From dc1856c741e7edc51b723b4aef377c6da21458f6 Mon Sep 17 00:00:00 2001 From: Oliver Wiese <oliver.wiese@fu-berlin.de> Date: Wed, 27 Sep 2017 10:53:26 +0200 Subject: [PATCH] remove unnetpgp --- enzevalos_iphone.xcodeproj/project.pbxproj | 168 - enzevalos_iphone/netpgp/UNNetPGP.h | 104 - enzevalos_iphone/netpgp/UNNetPGP.m | 614 --- enzevalos_iphone/netpgp/fmemopen/README.md | 49 - enzevalos_iphone/netpgp/fmemopen/fmemopen.c | 93 - enzevalos_iphone/netpgp/fmemopen/fmemopen.h | 52 - enzevalos_iphone/netpgp/lib/Licence | 36 - enzevalos_iphone/netpgp/lib/bufgap.c | 520 --- enzevalos_iphone/netpgp/lib/bufgap.h | 88 - enzevalos_iphone/netpgp/lib/compress.c | 501 --- enzevalos_iphone/netpgp/lib/config.h | 181 - enzevalos_iphone/netpgp/lib/create.c | 1305 ------- enzevalos_iphone/netpgp/lib/create.h | 119 - enzevalos_iphone/netpgp/lib/crypto.c | 602 --- enzevalos_iphone/netpgp/lib/crypto.h | 307 -- enzevalos_iphone/netpgp/lib/defs.h | 92 - enzevalos_iphone/netpgp/lib/errors.h | 169 - enzevalos_iphone/netpgp/lib/fastctype.c | 370 -- enzevalos_iphone/netpgp/lib/fastctype.h | 62 - enzevalos_iphone/netpgp/lib/keyring.c | 1153 ------ enzevalos_iphone/netpgp/lib/keyring.h | 152 - enzevalos_iphone/netpgp/lib/memory.h | 87 - enzevalos_iphone/netpgp/lib/misc.c | 1353 ------- enzevalos_iphone/netpgp/lib/mj.c | 575 --- enzevalos_iphone/netpgp/lib/mj.h | 69 - enzevalos_iphone/netpgp/lib/netpgp.c | 1972 ---------- enzevalos_iphone/netpgp/lib/netpgp.h | 113 - enzevalos_iphone/netpgp/lib/netpgpdefs.h | 68 - enzevalos_iphone/netpgp/lib/netpgpdigest.h | 55 - enzevalos_iphone/netpgp/lib/netpgpsdk.h | 74 - enzevalos_iphone/netpgp/lib/openssl_crypto.c | 1050 ------ enzevalos_iphone/netpgp/lib/ops-ssh.h | 41 - enzevalos_iphone/netpgp/lib/packet-parse.c | 3494 ------------------ enzevalos_iphone/netpgp/lib/packet-parse.h | 169 - enzevalos_iphone/netpgp/lib/packet-print.c | 1455 -------- enzevalos_iphone/netpgp/lib/packet-show.c | 918 ----- enzevalos_iphone/netpgp/lib/packet-show.h | 111 - enzevalos_iphone/netpgp/lib/packet.h | 982 ----- enzevalos_iphone/netpgp/lib/reader.c | 2366 ------------ enzevalos_iphone/netpgp/lib/readerwriter.h | 126 - enzevalos_iphone/netpgp/lib/signature.c | 1272 ------- enzevalos_iphone/netpgp/lib/signature.h | 172 - enzevalos_iphone/netpgp/lib/ssh2pgp.c | 472 --- enzevalos_iphone/netpgp/lib/symmetric.c | 802 ---- enzevalos_iphone/netpgp/lib/types.h | 94 - enzevalos_iphone/netpgp/lib/validate.c | 969 ----- enzevalos_iphone/netpgp/lib/validate.h | 120 - enzevalos_iphone/netpgp/lib/version.h | 67 - enzevalos_iphone/netpgp/lib/writer.c | 1794 --------- enzevalos_iphone/netpgp/lib/writer.h | 119 - 50 files changed, 27696 deletions(-) delete mode 100644 enzevalos_iphone/netpgp/UNNetPGP.h delete mode 100644 enzevalos_iphone/netpgp/UNNetPGP.m delete mode 100755 enzevalos_iphone/netpgp/fmemopen/README.md delete mode 100755 enzevalos_iphone/netpgp/fmemopen/fmemopen.c delete mode 100755 enzevalos_iphone/netpgp/fmemopen/fmemopen.h delete mode 100644 enzevalos_iphone/netpgp/lib/Licence delete mode 100644 enzevalos_iphone/netpgp/lib/bufgap.c delete mode 100644 enzevalos_iphone/netpgp/lib/bufgap.h delete mode 100644 enzevalos_iphone/netpgp/lib/compress.c delete mode 100644 enzevalos_iphone/netpgp/lib/config.h delete mode 100644 enzevalos_iphone/netpgp/lib/create.c delete mode 100644 enzevalos_iphone/netpgp/lib/create.h delete mode 100644 enzevalos_iphone/netpgp/lib/crypto.c delete mode 100644 enzevalos_iphone/netpgp/lib/crypto.h delete mode 100644 enzevalos_iphone/netpgp/lib/defs.h delete mode 100644 enzevalos_iphone/netpgp/lib/errors.h delete mode 100644 enzevalos_iphone/netpgp/lib/fastctype.c delete mode 100644 enzevalos_iphone/netpgp/lib/fastctype.h delete mode 100644 enzevalos_iphone/netpgp/lib/keyring.c delete mode 100644 enzevalos_iphone/netpgp/lib/keyring.h delete mode 100644 enzevalos_iphone/netpgp/lib/memory.h delete mode 100644 enzevalos_iphone/netpgp/lib/misc.c delete mode 100644 enzevalos_iphone/netpgp/lib/mj.c delete mode 100644 enzevalos_iphone/netpgp/lib/mj.h delete mode 100644 enzevalos_iphone/netpgp/lib/netpgp.c delete mode 100644 enzevalos_iphone/netpgp/lib/netpgp.h delete mode 100644 enzevalos_iphone/netpgp/lib/netpgpdefs.h delete mode 100644 enzevalos_iphone/netpgp/lib/netpgpdigest.h delete mode 100644 enzevalos_iphone/netpgp/lib/netpgpsdk.h delete mode 100644 enzevalos_iphone/netpgp/lib/openssl_crypto.c delete mode 100644 enzevalos_iphone/netpgp/lib/ops-ssh.h delete mode 100644 enzevalos_iphone/netpgp/lib/packet-parse.c delete mode 100644 enzevalos_iphone/netpgp/lib/packet-parse.h delete mode 100644 enzevalos_iphone/netpgp/lib/packet-print.c delete mode 100644 enzevalos_iphone/netpgp/lib/packet-show.c delete mode 100644 enzevalos_iphone/netpgp/lib/packet-show.h delete mode 100644 enzevalos_iphone/netpgp/lib/packet.h delete mode 100644 enzevalos_iphone/netpgp/lib/reader.c delete mode 100644 enzevalos_iphone/netpgp/lib/readerwriter.h delete mode 100644 enzevalos_iphone/netpgp/lib/signature.c delete mode 100644 enzevalos_iphone/netpgp/lib/signature.h delete mode 100644 enzevalos_iphone/netpgp/lib/ssh2pgp.c delete mode 100644 enzevalos_iphone/netpgp/lib/symmetric.c delete mode 100644 enzevalos_iphone/netpgp/lib/types.h delete mode 100644 enzevalos_iphone/netpgp/lib/validate.c delete mode 100644 enzevalos_iphone/netpgp/lib/validate.h delete mode 100644 enzevalos_iphone/netpgp/lib/version.h delete mode 100644 enzevalos_iphone/netpgp/lib/writer.c delete mode 100644 enzevalos_iphone/netpgp/lib/writer.h diff --git a/enzevalos_iphone.xcodeproj/project.pbxproj b/enzevalos_iphone.xcodeproj/project.pbxproj index cb4fb060..23fd14af 100644 --- a/enzevalos_iphone.xcodeproj/project.pbxproj +++ b/enzevalos_iphone.xcodeproj/project.pbxproj @@ -82,29 +82,6 @@ 476373C21E09BA88004D5EFE /* UserData.swift in Sources */ = {isa = PBXBuildFile; fileRef = 476373C11E09BA88004D5EFE /* UserData.swift */; }; 47691A8A1ECB56D1004BCFC5 /* Mail.swift in Sources */ = {isa = PBXBuildFile; fileRef = 47691A891ECB56D1004BCFC5 /* Mail.swift */; }; 47691A8C1ECC3EC7004BCFC5 /* EphemeralMail.swift in Sources */ = {isa = PBXBuildFile; fileRef = 47691A8B1ECC3EC7004BCFC5 /* EphemeralMail.swift */; }; - 4781753A1F06E57E00300D20 /* fmemopen.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175081F06E57E00300D20 /* fmemopen.c */; }; - 4781753B1F06E57E00300D20 /* README.md in Sources */ = {isa = PBXBuildFile; fileRef = 4781750A1F06E57E00300D20 /* README.md */; }; - 4781753C1F06E57E00300D20 /* bufgap.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781750C1F06E57E00300D20 /* bufgap.c */; }; - 4781753D1F06E57E00300D20 /* compress.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781750E1F06E57E00300D20 /* compress.c */; }; - 4781753E1F06E57E00300D20 /* create.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175101F06E57E00300D20 /* create.c */; }; - 4781753F1F06E57E00300D20 /* crypto.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175121F06E57E00300D20 /* crypto.c */; }; - 478175401F06E57E00300D20 /* fastctype.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175161F06E57E00300D20 /* fastctype.c */; }; - 478175411F06E57E00300D20 /* keyring.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175181F06E57E00300D20 /* keyring.c */; }; - 478175421F06E57E00300D20 /* Licence in Resources */ = {isa = PBXBuildFile; fileRef = 4781751A1F06E57E00300D20 /* Licence */; }; - 478175431F06E57E00300D20 /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781751C1F06E57E00300D20 /* misc.c */; }; - 478175441F06E57E00300D20 /* mj.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781751D1F06E57E00300D20 /* mj.c */; }; - 478175451F06E57E00300D20 /* netpgp.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781751F1F06E57E00300D20 /* netpgp.c */; }; - 478175461F06E57E00300D20 /* openssl_crypto.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175241F06E57E00300D20 /* openssl_crypto.c */; }; - 478175471F06E57E00300D20 /* packet-parse.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175261F06E57E00300D20 /* packet-parse.c */; }; - 478175481F06E57E00300D20 /* packet-print.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175281F06E57E00300D20 /* packet-print.c */; }; - 478175491F06E57E00300D20 /* packet-show.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175291F06E57E00300D20 /* packet-show.c */; }; - 4781754A1F06E57E00300D20 /* reader.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781752C1F06E57E00300D20 /* reader.c */; }; - 4781754B1F06E57E00300D20 /* signature.c in Sources */ = {isa = PBXBuildFile; fileRef = 4781752E1F06E57E00300D20 /* signature.c */; }; - 4781754C1F06E57E00300D20 /* ssh2pgp.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175301F06E57E00300D20 /* ssh2pgp.c */; }; - 4781754D1F06E57E00300D20 /* symmetric.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175311F06E57E00300D20 /* symmetric.c */; }; - 4781754E1F06E57E00300D20 /* validate.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175331F06E57E00300D20 /* validate.c */; }; - 4781754F1F06E57E00300D20 /* writer.c in Sources */ = {isa = PBXBuildFile; fileRef = 478175361F06E57E00300D20 /* writer.c */; }; - 478175501F06E57E00300D20 /* UNNetPGP.m in Sources */ = {isa = PBXBuildFile; fileRef = 478175391F06E57E00300D20 /* UNNetPGP.m */; }; 479BBDDA1EFEA17900A2107C /* bob_enzevalos_public.asc in Resources */ = {isa = PBXBuildFile; fileRef = 479BBDD81EFEA17900A2107C /* bob_enzevalos_public.asc */; }; 479BBDDB1EFEA17900A2107C /* alice_enzevalos_public.asc in Resources */ = {isa = PBXBuildFile; fileRef = 479BBDD91EFEA17900A2107C /* alice_enzevalos_public.asc */; }; 479BBDDD1EFEA3CB00A2107C /* dave_enezvalos_public.asc in Resources */ = {isa = PBXBuildFile; fileRef = 479BBDDC1EFEA3CB00A2107C /* dave_enezvalos_public.asc */; }; @@ -337,55 +314,6 @@ 476373C11E09BA88004D5EFE /* UserData.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserData.swift; sourceTree = "<group>"; }; 47691A891ECB56D1004BCFC5 /* Mail.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Mail.swift; sourceTree = "<group>"; }; 47691A8B1ECC3EC7004BCFC5 /* EphemeralMail.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = EphemeralMail.swift; sourceTree = "<group>"; }; - 478175081F06E57E00300D20 /* fmemopen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fmemopen.c; sourceTree = "<group>"; }; - 478175091F06E57E00300D20 /* fmemopen.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fmemopen.h; sourceTree = "<group>"; }; - 4781750A1F06E57E00300D20 /* README.md */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = net.daringfireball.markdown; path = README.md; sourceTree = "<group>"; }; - 4781750C1F06E57E00300D20 /* bufgap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bufgap.c; sourceTree = "<group>"; }; - 4781750D1F06E57E00300D20 /* bufgap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bufgap.h; sourceTree = "<group>"; }; - 4781750E1F06E57E00300D20 /* compress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = compress.c; sourceTree = "<group>"; }; - 4781750F1F06E57E00300D20 /* config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = config.h; sourceTree = "<group>"; }; - 478175101F06E57E00300D20 /* create.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = create.c; sourceTree = "<group>"; }; - 478175111F06E57E00300D20 /* create.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = create.h; sourceTree = "<group>"; }; - 478175121F06E57E00300D20 /* crypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crypto.c; sourceTree = "<group>"; }; - 478175131F06E57E00300D20 /* crypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = crypto.h; sourceTree = "<group>"; }; - 478175141F06E57E00300D20 /* defs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = defs.h; sourceTree = "<group>"; }; - 478175151F06E57E00300D20 /* errors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = errors.h; sourceTree = "<group>"; }; - 478175161F06E57E00300D20 /* fastctype.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fastctype.c; sourceTree = "<group>"; }; - 478175171F06E57E00300D20 /* fastctype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fastctype.h; sourceTree = "<group>"; }; - 478175181F06E57E00300D20 /* keyring.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keyring.c; sourceTree = "<group>"; }; - 478175191F06E57E00300D20 /* keyring.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keyring.h; sourceTree = "<group>"; }; - 4781751A1F06E57E00300D20 /* Licence */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Licence; sourceTree = "<group>"; }; - 4781751B1F06E57E00300D20 /* memory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memory.h; sourceTree = "<group>"; }; - 4781751C1F06E57E00300D20 /* misc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = misc.c; sourceTree = "<group>"; }; - 4781751D1F06E57E00300D20 /* mj.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mj.c; sourceTree = "<group>"; }; - 4781751E1F06E57E00300D20 /* mj.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mj.h; sourceTree = "<group>"; }; - 4781751F1F06E57E00300D20 /* netpgp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = netpgp.c; sourceTree = "<group>"; }; - 478175201F06E57E00300D20 /* netpgp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netpgp.h; sourceTree = "<group>"; }; - 478175211F06E57E00300D20 /* netpgpdefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netpgpdefs.h; sourceTree = "<group>"; }; - 478175221F06E57E00300D20 /* netpgpdigest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netpgpdigest.h; sourceTree = "<group>"; }; - 478175231F06E57E00300D20 /* netpgpsdk.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = netpgpsdk.h; sourceTree = "<group>"; }; - 478175241F06E57E00300D20 /* openssl_crypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = openssl_crypto.c; sourceTree = "<group>"; }; - 478175251F06E57E00300D20 /* ops-ssh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ops-ssh.h"; sourceTree = "<group>"; }; - 478175261F06E57E00300D20 /* packet-parse.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "packet-parse.c"; sourceTree = "<group>"; }; - 478175271F06E57E00300D20 /* packet-parse.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "packet-parse.h"; sourceTree = "<group>"; }; - 478175281F06E57E00300D20 /* packet-print.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "packet-print.c"; sourceTree = "<group>"; }; - 478175291F06E57E00300D20 /* packet-show.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "packet-show.c"; sourceTree = "<group>"; }; - 4781752A1F06E57E00300D20 /* packet-show.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "packet-show.h"; sourceTree = "<group>"; }; - 4781752B1F06E57E00300D20 /* packet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = packet.h; sourceTree = "<group>"; }; - 4781752C1F06E57E00300D20 /* reader.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = reader.c; sourceTree = "<group>"; }; - 4781752D1F06E57E00300D20 /* readerwriter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = readerwriter.h; sourceTree = "<group>"; }; - 4781752E1F06E57E00300D20 /* signature.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = signature.c; sourceTree = "<group>"; }; - 4781752F1F06E57E00300D20 /* signature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = signature.h; sourceTree = "<group>"; }; - 478175301F06E57E00300D20 /* ssh2pgp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ssh2pgp.c; sourceTree = "<group>"; }; - 478175311F06E57E00300D20 /* symmetric.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = symmetric.c; sourceTree = "<group>"; }; - 478175321F06E57E00300D20 /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = types.h; sourceTree = "<group>"; }; - 478175331F06E57E00300D20 /* validate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = validate.c; sourceTree = "<group>"; }; - 478175341F06E57E00300D20 /* validate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = validate.h; sourceTree = "<group>"; }; - 478175351F06E57E00300D20 /* version.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = version.h; sourceTree = "<group>"; }; - 478175361F06E57E00300D20 /* writer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = writer.c; sourceTree = "<group>"; }; - 478175371F06E57E00300D20 /* writer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = writer.h; sourceTree = "<group>"; }; - 478175381F06E57E00300D20 /* UNNetPGP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UNNetPGP.h; sourceTree = "<group>"; }; - 478175391F06E57E00300D20 /* UNNetPGP.