrypt_and_validate_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
/* decrypt and validate an area of memory */
pgp_memory_t *
pgp_decrypt_and_validate_buf(pgp_io_t *io,
pgp_validation_t *result,
const void *input,
const size_t insize,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
const unsigned use_armour,
key_id_t **recipients_key_ids,
unsigned *recipients_count)
pgp_decrypt_and_validate_buf(
netpgp_t *netpgp,
pgp_validation_t *result,
const void *input,
const size_t insize,
pgp_keyring_t *secring,
pgp_keyring_t *pubring,
const unsigned use_armour,
key_id_t **recipients_key_ids,
unsigned *recipients_count
)
{
// historical code bloat...
int numtries = -1;
pgp_io_t *io = netpgp->io;
validate_data_cb_t validation;
pgp_stream_t *stream = NULL;
pgp_memory_t *outmem;
pgp_memory_t *inmem;
const int printerrors = 1;
unsigned ret;
const int printerrors = 0;
if (input == NULL) {
(void) fprintf(io->errs,
"pgp_encrypt_buf: null memory\n");
if (input == NULL || insize == 0) {
(void) fprintf(io->errs, "pgp_encrypt_buf: null memory\n");
return 0;
}
@ -732,10 +492,7 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
pgp_memory_add(inmem, input, insize);
/* set up to read from memory */
pgp_setup_memory_read(io, &stream, inmem,
&validation,
pgp_decrypt_and_validate_cb,
1);
pgp_setup_memory_read(io, &stream, inmem, &validation, pgp_decrypt_and_validate_cb, 1);
/* Set verification reader and handling options */
(void) memset(&validation, 0x0, sizeof(validation));
@ -750,8 +507,7 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
/* setup keyring and passphrase callback */
stream->cbinfo.cryptinfo.secring = secring;
stream->cbinfo.cryptinfo.pubring = pubring;
stream->cbinfo.cryptinfo.passphrase = NULL;
stream->cbinfo.numtries = numtries;
stream->cbinfo.cryptinfo.passphrase = netpgp_getvar(netpgp, "password");
/* Set up armour */
if (use_armour) {
@ -759,7 +515,15 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
}
/* Do it */
pgp_parse(stream, printerrors);
ret = pgp_parse(stream, printerrors, 0);
if(ret == PGP_PASSWORD_REQUIRED) {
printf("Password required!\n");
goto leave_decryption;
}
if(ret == PGP_WRONG_PASSWORD) {
printf("Wrong password!\n");
goto leave_decryption;
}
/* Unsetup */
if (use_armour) {
@ -773,9 +537,11 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
*recipients_key_ids = calloc(sizeof(key_id_t),*recipients_count);
if( *recipients_key_ids != NULL)
{
memcpy(*recipients_key_ids,
stream->cbinfo.cryptinfo.recipients_key_idss,
sizeof(key_id_t) * *recipients_count);
memcpy(
*recipients_key_ids,
stream->cbinfo.cryptinfo.recipients_key_idss,
sizeof(key_id_t) * *recipients_count
);
}
}
@ -785,7 +551,8 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
*recipients_count = 0;
outmem = NULL;
}
leave_decryption:
/* tidy up */
pgp_writer_close(stream->cbinfo.output);
pgp_output_delete(stream->cbinfo.output);
@ -795,3 +562,5 @@ pgp_decrypt_and_validate_buf(pgp_io_t *io,
return outmem;
}

+ 59
- 16
src/keyring.c View File

@ -308,7 +308,7 @@ pgp_key_find_key_conds(
if(!sigcond || sigcond(&directsigp->siginfo, sigcondarg))
{
/* youngest signature is deciding */
if(directsigp->siginfo.birthtime > youngest)