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = UNNetPGP.m; sourceTree = "<group>"; }; 479BBDD81EFEA17900A2107C /* bob_enzevalos_public.asc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = bob_enzevalos_public.asc; path = keys/bob_enzevalos_public.asc; sourceTree = "<group>"; }; 479BBDD91EFEA17900A2107C /* alice_enzevalos_public.asc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = alice_enzevalos_public.asc; path = keys/alice_enzevalos_public.asc; sourceTree = "<group>"; }; 479BBDDC1EFEA3CB00A2107C /* dave_enezvalos_public.asc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = dave_enezvalos_public.asc; path = keys/dave_enezvalos_public.asc; sourceTree = "<group>"; }; @@ -676,78 +604,6 @@ path = Utils; sourceTree = "<group>"; }; - 478175061F06E57E00300D20 /* netpgp */ = { - isa = PBXGroup; - children = ( - 478175071F06E57E00300D20 /* fmemopen */, - 4781750B1F06E57E00300D20 /* lib */, - 478175381F06E57E00300D20 /* UNNetPGP.h */, - 478175391F06E57E00300D20 /* UNNetPGP.m */, - ); - path = netpgp; - sourceTree = "<group>"; - }; - 478175071F06E57E00300D20 /* fmemopen */ = { - isa = PBXGroup; - children = ( - 478175081F06E57E00300D20 /* fmemopen.c */, - 478175091F06E57E00300D20 /* fmemopen.h */, - 4781750A1F06E57E00300D20 /* README.md */, - ); - path = fmemopen; - sourceTree = "<group>"; - }; - 4781750B1F06E57E00300D20 /* lib */ = { - isa = PBXGroup; - children = ( - 4781750C1F06E57E00300D20 /* bufgap.c */, - 4781750D1F06E57E00300D20 /* bufgap.h */, - 4781750E1F06E57E00300D20 /* compress.c */, - 4781750F1F06E57E00300D20 /* config.h */, - 478175101F06E57E00300D20 /* create.c */, - 478175111F06E57E00300D20 /* create.h */, - 478175121F06E57E00300D20 /* crypto.c */, - 478175131F06E57E00300D20 /* crypto.h */, - 478175141F06E57E00300D20 /* defs.h */, - 478175151F06E57E00300D20 /* errors.h */, - 478175161F06E57E00300D20 /* fastctype.c */, - 478175171F06E57E00300D20 /* fastctype.h */, - 478175181F06E57E00300D20 /* keyring.c */, - 478175191F06E57E00300D20 /* keyring.h */, - 4781751A1F06E57E00300D20 /* Licence */, - 4781751B1F06E57E00300D20 /* memory.h */, - 4781751C1F06E57E00300D20 /* misc.c */, - 4781751D1F06E57E00300D20 /* mj.c */, - 4781751E1F06E57E00300D20 /* mj.h */, - 4781751F1F06E57E00300D20 /* netpgp.c */, - 478175201F06E57E00300D20 /* netpgp.h */, - 478175211F06E57E00300D20 /* netpgpdefs.h */, - 478175221F06E57E00300D20 /* netpgpdigest.h */, - 478175231F06E57E00300D20 /* netpgpsdk.h */, - 478175241F06E57E00300D20 /* openssl_crypto.c */, - 478175251F06E57E00300D20 /* ops-ssh.h */, - 478175261F06E57E00300D20 /* packet-parse.c */, - 478175271F06E57E00300D20 /* packet-parse.h */, - 478175281F06E57E00300D20 /* packet-print.c */, - 478175291F06E57E00300D20 /* packet-show.c */, - 4781752A1F06E57E00300D20 /* packet-show.h */, - 4781752B1F06E57E00300D20 /* packet.h */, - 4781752C1F06E57E00300D20 /* reader.c */, - 4781752D1F06E57E00300D20 /* readerwriter.h */, - 4781752E1F06E57E00300D20 /* signature.c */, - 4781752F1F06E57E00300D20 /* signature.h */, - 478175301F06E57E00300D20 /* ssh2pgp.c */, - 478175311F06E57E00300D20 /* symmetric.c */, - 478175321F06E57E00300D20 /* types.h */, - 478175331F06E57E00300D20 /* validate.c */, - 478175341F06E57E00300D20 /* validate.h */, - 478175351F06E57E00300D20 /* version.h */, - 478175361F06E57E00300D20 /* writer.c */, - 478175371F06E57E00300D20 /* writer.h */, - ); - path = lib; - sourceTree = "<group>"; - }; 47B91AC01EC0C1CF000AE3EE /* coredata */ = { isa = PBXGroup; children = ( @@ -846,7 +702,6 @@ isa = PBXGroup; children = ( 475BFF911F7B953B006CDD41 /* ObjectivePGP */, - 478175061F06E57E00300D20 /* netpgp */, 47B91AC11EC0C1FB000AE3EE /* data */, F19B29011E02DCAC00B29DD1 /* enzevalos_iphone.entitlements */, A1C7FF8B1E895316000D1E92 /* keys */, @@ -1156,7 +1011,6 @@ A1C09FC61DF04D650006B783 /* alice2005-private.gpg in Resources */, 479BBDE01EFEA4D800A2107C /* bob_enzvalos_private.asc in Resources */, A13526861D955BDF00D3BFE1 /* LaunchScreen.storyboard in Resources */, - 478175421F06E57E00300D20 /* Licence in Resources */, A1EB05A41D956E32008659C1 /* Assets.xcassets in Resources */, A1FA3F6C1E78565B0093C0B6 /* alice2005-public.gpg in Resources */, A1EB058C1D9568AB008659C1 /* FrequentCell.xib in Resources */, @@ -1327,7 +1181,6 @@ 475B000B1F7B953B006CDD41 /* PGPOnePassSignaturePacket.m in Sources */, 47691A8A1ECB56D1004BCFC5 /* Mail.swift in Sources */, 472F398A1E251787009260FB /* Contact.swift in Sources */, - 4781754B1F06E57E00300D20 /* signature.c in Sources */, 472F39861E1FA34E009260FB /* Record.swift in Sources */, 475B00221F7B953B006CDD41 /* PGPKeyGenerator.m in Sources */, 475B001C1F7B953B006CDD41 /* PGPArmor.m in Sources */, @@ -1339,14 +1192,11 @@ 475B000E1F7B953B006CDD41 /* PGPPublicKeyPacket.m in Sources */, A1E2324E1F0FA41A00DC9D40 /* FolderListCell.swift in Sources */, A1EB059C1D956957008659C1 /* NSDateCompare.swift in Sources */, - 478175471F06E57E00300D20 /* packet-parse.c in Sources */, 475B00041F7B953B006CDD41 /* PGPKeyMaterial.m in Sources */, A1EB05941D956931008659C1 /* InboxCellDelegator.swift in Sources */, 472F39811E1E5347009260FB /* Mail_Address+CoreDataClass.swift in Sources */, 475B002F1F7B953B006CDD41 /* NSMutableData+PGPUtils.m in Sources */, 475B00021F7B953B006CDD41 /* PGPCryptoUtils.m in Sources */, - 4781753C1F06E57E00300D20 /* bufgap.c in Sources */, - 478175431F06E57E00300D20 /* misc.c in Sources */, A1EB05821D95685B008659C1 /* CollectionDataDelegate.swift in Sources */, A17C04841DC6504E00F66EDB /* LogHandler.swift in Sources */, A1EB05801D956851008659C1 /* SendViewController.swift in Sources */, @@ -1359,18 +1209,12 @@ F18B44601E704C550080C041 /* ReplaceSegue.swift in Sources */, 475B000C1F7B953B006CDD41 /* PGPPacket.m in Sources */, 472F39881E1FA377009260FB /* KeyRecord.swift in Sources */, - 4781754E1F06E57E00300D20 /* validate.c in Sources */, - 4781754C1F06E57E00300D20 /* ssh2pgp.c in Sources */, 475B00241F7B953B006CDD41 /* PGPMPI.m in Sources */, F1ACF21C1E0C1C6800C1B843 /* ContactViewController.swift in Sources */, 475B00351F7B9565006CDD41 /* CryptoObject.swift in Sources */, - 4781754F1F06E57E00300D20 /* writer.c in Sources */, - 478175441F06E57E00300D20 /* mj.c in Sources */, 475B00161F7B953B006CDD41 /* PGPSymmetricallyEncryptedDataPacket.m in Sources */, - 478175491F06E57E00300D20 /* packet-show.c in Sources */, 475B002B1F7B953B006CDD41 /* PGPUser.m in Sources */, A1EB057E1D956848008659C1 /* VENDataDelegate.swift in Sources */, - 4781753D1F06E57E00300D20 /* compress.c in Sources */, A1E81B671DCA296200535F98 /* UIViewResolver.swift in Sources */, 475B001A1F7B953B006CDD41 /* PGPUserAttributeSubpacket.m in Sources */, 475B000A1F7B953B006CDD41 /* PGPModificationDetectionCodePacket.m in Sources */, @@ -1382,13 +1226,9 @@ F1AF938F1E2D04BA00755128 /* CustomCells.swift in Sources */, 475B00211F7B953B006CDD41 /* PGPKey.m in Sources */, A10DE4201EFAA2CE005E8189 /* FolderViewController.swift in Sources */, - 4781753B1F06E57E00300D20 /* README.md in Sources */, 475B00071F7B953B006CDD41 /* ObjectivePGPObject.m in Sources */, 475B00131F7B953B006CDD41 /* PGPSignatureSubpacket.m in Sources */, 475B00011F7B953B006CDD41 /* PGPCryptoHash.m in Sources */, - 4781754D1F06E57E00300D20 /* symmetric.c in Sources */, - 478175461F06E57E00300D20 /* openssl_crypto.c in Sources */, - 478175501F06E57E00300D20 /* UNNetPGP.m in Sources */, 475B002E1F7B953B006CDD41 /* NSMutableArray+PGPUtils.m in Sources */, 476142081E07E52B00FD5E4F /* Theme.swift in Sources */, A1EB057A1D956829008659C1 /* ContactCell.swift in Sources */, @@ -1396,7 +1236,6 @@ 475B00101F7B953B006CDD41 /* PGPSecretKeyPacket.m in Sources */, 472F392C1E1277D2009260FB /* PersistentMail +CoreDataClass.swift in Sources */, F119D2901E364B59001D732A /* AnimatedSendIcon.swift in Sources */, - 478175481F06E57E00300D20 /* packet-print.c in Sources */, 475B00231F7B953B006CDD41 /* PGPKeyID.m in Sources */, 475B00181F7B953B006CDD41 /* PGPTrustPacket.m in Sources */, F12060801DA540FE00F6EF37 /* RefreshControlExtension.swift in Sources */, @@ -1404,7 +1243,6 @@ 475B001E1F7B953B006CDD41 /* PGPCryptoCFB.m in Sources */, A13526811D955BDF00D3BFE1 /* enzevalos_iphone.xcdatamodeld in Sources */, 475B00111F7B953B006CDD41 /* PGPSecretSubKeyPacket.m in Sources */, - 478175411F06E57E00300D20 /* keyring.c in Sources */, 475B00141F7B953B006CDD41 /* PGPSignatureSubpacketCreationTime.m in Sources */, 472F39821E1E5347009260FB /* Mail_Address+CoreDataProperties.swift in Sources */, 476373C21E09BA88004D5EFE /* UserData.swift in Sources */, @@ -1420,16 +1258,13 @@ 475B00261F7B953B006CDD41 /* PGPPartialKey.m in Sources */, 475B00251F7B953B006CDD41 /* PGPPacketFactory.m in Sources */, 475B002A1F7B953B006CDD41 /* PGPS2K.m in Sources */, - 478175451F06E57E00300D20 /* netpgp.c in Sources */, A1E2324C1F0FA13F00DC9D40 /* FolderListViewController.swift in Sources */, 475B00121F7B953B006CDD41 /* PGPSignaturePacket.m in Sources */, 475B00091F7B953B006CDD41 /* PGPLiteralPacket.m in Sources */, F113C38B1F3344C200E7F1D6 /* ViewControllerPannable.swift in Sources */, A1EB05841D956867008659C1 /* TableViewDataDelegate.swift in Sources */, - 4781753E1F06E57E00300D20 /* create.c in Sources */, 472F397C1E1D0B0B009260FB /* PersistentMail +CoreDataProperties.swift in Sources */, A1EB05961D956939008659C1 /* InboxTableViewCell.swift in Sources */, - 478175401F06E57E00300D20 /* fastctype.c in Sources */, 475B00201F7B953B006CDD41 /* PGPFoundation.m in Sources */, 475B002D1F7B953B006CDD41 /* NSData+PGPUtils.m in Sources */, 475B000D1F7B953B006CDD41 /* PGPPublicKeyEncryptedSessionKeyPacket.m in Sources */, @@ -1442,18 +1277,15 @@ 475B00341F7B9565006CDD41 /* Cryptography.swift in Sources */, A1EB057C1D956838008659C1 /* MailHandler.swift in Sources */, A1EB05881D956879008659C1 /* AddressHandler.swift in Sources */, - 4781753F1F06E57E00300D20 /* crypto.c in Sources */, 472F39701E14F75C009260FB /* DataHandler.swift in Sources */, A1EB05901D956923008659C1 /* ReadViewController.swift in Sources */, A1C3DEEC1E0AB15300EB7D02 /* InitViewController.swift in Sources */, 472F398E1E251B8D009260FB /* MailAddress.swift in Sources */, F12060821DA552FC00F6EF37 /* MailHandlerDelegator.swift in Sources */, 475B001D1F7B953B006CDD41 /* PGPBigNum.m in Sources */, - 4781754A1F06E57E00300D20 /* reader.c in Sources */, 475B00031F7B953B006CDD41 /* PGPDSA.m in Sources */, F1984D741E1E92B300804E1E /* LabelStyleKit.swift in Sources */, A1EB05861D956872008659C1 /* FrequentCell.swift in Sources */, - 4781753A1F06E57E00300D20 /* fmemopen.c in Sources */, F12041FB1DA3FBF7002E4940 /* ListViewController.swift in Sources */, F18B445E1E7044B70080C041 /* FlipTransition.swift in Sources */, 475B00291F7B953B006CDD41 /* PGPPKCSEmsa.m in Sources */, diff --git a/enzevalos_iphone/netpgp/UNNetPGP.h b/enzevalos_iphone/netpgp/UNNetPGP.h deleted file mode 100644 index 4129fe15..00000000 --- a/enzevalos_iphone/netpgp/UNNetPGP.h +++ /dev/null @@ -1,104 +0,0 @@ -// -// UNNetPGP.h -// netpgp -// -// Created by Marcin Krzyzanowski on 01.10.2013. -// Copyright (c) 2013 Marcin Krzyżanowski -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - - -#import <Foundation/Foundation.h> - -typedef NS_OPTIONS(NSUInteger, UNEncryptOption) -{ - UNEncryptOptionNone = 0, - UNEncryptDontUseSubkey = 1 << 0 // Not recomended, by default subkey is used to encrypt data. Use only if required. -}; - -@interface UNNetPGP : NSObject - -/** user identifier. Required for most actions. */ -@property (strong, atomic) NSString *userId; - -/** home dir for keyrings */ -@property (strong, atomic) NSString *homeDirectory; - -/** path to public key ring file */ -@property (strong, atomic) NSString *publicKeyRingPath; - -/** path to secure key ring file */ -@property (strong, atomic) NSString *secretKeyRingPath; - -/** keys in a keyring */ -@property (strong, atomic) NSArray *availableKeys; - -/** password for key **/ -@property (copy, atomic) NSString *password; - -/** armored */ -@property (assign) BOOL armored; - -/** Maximum memory allocation. Default 4 MiB. Incrase for large files.*/ -@property (assign) NSUInteger maximumMemoryAllocationSize; - -/** Initialize with user identifier */ -- (instancetype) initWithUserId:(NSString *)userId; - -/** Encrypt file at path and save result to out file */ -- (BOOL) encryptFileAtPath:(NSString *)inFilePath toFileAtPath:(NSString *)outFilePath options:(UNEncryptOption)options; -/** Decrypt file at path and save result to out file */ -- (BOOL) decryptFileAtPath:(NSString *)inFilePath toFileAtPath:(NSString *)outFilePath; - -/** Sign file and write signature to separate file */ -- (BOOL) signFileAtPath:(NSString *)inFilePath writeSignatureToPath:(NSString *)signatureFilePath; - -/** Sign file and write signed to output file */ -- (BOOL) signFileAtPath:(NSString *)inFilePath writeSignedFileToPath:(NSString *)signedFilePath; - -/** - Sign file and write signature to separate file or attach signature to signed file. - signatureFilePath have extension ".asc" or ".sig" - */ -- (BOOL) signFileAtPath:(NSString *)inFilePath writeToFile:(NSString *)signatureFilePath detached:(BOOL)detached; - -/** - Verifies the signatures in a signed file. - @param inFilePath have to be one of ".sig" or ".asc" file. Method expect companion signed filed. - */ -- (BOOL) verifyFileAtPath:(NSString *)inFilePath; - -- (NSData *) encryptData:(NSData *)inData options:(UNEncryptOption)options; -- (NSData *) decryptData:(NSData *)inData; - -- (NSData *) signData:(NSData *)data; -- (BOOL) verifyData:(NSData *)inData; - -/** - * Import public key from given keyring file - * - * @param inFilePath pubring.gpg file to import - * - * @return YES for success. - */ -- (BOOL) importPublicKeyFromFileAtPath:(NSString *)inFilePath; -//- (BOOL) importSecureKeyFromFileAtPath:(NSString *)inFilePath; -- (NSString *)exportKeyNamed:(NSString *)keyName; - -/** Generate pair of keys and store in keyring */ -- (BOOL) generateKey:(int)numberOfBits; -/** Generate pair of keys and store in specified by path */ -- (BOOL) generateKey:(int)numberOfBits named:(NSString *)keyName toDirectory:(NSString *)path; - -@end diff --git a/enzevalos_iphone/netpgp/UNNetPGP.m b/enzevalos_iphone/netpgp/UNNetPGP.m deleted file mode 100644 index 7b9da591..00000000 --- a/enzevalos_iphone/netpgp/UNNetPGP.m +++ /dev/null @@ -1,614 +0,0 @@ -// -// UNNetPGP.m -// netpgp -// -// Created by Marcin Krzyzanowski on 01.10.2013. -// Copyright (c) 2013 Marcin Krzyżanowski -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -#import "UNNetPGP.h" -#import "netpgp.h" -#import "fmemopen.h" - -static dispatch_queue_t lock_queue; - -@implementation UNNetPGP - -@synthesize availableKeys = _availableKeys; -@synthesize publicKeyRingPath = _publicKeyRingPath; -@synthesize secretKeyRingPath = _secretKeyRingPath; - -+ (void)initialize -{ - lock_queue = dispatch_queue_create("UUNetPGP lock queue", DISPATCH_QUEUE_SERIAL); -} - -- (instancetype) init -{ - if (self = [super init]) { - // by default search keys in Documents - - // NOTE: saving the keyring in this location means that it could get backed up to iCloud, - // leaving private keys vulernable to whoever can get access to Apple's servers. - - NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES); - NSString *documentDirectoryPath = ([paths count] > 0) ? [paths objectAtIndex:0] : nil; - -#if TARGET_IPHONE_SIMULATOR - // Sometimes the simulator doesn't have the normal directories. - if (![[NSFileManager defaultManager] fileExistsAtPath:documentDirectoryPath]) { - [[NSFileManager defaultManager] createDirectoryAtPath:documentDirectoryPath withIntermediateDirectories:YES attributes:nil error:nil]; - } -#endif - _homeDirectory = documentDirectoryPath; - } - return self; -} - -- (instancetype) initWithUserId:(NSString *)userId -{ - if (self = [self init]) { - self.userId = userId; - } - return self; -} - -- (void)setPublicKeyRingPath:(NSString *)publicKeyRingPath -{ - dispatch_sync(lock_queue, ^{ - self->_publicKeyRingPath = publicKeyRingPath; - }); -} - -- (NSString *)publicKeyRingPath -{ - @synchronized(self) { - NSString *ret = nil; - if (_publicKeyRingPath) { - ret = _publicKeyRingPath; - } else if (self.homeDirectory) { - ret = [self.homeDirectory stringByAppendingPathComponent:@"pubring.gpg"]; - } - return ret; - } -} - -- (void)setSecretKeyRingPath:(NSString *)secretKeyRingPath -{ - dispatch_sync(lock_queue, ^{ - self->_secretKeyRingPath = secretKeyRingPath; - }); - -} - -- (NSString *)secretKeyRingPath -{ - @synchronized(self) { - NSString *ret = nil; - if (_secretKeyRingPath) { - ret = _secretKeyRingPath; - } else if (self.homeDirectory) { - ret = [self.homeDirectory stringByAppendingPathComponent:@"secring.gpg"]; - } - return ret; - } -} - -#pragma mark - Data - -- (NSData *) encryptData:(NSData *)inData options:(UNEncryptOption)options -{ - __block NSData *result = nil; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - - if (options & UNEncryptDontUseSubkey) { - netpgp_setvar(netpgp, "dont use subkey to encrypt", "1"); - } - - void *inbuf = calloc(inData.length, sizeof(Byte)); - memcpy(inbuf, inData.bytes, inData.length); - - NSInteger maxsize = (unsigned)atoi(netpgp_getvar(netpgp, "max mem alloc")); - void *outbuf = calloc(sizeof(Byte), maxsize); - int outsize = netpgp_encrypt_memory(netpgp, self.userId.UTF8String, inbuf, inData.length, outbuf, maxsize, self.armored ? 1 : 0); - - if (outsize > 0) { - result = [NSData dataWithBytesNoCopy:outbuf length:outsize freeWhenDone:YES]; - } - - [self finishnetpgp:netpgp]; - - if (inbuf) - free(inbuf); - } - }); - - return result; -} - -- (NSData *) decryptData:(NSData *)inData -{ - __block NSData *result = nil; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - NSInteger maxsize = (unsigned)atoi(netpgp_getvar(netpgp, "max mem alloc")); - void *outbuf = calloc(sizeof(Byte), maxsize); - int outsize = netpgp_decrypt_memory(netpgp, inData.bytes, inData.length, outbuf, maxsize, self.armored ? 1 : 0); - - if (outsize > 0) { - result = [NSData dataWithBytesNoCopy:outbuf length:outsize freeWhenDone:YES]; - } - - [self finishnetpgp:netpgp]; - } - }); - - return result; -} - -- (NSData *) signData:(NSData *)inData -{ - __block NSData *result = nil; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - void *inbuf = calloc(inData.length, sizeof(Byte)); - memcpy(inbuf, inData.bytes, inData.length); - - NSInteger maxsize = (unsigned)atoi(netpgp_getvar(netpgp, "max mem alloc")); - void *outbuf = calloc(sizeof(Byte), maxsize); - int outsize = netpgp_sign_memory(netpgp, self.userId.UTF8String, inbuf, inData.length, outbuf, maxsize, self.armored ? 1 : 0, 0 /* !cleartext */); - - if (outsize > 0) { - result = [NSData dataWithBytesNoCopy:outbuf length:outsize freeWhenDone:YES]; - } - - [self finishnetpgp:netpgp]; - - if (inbuf) - free(inbuf); - } - }); - - return result; -} - -- (BOOL) verifyData:(NSData *)inData -{ - __block BOOL result = NO; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - result = netpgp_verify_memory(netpgp, inData.bytes, inData.length, NULL, 0, self.armored ? 1 : 0); - [self finishnetpgp:netpgp]; - } - }); - - return result; -} - - -#pragma mark - Files - -/** - Encrypt file. - - @param inFilePath File to encrypt - @param outFilePath Optional. If `nil` then encrypted name is created at the same path as original file with addedd suffix `.gpg`. - @param options UNEncryptOption - @return `YES` if operation success. - - Encrypted file is created at outFilePath, file is overwritten if already exists. - */ -- (BOOL) encryptFileAtPath:(NSString *)inFilePath toFileAtPath:(NSString *)outFilePath options:(UNEncryptOption)options -{ - __block BOOL result = NO; - - if (![[NSFileManager defaultManager] fileExistsAtPath:inFilePath]) - return NO; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - - if (netpgp) { - - if (options & UNEncryptDontUseSubkey) { - netpgp_setvar(netpgp, "dont use subkey to encrypt", "1"); - } - - if (self.maximumMemoryAllocationSize <= 4096) { - NSDictionary *attrs = [[NSFileManager defaultManager] attributesOfItemAtPath:inFilePath error: NULL]; - unsigned long long fileSize = [attrs fileSize]; - float newMax = ceilf(fileSize / (float)self.maximumMemoryAllocationSize) * (float)self.maximumMemoryAllocationSize; - netpgp_setvar(netpgp, "max mem alloc", [[NSString stringWithFormat:@"%d",(int32_t)newMax] UTF8String]); - } - - char infilepath[inFilePath.length+1]; //+1 for terminating NULL character - strcpy(infilepath, inFilePath.UTF8String); - - char *outfilepath = NULL; - if (outFilePath) { - outfilepath = calloc(outFilePath.length+1, sizeof(char)); - strcpy(outfilepath, outFilePath.UTF8String); - } - - result = netpgp_encrypt_file(netpgp, self.userId.UTF8String, infilepath, outfilepath, self.armored ? 1 : 0); - - [self finishnetpgp:netpgp]; - - if (outfilepath) - free(outfilepath); - } - }); - - return result; -} - -/** - Decrypt file. - - @param inFilePath File to encrypt - @param outFilePath Optional. If `nil` then encrypted name is created at the same path as original file with addedd suffix `.gpg`. - @return `YES` if operation success. - - Descrypted file is created at outFilePath, file is overwritten if already exists. - */ -- (BOOL) decryptFileAtPath:(NSString *)inFilePath toFileAtPath:(NSString *)outFilePath -{ - __block BOOL result = NO; - - if (![[NSFileManager defaultManager] fileExistsAtPath:inFilePath]) - return NO; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - char infilepath[inFilePath.length+1]; //+1 for terminating NULL character - strcpy(infilepath, inFilePath.UTF8String); - - char *outfilepath = NULL; - if (outFilePath) { - outfilepath = calloc(outFilePath.length+1, sizeof(char)); - strcpy(outfilepath, outFilePath.UTF8String); - } - - result = netpgp_decrypt_file(netpgp, infilepath, outfilepath, self.armored ? 1 : 0); - - [self finishnetpgp:netpgp]; - - if (outfilepath) - free(outfilepath); - } - }); - - return result; -} - -- (BOOL) signFileAtPath:(NSString *)inFilePath writeSignatureToPath:(NSString *)signatureFilePath -{ - return [self signFileAtPath:inFilePath writeToFile:signatureFilePath detached:YES]; -} - -- (BOOL) signFileAtPath:(NSString *)inFilePath writeSignedFileToPath:(NSString *)signedFilePath -{ - return [self signFileAtPath:inFilePath writeToFile:signedFilePath detached:NO]; -} - -- (BOOL) signFileAtPath:(NSString *)inFilePath writeToFile:(NSString *)signatureFilePath detached:(BOOL)detached -{ - __block BOOL result = NO; - - // HACK: Don't crash - if (inFilePath == nil || signatureFilePath == nil) return NO; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - char infilepath[inFilePath.length+1]; //+1 for terminating NULL character - memset(infilepath, 0x0, sizeof(infilepath)); - strcpy(infilepath, inFilePath.UTF8String); - - char *outfilepath = NULL; - if (signatureFilePath) { - outfilepath = calloc(signatureFilePath.length+1, sizeof(char)); - strcpy(outfilepath, signatureFilePath.UTF8String); - } - - //TODO: cleartext is not working right, need to investigate and fix - result = netpgp_sign_file(netpgp, self.userId.UTF8String, infilepath, outfilepath /* sigfile name */, self.armored ? 1 : 0, 0 /* !cleartext */, detached ? 1 : 0 /* detached */); - - [self finishnetpgp:netpgp]; - - if (outfilepath) { - free(outfilepath); - } - } - }); - - return result; -} - -- (BOOL) verifyFileAtPath:(NSString *)inFilePath -{ - __block BOOL result = NO; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - char infilepath[inFilePath.length+1]; //+1 for terminating NULL character - strcpy(infilepath, inFilePath.UTF8String); - - result = netpgp_verify_file(netpgp, infilepath, NULL, self.armored ? 1 : 0); - - [self finishnetpgp:netpgp]; - } - }); - - return result; -} - -#pragma mark - Keys - -- (NSArray *)availableKeys -{ - __block NSArray *keysDict = nil; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - - char *jsonCString = NULL; - if (netpgp_list_keys_json(netpgp, &jsonCString, 0) && (jsonCString != NULL)) { - NSError *error = nil; - keysDict = [NSJSONSerialization JSONObjectWithData:[NSData dataWithBytes:jsonCString length:strlen(jsonCString)] options:0 error:&error]; - } - free(jsonCString); - - [self finishnetpgp:netpgp]; - } - }); - return keysDict; -} - -- (void)setAvailableKeys:(NSArray *)keys -{ - dispatch_sync(lock_queue, ^{ - _availableKeys = keys; - }); -} - -- (NSString *)exportKeyNamed:(NSString *)keyName -{ - __block NSString *keyData; - - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - char keyname[keyName.length+1]; //+1 for terminating NULL character - strcpy(keyname, keyName.UTF8String); - - char *keydata = netpgp_export_key(netpgp, keyname); - if (keydata) { - keyData = [NSString stringWithCString:keydata encoding:NSASCIIStringEncoding]; - free(keydata); - } - - [self finishnetpgp:netpgp]; - } - }); - return keyData; -} - -/** import a key into keyring */ -- (BOOL) importPublicKeyFromFileAtPath:(NSString *)inFilePath -{ - if (!inFilePath) - return NO; - - __block BOOL result = NO; - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - - char infilepath[inFilePath.length+1]; //+1 for terminating NULL character - strcpy(infilepath, inFilePath.UTF8String); - - result = netpgp_import_public_key(netpgp, infilepath); - - [self finishnetpgp:netpgp]; - } - }); - - return result; -} -// -///** import a key into keyring */ -//- (BOOL) importSecureKeyFromFileAtPath:(NSString *)inFilePath -//{ -// if (!inFilePath) -// return NO; -// -// __block BOOL result = NO; -// dispatch_sync(lock_queue, ^{ -// netpgp_t *netpgp = [self buildnetpgp]; -// if (netpgp) { -// -// char infilepath[inFilePath.length]; -// strcpy(infilepath, inFilePath.UTF8String); -// //TODO: save in keyring -// result = netpgp_import_secure_key(netpgp, infilepath); -// -// [self finishnetpgp:netpgp]; -// } -// }); -// -// return result; -//} - -/** - Generate key and save to keyring. - - @param numberOfBits - @param keyName - @param path - @param defaultKeyring - @see userId - */ -- (BOOL) generateKey:(int)numberOfBits named:(NSString *)keyName toDirectory:(NSString *)path saveToDefaultKeyring:(BOOL)defaultKeyring -{ - __block BOOL result = NO; - dispatch_sync(lock_queue, ^{ - netpgp_t *netpgp = [self buildnetpgp]; - if (netpgp) { - NSString *keyIdString = keyName ?: self.userId; - if (keyIdString == nil) { - keyIdString = @""; - } - netpgp_setvar(netpgp, "userid checks", "skip"); - - char key_id[keyIdString.length+1]; //+1 for terminating NULL character - strcpy(key_id, keyIdString.UTF8String); - - char *directory_path = NULL; - if (path) { - directory_path = calloc(path.length+1, sizeof(char)); - strcpy(directory_path, path.UTF8String); - - if (![[NSFileManager defaultManager] fileExistsAtPath:path]) { - [[NSFileManager defaultManager] createDirectoryAtPath:path withIntermediateDirectories:YES attributes:@{NSFilePosixPermissions: [NSNumber numberWithShort:0700]} error:nil]; - } - } - - result = netpgp_generate_key_rich(netpgp, key_id, numberOfBits, directory_path, defaultKeyring ? 1 : 0); - [self finishnetpgp:netpgp]; - - if (directory_path) { - free(directory_path); - } - } - }); - - return result; -} - -/** - Generate key and save to keyring. - - @param numberOfBits - @see userId - */ -- (BOOL) generateKey:(int)numberOfBits -{ - return [self generateKey:numberOfBits named:nil toDirectory:nil saveToDefaultKeyring:YES]; -} - -/** - Generate key and save to defined path - - @param numberOfBits - @param keyName - @param path - @see userId - */ - -- (BOOL) generateKey:(int)numberOfBits named:(NSString *)keyName toDirectory:(NSString *)path -{ - return [self generateKey:numberOfBits named:keyName toDirectory:path saveToDefaultKeyring:NO]; -} - -#pragma mark - private - -- (netpgp_t *) buildnetpgp; -{ - // Love http://jverkoey.github.io/fmemopen/ - - netpgp_t *netpgp = calloc(0x1, sizeof(netpgp_t)); - - if (self.userId) - netpgp_setvar(netpgp, "userid", self.userId.UTF8String); - - if (self.homeDirectory) { - char *directory_path = calloc(self.homeDirectory.length+1, sizeof(char)); - strcpy(directory_path, self.homeDirectory.UTF8String); - - netpgp_set_homedir(netpgp, directory_path, NULL, 0); - - free(directory_path); - } - - if (self.secretKeyRingPath) { - if (![[NSFileManager defaultManager] fileExistsAtPath:self.secretKeyRingPath]) { - [[NSFileManager defaultManager] createFileAtPath:self.secretKeyRingPath contents:nil attributes:@{NSFilePosixPermissions: [NSNumber numberWithShort:0600]}]; - } - netpgp_setvar(netpgp, "secring", self.secretKeyRingPath.UTF8String); - } - - if (self.publicKeyRingPath) { - if (![[NSFileManager defaultManager] fileExistsAtPath:self.publicKeyRingPath]) { - [[NSFileManager defaultManager] createFileAtPath:self.publicKeyRingPath contents:nil attributes:@{NSFilePosixPermissions: [NSNumber numberWithShort:0600]}]; - } - netpgp_setvar(netpgp, "pubring", self.publicKeyRingPath.UTF8String); - } - - if (self.password) { - const char* cstr = [self.password stringByAppendingString:@"\n"].UTF8String; - netpgp->passfp = fmemopen((void *)cstr, sizeof(char) * (self.password.length + 1), "r"); - } - - /* 4 MiB for a memory file */ - netpgp_setvar(netpgp, "max mem alloc", "4194304"); - if (self.maximumMemoryAllocationSize) { - netpgp_setvar(netpgp, "max mem alloc", [[NSString stringWithFormat:@"%i",self.maximumMemoryAllocationSize] UTF8String]); - } - - //FIXME: use sha1 because sha256 crashing, don't know why yet - netpgp_setvar(netpgp, "hash", "sha1"); - - // Custom variable - //netpgp_setvar(netpgp, "dont use subkey to encrypt", "1"); - -#if DEBUG - netpgp_incvar(netpgp, "verbose", 1); - netpgp_set_debug(NULL); -#endif - - if (!netpgp_init(netpgp)) { - NSLog(@"Can't initialize netpgp stack"); - free(netpgp); - return nil; - } - - return netpgp; -} - -- (void) finishnetpgp:(netpgp_t *)netpgp -{ - if (!netpgp) { - return; - } - - netpgp_end(netpgp); - free(netpgp); -} - - -@end diff --git a/enzevalos_iphone/netpgp/fmemopen/README.md b/enzevalos_iphone/netpgp/fmemopen/README.md deleted file mode 100755 index 476810eb..00000000 --- a/enzevalos_iphone/netpgp/fmemopen/README.md +++ /dev/null @@ -1,49 +0,0 @@ -fmemopen for Mac OS and iOS -=========================== - -Originally ported from [ingenuitas python-tesseract](https://github.com/ingenuitas/python-tesseract/blob/master/fmemopen.c). Ported by Jeff Verkoeyen under the Apache 2.0 License. - -From the fmemopen man page: - -> FILE *fmemopen(void *buf, size_t size, const char *mode); -> -> The fmemopen() function opens a stream that permits the access specified by mode. The stream -> allows I/O to be performed on the string or memory buffer pointed to by buf. This buffer must be -> at least size bytes long. - -Alas, this method does not exist on BSD operating systems (specifically Mac OS X and iOS). It is -possible to recreate this functionality using a BSD-specific method called `funopen`. - -From the funopen man page: - -> FILE * funopen(const void *cookie, int (*readfn)(void *, char *, int), -> int (*writefn)(void *, const char *, int), fpos_t (*seekfn)(void *, fpos_t, int), -> int (*closefn)(void *)); -> -> The funopen() function associates a stream with up to four ``I/O functions''. Either readfn or -> writefn must be specified; the others can be given as an appropriately-typed NULL pointer. These -> I/O functions will be used to read, write, seek and close the new stream. - -fmemopen.c provides a simple implementation of fmemopen using funopen so that you can create FILE -pointers to blocks of memory. - -Adding it to your Project -========================= - -Drag fmemopen.h and fmemopen.c to your project and add them to your target. `#include "fmemopen.h"` -wherever you need to use `fmemopen`. - -Examples -======== - -```obj-c -#import "fmemopen.h" - -NSString* string = @"fmemopen in Objective-C"; -const char* cstr = [string UTF8String]; -FILE* file = fmemopen((void *)cstr, sizeof(char) * (string.length + 1), "r"); - -// fread on file will now read the contents of the NSString - -fclose(file); -``` diff --git a/enzevalos_iphone/netpgp/fmemopen/fmemopen.c b/enzevalos_iphone/netpgp/fmemopen/fmemopen.c deleted file mode 100755 index 7dd962b4..00000000 --- a/enzevalos_iphone/netpgp/fmemopen/fmemopen.c +++ /dev/null @@ -1,93 +0,0 @@ -// -// Copyright 2012 Jeff Verkoeyen -// Originally ported from https://github.com/ingenuitas/python-tesseract/blob/master/fmemopen.c -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/mman.h> -#include <sys/param.h> - -struct fmem { - size_t pos; - size_t size; - char *buffer; -}; -typedef struct fmem fmem_t; - -static int readfn(void *handler, char *buf, int size) { - fmem_t *mem = handler; - size_t available = mem->size - mem->pos; - - if (size > available) { - size = (int)MIN(available, INT_MAX); - } - memcpy(buf, mem->buffer + mem->pos, sizeof(char) * size); - mem->pos += size; - - return size; -} - -static int writefn(void *handler, const char *buf, int size) { - fmem_t *mem = handler; - size_t available = mem->size - mem->pos; - - if (size > available) { - size = (int)MIN(available, INT_MAX); - } - memcpy(mem->buffer + mem->pos, buf, sizeof(char) * size); - mem->pos += size; - - return size; -} - -static fpos_t seekfn(void *handler, fpos_t offset, int whence) { - size_t pos; - fmem_t *mem = handler; - - switch (whence) { - case SEEK_SET: pos = offset; break; - case SEEK_CUR: pos = mem->pos + offset; break; - case SEEK_END: pos = mem->size + offset; break; - default: return -1; - } - - if (pos > mem->size) { - return -1; - } - - mem->pos = pos; - return (fpos_t)pos; -} - -static int closefn(void *handler) { - free(handler); - return 0; -} - -FILE *fmemopen(void *buf, size_t size, const char *mode) { - // This data is released on fclose. - fmem_t* mem = (fmem_t *) malloc(sizeof(fmem_t)); - - // Zero-out the structure. - memset(mem, 0, sizeof(fmem_t)); - - mem->size = size; - mem->buffer = buf; - - // funopen's man page: https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/funopen.3.html - return funopen(mem, readfn, writefn, seekfn, closefn); -} diff --git a/enzevalos_iphone/netpgp/fmemopen/fmemopen.h b/enzevalos_iphone/netpgp/fmemopen/fmemopen.h deleted file mode 100755 index 3d06b20e..00000000 --- a/enzevalos_iphone/netpgp/fmemopen/fmemopen.h +++ /dev/null @@ -1,52 +0,0 @@ -// -// Copyright 2012 Jeff Verkoeyen -// Originally ported from https://github.com/ingenuitas/python-tesseract/blob/master/fmemopen.c -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -#ifndef FMEMOPEN_H_ -#define FMEMOPEN_H_ - -#ifdef __cplusplus -extern "C" -{ -#endif - -/** - * A BSD port of the fmemopen Linux method using funopen. - * - * man docs for fmemopen: - * http://linux.die.net/man/3/fmemopen - * - * man docs for funopen: - * https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/funopen.3.html - * - * This method is ported from ingenuitas' python-tesseract project. - * - * You must call fclose on the returned file pointer or memory will be leaked. - * - * @param buf The data that will be used to back the FILE* methods. Must be at least - * @c size bytes. - * @param size The size of the @c buf data. - * @param mode The permitted stream operation modes. - * @returns A pointer that can be used in the fread/fwrite/fseek/fclose family of methods. - * If a failure occurred NULL will be returned. - */ -FILE *fmemopen(void *buf, size_t size, const char *mode); - -#ifdef __cplusplus -} -#endif - -#endif // #ifndef FMEMOPEN_H_ diff --git a/enzevalos_iphone/netpgp/lib/Licence b/enzevalos_iphone/netpgp/lib/Licence deleted file mode 100644 index 25a88eb4..00000000 --- a/enzevalos_iphone/netpgp/lib/Licence +++ /dev/null @@ -1,36 +0,0 @@ -Copyright (c) 2005 Nominet UK (www.nic.uk) -All rights reserved. -Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted -their moral rights under the UK Copyright Design and Patents Act 1988 to -be recorded as the authors of this copyright work. - -This is a BSD-style Open Source licence. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -3. The name of Nominet UK or the contributors may not be used to - endorse or promote products derived from this software without specific - prior written permission; - -and provided that the user accepts the terms of the following disclaimer: - -THIS SOFTWARE IS PROVIDED BY NOMINET UK AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL NOMINET UK OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. diff --git a/enzevalos_iphone/netpgp/lib/bufgap.c b/enzevalos_iphone/netpgp/lib/bufgap.c deleted file mode 100644 index 7e6534d6..00000000 --- a/enzevalos_iphone/netpgp/lib/bufgap.c +++ /dev/null @@ -1,520 +0,0 @@ -/* $NetBSD: bufgap.c,v 1.4 2010/08/15 16:10:56 agc Exp $ */ - -/*- - * Copyright (c) 1996-2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#include "config.h" - -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif - -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - -#include <stdio.h> - -#include <stdlib.