if(directsigp->siginfo.birthtime >= youngest)
{
youngest = directsigp->siginfo.birthtime;
res = -1; /* Primary key is a candidate */
@ -652,6 +652,40 @@ typedef struct {
pgp_seckey_t *seckey;
} decrypt_t;
/* add a key to a secret keyring */
int
pgp_add_crypted_to_secring(pgp_keyring_t *keyring, pgp_keyring_t *pubring, const pgp_seckey_t *seckey)
{
pgp_key_t *key = NULL;
pgp_pubkey_t pubkey;
uint8_t uid[PGP_KEY_ID_SIZE];
if (pgp_get_debug_level(__FILE__)) {
fprintf(stderr, "pgp_add_crypted_to_secring\n");
}
if ( pubring->keyc > 0 ) {
key = &pubring->keys[pubring->keyc-1];
if (pgp_get_debug_level(__FILE__) && key->key.pubkey.alg == PGP_PKA_DSA && seckey->pubkey.alg == PGP_PKA_ELGAMAL) {
fprintf(stderr, "pgp_add_to_secring: found elgamal seckey\n");
}
}
if ( !key ) {
key = malloc(sizeof(pgp_key_t));
memset(key,0,sizeof(pgp_key_t));
}
pubkey = seckey->pubkey;
pgp_keyid(uid, PGP_KEY_ID_SIZE, &pubkey, keyring->hashtype);
EXPAND_ARRAY(key, uid);
key->type = PGP_PTAG_CT_SECRET_KEY;
key->key.seckey = *seckey;
pgp_keyring_add(keyring,key);
return 1;
}
static pgp_cb_ret_t
decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
{
@ -670,6 +704,10 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
case PGP_GET_PASSPHRASE:
break;
case PGP_PTAG_CT_ENCRYPTED_SECRET_KEY:
printf("Wuff\n");
break;
case PGP_PARSER_ERRCODE:
switch (content->errcode.errcode) {
case PGP_E_P_MPI_FORMAT_ERROR:
@ -701,6 +739,7 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
return PGP_KEEP_MEMORY;
case PGP_PARSER_PACKET_END:
printf("Miaaaaaau\n");
/* nothing to do */
break;
@ -732,7 +771,7 @@ pgp_decrypt_seckey(const pgp_key_t *key, char *passphrase)
pgp_keydata_reader_set(stream, key);
pgp_set_callback(stream, decrypt_cb, &decrypt);
stream->readinfo.accumulate = 1;
pgp_parse(stream, 1);
pgp_parse(stream, 1, 1);
return decrypt.seckey;
}
@ -954,7 +993,8 @@ pgp_keyring_fileread(
secring,
NULL /*certring -> self cert */,
armour,
filename);
filename,
0);
}
/**
@ -986,7 +1026,9 @@ pgp_keyring_read_from_mem(
pgp_keyring_t *pubring,
pgp_keyring_t *secring,
const unsigned armour,
pgp_memory_t *mem)
pgp_memory_t *mem,
const int import
)
{
return pgp_filter_keys_from_mem(
netpgp,
@ -994,7 +1036,9 @@ pgp_keyring_read_from_mem(
secring,
NULL /* certring -> self certification */,
armour,
mem);
mem,
import
);
}
/**
@ -1073,14 +1117,15 @@ pgp_getkeybyid(pgp_io_t *io, const pgp_keyring_t *keyring,
unsigned checkexpiry)
{
uint8_t nullid[PGP_KEY_ID_SIZE];
pgp_key_t *key;
(void) memset(nullid, 0x0, sizeof(nullid));
for ( ; keyring && *from < keyring->keyc; *from += 1) {
pgp_key_t *key = &keyring->keys[*from];
key = &keyring->keys[*from];
int32_t subkeyidx;
if (pgp_get_debug_level(__FILE__)) {
hexdump(io->errs, "keyring keyid", key->pubkeyid, PGP_KEY_ID_SIZE);
hexdump(io->errs, "keyid", keyid, PGP_KEY_ID_SIZE);
hexdump(stderr, "keyring keyid", key->pubkeyid, PGP_KEY_ID_SIZE);
hexdump(stderr, "keyid", keyid, PGP_KEY_ID_SIZE);
}
subkeyidx = pgp_key_find_key_conds(key, &key_id_match, (void*)keyid, NULL, NULL, checkrevoke, checkexpiry);
@ -1149,7 +1194,6 @@ pgp_getkeybyfpr(pgp_io_t *io, const pgp_keyring_t *keyring,
if (kfp->length =