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_STRING_H -#include <string.h> -#endif - -#include "fastctype.h" -#include "bufgap.h" -#include "defs.h" - -/* macros to get subscripts in buffer */ -#define AFTSUB(bp, n) ((bp)->buf[(int)n]) -#define BEFSUB(bp, n) ((bp)->buf[(int)((bp)->size - (n) - 1)]) - -/* initial allocation size */ -#ifndef CHUNKSIZE -#define CHUNKSIZE 256 -#endif - -#ifndef KiB -#define KiB(x) ((x) * 1024) -#endif - -#define BGCHUNKSIZE KiB(4) - -#ifndef __UNCONST -#define __UNCONST(a) ((void *)(unsigned long)(const void *)(a)) -#endif - -#ifndef USE_UTF -#define USE_UTF 0 -#endif - -#if !USE_UTF -#define Rune char -#define utfbytes(x) strlen(x) -#define utfrune(a, b) strchr(a, b) -#define utfnlen(a, b) bounded_strlen(a, b) - -static size_t -bounded_strlen(const char *s, size_t maxlen) -{ - size_t n; - - for (n = 0 ; n < maxlen && s[n] != 0x0 ; n++) { - } - return n; -} - -static int -chartorune(Rune *rp, char *s) -{ - *rp = s[0]; - return 1; -} - -static int -priorrune(Rune *rp, char *s) -{ - *rp = s[0]; - return 1; -} -#else -#include "ure.h" -#endif - -/* save `n' chars of `s' in malloc'd memory */ -static char * -strnsave(char *s, int n) -{ - char *cp; - - if (n < 0) { - n = (int)strlen(s); - } - NEWARRAY(char, cp, n + 1, "strnsave", return NULL); - (void) memcpy(cp, s, (size_t)n); - cp[n] = 0x0; - return cp; -} - -/* open a file in a buffer gap structure */ -int -bufgap_open(bufgap_t *bp, const char *f) -{ - struct stat s; - int64_t cc; - FILE *filep; - char *cp; - - (void) memset(bp, 0x0, sizeof(*bp)); - filep = NULL; - if (f != NULL && (filep = fopen(f, "r")) == NULL) { - return 0; - } - if (f == NULL) { - bp->size = BGCHUNKSIZE; - NEWARRAY(char, bp->buf, bp->size, "f_open", return 0); - } else { - (void) fstat(fileno(filep), &s); - bp->size = (int) ((s.st_size / BGCHUNKSIZE) + 1) * BGCHUNKSIZE; - NEWARRAY(char, bp->buf, bp->size, "f_open", return 0); - cc = fread(&BEFSUB(bp, s.st_size), sizeof(char), - (size_t)s.st_size, filep); - (void) fclose(filep); - if (cc != s.st_size) { - FREE(bp->buf); - FREE(bp); - return 0; - } - bp->name = strnsave(__UNCONST(f), (int)utfbytes(__UNCONST(f))); - bp->bbc = s.st_size; - cp = &BEFSUB(bp, cc); - for (;;) { - if ((cp = utfrune(cp, '\n')) == NULL) { - break; - } - bp->blc++; - cp++; - } - bp->bcc = utfnlen(&BEFSUB(bp, cc), (size_t)cc); - } - return 1; -} - -/* close a buffer gapped file */ -void -bufgap_close(bufgap_t *bp) -{ - FREE(bp->buf); -} - -/* move forwards `n' chars/bytes in a buffer gap */ -int -bufgap_forwards(bufgap_t *bp, uint64_t n, int type) -{ - Rune r; - int rlen; - - switch(type) { - case BGChar: - if (bp->bcc >= n) { - while (n-- > 0) { - rlen = chartorune(&r, &BEFSUB(bp, bp->bbc)); - if (rlen == 1) { - AFTSUB(bp, bp->abc) = BEFSUB(bp, bp->bbc); - } else { - (void) memmove(&AFTSUB(bp, bp->abc), - &BEFSUB(bp, bp->bbc), - (size_t)rlen); - } - bp->acc++; - bp->bcc--; - bp->abc += rlen; - bp->bbc -= rlen; - if (r == '\n') { - bp->alc++; - bp->blc--; - } - } - return 1; - } - break; - case BGByte: - if (bp->bbc >= n) { - for ( ; n > 0 ; n -= rlen) { - rlen = chartorune(&r, &BEFSUB(bp, bp->bbc)); - if (rlen == 1) { - AFTSUB(bp, bp->abc) = BEFSUB(bp, bp->bbc); - } else { - (void) memmove(&AFTSUB(bp, bp->abc), - &BEFSUB(bp, bp->bbc), - (size_t)rlen); - } - bp->acc++; - bp->bcc--; - bp->abc += rlen; - bp->bbc -= rlen; - if (r == '\n') { - bp->alc++; - bp->blc--; - } - } - return 1; - } - } - return 0; -} - -/* move backwards `n' chars in a buffer gap */ -int -bufgap_backwards(bufgap_t *bp, uint64_t n, int type) -{ - Rune r; - int rlen; - - switch(type) { - case BGChar: - if (bp->acc >= n) { - while (n-- > 0) { - rlen = priorrune(&r, &AFTSUB(bp, bp->abc)); - bp->bcc++; - bp->acc--; - bp->bbc += rlen; - bp->abc -= rlen; - if (rlen == 1) { - BEFSUB(bp, bp->bbc) = AFTSUB(bp, bp->abc); - } else { - (void) memmove(&BEFSUB(bp, bp->bbc), - &AFTSUB(bp, bp->abc), - (size_t)rlen); - } - if (r == '\n') { - bp->blc++; - bp->alc--; - } - } - return 1; - } - break; - case BGByte: - if (bp->acc >= n) { - for ( ; n > 0 ; n -= rlen) { - rlen = priorrune(&r, &AFTSUB(bp, bp->abc)); - bp->bcc++; - bp->acc--; - bp->bbc += rlen; - bp->abc -= rlen; - if (rlen == 1) { - BEFSUB(bp, bp->bbc) = AFTSUB(bp, bp->abc); - } else { - (void) memmove(&BEFSUB(bp, bp->bbc), - &AFTSUB(bp, bp->abc), - (size_t)rlen); - } - if (r == '\n') { - bp->blc++; - bp->alc--; - } - } - return 1; - } - } - return 0; -} - -/* move within a buffer gap */ -int -bufgap_seek(bufgap_t *bp, int64_t off, int whence, int type) -{ - switch(type) { - case BGLine: - switch(whence) { - case BGFromBOF: - if (off < 0 || off > (int64_t)(bp->alc + bp->blc)) { - return 0; - } - if (off < (int64_t)bp->alc) { - while (off <= (int64_t)bp->alc && bufgap_backwards(bp, 1, BGChar)) { - } - if (off > 0) { - (void) bufgap_forwards(bp, 1, BGChar); - } - } else if (off > (int64_t)bp->alc) { - while (off > (int64_t)bp->alc && bufgap_forwards(bp, 1, BGChar)) { - } - } - return 1; - case BGFromHere: - return bufgap_seek(bp, (int64_t)(bp->alc + off), BGFromBOF, BGLine); - case BGFromEOF: - return bufgap_seek(bp, (int64_t)(bp->alc + bp->blc + off), BGFromBOF, BGLine); - } - break; - case BGChar: - switch(whence) { - case BGFromBOF: - if (off < 0 || off > (int64_t)(bp->acc + bp->bcc)) { - return 0; - } - if (off < (int64_t)bp->acc) { - return bufgap_backwards(bp, bp->acc - off, BGChar); - } else if (off > (int64_t)bp->acc) { - return bufgap_forwards(bp, off - bp->acc, BGChar); - } - return 1; - case BGFromHere: - return bufgap_seek(bp, (int64_t)(bp->acc + off), BGFromBOF, BGChar); - case BGFromEOF: - return bufgap_seek(bp, (int64_t)(bp->acc + bp->bcc + off), BGFromBOF, BGChar); - } - break; - case BGByte: - switch(whence) { - case BGFromBOF: - if (off < 0 || off > (int64_t)(bp->abc + bp->bbc)) { - return 0; - } - if (off < (int64_t)bp->abc) { - return bufgap_backwards(bp, bp->abc - off, BGByte); - } else if (off > (int64_t)bp->abc) { - return bufgap_forwards(bp, off - bp->abc, BGByte); - } - return 1; - case BGFromHere: - return bufgap_seek(bp, (int64_t)(bp->abc + off), BGFromBOF, BGByte); - case BGFromEOF: - return bufgap_seek(bp, (int64_t)(bp->abc + bp->bbc + off), BGFromBOF, BGByte); - } - break; - } - return 0; -} - -/* return a pointer to the text in the buffer gap */ -char * -bufgap_getstr(bufgap_t *bp) -{ - return &BEFSUB(bp, bp->bbc); -} - -/* return the binary text in the buffer gap */ -int -bufgap_getbin(bufgap_t *bp, void *dst, size_t len) -{ - int cc; - - cc = (bp->bcc < len) ? (int)bp->bcc : (int)len; - (void) memcpy(dst, &BEFSUB(bp, bp->bbc), len); - return cc; -} - -/* return offset (from beginning/end) in a buffer gap */ -int64_t -bufgap_tell(bufgap_t *bp, int whence, int type) -{ - switch(whence) { - case BGFromBOF: - return (type == BGLine) ? bp->alc : - (type == BGByte) ? bp->abc : bp->acc; - case BGFromEOF: - return (type == BGLine) ? bp->blc : - (type == BGByte) ? bp->bbc : bp->bcc; - default: - (void) fprintf(stderr, "weird whence in bufgap_tell\n"); - break; - } - return (int64_t)0; -} - -/* return size of buffer gap */ -int64_t -bufgap_size(bufgap_t *bp, int type) -{ - return (type == BGLine) ? bp->alc + bp->blc : - (type == BGChar) ? bp->acc + bp->bcc : - bp->abc + bp->bbc; -} - -/* insert `n' chars of `s' in a buffer gap */ -int -bufgap_insert(bufgap_t *bp, const char *s, int n) -{ - int64_t off; - Rune r; - int rlen; - int i; - - if (n < 0) { - n = (int)strlen(s); - } - for (i = 0 ; i < n ; i += rlen) { - if (bp->bbc + bp->abc == bp->size) { - off = bufgap_tell(bp, BGFromBOF, BGChar); - (void) bufgap_seek(bp, 0, BGFromEOF, BGChar); - bp->size *= 2; - RENEW(char, bp->buf, bp->size, "bufgap_insert", return 0); - (void) bufgap_seek(bp, off, BGFromBOF, BGChar); - } - if ((rlen = chartorune(&r, __UNCONST(s))) == 1) { - AFTSUB(bp, bp->abc) = *s; - } else { - (void) memmove(&AFTSUB(bp, bp->abc), s, (size_t)rlen); - } - if (r == '\n') { - bp->alc++; - } - bp->modified = 1; - bp->abc += rlen; - bp->acc++; - s += rlen; - } - return 1; -} - -/* delete `n' bytes from the buffer gap */ -int -bufgap_delete(bufgap_t *bp, uint64_t n) -{ - uint64_t i; - Rune r; - int rlen; - - if (n <= bp->bbc) { - for (i = 0 ; i < n ; i += rlen) { - rlen = chartorune(&r, &BEFSUB(bp, bp->bbc)); - if (r == '\n') { - bp->blc--; - } - bp->bbc -= rlen; - bp->bcc--; - bp->modified = 1; - } - return 1; - } - return 0; -} - -/* look at a character in a buffer gap `delta' UTF chars away */ -int -bufgap_peek(bufgap_t *bp, int64_t delta) -{ - int ch; - - if (delta != 0) { - if (!bufgap_seek(bp, delta, BGFromHere, BGChar)) { - return -1; - } - } - ch = BEFSUB(bp, bp->bbc); - if (delta != 0) { - (void) bufgap_seek(bp, -delta, BGFromHere, BGChar); - } - return ch; -} - -/* return, in malloc'd storage, text from the buffer gap */ -char * -bufgap_gettext(bufgap_t *bp, int64_t from, int64_t to) -{ - int64_t off; - int64_t n; - char *text; - - off = bufgap_tell(bp, BGFromBOF, BGChar); - NEWARRAY(char, text, (to - from + 1), "bufgap_gettext", return NULL); - (void) bufgap_seek(bp, from, BGFromBOF, BGChar); - for (n = 0 ; n < to - from ; n++) { - text[(int)n] = BEFSUB(bp, bp->bbc - n); - } - text[(int)n] = 0x0; - (void) bufgap_seek(bp, off, BGFromBOF, BGChar); - return text; -} - -/* return 1 if we wrote the file correctly */ -int -bufgap_write(bufgap_t *bp, FILE *filep) -{ - if (fwrite(bp->buf, sizeof(char), (size_t)bp->abc, filep) != (size_t)bp->abc) { - return 0; - } - if (fwrite(&BEFSUB(bp, bp->bbc), sizeof(char), (size_t)bp->bbc, filep) != (size_t)bp->bbc) { - return 0; - } - return 1; -} - -/* tell if the buffer gap is dirty - has been modified */ -int -bufgap_dirty(bufgap_t *bp) -{ - return (int)bp->modified; -} diff --git a/enzevalos_iphone/netpgp/lib/bufgap.h b/enzevalos_iphone/netpgp/lib/bufgap.h deleted file mode 100644 index 461126db..00000000 --- a/enzevalos_iphone/netpgp/lib/bufgap.h +++ /dev/null @@ -1,88 +0,0 @@ -/* $NetBSD: bufgap.h,v 1.2 2009/12/06 17:43:05 agc Exp $ */ - -/*- - * Copyright (c) 1996-2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef BUFGAP_H_ -#define BUFGAP_H_ 20091023 - -#include <sys/types.h> - -#include <inttypes.h> -#include <stdio.h> - -#ifndef BUFGAP_VERSION_STRING -#define BUFGAP_VERSION_STRING "20091022" -#endif - -#ifndef BUFGAP_AUTHOR_STRING -#define BUFGAP_AUTHOR_STRING "Alistair Crooks (agc@netbsd.org)" -#endif - -/* Constants for Buffer Gap routines */ -enum { - BGByte, - BGChar, - BGLine, - - BGFromBOF, - BGFromHere, - BGFromEOF -}; - -/* this struct describes a file in memory */ -typedef struct bufgap_t { - uint64_t size; /* size of file */ - uint64_t abc; /* # of bytes after the gap */ - uint64_t bbc; /* # of bytes before the gap */ - uint64_t acc; /* # of utf chars after the gap */ - uint64_t bcc; /* # of utf chars before the gap */ - uint64_t alc; /* # of records after the gap */ - uint64_t blc; /* # of records before the gap */ - char *name; /* file name - perhaps null */ - char *buf; /* buffer-gap buffer */ - char modified; /* file has been modified */ -} bufgap_t; - -int bufgap_open(bufgap_t *, const char *); -void bufgap_close(bufgap_t *); -int bufgap_forwards(bufgap_t *, uint64_t, int); -int bufgap_backwards(bufgap_t *, uint64_t, int); -int bufgap_seek(bufgap_t *, int64_t, int, int); -char *bufgap_getstr(bufgap_t *); -int bufgap_getbin(bufgap_t *, void *, size_t); -int64_t bufgap_tell(bufgap_t *, int, int); -int64_t bufgap_size(bufgap_t *, int); -int bufgap_insert(bufgap_t *, const char *, int); -int bufgap_delete(bufgap_t *, uint64_t); -int bufgap_peek(bufgap_t *, int64_t); -char *bufgap_gettext(bufgap_t *, int64_t, int64_t); -int bufgap_write(bufgap_t *, FILE *); -int bufgap_dirty(bufgap_t *); - -#endif /* !BUFGAP_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/compress.c b/enzevalos_iphone/netpgp/lib/compress.c deleted file mode 100644 index c1d5a5d3..00000000 --- a/enzevalos_iphone/netpgp/lib/compress.c +++ /dev/null @@ -1,501 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: compress.c,v 1.18 2010/10/31 18:31:03 agc Exp $"); -#endif - -#ifdef HAVE_ZLIB_H -#include <zlib.h> -#endif - -#ifdef HAVE_BZLIB_H -#include <bzlib.h> -#endif - -#include <string.h> - -#include "packet-parse.h" -#include "errors.h" -#include "netpgpdefs.h" -#include "crypto.h" -#include "memory.h" -#include "writer.h" - -#define DECOMPRESS_BUFFER 1024 - -typedef struct { - __ops_compression_type_t type; - __ops_region_t *region; - uint8_t in[DECOMPRESS_BUFFER]; - uint8_t out[DECOMPRESS_BUFFER]; - z_stream zstream;/* ZIP and ZLIB */ - size_t offset; - int inflate_ret; -} z_decompress_t; - -#ifdef HAVE_BZLIB_H -typedef struct { - __ops_compression_type_t type; - __ops_region_t *region; - char in[DECOMPRESS_BUFFER]; - char out[DECOMPRESS_BUFFER]; - bz_stream bzstream; /* BZIP2 */ - size_t offset; - int inflate_ret; -} bz_decompress_t; -#endif - -typedef struct { - z_stream stream; - uint8_t *src; - uint8_t *dst; -} compress_t; - -/* - * \todo remove code duplication between this and - * bzip2_compressed_data_reader - */ -static int -zlib_compressed_data_reader(void *dest, size_t length, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - z_decompress_t *z = __ops_reader_get_arg(readinfo); - size_t len; - size_t cc; - char *cdest = dest; - - if (z->type != OPS_C_ZIP && z->type != OPS_C_ZLIB) { - (void) fprintf(stderr, - "zlib_compressed_data_reader: weird type %d\n", - z->type); - return 0; - } - - if (z->inflate_ret == Z_STREAM_END && - z->zstream.next_out == &z->out[z->offset]) { - return 0; - } - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, - "zlib_compressed_data_reader: length %" PRIsize "d\n", - length); - } - - if (z->region->readc == z->region->length) { - if (z->inflate_ret != Z_STREAM_END) { - OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, - "Compressed data didn't end when region ended."); - } - } - for (cc = 0 ; cc < length ; cc += len) { - if (&z->out[z->offset] == z->zstream.next_out) { - int ret; - - z->zstream.next_out = z->out; - z->zstream.avail_out = sizeof(z->out); - z->offset = 0; - if (z->zstream.avail_in == 0) { - unsigned n = z->region->length; - - if (!z->region->indeterminate) { - n -= z->region->readc; - if (n > sizeof(z->in)) { - n = sizeof(z->in); - } - } else { - n = sizeof(z->in); - } - if (!__ops_stacked_limited_read(z->in, n, - z->region, - errors, readinfo, cbinfo)) { - return -1; - } - - z->zstream.next_in = z->in; - z->zstream.avail_in = (z->region->indeterminate) ? - z->region->last_read : n; - } - ret = inflate(&z->zstream, Z_SYNC_FLUSH); - if (ret == Z_STREAM_END) { - if (!z->region->indeterminate && - z->region->readc != z->region->length) { - OPS_ERROR(cbinfo->errors, - OPS_E_P_DECOMPRESSION_ERROR, - "Compressed stream ended before packet end."); - } - } else if (ret != Z_OK) { - (void) fprintf(stderr, "ret=%d\n", ret); - OPS_ERROR(cbinfo->errors, - OPS_E_P_DECOMPRESSION_ERROR, z->zstream.msg); - } - z->inflate_ret = ret; - } - if (z->zstream.next_out <= &z->out[z->offset]) { - (void) fprintf(stderr, "Out of memory in buffer\n"); - return 0; - } - len = (size_t)(z->zstream.next_out - &z->out[z->offset]); - if (len > length) { - len = length; - } - (void) memcpy(&cdest[cc], &z->out[z->offset], len); - z->offset += len; - } - - return (int)length; -} - -#ifdef HAVE_BZLIB_H -/* \todo remove code duplication between this and zlib_compressed_data_reader */ -static int -bzip2_compressed_data_reader(void *dest, size_t length, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - bz_decompress_t *bz = __ops_reader_get_arg(readinfo); - size_t len; - size_t cc; - char *cdest = dest; - - if (bz->type != OPS_C_BZIP2) { - (void) fprintf(stderr, "Weird type %d\n", bz->type); - return 0; - } - - if (bz->inflate_ret == BZ_STREAM_END && - bz->bzstream.next_out == &bz->out[bz->offset]) { - return 0; - } - if (bz->region->readc == bz->region->length) { - if (bz->inflate_ret != BZ_STREAM_END) { - OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, - "Compressed data didn't end when region ended."); - } - } - for (cc = 0 ; cc < length ; cc += len) { - if (&bz->out[bz->offset] == bz->bzstream.next_out) { - int ret; - - bz->bzstream.next_out = (char *) bz->out; - bz->bzstream.avail_out = sizeof(bz->out); - bz->offset = 0; - if (bz->bzstream.avail_in == 0) { - unsigned n = bz->region->length; - - if (!bz->region->indeterminate) { - n -= bz->region->readc; - if (n > sizeof(bz->in)) - n = sizeof(bz->in); - } else - n = sizeof(bz->in); - - if (!__ops_stacked_limited_read( - (uint8_t *) bz->in, - n, bz->region, - errors, readinfo, cbinfo)) - return -1; - - bz->bzstream.next_in = bz->in; - bz->bzstream.avail_in = - (bz->region->indeterminate) ? - bz->region->last_read : n; - } - ret = BZ2_bzDecompress(&bz->bzstream); - if (ret == BZ_STREAM_END) { - if (!bz->region->indeterminate && - bz->region->readc != bz->region->length) - OPS_ERROR(cbinfo->errors, - OPS_E_P_DECOMPRESSION_ERROR, - "Compressed stream ended before packet end."); - } else if (ret != BZ_OK) { - OPS_ERROR_1(cbinfo->errors, - OPS_E_P_DECOMPRESSION_ERROR, - "Invalid return %d from BZ2_bzDecompress", ret); - } - bz->inflate_ret = ret; - } - if (bz->bzstream.next_out <= &bz->out[bz->offset]) { - (void) fprintf(stderr, "Out of bz memroy\n"); - return 0; - } - len = (size_t)(bz->bzstream.next_out - &bz->out[bz->offset]); - if (len > length) { - len = length; - } - (void) memcpy(&cdest[cc], &bz->out[bz->offset], len); - bz->offset += len; - } - - return (int)length; -} -#endif - -/** - * \ingroup Core_Compress - * - * \param *region Pointer to a region - * \param *stream How to parse - * \param type Which compression type to expect -*/ - -int -__ops_decompress(__ops_region_t *region, __ops_stream_t *stream, - __ops_compression_type_t type) -{ - z_decompress_t z; -#ifdef HAVE_BZLIB_H - bz_decompress_t bz; -#endif - const int printerrors = 1; - int ret; - - switch (type) { - case OPS_C_ZIP: - case OPS_C_ZLIB: - (void) memset(&z, 0x0, sizeof(z)); - - z.region = region; - z.offset = 0; - z.type = type; - - z.zstream.next_in = Z_NULL; - z.zstream.avail_in = 0; - z.zstream.next_out = z.out; - z.zstream.zalloc = Z_NULL; - z.zstream.zfree = Z_NULL; - z.zstream.opaque = Z_NULL; - - break; - -#ifdef HAVE_BZLIB_H - case OPS_C_BZIP2: - (void) memset(&bz, 0x0, sizeof(bz)); - - bz.region = region; - bz.offset = 0; - bz.type = type; - - bz.bzstream.next_in = NULL; - bz.bzstream.avail_in = 0; - bz.bzstream.next_out = bz.out; - bz.bzstream.bzalloc = NULL; - bz.bzstream.bzfree = NULL; - bz.bzstream.opaque = NULL; -#endif - - break; - - default: - OPS_ERROR_1(&stream->errors, - OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, - "Compression algorithm %d is not yet supported", type); - return 0; - } - - switch (type) { - case OPS_C_ZIP: - /* LINTED */ /* this is a lint problem in zlib.h header */ - ret = (int)inflateInit2(&z.zstream, -15); - break; - - case OPS_C_ZLIB: - /* LINTED */ /* this is a lint problem in zlib.h header */ - ret = (int)inflateInit(&z.zstream); - break; - -#ifdef HAVE_BZLIB_H - case OPS_C_BZIP2: - ret = BZ2_bzDecompressInit(&bz.bzstream, 1, 0); - break; -#endif - - default: - OPS_ERROR_1(&stream->errors, - OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, - "Compression algorithm %d is not yet supported", type); - return 0; - } - - switch (type) { - case OPS_C_ZIP: - case OPS_C_ZLIB: - if (ret != Z_OK) { - OPS_ERROR_1(&stream->errors, - OPS_E_P_DECOMPRESSION_ERROR, -"Cannot initialise ZIP or ZLIB stream for decompression: error=%d", ret); - return 0; - } - __ops_reader_push(stream, zlib_compressed_data_reader, - NULL, &z); - break; - -#ifdef HAVE_BZLIB_H - case OPS_C_BZIP2: - if (ret != BZ_OK) { - OPS_ERROR_1(&stream->errors, - OPS_E_P_DECOMPRESSION_ERROR, -"Cannot initialise BZIP2 stream for decompression: error=%d", ret); - return 0; - } - __ops_reader_push(stream, bzip2_compressed_data_reader, - NULL, &bz); - break; -#endif - - default: - OPS_ERROR_1(&stream->errors, - OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, - "Compression algorithm %d is not yet supported", type); - return 0; - } - - ret = __ops_parse(stream, !printerrors); - - __ops_reader_pop(stream); - - return ret; -} - -/** -\ingroup Core_WritePackets -\brief Writes Compressed packet -\param data Data to write out -\param len Length of data -\param output Write settings -\return 1 if OK; else 0 -*/ - -unsigned -__ops_writez(__ops_output_t *out, const uint8_t *data, const unsigned len) -{ - compress_t *zip; - size_t sz_in; - size_t sz_out; - int ret; - int r = 0; - - /* compress the data */ - const int level = Z_DEFAULT_COMPRESSION; /* \todo allow varying - * levels */ - - if ((zip = calloc(1, sizeof(*zip))) == NULL) { - (void) fprintf(stderr, "__ops_writez: bad alloc\n"); - return 0; - } - zip->stream.zalloc = Z_NULL; - zip->stream.zfree = Z_NULL; - zip->stream.opaque = NULL; - - /* all other fields set to zero by use of calloc */ - - /* LINTED */ /* this is a lint problem in zlib.h header */ - if ((int)deflateInit(&zip->stream, level) != Z_OK) { - (void) fprintf(stderr, "__ops_writez: can't initialise\n"); - return 0; - } - /* do necessary transformation */ - /* copy input to maintain const'ness of src */ - if (zip->src != NULL || zip->dst != NULL) { - (void) fprintf(stderr, "__ops_writez: non-null streams\n"); - return 0; - } - - sz_in = len * sizeof(uint8_t); - sz_out = ((101 * sz_in) / 100) + 12; /* from zlib webpage */ - if ((zip->src = calloc(1, sz_in)) == NULL) { - free(zip); - (void) fprintf(stderr, "__ops_writez: bad alloc2\n"); - return 0; - } - if ((zip->dst = calloc(1, sz_out)) == NULL) { - free(zip->src); - free(zip); - (void) fprintf(stderr, "__ops_writez: bad alloc3\n"); - return 0; - } - (void) memcpy(zip->src, data, len); - - /* setup stream */ - zip->stream.next_in = zip->src; - zip->stream.avail_in = (unsigned)sz_in; - zip->stream.total_in = 0; - - zip->stream.next_out = zip->dst; - zip->stream.avail_out = (unsigned)sz_out; - zip->stream.total_out = 0; - - do { - r = deflate(&zip->stream, Z_FINISH); - } while (r != Z_STREAM_END); - - /* write it out */ - ret = __ops_write_ptag(out, OPS_PTAG_CT_COMPRESSED) && - __ops_write_length(out, (unsigned)(zip->stream.total_out + 1))&& - __ops_write_scalar(out, OPS_C_ZLIB, 1) && - __ops_write(out, zip->dst, (unsigned)zip->stream.total_out); - - free(zip->src); - free(zip->dst); - free(zip); - return ret; -} diff --git a/enzevalos_iphone/netpgp/lib/config.h b/enzevalos_iphone/netpgp/lib/config.h deleted file mode 100644 index 88ae0608..00000000 --- a/enzevalos_iphone/netpgp/lib/config.h +++ /dev/null @@ -1,181 +0,0 @@ -/* src/lib/config.h. Generated from config.h.in by configure. */ -/* src/lib/config.h.in. Generated from configure.ac by autoheader. */ - -/* Define to 1 if you have the <bzlib.h> header file. */ -#define HAVE_BZLIB_H 1 - -/* Define to 1 if you have the <CommonCrypto/CommonDigest.h> header file. */ -#define HAVE_COMMONCRYPTO_COMMONDIGEST_H 1 - -/* Define to 1 if you have the <direct.h> header file. */ -/* #undef HAVE_DIRECT_H */ - -/* Define to 1 if you have the <dlfcn.h> header file. */ -#define HAVE_DLFCN_H 1 - -/* Define to 1 if you have the <dmalloc.h> header file. */ -/* #undef HAVE_DMALLOC_H */ - -/* Define to 1 if you have the <errno.h> header file. */ -#define HAVE_ERRNO_H 1 - -/* Define to 1 if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H 1 - -/* Define to 1 if you have the <inttypes.h> header file. */ -#define HAVE_INTTYPES_H 1 - -/* Define to 1 if you have the <limits.h> header file. */ -#define HAVE_LIMITS_H 1 - -/* Define to 1 if the system has the type `long long int'. */ -#define HAVE_LONG_LONG_INT 1 - -/* Define to 1 if you have the <malloc.h> header file. */ -/* #undef HAVE_MALLOC_H */ - -/* Define to 1 if you have the <memory.h> header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the <openssl/aes.h> header file. */ -#define HAVE_OPENSSL_AES_H 1 - -/* Define to 1 if you have the <openssl/bn.h> header file. */ -#define HAVE_OPENSSL_BN_H 1 - -/* Define to 1 if you have the <openssl/camellia.h> header file. */ -#define HAVE_OPENSSL_CAMELLIA_H 1 - -/* Define to 1 if you have the <openssl/cast.h> header file. */ -#define HAVE_OPENSSL_CAST_H 1 - -/* Define to 1 if you have the <openssl/des.h> header file. */ -#define HAVE_OPENSSL_DES_H 1 - -/* Define to 1 if you have the <openssl/dsa.h> header file. */ -#define HAVE_OPENSSL_DSA_H 1 - -/* Define to 1 if you have the <openssl/err.h> header file. */ -#define HAVE_OPENSSL_ERR_H 1 - -/* Define to 1 if you have the <openssl/idea.h> header file. */ -#define HAVE_OPENSSL_IDEA_H 1 - -/* Define to 1 if you have the <openssl/md5.h> header file. */ -#define HAVE_OPENSSL_MD5_H 1 - -/* Define to 1 if you have the <openssl/rand.h> header file. */ -#define HAVE_OPENSSL_RAND_H 1 - -/* Define to 1 if you have the <openssl/rsa.h> header file. */ -#define HAVE_OPENSSL_RSA_H 1 - -/* Define to 1 if you have the <openssl/sha.h> header file. */ -#define HAVE_OPENSSL_SHA_H 1 - -/* Define to 1 if the system has the type `SHA256_CTX'. */ -#define HAVE_SHA256_CTX 1 - -/* Define to 1 if you have the <stdint.h> header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the <strings.h> header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the <sys/cdefs.h> header file. */ -#define HAVE_SYS_CDEFS_H 1 - -/* Define to 1 if you have the <sys/file.h> header file. */ -#define HAVE_SYS_FILE_H 1 - -/* Define to 1 if you have the <sys/mman.h> header file. */ -#define HAVE_SYS_MMAN_H 1 - -/* Define to 1 if you have the <sys/param.h> header file. */ -#define HAVE_SYS_PARAM_H 1 - -/* Define to 1 if you have the <sys/resource.h> header file. */ -#define HAVE_SYS_RESOURCE_H 1 - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the <sys/types.h> header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the <sys/uio.h> header file. */ -#define HAVE_SYS_UIO_H 1 - -/* Define to 1 if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the <zlib.h> header file. */ -#define HAVE_ZLIB_H 1 - -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ -#define LT_OBJDIR ".libs/" - -/* Name of package */ -#define PACKAGE "netpgp" - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "Alistair Crooks <agc@netbsd.org> c0596823" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "netpgp" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "netpgp 20101107" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "netpgp" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "20101107" - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Version number of package */ -#define VERSION "20101107" - -/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>, - <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the - #define below would cause a syntax error. */ -/* #undef _UINT32_T */ - -/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>, - <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the - #define below would cause a syntax error. */ -/* #undef _UINT64_T */ - -/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>, - <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the - #define below would cause a syntax error. */ -/* #undef _UINT8_T */ - -/* Define to `unsigned int' if <sys/types.h> does not define. */ -/* #undef size_t */ - -/* Define to the type of an unsigned integer type of width exactly 16 bits if - such a type exists and the standard includes do not define it. */ -/* #undef uint16_t */ - -/* Define to the type of an unsigned integer type of width exactly 32 bits if - such a type exists and the standard includes do not define it. */ -/* #undef uint32_t */ - -/* Define to the type of an unsigned integer type of width exactly 64 bits if - such a type exists and the standard includes do not define it. */ -/* #undef uint64_t */ - -/* Define to the type of an unsigned integer type of width exactly 8 bits if - such a type exists and the standard includes do not define it. */ -/* #undef uint8_t */ diff --git a/enzevalos_iphone/netpgp/lib/create.c b/enzevalos_iphone/netpgp/lib/create.c deleted file mode 100644 index f92401f7..00000000 --- a/enzevalos_iphone/netpgp/lib/create.c +++ /dev/null @@ -1,1305 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: create.c,v 1.36 2010/11/07 02:29:28 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_OPENSSL_CAST_H -#include <openssl/cast.h> -#endif - -#include "create.h" -#include "keyring.h" -#include "packet.h" -#include "signature.h" -#include "writer.h" -#include "readerwriter.h" -#include "memory.h" -#include "netpgpdefs.h" -#include "netpgpdigest.h" - -/** - * \ingroup Core_Create - * \param length - * \param type - * \param output - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write_ss_header(__ops_output_t *output, - unsigned length, - __ops_content_enum type) -{ - return __ops_write_length(output, length) && - __ops_write_scalar(output, (unsigned)(type - - (unsigned)OPS_PTAG_SIG_SUBPKT_BASE), 1); -} - -/* - * XXX: the general idea of _fast_ is that it doesn't copy stuff the safe - * (i.e. non _fast_) version will, and so will also need to be freed. - */ - -/** - * \ingroup Core_Create - * - * __ops_fast_create_userid() sets id->userid to the given userid. - * This is fast because it is only copying a char*. However, if userid - * is changed or freed in the future, this could have injurious results. - * \param id - * \param userid - */ - -void -__ops_fast_create_userid(uint8_t **id, uint8_t *userid) -{ - *id = userid; -} - -/** - * \ingroup Core_WritePackets - * \brief Writes a User Id packet - * \param id - * \param output - * \return 1 if OK, otherwise 0 - */ -unsigned -__ops_write_struct_userid(__ops_output_t *output, const uint8_t *id) -{ - return __ops_write_ptag(output, OPS_PTAG_CT_USER_ID) && - __ops_write_length(output, (unsigned)strlen((const char *) id)) && - __ops_write(output, id, (unsigned)strlen((const char *) id)); -} - -/** - * \ingroup Core_WritePackets - * \brief Write a User Id packet. - * \param userid - * \param output - * - * \return return value from __ops_write_struct_userid() - */ -unsigned -__ops_write_userid(const uint8_t *userid, __ops_output_t *output) -{ - return __ops_write_struct_userid(output, userid); -} - -/** -\ingroup Core_MPI -*/ -static unsigned -mpi_length(const BIGNUM *bn) -{ - return (unsigned)(2 + (BN_num_bits(bn) + 7) / 8); -} - -static unsigned -pubkey_length(const __ops_pubkey_t *key) -{ - switch (key->alg) { - case OPS_PKA_DSA: - return mpi_length(key->key.dsa.p) + mpi_length(key->key.dsa.q) + - mpi_length(key->key.dsa.g) + mpi_length(key->key.dsa.y); - - case OPS_PKA_RSA: - return mpi_length(key->key.rsa.n) + mpi_length(key->key.rsa.e); - - default: - (void) fprintf(stderr, - "pubkey_length: unknown key algorithm\n"); - } - return 0; -} - -static unsigned -seckey_length(const __ops_seckey_t *key) -{ - int len; - - len = 0; - switch (key->pubkey.alg) { - case OPS_PKA_DSA: - return (unsigned)(mpi_length(key->key.dsa.x) + pubkey_length(&key->pubkey)); - case OPS_PKA_RSA: - len = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) + - mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u); - - return (unsigned)(len + pubkey_length(&key->pubkey)); - default: - (void) fprintf(stderr, - "seckey_length: unknown key algorithm\n"); - } - return 0; -} - -/** - * \ingroup Core_Create - * \param key - * \param t - * \param n - * \param e -*/ -void -__ops_fast_create_rsa_pubkey(__ops_pubkey_t *key, time_t t, - BIGNUM *n, BIGNUM *e) -{ - key->version = OPS_V4; - key->birthtime = t; - key->alg = OPS_PKA_RSA; - key->key.rsa.n = n; - key->key.rsa.e = e; -} - -/* - * Note that we support v3 keys here because they're needed for for - * verification - the writer doesn't allow them, though - */ -static unsigned -write_pubkey_body(const __ops_pubkey_t *key, __ops_output_t *output) -{ - if (!(__ops_write_scalar(output, (unsigned)key->version, 1) && - __ops_write_scalar(output, (unsigned)key->birthtime, 4))) { - return 0; - } - - if (key->version != 4 && - !__ops_write_scalar(output, key->days_valid, 2)) { - return 0; - } - - if (!__ops_write_scalar(output, (unsigned)key->alg, 1)) { - return 0; - } - - switch (key->alg) { - case OPS_PKA_DSA: - return __ops_write_mpi(output, key->key.dsa.p) && - __ops_write_mpi(output, key->key.dsa.q) && - __ops_write_mpi(output, key->key.dsa.g) && - __ops_write_mpi(output, key->key.dsa.y); - - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - return __ops_write_mpi(output, key->key.rsa.n) && - __ops_write_mpi(output, key->key.rsa.e); - - case OPS_PKA_ELGAMAL: - return __ops_write_mpi(output, key->key.elgamal.p) && - __ops_write_mpi(output, key->key.elgamal.g) && - __ops_write_mpi(output, key->key.elgamal.y); - - default: - (void) fprintf(stderr, - "write_pubkey_body: bad algorithm\n"); - break; - } - return 0; -} - -/* - * Note that we support v3 keys here because they're needed for - * verification. - */ -static unsigned -write_seckey_body(const __ops_seckey_t *key, - const uint8_t *passphrase, - const size_t pplen, - __ops_output_t *output) -{ - /* RFC4880 Section 5.5.3 Secret-Key Packet Formats */ - - __ops_crypt_t crypted; - __ops_hash_t hash; - unsigned done = 0; - unsigned i = 0; - uint8_t hashed[OPS_SHA1_HASH_SIZE]; - uint8_t sesskey[CAST_KEY_LENGTH]; - - if (!write_pubkey_body(&key->pubkey, output)) { - return 0; - } - if (key->s2k_usage != OPS_S2KU_ENCRYPTED_AND_HASHED) { - (void) fprintf(stderr, "write_seckey_body: s2k usage\n"); - return 0; - } - if (!__ops_write_scalar(output, (unsigned)key->s2k_usage, 1)) { - return 0; - } - - if (key->alg != OPS_SA_CAST5) { - (void) fprintf(stderr, "write_seckey_body: algorithm\n"); - return 0; - } - if (!__ops_write_scalar(output, (unsigned)key->alg, 1)) { - return 0; - } - - if (key->s2k_specifier != OPS_S2KS_SIMPLE && - key->s2k_specifier != OPS_S2KS_SALTED) { - /* = 1 \todo could also be iterated-and-salted */ - (void) fprintf(stderr, "write_seckey_body: s2k spec\n"); - return 0; - } - if (!__ops_write_scalar(output, (unsigned)key->s2k_specifier, 1)) { - return 0; - } - if (!__ops_write_scalar(output, (unsigned)key->hash_alg, 1)) { - return 0; - } - - switch (key->s2k_specifier) { - case OPS_S2KS_SIMPLE: - /* nothing more to do */ - break; - - case OPS_S2KS_SALTED: - /* 8-octet salt value */ - __ops_random(__UNCONST(&key->salt[0]), OPS_SALT_SIZE); - if (!__ops_write(output, key->salt, OPS_SALT_SIZE)) { - return 0; - } - break; - - /* - * \todo case OPS_S2KS_ITERATED_AND_SALTED: // 8-octet salt - * value // 1-octet count break; - */ - - default: - (void) fprintf(stderr, - "invalid/unsupported s2k specifier %d\n", - key->s2k_specifier); - return 0; - } - - if (!__ops_write(output, &key->iv[0], __ops_block_size(key->alg))) { - return 0; - } - - /* - * create the session key for encrypting the algorithm-specific - * fields - */ - - switch (key->s2k_specifier) { - case OPS_S2KS_SIMPLE: - case OPS_S2KS_SALTED: - /* RFC4880: section 3.7.1.1 and 3.7.1.2 */ - - for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) { - unsigned j; - uint8_t zero = 0; - int needed; - int size; - - needed = CAST_KEY_LENGTH - done; - size = MIN(needed, OPS_SHA1_HASH_SIZE); - - __ops_hash_any(&hash, key->hash_alg); - if (!hash.init(&hash)) { - (void) fprintf(stderr, "write_seckey_body: bad alloc\n"); - return 0; - } - - /* preload if iterating */ - for (j = 0; j < i; j++) { - /* - * Coverity shows a DEADCODE error on this - * line. This is expected since the hardcoded - * use of SHA1 and CAST5 means that it will - * not used. This will change however when - * other algorithms are supported. - */ - hash.add(&hash, &zero, 1); - } - - if (key->s2k_specifier == OPS_S2KS_SALTED) { - hash.add(&hash, key->salt, OPS_SALT_SIZE); - } - hash.add(&hash, passphrase, (unsigned)pplen); - hash.finish(&hash, hashed); // this is crashing 'i' value is completly wrong after this - - /* - * if more in hash than is needed by session key, use - * the leftmost octets - */ - (void) memcpy(&sesskey[i * OPS_SHA1_HASH_SIZE], - hashed, (unsigned)size); - done += (unsigned)size; - if (done > CAST_KEY_LENGTH) { - (void) fprintf(stderr, - "write_seckey_body: short add\n"); - return 0; - } - } - - break; - - /* - * \todo case OPS_S2KS_ITERATED_AND_SALTED: * 8-octet salt - * value * 1-octet count break; - */ - - default: - (void) fprintf(stderr, - "invalid/unsupported s2k specifier %d\n", - key->s2k_specifier); - return 0; - } - - /* use this session key to encrypt */ - - __ops_crypt_any(&crypted, key->alg); - crypted.set_iv(&crypted, key->iv); - crypted.set_crypt_key(&crypted, sesskey); - __ops_encrypt_init(&crypted); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "writing: iv=", key->iv, __ops_block_size(key->alg)); - hexdump(stderr, "key= ", sesskey, CAST_KEY_LENGTH); - (void) fprintf(stderr, "\nturning encryption on...\n"); - } - __ops_push_enc_crypt(output, &crypted); - - switch (key->pubkey.alg) { - /* case OPS_PKA_DSA: */ - /* return __ops_write_mpi(output, key->key.dsa.x); */ - - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - - if (!__ops_write_mpi(output, key->key.rsa.d) || - !__ops_write_mpi(output, key->key.rsa.p) || - !__ops_write_mpi(output, key->key.rsa.q) || - !__ops_write_mpi(output, key->key.rsa.u)) { - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, - "4 x mpi not written - problem\n"); - } - return 0; - } - break; - case OPS_PKA_DSA: - return __ops_write_mpi(output, key->key.dsa.x); - case OPS_PKA_ELGAMAL: - return __ops_write_mpi(output, key->key.elgamal.x); - default: - return 0; - } - - if (!__ops_write(output, key->checkhash, OPS_CHECKHASH_SIZE)) { - return 0; - } - - __ops_writer_pop(output); - - return 1; -} - -/** - * \ingroup Core_WritePackets - * \brief Writes a Public Key packet - * \param key - * \param output - * \return 1 if OK, otherwise 0 - */ -static unsigned -write_struct_pubkey(__ops_output_t *output, const __ops_pubkey_t *key) -{ - return __ops_write_ptag(output, OPS_PTAG_CT_PUBLIC_KEY) && - __ops_write_length(output, 1 + 4 + 1 + pubkey_length(key)) && - write_pubkey_body(key, output); -} - - -/** - \ingroup HighLevel_KeyWrite - - \brief Writes a transferable PGP public key to the given output stream. - - \param keydata Key to be written - \param armoured Flag is set for armoured output - \param output Output stream - -*/ - -unsigned -__ops_write_xfer_pubkey(__ops_output_t *output, - const __ops_key_t *key, - const unsigned armoured) -{ - unsigned i, j; - - if (armoured) { - __ops_writer_push_armoured(output, OPS_PGP_PUBLIC_KEY_BLOCK); - } - /* public key */ - if (!write_struct_pubkey(output, &key->key.pubkey)) { - return 0; - } - - /* TODO: revocation signatures go here */ - - /* user ids and corresponding signatures */ - for (i = 0; i < key->uidc; i++) { - if (!__ops_write_struct_userid(output, key->uids[i])) { - return 0; - } - for (j = 0; j < key->packetc; j++) { - if (!__ops_write(output, key->packets[j].raw, (unsigned)key->packets[j].length)) { - return 0; - } - } - } - - /* TODO: user attributes and corresponding signatures */ - - /* - * subkey packets and corresponding signatures and optional - * revocation - */ - - if (armoured) { - __ops_writer_info_finalise(&output->errors, &output->writer); - __ops_writer_pop(output); - } - return 1; -} - -/** - \ingroup HighLevel_KeyWrite - - \brief Writes a transferable PGP secret key to the given output stream. - - \param keydata Key to be written - \param passphrase - \param pplen - \param armoured Flag is set for armoured output - \param output Output stream - -*/ - -unsigned -__ops_write_xfer_seckey(__ops_output_t *output, - const __ops_key_t *key, - const uint8_t *passphrase, - const size_t pplen, - unsigned armoured) -{ - unsigned i, j; - - if (armoured) { - __ops_writer_push_armoured(output, OPS_PGP_PRIVATE_KEY_BLOCK); - } - /* public key */ - if (!__ops_write_struct_seckey(&key->key.seckey, passphrase, - pplen, output)) { - return 0; - } - - /* TODO: revocation signatures go here */ - - /* user ids and corresponding signatures */ - for (i = 0; i < key->uidc; i++) { - if (!__ops_write_struct_userid(output, key->uids[i])) { - return 0; - } - for (j = 0; j < key->packetc; j++) { - if (!__ops_write(output, key->packets[j].raw, (unsigned)key->packets[j].length)) { - return 0; - } - } - } - - /* TODO: user attributes and corresponding signatures */ - - /* - * subkey packets and corresponding signatures and optional - * revocation - */ - - if (armoured) { - __ops_writer_info_finalise(&output->errors, &output->writer); - __ops_writer_pop(output); - } - return 1; -} - -/** - * \ingroup Core_WritePackets - * \brief Writes one RSA public key packet. - * \param t Creation time - * \param n RSA public modulus - * \param e RSA public encryption exponent - * \param output Writer settings - * - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write_rsa_pubkey(time_t t, const BIGNUM *n, - const BIGNUM *e, - __ops_output_t *output) -{ - __ops_pubkey_t key; - - __ops_fast_create_rsa_pubkey(&key, t, __UNCONST(n), __UNCONST(e)); - return write_struct_pubkey(output, &key); -} - -/** - * \ingroup Core_Create - * \param out - * \param key - * \param make_packet - */ - -void -__ops_build_pubkey(__ops_memory_t *out, const __ops_pubkey_t *key, - unsigned make_packet) -{ - __ops_output_t *output; - - output = __ops_output_new(); - __ops_memory_init(out, 128); - __ops_writer_set_memory(output, out); - write_pubkey_body(key, output); - if (make_packet) { - __ops_memory_make_packet(out, OPS_PTAG_CT_PUBLIC_KEY); - } - __ops_output_delete(output); -} - -/** - * \ingroup Core_Create - * - * Create an RSA secret key structure. If a parameter is marked as - * [OPTIONAL], then it can be omitted and will be calculated from - * other params - or, in the case of e, will default to 0x10001. - * - * Parameters are _not_ copied, so will be freed if the structure is - * freed. - * - * \param key The key structure to be initialised. - * \param t - * \param d The RSA parameter d (=e^-1 mod (p-1)(q-1)) [OPTIONAL] - * \param p The RSA parameter p - * \param q The RSA parameter q (q > p) - * \param u The RSA parameter u (=p^-1 mod q) [OPTIONAL] - * \param n The RSA public parameter n (=p*q) [OPTIONAL] - * \param e The RSA public parameter e */ - -void -__ops_fast_create_rsa_seckey(__ops_seckey_t *key, time_t t, - BIGNUM *d, BIGNUM *p, BIGNUM *q, BIGNUM *u, - BIGNUM *n, BIGNUM *e) -{ - __ops_fast_create_rsa_pubkey(&key->pubkey, t, n, e); - - /* XXX: calculate optionals */ - key->key.rsa.d = d; - key->key.rsa.p = p; - key->key.rsa.q = q; - key->key.rsa.u = u; - - key->s2k_usage = OPS_S2KU_NONE; - - /* XXX: sanity check and add errors... */ -} - -/** - * \ingroup Core_WritePackets - * \brief Writes a Secret Key packet. - * \param key The secret key - * \param passphrase The passphrase - * \param pplen Length of passphrase - * \param output - * \return 1 if OK; else 0 - */ -unsigned -__ops_write_struct_seckey(const __ops_seckey_t *key, - const uint8_t *passphrase, - const size_t pplen, - __ops_output_t *output) -{ - int length = 0; - - if (key->pubkey.version != 4) { - (void) fprintf(stderr, - "__ops_write_struct_seckey: public key version\n"); - return 0; - } - - /* Ref: RFC4880 Section 5.5.3 */ - - /* pubkey, excluding MPIs */ - length += 1 + 4 + 1 + 1; - - /* s2k usage */ - length += 1; - - switch (key->s2k_usage) { - case OPS_S2KU_NONE: - /* nothing to add */ - break; - - case OPS_S2KU_ENCRYPTED_AND_HASHED: /* 254 */ - case OPS_S2KU_ENCRYPTED: /* 255 */ - - /* Ref: RFC4880 Section 3.7 */ - length += 1; /* s2k_specifier */ - - switch (key->s2k_specifier) { - case OPS_S2KS_SIMPLE: - length += 1; /* hash algorithm */ - break; - - case OPS_S2KS_SALTED: - length += 1 + 8; /* hash algorithm + salt */ - break; - - case OPS_S2KS_ITERATED_AND_SALTED: - length += 1 + 8 + 1; /* hash algorithm, salt + - * count */ - break; - - default: - (void) fprintf(stderr, - "__ops_write_struct_seckey: s2k spec\n"); - return 0; - } - break; - - default: - (void) fprintf(stderr, - "__ops_write_struct_seckey: s2k usage\n"); - return 0; - } - - /* IV */ - if (key->s2k_usage) { - length += __ops_block_size(key->alg); - } - /* checksum or hash */ - switch (key->s2k_usage) { - case OPS_S2KU_NONE: - case OPS_S2KU_ENCRYPTED: - length += 2; - break; - - case OPS_S2KU_ENCRYPTED_AND_HASHED: - length += OPS_CHECKHASH_SIZE; - break; - - default: - (void) fprintf(stderr, - "__ops_write_struct_seckey: s2k cksum usage\n"); - return 0; - } - - /* secret key and public key MPIs */ - length += (unsigned)seckey_length(key); - - return __ops_write_ptag(output, OPS_PTAG_CT_SECRET_KEY) && - /* __ops_write_length(output,1+4+1+1+seckey_length(key)+2) && */ - __ops_write_length(output, (unsigned)length) && - write_seckey_body(key, passphrase, pplen, output); -} - -/** - * \ingroup Core_Create - * - * \brief Create a new __ops_output_t structure. - * - * \return the new structure. - * \note It is the responsiblity of the caller to call __ops_output_delete(). - * \sa __ops_output_delete() - */ -__ops_output_t * -__ops_output_new(void) -{ - return calloc(1, sizeof(__ops_output_t)); -} - -/** - * \ingroup Core_Create - * \brief Delete an __ops_output_t strucut and associated resources. - * - * Delete an __ops_output_t structure. If a writer is active, then - * that is also deleted. - * - * \param info the structure to be deleted. - */ -void -__ops_output_delete(__ops_output_t *output) -{ - __ops_writer_info_delete(&output->writer); - free(output); -} - -/** - \ingroup Core_Create - \brief Calculate the checksum for a session key - \param sesskey Session Key to use - \param cs Checksum to be written - \return 1 if OK; else 0 -*/ -unsigned -__ops_calc_sesskey_checksum(__ops_pk_sesskey_t *sesskey, uint8_t cs[2]) -{ - uint32_t checksum = 0; - unsigned i; - - if (!__ops_is_sa_supported(sesskey->symm_alg)) { - return 0; - } - - for (i = 0; i < __ops_key_size(sesskey->symm_alg); i++) { - checksum += sesskey->key[i]; - } - checksum = checksum % 65536; - - cs[0] = (uint8_t)((checksum >> 8) & 0xff); - cs[1] = (uint8_t)(checksum & 0xff); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "nm buf checksum:", cs, 2); - } - return 1; -} - -static unsigned -create_unencoded_m_buf(__ops_pk_sesskey_t *sesskey, __ops_crypt_t *cipherinfo, uint8_t *m_buf) -{ - unsigned i; - - /* m_buf is the buffer which will be encoded in PKCS#1 block - * encoding to form the "m" value used in the Public Key - * Encrypted Session Key Packet as defined in RFC Section 5.1 - * "Public-Key Encrypted Session Key Packet" - */ - m_buf[0] = sesskey->symm_alg; - for (i = 0; i < cipherinfo->keysize ; i++) { - /* XXX - Flexelint - Warning 679: Suspicious Truncation in arithmetic expression combining with pointer */ - m_buf[1 + i] = sesskey->key[i]; - } - - return __ops_calc_sesskey_checksum(sesskey, - m_buf + 1 + cipherinfo->keysize); -} - -/** -\ingroup Core_Create -\brief implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC -\param M -\param mLen -\param pubkey -\param EM -\return 1 if OK; else 0 -*/ -unsigned -encode_m_buf(const uint8_t *M, size_t mLen, const __ops_pubkey_t * pubkey, - uint8_t *EM) -{ - unsigned k; - unsigned i; - - /* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */ - switch (pubkey->alg) { - case OPS_PKA_RSA: - k = (unsigned)BN_num_bytes(pubkey->key.rsa.n); - if (mLen > k - 11) { - (void) fprintf(stderr, "encode_m_buf: message too long\n"); - return 0; - } - break; - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - k = (unsigned)BN_num_bytes(pubkey->key.elgamal.p); - if (mLen > k - 11) { - (void) fprintf(stderr, "encode_m_buf: message too long\n"); - return 0; - } - break; - default: - (void) fprintf(stderr, "encode_m_buf: pubkey algorithm\n"); - return 0; - } - /* these two bytes defined by RFC */ - EM[0] = 0x00; - EM[1] = 0x02; - /* add non-zero random bytes of length k - mLen -3 */ - for (i = 2; i < (k - mLen) - 1; ++i) { - do { - __ops_random(EM + i, 1); - } while (EM[i] == 0); - } - if (i < 8 + 2) { - (void) fprintf(stderr, "encode_m_buf: bad i len\n"); - return 0; - } - EM[i++] = 0; - (void) memcpy(EM + i, M, mLen); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "Encoded Message:", EM, mLen); - } - return 1; -} - -/** - \ingroup Core_Create -\brief Creates an __ops_pk_sesskey_t struct from keydata -\param key Keydata to use -\return __ops_pk_sesskey_t struct -\note It is the caller's responsiblity to free the returned pointer -\note Currently hard-coded to use CAST5 -\note Currently hard-coded to use RSA -*/ -__ops_pk_sesskey_t * -__ops_create_pk_sesskey(const __ops_key_t *key, const char *ciphername, int dont_use_subkey_to_encrypt) -{ - /* - * Creates a random session key and encrypts it for the given key - * - * Encryption used is PK, - * can be any, we're hardcoding RSA for now - */ - - const __ops_pubkey_t *pubkey; - __ops_pk_sesskey_t *sesskey; - __ops_symm_alg_t cipher; - const uint8_t *id; - __ops_crypt_t cipherinfo; - uint8_t *unencoded_m_buf; - uint8_t *encoded_m_buf; - size_t sz_encoded_m_buf; - - if (memcmp(key->encid, "\0\0\0\0\0\0\0\0", 8) == 0) { - pubkey = __ops_get_pubkey(key); - id = key->sigid; - } else if (dont_use_subkey_to_encrypt) { - //DUPA - pubkey = __ops_get_pubkey(key); - id = key->sigid; - } else { - pubkey = &key->enckey; - id = key->encid; - } - /* allocate unencoded_m_buf here */ - (void) memset(&cipherinfo, 0x0, sizeof(cipherinfo)); - __ops_crypt_any(&cipherinfo, - cipher = __ops_str_to_cipher((ciphername) ? ciphername : "cast5")); - unencoded_m_buf = calloc(1, cipherinfo.keysize + 1 + 2); - if (unencoded_m_buf == NULL) { - (void) fprintf(stderr, - "__ops_create_pk_sesskey: can't allocate\n"); - return NULL; - } - switch(pubkey->alg) { - case OPS_PKA_RSA: - sz_encoded_m_buf = BN_num_bytes(pubkey->key.rsa.n); - break; - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - sz_encoded_m_buf = BN_num_bytes(pubkey->key.elgamal.p); - break; - default: - sz_encoded_m_buf = 0; - break; - } - if ((encoded_m_buf = calloc(1, sz_encoded_m_buf)) == NULL) { - (void) fprintf(stderr, - "__ops_create_pk_sesskey: can't allocate\n"); - free(unencoded_m_buf); - return NULL; - } - if ((sesskey = calloc(1, sizeof(*sesskey))) == NULL) { - (void) fprintf(stderr, - "__ops_create_pk_sesskey: can't allocate\n"); - free(unencoded_m_buf); - free(encoded_m_buf); - return NULL; - } - if (key->type != OPS_PTAG_CT_PUBLIC_KEY) { - (void) fprintf(stderr, - "__ops_create_pk_sesskey: bad type\n"); - free(unencoded_m_buf); - free(encoded_m_buf); - free(sesskey); - return NULL; - } - sesskey->version = OPS_PKSK_V3; - (void) memcpy(sesskey->key_id, id, sizeof(sesskey->key_id)); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "Encrypting for keyid", id, sizeof(sesskey->key_id)); - } - switch (pubkey->alg) { - case OPS_PKA_RSA: - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - break; - default: - (void) fprintf(stderr, - "__ops_create_pk_sesskey: bad pubkey algorithm\n"); - free(unencoded_m_buf); - free(encoded_m_buf); - free(sesskey); - return NULL; - } - sesskey->alg = pubkey->alg; - - sesskey->symm_alg = cipher; - __ops_random(sesskey->key, cipherinfo.keysize); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sesskey created", sesskey->key, - cipherinfo.keysize + 1 + 2); - } - if (create_unencoded_m_buf(sesskey, &cipherinfo, &unencoded_m_buf[0]) == 0) { - free(unencoded_m_buf); - free(encoded_m_buf); - free(sesskey); - return NULL; - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "uuencoded m buf", unencoded_m_buf, cipherinfo.keysize + 1 + 2); - } - encode_m_buf(unencoded_m_buf, cipherinfo.keysize + 1 + 2, pubkey, encoded_m_buf); - - /* and encrypt it */ - switch (key->key.pubkey.alg) { - case OPS_PKA_RSA: - if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pubkey, - &sesskey->params)) { - free(unencoded_m_buf); - free(encoded_m_buf); - free(sesskey); - return NULL; - } - break; - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - if (!__ops_elgamal_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pubkey, - &sesskey->params)) { - free(unencoded_m_buf); - free(encoded_m_buf); - free(sesskey); - return NULL; - } - break; - default: - /* will not get here - for lint only */ - break; - } - free(unencoded_m_buf); - free(encoded_m_buf); - return sesskey; -} - -/** -\ingroup Core_WritePackets -\brief Writes Public Key Session Key packet -\param info Write settings -\param pksk Public Key Session Key to write out -\return 1 if OK; else 0 -*/ -unsigned -__ops_write_pk_sesskey(__ops_output_t *output, __ops_pk_sesskey_t *pksk) -{ - /* XXX - Flexelint - Pointer parameter 'pksk' (line 1076) could be declared as pointing to const */ - if (pksk == NULL) { - (void) fprintf(stderr, - "__ops_write_pk_sesskey: NULL pksk\n"); - return 0; - } - switch (pksk->alg) { - case OPS_PKA_RSA: - return __ops_write_ptag(output, OPS_PTAG_CT_PK_SESSION_KEY) && - __ops_write_length(output, (unsigned)(1 + 8 + 1 + - BN_num_bytes(pksk->params.rsa.encrypted_m) + 2)) && - __ops_write_scalar(output, (unsigned)pksk->version, 1) && - __ops_write(output, pksk->key_id, 8) && - __ops_write_scalar(output, (unsigned)pksk->alg, 1) && - __ops_write_mpi(output, pksk->params.rsa.encrypted_m) - /* ?? && __ops_write_scalar(output, 0, 2); */ - ; - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - return __ops_write_ptag(output, OPS_PTAG_CT_PK_SESSION_KEY) && - __ops_write_length(output, (unsigned)(1 + 8 + 1 + - BN_num_bytes(pksk->params.elgamal.g_to_k) + 2 + - BN_num_bytes(pksk->params.elgamal.encrypted_m) + 2)) && - __ops_write_scalar(output, (unsigned)pksk->version, 1) && - __ops_write(output, pksk->key_id, 8) && - __ops_write_scalar(output, (unsigned)pksk->alg, 1) && - __ops_write_mpi(output, pksk->params.elgamal.g_to_k) && - __ops_write_mpi(output, pksk->params.elgamal.encrypted_m) - /* ?? && __ops_write_scalar(output, 0, 2); */ - ; - default: - (void) fprintf(stderr, - "__ops_write_pk_sesskey: bad algorithm\n"); - return 0; - } -} - -/** -\ingroup Core_WritePackets -\brief Writes MDC packet -\param hashed Hash for MDC -\param output Write settings -\return 1 if OK; else 0 -*/ - -unsigned -__ops_write_mdc(__ops_output_t *output, const uint8_t *hashed) -{ - /* write it out */ - return __ops_write_ptag(output, OPS_PTAG_CT_MDC) && - __ops_write_length(output, OPS_SHA1_HASH_SIZE) && - __ops_write(output, hashed, OPS_SHA1_HASH_SIZE); -} - -/** -\ingroup Core_WritePackets -\brief Writes Literal Data packet from buffer -\param data Buffer to write out -\param maxlen Max length of buffer -\param type Literal Data Type -\param output Write settings -\return 1 if OK; else 0 -*/ -unsigned -__ops_write_litdata(__ops_output_t *output, - const uint8_t *data, - const int maxlen, - const __ops_litdata_enum type) -{ - /* - * RFC4880 does not specify a meaning for filename or date. - * It is implementation-dependent. - * We will not implement them. - */ - /* \todo do we need to check text data for <cr><lf> line endings ? */ - return __ops_write_ptag(output, OPS_PTAG_CT_LITDATA) && - __ops_write_length(output, (unsigned)(1 + 1 + 4 + maxlen)) && - __ops_write_scalar(output, (unsigned)type, 1) && - __ops_write_scalar(output, 0, 1) && - __ops_write_scalar(output, 0, 4) && - __ops_write(output, data, (unsigned)maxlen); -} - -/** -\ingroup Core_WritePackets -\brief Writes Literal Data packet from contents of file -\param filename Name of file to read from -\param type Literal Data Type -\param output Write settings -\return 1 if OK; else 0 -*/ - -unsigned -__ops_fileread_litdata(const char *filename, - const __ops_litdata_enum type, - __ops_output_t *output) -{ - __ops_memory_t *mem; - unsigned ret; - int len; - - mem = __ops_memory_new(); - if (!__ops_mem_readfile(mem, filename)) { - (void) fprintf(stderr, "__ops_mem_readfile of '%s' failed\n", filename); - return 0; - } - len = (int)__ops_mem_len(mem); - ret = __ops_write_litdata(output, __ops_mem_data(mem), len, type); - __ops_memory_free(mem); - return ret; -} - -/** - \ingroup HighLevel_General - - \brief Writes contents of buffer into file - - \param filename Filename to write to - \param buf Buffer to write to file - \param len Size of buffer - \param overwrite Flag to set whether to overwrite an existing file - \return 1 if OK; 0 if error -*/ - -int -__ops_filewrite(const char *filename, const char *buf, - const size_t len, const unsigned overwrite) -{ - int flags; - int fd; - - flags = O_WRONLY | O_CREAT; - if (overwrite) { - flags |= O_TRUNC; - } else { - flags |= O_EXCL; - } -#ifdef O_BINARY - flags |= O_BINARY; -#endif - fd = open(filename, flags, 0600); - if (fd < 0) { - (void) fprintf(stderr, "can't open '%s'\n", filename); - return 0; - } - if (write(fd, buf, len) != (int)len) { - (void) close(fd); - return 0; - } - - return (close(fd) == 0); -} - -/** -\ingroup Core_WritePackets -\brief Write Symmetrically Encrypted packet -\param data Data to encrypt -\param len Length of data -\param output Write settings -\return 1 if OK; else 0 -\note Hard-coded to use AES256 -*/ -unsigned -__ops_write_symm_enc_data(const uint8_t *data, - const int len, - __ops_output_t * output) -{ - __ops_crypt_t crypt_info; - uint8_t *encrypted = (uint8_t *) NULL; - size_t encrypted_sz; - int done = 0; - - /* \todo assume AES256 for now */ - __ops_crypt_any(&crypt_info, OPS_SA_AES_256); - __ops_encrypt_init(&crypt_info); - - encrypted_sz = (size_t)(len + crypt_info.blocksize + 2); - if ((encrypted = calloc(1, encrypted_sz)) == NULL) { - (void) fprintf(stderr, "can't allocate %" PRIsize "d\n", - encrypted_sz); - return 0; - } - - done = (int)__ops_encrypt_se(&crypt_info, encrypted, data, (unsigned)len); - if (done != len) { - (void) fprintf(stderr, - "__ops_write_symm_enc_data: done != len\n"); - return 0; - } - - return __ops_write_ptag(output, OPS_PTAG_CT_SE_DATA) && - __ops_write_length(output, (unsigned)(1 + encrypted_sz)) && - __ops_write(output, data, (unsigned)len); -} - -/** -\ingroup Core_WritePackets -\brief Write a One Pass Signature packet -\param seckey Secret Key to use -\param hash_alg Hash Algorithm to use -\param sig_type Signature type -\param output Write settings -\return 1 if OK; else 0 -*/ -unsigned -__ops_write_one_pass_sig(__ops_output_t *output, - const __ops_seckey_t *seckey, - const __ops_hash_alg_t hash_alg, - const __ops_sig_type_t sig_type) -{ - uint8_t keyid[OPS_KEY_ID_SIZE]; - - __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, OPS_HASH_SHA1); /* XXX - hardcoded */ - return __ops_write_ptag(output, OPS_PTAG_CT_1_PASS_SIG) && - __ops_write_length(output, 1 + 1 + 1 + 1 + 8 + 1) && - __ops_write_scalar(output, 3, 1) /* version */ && - __ops_write_scalar(output, (unsigned)sig_type, 1) && - __ops_write_scalar(output, (unsigned)hash_alg, 1) && - __ops_write_scalar(output, (unsigned)seckey->pubkey.alg, 1) && - __ops_write(output, keyid, 8) && - __ops_write_scalar(output, 1, 1); -} diff --git a/enzevalos_iphone/netpgp/lib/create.h b/enzevalos_iphone/netpgp/lib/create.h deleted file mode 100644 index 65471ffa..00000000 --- a/enzevalos_iphone/netpgp/lib/create.h +++ /dev/null @@ -1,119 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#ifndef CREATE_H_ -#define CREATE_H_ - -#include "types.h" -#include "packet.h" -#include "crypto.h" -#include "errors.h" -#include "keyring.h" -#include "writer.h" -#include "memory.h" - -/** - * \ingroup Create - * This struct contains the required information about how to write this stream - */ -struct __ops_output_t { - __ops_writer_t writer; - __ops_error_t *errors; /* error stack */ -}; - -__ops_output_t *__ops_output_new(void); -void __ops_output_delete(__ops_output_t *); - -int __ops_filewrite(const char *, const char *, const size_t, const unsigned); - -void __ops_build_pubkey(__ops_memory_t *, const __ops_pubkey_t *, unsigned); - -unsigned __ops_calc_sesskey_checksum(__ops_pk_sesskey_t *, uint8_t *); -unsigned __ops_write_struct_userid(__ops_output_t *, const uint8_t *); -unsigned __ops_write_ss_header(__ops_output_t *, unsigned, __ops_content_enum); -unsigned __ops_write_struct_seckey(const __ops_seckey_t *, - const uint8_t *, - const size_t, - __ops_output_t *); -unsigned __ops_write_one_pass_sig(__ops_output_t *, - const __ops_seckey_t *, - const __ops_hash_alg_t, - const __ops_sig_type_t); -unsigned __ops_write_litdata(__ops_output_t *, - const uint8_t *, - const int, - const __ops_litdata_enum); -__ops_pk_sesskey_t *__ops_create_pk_sesskey(const __ops_key_t *, const char *, int); -unsigned __ops_write_pk_sesskey(__ops_output_t *, __ops_pk_sesskey_t *); -unsigned __ops_write_xfer_pubkey(__ops_output_t *, - const __ops_key_t *, const unsigned); -unsigned __ops_write_xfer_seckey(__ops_output_t *, - const __ops_key_t *, - const uint8_t *, - const size_t, - const unsigned); - -void __ops_fast_create_userid(uint8_t **, uint8_t *); -unsigned __ops_write_userid(const uint8_t *, __ops_output_t *); -void __ops_fast_create_rsa_pubkey(__ops_pubkey_t *, time_t, BIGNUM *, BIGNUM *); -unsigned __ops_write_rsa_pubkey(time_t, const BIGNUM *, const BIGNUM *, - __ops_output_t *); -void __ops_fast_create_rsa_seckey(__ops_seckey_t *, time_t, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, - BIGNUM *, BIGNUM *); -unsigned encode_m_buf(const uint8_t *, size_t, const __ops_pubkey_t *, - uint8_t *); -unsigned __ops_fileread_litdata(const char *, const __ops_litdata_enum, - __ops_output_t *); -unsigned __ops_write_symm_enc_data(const uint8_t *, const int, - __ops_output_t *); - -#endif /* CREATE_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/crypto.c b/enzevalos_iphone/netpgp/lib/crypto.c deleted file mode 100644 index 481d05f9..00000000 --- a/enzevalos_iphone/netpgp/lib/crypto.c +++ /dev/null @@ -1,602 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: crypto.c,v 1.31 2010/11/07 06:56:52 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/stat.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#include <string.h> - -#include "types.h" -#include "crypto.h" -#include "readerwriter.h" -#include "memory.h" -#include "netpgpdefs.h" -#include "signature.h" - -/** -\ingroup Core_MPI -\brief Decrypt and unencode MPI -\param buf Buffer in which to write decrypted unencoded MPI -\param buflen Length of buffer -\param encmpi -\param seckey -\return length of MPI -\note only RSA at present -*/ -int -__ops_decrypt_decode_mpi(uint8_t *buf, - unsigned buflen, - const BIGNUM *g_to_k, - const BIGNUM *encmpi, - const __ops_seckey_t *seckey) -{ - unsigned mpisize; - uint8_t encmpibuf[NETPGP_BUFSIZ]; - uint8_t mpibuf[NETPGP_BUFSIZ]; - uint8_t gkbuf[NETPGP_BUFSIZ]; - int i; - int n; - - mpisize = (unsigned)BN_num_bytes(encmpi); - /* MPI can't be more than 65,536 */ - if (mpisize > sizeof(encmpibuf)) { - (void) fprintf(stderr, "mpisize too big %u\n", mpisize); - return -1; - } - switch (seckey->pubkey.alg) { - case OPS_PKA_RSA: - BN_bn2bin(encmpi, encmpibuf); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "encrypted", encmpibuf, 16); - } - n = __ops_rsa_private_decrypt(mpibuf, encmpibuf, - (unsigned)(BN_num_bits(encmpi) + 7) / 8, - &seckey->key.rsa, &seckey->pubkey.key.rsa); - if (n == -1) { - (void) fprintf(stderr, "ops_rsa_private_decrypt failure\n"); - return -1; - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "decrypted", mpibuf, 16); - } - if (n <= 0) { - return -1; - } - /* Decode EME-PKCS1_V1_5 (RFC 2437). */ - if (mpibuf[0] != 0 || mpibuf[1] != 2) { - return -1; - } - /* Skip the random bytes. */ - for (i = 2; i < n && mpibuf[i]; ++i) { - } - if (i == n || i < 10) { - return -1; - } - /* Skip the zero */ - i += 1; - /* this is the unencoded m buf */ - if ((unsigned) (n - i) <= buflen) { - (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */ - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "decoded m", buf, (size_t)(n - i)); - } - return n - i; - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - (void) BN_bn2bin(g_to_k, gkbuf); - (void) BN_bn2bin(encmpi, encmpibuf); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "encrypted", encmpibuf, 16); - } - n = __ops_elgamal_private_decrypt(mpibuf, gkbuf, encmpibuf, - (unsigned)BN_num_bytes(encmpi), - &seckey->key.elgamal, &seckey->pubkey.key.elgamal); - if (n == -1) { - (void) fprintf(stderr, "ops_elgamal_private_decrypt failure\n"); - return -1; - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "decrypted", mpibuf, 16); - } - if (n <= 0) { - return -1; - } - /* Decode EME-PKCS1_V1_5 (RFC 2437). */ - if (mpibuf[0] != 2) { - fprintf(stderr, "mpibuf mismatch\n"); - return -1; - } - /* Skip the random bytes. */ - for (i = 1; i < n && mpibuf[i]; ++i) { - } - if (i == n || i < 10) { - fprintf(stderr, "175 n %d\n", n); - return -1; - } - /* Skip the zero */ - i += 1; - /* this is the unencoded m buf */ - if ((unsigned) (n - i) <= buflen) { - (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */ - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "decoded m", buf, (size_t)(n - i)); - } - return n - i; - default: - (void) fprintf(stderr, "pubkey algorithm wrong\n"); - return -1; - } -} - -/** -\ingroup Core_MPI -\brief RSA-encrypt an MPI -*/ -unsigned -__ops_rsa_encrypt_mpi(const uint8_t *encoded_m_buf, - const size_t sz_encoded_m_buf, - const __ops_pubkey_t * pubkey, - __ops_pk_sesskey_params_t * skp) -{ - - uint8_t encmpibuf[NETPGP_BUFSIZ]; - int n; - - if (sz_encoded_m_buf != (size_t)BN_num_bytes(pubkey->key.rsa.n)) { - (void) fprintf(stderr, "sz_encoded_m_buf wrong\n"); - return 0; - } - - n = __ops_rsa_public_encrypt(encmpibuf, encoded_m_buf, - sz_encoded_m_buf, &pubkey->key.rsa); - if (n == -1) { - (void) fprintf(stderr, "__ops_rsa_public_encrypt failure\n"); - return 0; - } - - if (n <= 0) - return 0; - - skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "encrypted mpi", encmpibuf, 16); - } - return 1; -} - -/** -\ingroup Core_MPI -\brief Elgamal-encrypt an MPI -*/ -unsigned -__ops_elgamal_encrypt_mpi(const uint8_t *encoded_m_buf, - const size_t sz_encoded_m_buf, - const __ops_pubkey_t * pubkey, - __ops_pk_sesskey_params_t * skp) -{ - - uint8_t encmpibuf[NETPGP_BUFSIZ]; - uint8_t g_to_k[NETPGP_BUFSIZ]; - int n; - - if (sz_encoded_m_buf != (size_t)BN_num_bytes(pubkey->key.elgamal.p)) { - (void) fprintf(stderr, "sz_encoded_m_buf wrong\n"); - return 0; - } - - n = __ops_elgamal_public_encrypt(g_to_k, encmpibuf, encoded_m_buf, - sz_encoded_m_buf, &pubkey->key.elgamal); - if (n == -1) { - (void) fprintf(stderr, "__ops_elgamal_public_encrypt failure\n"); - return 0; - } - - if (n <= 0) - return 0; - - skp->elgamal.g_to_k = BN_bin2bn(g_to_k, n / 2, NULL); - skp->elgamal.encrypted_m = BN_bin2bn(encmpibuf, n / 2, NULL); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "encrypted mpi", encmpibuf, 16); - } - return 1; -} - -static __ops_cb_ret_t -write_parsed_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - - if (__ops_get_debug_level(__FILE__)) { - printf("write_parsed_cb: "); - __ops_print_packet(&cbinfo->printstate, pkt); - } - if (pkt->tag != OPS_PTAG_CT_UNARMOURED_TEXT && cbinfo->printstate.skipping) { - puts("...end of skip"); - cbinfo->printstate.skipping = 0; - } - switch (pkt->tag) { - case OPS_PTAG_CT_UNARMOURED_TEXT: - printf("OPS_PTAG_CT_UNARMOURED_TEXT\n"); - if (!cbinfo->printstate.skipping) { - puts("Skipping..."); - cbinfo->printstate.skipping = 1; - } - fwrite(content->unarmoured_text.data, 1, - content->unarmoured_text.length, stdout); - break; - - case OPS_PTAG_CT_PK_SESSION_KEY: - return __ops_pk_sesskey_cb(pkt, cbinfo); - - case OPS_GET_SECKEY: - if (cbinfo->sshseckey) { - *content->get_seckey.seckey = cbinfo->sshseckey; - return OPS_KEEP_MEMORY; - } - return __ops_get_seckey_cb(pkt, cbinfo); - - case OPS_GET_PASSPHRASE: - return cbinfo->cryptinfo.getpassphrase(pkt, cbinfo); - - case OPS_PTAG_CT_LITDATA_BODY: - return __ops_litdata_cb(pkt, cbinfo); - - case OPS_PTAG_CT_ARMOUR_HEADER: - case OPS_PTAG_CT_ARMOUR_TRAILER: - case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: - case OPS_PTAG_CT_COMPRESSED: - case OPS_PTAG_CT_LITDATA_HEADER: - case OPS_PTAG_CT_SE_IP_DATA_BODY: - case OPS_PTAG_CT_SE_IP_DATA_HEADER: - case OPS_PTAG_CT_SE_DATA_BODY: - case OPS_PTAG_CT_SE_DATA_HEADER: - /* Ignore these packets */ - /* They're handled in __ops_parse_packet() */ - /* and nothing else needs to be done */ - break; - - default: - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "Unexpected packet tag=%d (0x%x)\n", - pkt->tag, - pkt->tag); - } - break; - } - - return OPS_RELEASE_MEMORY; -} - -/** -\ingroup HighLevel_Crypto -Encrypt a file -\param infile Name of file to be encrypted -\param outfile Name of file to write to. If NULL, name is constructed from infile -\param pubkey Public Key to encrypt file for -\param use_armour Write armoured text, if set -\param allow_overwrite Allow output file to be overwrwritten if it exists -\return 1 if OK; else 0 -*/ -unsigned -__ops_encrypt_file(__ops_io_t *io, - const char *infile, - const char *outfile, - const __ops_key_t *key, - const unsigned use_armour, - const unsigned allow_overwrite, - const char *cipher, - int dont_use_subkey_to_encrypt) -{ - __ops_output_t *output; - __ops_memory_t *inmem; - int fd_out; - - __OPS_USED(io); - inmem = __ops_memory_new(); - if (!__ops_mem_readfile(inmem, infile)) { - return 0; - } - fd_out = __ops_setup_file_write(&output, outfile, allow_overwrite); - if (fd_out < 0) { - __ops_memory_free(inmem); - return 0; - } - - /* set armoured/not armoured here */ - if (use_armour) { - __ops_writer_push_armor_msg(output); - } - - /* Push the encrypted writer */ - if (!__ops_push_enc_se_ip(output, key, cipher, dont_use_subkey_to_encrypt)) { - __ops_memory_free(inmem); - return 0; - } - - /* This does the writing */ - __ops_write(output, __ops_mem_data(inmem), (unsigned)__ops_mem_len(inmem)); - - /* tidy up */ - __ops_memory_free(inmem); - __ops_teardown_file_write(output, fd_out); - - return 1; -} - -/* encrypt the contents of the input buffer, and return the mem structure */ -__ops_memory_t * -__ops_encrypt_buf(__ops_io_t *io, - const void *input, - const size_t insize, - const __ops_key_t *pubkey, - const unsigned use_armour, - const char *cipher, - int dont_use_subkey_to_encrypt) -{ - __ops_output_t *output; - __ops_memory_t *outmem; - - __OPS_USED(io); - if (input == NULL) { - (void) fprintf(io->errs, - "__ops_encrypt_buf: null memory\n"); - return 0; - } - - __ops_setup_memory_write(&output, &outmem, insize); - - /* set armoured/not armoured here */ - if (use_armour) { - __ops_writer_push_armor_msg(output); - } - - /* Push the encrypted writer */ - __ops_push_enc_se_ip(output, pubkey, cipher, dont_use_subkey_to_encrypt); - - /* This does the writing */ - __ops_write(output, input, (unsigned)insize); - - /* tidy up */ - __ops_writer_close(output); - __ops_output_delete(output); - - return outmem; -} - -/** - \ingroup HighLevel_Crypto - \brief Decrypt a file. - \param infile Name of file to be decrypted - \param outfile Name of file to write to. If NULL, the filename is constructed from the input filename, following GPG conventions. - \param keyring Keyring to use - \param use_armour Expect armoured text, if set - \param allow_overwrite Allow output file to overwritten, if set. - \param getpassfunc Callback to use to get passphrase -*/ - -unsigned -__ops_decrypt_file(__ops_io_t *io, - const char *infile, - const char *outfile, - __ops_keyring_t *secring, - __ops_keyring_t *pubring, - const unsigned use_armour, - const unsigned allow_overwrite, - const unsigned sshkeys, - void *passfp, - __ops_cbfunc_t *getpassfunc) -{ - __ops_stream_t *parse = NULL; - const int printerrors = 1; - char *filename = NULL; - int fd_in; - int fd_out; - - /* setup for reading from given input file */ - fd_in = __ops_setup_file_read(io, &parse, infile, - NULL, - write_parsed_cb, - 0); - if (fd_in < 0) { - perror(infile); - return 0; - } - /* setup output filename */ - if (outfile) { - fd_out = __ops_setup_file_write(&parse->cbinfo.output, outfile, - allow_overwrite); - if (fd_out < 0) { - perror(outfile); - __ops_teardown_file_read(parse, fd_in); - return 0; - } - } else { - const int suffixlen = 4; - const char *suffix = infile + strlen(infile) - suffixlen; - unsigned filenamelen; - - if (strcmp(suffix, ".gpg") == 0 || - strcmp(suffix, ".asc") == 0) { - filenamelen = (unsigned)(strlen(infile) - strlen(suffix)); - if ((filename = calloc(1, filenamelen + 1)) == NULL) { - (void) fprintf(stderr, "can't allocate %" PRIsize "d bytes\n", - (size_t)(filenamelen + 1)); - return 0; - } - (void) strncpy(filename, infile, filenamelen); - filename[filenamelen] = 0x0; - } - - fd_out = __ops_setup_file_write(&parse->cbinfo.output, - filename, allow_overwrite); - if (fd_out < 0) { - perror(filename); - free(filename); - __ops_teardown_file_read(parse, fd_in); - return 0; - } - } - - /* \todo check for suffix matching armour param */ - - /* setup for writing decrypted contents to given output file */ - - /* setup keyring and passphrase callback */ - parse->cbinfo.cryptinfo.secring = secring; - parse->cbinfo.passfp = passfp; - parse->cbinfo.cryptinfo.getpassphrase = getpassfunc; - parse->cbinfo.cryptinfo.pubring = pubring; - parse->cbinfo.sshseckey = (sshkeys) ? &secring->keys[0].key.seckey : NULL; - - /* Set up armour/passphrase options */ - if (use_armour) { - __ops_reader_push_dearmour(parse); - } - - /* Do it */ - __ops_parse(parse, printerrors); - - /* Unsetup */ - if (use_armour) { - __ops_reader_pop_dearmour(parse); - } - - if (filename) { - __ops_teardown_file_write(parse->cbinfo.output, fd_out); - free(filename); - } - __ops_teardown_file_read(parse, fd_in); - /* \todo cleardown crypt */ - - return 1; -} - -/* decrypt an area of memory */ -__ops_memory_t * -__ops_decrypt_buf(__ops_io_t *io, - const void *input, - const size_t insize, - __ops_keyring_t *secring, - __ops_keyring_t *pubring, - const unsigned use_armour, - const unsigned sshkeys, - void *passfp, - __ops_cbfunc_t *getpassfunc) -{ - __ops_stream_t *parse = NULL; - __ops_memory_t *outmem; - __ops_memory_t *inmem; - const int printerrors = 1; - - if (input == NULL) { - (void) fprintf(io->errs, - "__ops_encrypt_buf: null memory\n"); - return 0; - } - - inmem = __ops_memory_new(); - __ops_memory_add(inmem, input, insize); - - /* set up to read from memory */ - __ops_setup_memory_read(io, &parse, inmem, - NULL, - write_parsed_cb, - 0); - - /* setup for writing decrypted contents to given output file */ - __ops_setup_memory_write(&parse->cbinfo.output, &outmem, insize); - - /* setup keyring and passphrase callback */ - parse->cbinfo.cryptinfo.secring = secring; - parse->cbinfo.cryptinfo.pubring = pubring; - parse->cbinfo.passfp = passfp; - parse->cbinfo.cryptinfo.getpassphrase = getpassfunc; - parse->cbinfo.sshseckey = (sshkeys) ? &secring->keys[0].key.seckey : NULL; - - /* Set up armour/passphrase options */ - if (use_armour) { - __ops_reader_push_dearmour(parse); - } - - /* Do it */ - __ops_parse(parse, printerrors); - - /* Unsetup */ - if (use_armour) { - __ops_reader_pop_dearmour(parse); - } - - /* tidy up */ - __ops_teardown_memory_read(parse, inmem); - - __ops_writer_close(parse->cbinfo.output); - __ops_output_delete(parse->cbinfo.output); - - return outmem; -} - diff --git a/enzevalos_iphone/netpgp/lib/crypto.h b/enzevalos_iphone/netpgp/lib/crypto.h deleted file mode 100644 index a28033c4..00000000 --- a/enzevalos_iphone/netpgp/lib/crypto.h +++ /dev/null @@ -1,307 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ - -#ifndef CRYPTO_H_ -#define CRYPTO_H_ - -#include "keyring.h" -#include "packet.h" -#include "memory.h" -#include "packet-parse.h" - -#include <openssl/dsa.h> - -#define OPS_MIN_HASH_SIZE 16 - -/** _ops_hash_t */ -struct _ops_hash_t { - __ops_hash_alg_t alg; /* algorithm */ - size_t size; /* size */ - const char *name; /* what it's known as */ - int (*init)(__ops_hash_t *); - void (*add)(__ops_hash_t *, const uint8_t *, unsigned); - unsigned (*finish)(__ops_hash_t *, uint8_t *); - void *data; /* blob for data */ -}; - -/** _ops_crypt_t */ -struct _ops_crypt_t { - __ops_symm_alg_t alg; - size_t blocksize; - size_t keysize; - void (*set_iv)(__ops_crypt_t *, const uint8_t *); - void (*set_crypt_key)(__ops_crypt_t *, const uint8_t *); - int (*base_init)(__ops_crypt_t *); - void (*decrypt_resync)(__ops_crypt_t *); - /* encrypt/decrypt one block */ - void (*block_encrypt)(__ops_crypt_t *, void *, const void *); - void (*block_decrypt)(__ops_crypt_t *, void *, const void *); - /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */ - void (*cfb_encrypt)(__ops_crypt_t *, void *, const void *, size_t); - void (*cfb_decrypt)(__ops_crypt_t *, void *, const void *, size_t); - void (*decrypt_finish)(__ops_crypt_t *); - uint8_t iv[OPS_MAX_BLOCK_SIZE]; - uint8_t civ[OPS_MAX_BLOCK_SIZE]; - uint8_t siv[OPS_MAX_BLOCK_SIZE]; - /* siv is needed for weird v3 resync */ - uint8_t key[OPS_MAX_KEY_SIZE]; - int num; - /* num is offset - see openssl _encrypt doco */ - void *encrypt_key; - void *decrypt_key; -}; - -void __ops_crypto_finish(void); -void __ops_hash_md5(__ops_hash_t *); -void __ops_hash_sha1(__ops_hash_t *); -void __ops_hash_sha256(__ops_hash_t *); -void __ops_hash_sha512(__ops_hash_t *); -void __ops_hash_sha384(__ops_hash_t *); -void __ops_hash_sha224(__ops_hash_t *); -void __ops_hash_any(__ops_hash_t *, __ops_hash_alg_t); -__ops_hash_alg_t __ops_str_to_hash_alg(const char *); -const char *__ops_text_from_hash(__ops_hash_t *); -unsigned __ops_hash_size(__ops_hash_alg_t); -unsigned __ops_hash(uint8_t *, __ops_hash_alg_t, const void *, size_t); - -void __ops_hash_add_int(__ops_hash_t *, unsigned, unsigned); - -unsigned __ops_dsa_verify(const uint8_t *, size_t, - const __ops_dsa_sig_t *, - const __ops_dsa_pubkey_t *); - -int __ops_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t, - const __ops_rsa_pubkey_t *); -int __ops_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t, - const __ops_rsa_pubkey_t *); - -int __ops_rsa_private_encrypt(uint8_t *, const uint8_t *, size_t, - const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); -int __ops_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t, - const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); - -int __ops_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t, - const __ops_elgamal_pubkey_t *); -int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t, - const __ops_elgamal_seckey_t *, const __ops_elgamal_pubkey_t *); - -__ops_symm_alg_t __ops_str_to_cipher(const char *); -unsigned __ops_block_size(__ops_symm_alg_t); -unsigned __ops_key_size(__ops_symm_alg_t); - -int __ops_decrypt_data(__ops_content_enum, __ops_region_t *, - __ops_stream_t *); - -int __ops_crypt_any(__ops_crypt_t *, __ops_symm_alg_t); -void __ops_decrypt_init(__ops_crypt_t *); -void __ops_encrypt_init(__ops_crypt_t *); -size_t __ops_decrypt_se(__ops_crypt_t *, void *, const void *, size_t); -size_t __ops_encrypt_se(__ops_crypt_t *, void *, const void *, size_t); -size_t __ops_decrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); -size_t __ops_encrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); -unsigned __ops_is_sa_supported(__ops_symm_alg_t); - -void __ops_reader_push_decrypt(__ops_stream_t *, __ops_crypt_t *, - __ops_region_t *); -void __ops_reader_pop_decrypt(__ops_stream_t *); - -/* Hash everything that's read */ -void __ops_reader_push_hash(__ops_stream_t *, __ops_hash_t *); -void __ops_reader_pop_hash(__ops_stream_t *); - -int __ops_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *, - const BIGNUM *, const __ops_seckey_t *); - -unsigned __ops_rsa_encrypt_mpi(const uint8_t *, const size_t, - const __ops_pubkey_t *, - __ops_pk_sesskey_params_t *); -unsigned __ops_elgamal_encrypt_mpi(const uint8_t *, const size_t, - const __ops_pubkey_t *, - __ops_pk_sesskey_params_t *); - -/* Encrypt everything that's written */ -struct __ops_key_data; -void __ops_writer_push_encrypt(__ops_output_t *, - const struct __ops_key_data *); - -unsigned __ops_encrypt_file(__ops_io_t *, const char *, const char *, - const __ops_key_t *, - const unsigned, const unsigned, const char *, - int); -unsigned __ops_decrypt_file(__ops_io_t *, - const char *, - const char *, - __ops_keyring_t *, - __ops_keyring_t *, - const unsigned, - const unsigned, - const unsigned, - void *, - __ops_cbfunc_t *); - -__ops_memory_t * -__ops_encrypt_buf(__ops_io_t *, const void *, const size_t, - const __ops_key_t *, - const unsigned, const char *, - int); -__ops_memory_t * -__ops_decrypt_buf(__ops_io_t *, - const void *, - const size_t, - __ops_keyring_t *, - __ops_keyring_t *, - const unsigned, - const unsigned, - void *, - __ops_cbfunc_t *); - -/* Keys */ -__ops_key_t *__ops_rsa_new_selfsign_key(const int, - const unsigned long, uint8_t *, const char *, - const char *); - -int __ops_dsa_size(const __ops_dsa_pubkey_t *); -DSA_SIG *__ops_dsa_sign(uint8_t *, unsigned, - const __ops_dsa_seckey_t *, - const __ops_dsa_pubkey_t *); - -int openssl_read_pem_seckey(const char *, __ops_key_t *, const char *, int); - -/** __ops_reader_t */ -struct __ops_reader_t { - __ops_reader_func_t *reader; /* reader func to get parse data */ - __ops_reader_destroyer_t *destroyer; - void *arg; /* args to pass to reader function */ - unsigned accumulate:1; /* set to gather packet data */ - uint8_t *accumulated; /* the accumulated data */ - unsigned asize; /* size of the buffer */ - unsigned alength;/* used buffer */ - unsigned position; /* reader-specific offset */ - __ops_reader_t *next; - __ops_stream_t *parent;/* parent parse_info structure */ -}; - - -/** __ops_cryptinfo_t - Encrypt/decrypt settings -*/ -struct __ops_cryptinfo_t { - char *passphrase; - __ops_keyring_t *secring; - const __ops_key_t *keydata; - __ops_cbfunc_t *getpassphrase; - __ops_keyring_t *pubring; -}; - -/** __ops_cbdata_t */ -struct __ops_cbdata_t { - __ops_cbfunc_t *cbfunc; /* callback function */ - void *arg; /* args to pass to callback func */ - __ops_error_t **errors; /* address of error stack */ - __ops_cbdata_t *next; - __ops_output_t *output;/* used if writing out parsed info */ - __ops_io_t *io; /* error/output messages */ - void *passfp; /* fp for passphrase input */ - __ops_cryptinfo_t cryptinfo; /* used when decrypting */ - __ops_printstate_t printstate; /* used to keep state when printing */ - __ops_seckey_t *sshseckey; /* secret key for ssh */ -}; - -/** __ops_hashtype_t */ -typedef struct { - __ops_hash_t hash; /* hashes we should hash data with */ - uint8_t keyid[OPS_KEY_ID_SIZE]; -} __ops_hashtype_t; - -#define NTAGS 0x100 /* == 256 */ - -/** \brief Structure to hold information about a packet parse. - * - * This information includes options about the parse: - * - whether the packet contents should be accumulated or not - * - whether signature subpackets should be parsed or left raw - * - * It contains options specific to the parsing of armoured data: - * - whether headers are allowed in armoured data without a gap - * - whether a blank line is allowed at the start of the armoured data - * - * It also specifies : - * - the callback function to use and its arguments - * - the reader function to use and its arguments - * - * It also contains information about the current state of the parse: - * - offset from the beginning - * - the accumulated data, if any - * - the size of the buffer, and how much has been used - * - * It has a linked list of errors. - */ - -struct __ops_stream_t { - uint8_t ss_raw[NTAGS / 8]; - /* 1 bit / sig-subpkt type; set to get raw data */ - uint8_t ss_parsed[NTAGS / 8]; - /* 1 bit / sig-subpkt type; set to get parsed data */ - __ops_reader_t readinfo; - __ops_cbdata_t cbinfo; - __ops_error_t *errors; - void *io; /* io streams */ - __ops_crypt_t decrypt; - __ops_cryptinfo_t cryptinfo; - size_t hashc; - __ops_hashtype_t *hashes; - unsigned reading_v3_secret:1; - unsigned reading_mpi_len:1; - unsigned exact_read:1; -}; - -#endif /* CRYPTO_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/defs.h b/enzevalos_iphone/netpgp/lib/defs.h deleted file mode 100644 index 2c62eb8d..00000000 --- a/enzevalos_iphone/netpgp/lib/defs.h +++ /dev/null @@ -1,92 +0,0 @@ -/* $NetBSD: defs.h,v 1.2 2009/12/06 17:43:05 agc Exp $ */ - -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef DEFS_H_ -#define DEFS_H_ - -#include <sys/types.h> -#include <sys/param.h> - -#ifdef HAVE_INTTYPES_H -#include <inttypes.h> -#endif - -#ifdef HAVE_STDINT_H -#include <stdint.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#define NEWARRAY(type,ptr,size,where,action) do { \ - if ((ptr = calloc(sizeof(type), (unsigned)(size))) == NULL) { \ - (void) fprintf(stderr, "%s: can't allocate %lu bytes\n", \ - where, (unsigned long)(size * sizeof(type))); \ - action; \ - } \ -} while( /* CONSTCOND */ 0) - -#define RENEW(type,ptr,size,where,action) do { \ - type *_newptr; \ - _newptr = realloc(ptr, (size_t)(sizeof(type) * (size))); \ - if (_newptr == NULL) { \ - (void) fprintf(stderr, "%s: can't realloc %lu bytes\n", \ - where, (unsigned long)(size * sizeof(type))); \ - action; \ - } else { \ - ptr = _newptr; \ - } \ -} while( /* CONSTCOND */ 0) - -#define NEW(type, ptr, where, action) NEWARRAY(type, ptr, 1, where, action) - -#define FREE(ptr) (void) free(ptr) - -#define ALLOC(type, v, size, c, init, incr, where, action) do { \ - uint32_t _newsize = size; \ - if (size == 0) { \ - _newsize = init; \ - NEWARRAY(type, v, _newsize, where ": new", action); \ - } else if (c == size) { \ - _newsize = size + incr; \ - RENEW(type, v, _newsize, where ": renew", action); \ - } \ - size = _newsize; \ -} while( /* CONSTCOND */ 0) - -#define DEFINE_ARRAY(name, type) \ -typedef struct name { \ - uint32_t c; \ - uint32_t size; \ - type *v; \ -} name - -#endif /* !DEFS_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/errors.h b/enzevalos_iphone/netpgp/lib/errors.h deleted file mode 100644 index ac8f442c..00000000 --- a/enzevalos_iphone/netpgp/lib/errors.h +++ /dev/null @@ -1,169 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ - -#ifndef ERRORS_H_ -#define ERRORS_H_ - -#include <errno.h> - -/** error codes */ -/* Remember to add names to map in errors.c */ -typedef enum { - OPS_E_OK = 0x0000, /* no error */ - OPS_E_FAIL = 0x0001, /* general error */ - OPS_E_SYSTEM_ERROR = 0x0002, /* system error, look at errno for - * details */ - OPS_E_UNIMPLEMENTED = 0x0003, /* feature not yet implemented */ - - /* reader errors */ - OPS_E_R = 0x1000, /* general reader error */ - OPS_E_R_READ_FAILED = OPS_E_R + 1, - OPS_E_R_EARLY_EOF = OPS_E_R + 2, - OPS_E_R_BAD_FORMAT = OPS_E_R + 3, /* For example, malformed - * armour */ - OPS_E_R_UNSUPPORTED = OPS_E_R + 4, - OPS_E_R_UNCONSUMED_DATA = OPS_E_R + 5, - - /* writer errors */ - OPS_E_W = 0x2000, /* general writer error */ - OPS_E_W_WRITE_FAILED = OPS_E_W + 1, - OPS_E_W_WRITE_TOO_SHORT = OPS_E_W + 2, - - /* parser errors */ - OPS_E_P = 0x3000, /* general parser error */ - OPS_E_P_NOT_ENOUGH_DATA = OPS_E_P + 1, - OPS_E_P_UNKNOWN_TAG = OPS_E_P + 2, - OPS_E_P_PACKET_CONSUMED = OPS_E_P + 3, - OPS_E_P_MPI_FORMAT_ERROR = OPS_E_P + 4, - OPS_E_P_PACKET_NOT_CONSUMED = OPS_E_P + 5, - OPS_E_P_DECOMPRESSION_ERROR = OPS_E_P + 6, - OPS_E_P_NO_USERID = OPS_E_P + 7, - - /* creator errors */ - OPS_E_C = 0x4000, /* general creator error */ - - /* validation errors */ - OPS_E_V = 0x5000, /* general validation error */ - OPS_E_V_BAD_SIGNATURE = OPS_E_V + 1, - OPS_E_V_NO_SIGNATURE = OPS_E_V + 2, - OPS_E_V_UNKNOWN_SIGNER = OPS_E_V + 3, - OPS_E_V_BAD_HASH = OPS_E_V + 4, - - /* Algorithm support errors */ - OPS_E_ALG = 0x6000, /* general algorithm error */ - OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG = OPS_E_ALG + 1, - OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG = OPS_E_ALG + 2, - OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG = OPS_E_ALG + 3, - OPS_E_ALG_UNSUPPORTED_HASH_ALG = OPS_E_ALG + 4, - OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG = OPS_E_ALG + 5, - - /* Protocol errors */ - OPS_E_PROTO = 0x7000, /* general protocol error */ - OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT = OPS_E_PROTO + 2, - OPS_E_PROTO_UNKNOWN_SS = OPS_E_PROTO + 3, - OPS_E_PROTO_CRITICAL_SS_IGNORED = OPS_E_PROTO + 4, - OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN = OPS_E_PROTO + 5, - OPS_E_PROTO_BAD_SIGNATURE_VRSN = OPS_E_PROTO + 6, - OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN = OPS_E_PROTO + 7, - OPS_E_PROTO_BAD_PKSK_VRSN = OPS_E_PROTO + 8, - OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN = OPS_E_PROTO + 9, - OPS_E_PROTO_BAD_SK_CHECKSUM = OPS_E_PROTO + 10 -} __ops_errcode_t; - -/** one entry in a linked list of errors */ -typedef struct __ops_error { - __ops_errcode_t errcode; - int sys_errno; /* irrelevent unless errcode == - * OPS_E_SYSTEM_ERROR */ - char *comment; - const char *file; - int line; - struct __ops_error *next; -} __ops_error_t; - -const char *__ops_errcode(const __ops_errcode_t); - -void -__ops_push_error(__ops_error_t **, __ops_errcode_t, - int, - const char *, int, const char *,...); -void __ops_print_error(__ops_error_t *); -void __ops_print_errors(__ops_error_t *); -void __ops_free_errors(__ops_error_t *); -int __ops_has_error(__ops_error_t *, __ops_errcode_t); - -#define OPS_SYSTEM_ERROR_1(err,code,sys,fmt,arg) do { \ - __ops_push_error(err,OPS_E_SYSTEM_ERROR,errno,__FILE__,__LINE__,sys);\ - __ops_push_error(err,code,0,__FILE__,__LINE__,fmt,arg); \ -} while(/*CONSTCOND*/0) - -#define OPS_MEMORY_ERROR(err) { \ - fprintf(stderr, "Memory error\n"); \ -} /* \todo placeholder for better error - * handling */ -#define OPS_ERROR(err,code,fmt) do { \ - __ops_push_error(err,code,0,__FILE__,__LINE__,fmt); \ -} while(/*CONSTCOND*/0) -#define OPS_ERROR_1(err,code,fmt,arg) do { \ - __ops_push_error(err,code,0,__FILE__,__LINE__,fmt,arg); \ -} while(/*CONSTCOND*/0) -#define OPS_ERROR_2(err,code,fmt,arg,arg2) do { \ - __ops_push_error(err,code,0,__FILE__,__LINE__,fmt,arg,arg2); \ -} while(/*CONSTCOND*/0) -#define OPS_ERROR_3(err,code,fmt,arg,arg2,arg3) do { \ - __ops_push_error(err,code,0,__FILE__,__LINE__,fmt,arg,arg2,arg3); \ -} while(/*CONSTCOND*/0) -#define OPS_ERROR_4(err,code,fmt,arg,arg2,arg3,arg4) do { \ - __ops_push_error(err,code,0,__FILE__,__LINE__,fmt,arg,arg2,arg3,arg4); \ -} while(/*CONSTCOND*/0) - -#endif /* ERRORS_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/fastctype.c b/enzevalos_iphone/netpgp/lib/fastctype.c deleted file mode 100644 index e10a2fb5..00000000 --- a/enzevalos_iphone/netpgp/lib/fastctype.c +++ /dev/null @@ -1,370 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#include <stdint.h> - -#include "fastctype.h" - -#define UPPER 0x01 -#define LOWER 0x02 -#define OCTAL 0x04 -#define DEC 0x08 -#define HEX 0x10 -#define SPACE 0x20 -#define PUNCT 0x40 - -static const uint8_t fastctypes[] = { - 0, /* 0 */ - 0, /* 1 */ - 0, /* 2 */ - 0, /* 3 */ - 0, /* 4 */ - 0, /* 5 */ - 0, /* 6 */ - 0, /* 7 */ - 0, /* 8 */ - SPACE, /* 9 */ - SPACE, /* 10 */ - 0, /* 11 */ - 0, /* 12 */ - SPACE, /* 13 */ - 0, /* 14 */ - 0, /* 15 */ - 0, /* 16 */ - 0, /* 17 */ - 0, /* 18 */ - 0, /* 19 */ - 0, /* 20 */ - 0, /* 21 */ - 0, /* 22 */ - 0, /* 23 */ - 0, /* 24 */ - 0, /* 25 */ - 0, /* 26 */ - 0, /* 27 */ - 0, /* 28 */ - 0, /* 29 */ - 0, /* 30 */ - 0, /* 31 */ - SPACE, /* 32 */ - PUNCT, /* 33 */ - PUNCT, /* 34 */ - PUNCT, /* 35 */ - PUNCT, /* 36 */ - PUNCT, /* 37 */ - PUNCT, /* 38 */ - PUNCT, /* 39 */ - PUNCT, /* 40 */ - PUNCT, /* 41 */ - PUNCT, /* 42 */ - PUNCT, /* 43 */ - PUNCT, /* 44 */ - PUNCT, /* 45 */ - PUNCT, /* 46 */ - PUNCT, /* 47 */ - OCTAL | DEC | HEX, /* 48 */ - OCTAL | DEC | HEX, /* 49 */ - OCTAL | DEC | HEX, /* 50 */ - OCTAL | DEC | HEX, /* 51 */ - OCTAL | DEC | HEX, /* 52 */ - OCTAL | DEC | HEX, /* 53 */ - OCTAL | DEC | HEX, /* 54 */ - OCTAL | DEC | HEX, /* 55 */ - DEC | HEX, /* 56 */ - DEC | HEX, /* 57 */ - PUNCT, /* 58 */ - PUNCT, /* 59 */ - PUNCT, /* 60 */ - PUNCT, /* 61 */ - PUNCT, /* 62 */ - PUNCT, /* 63 */ - PUNCT, /* 64 */ - HEX | UPPER, /* 65 */ - HEX | UPPER, /* 66 */ - HEX | UPPER, /* 67 */ - HEX | UPPER, /* 68 */ - HEX | UPPER, /* 69 */ - HEX | UPPER, /* 70 */ - UPPER, /* 71 */ - UPPER, /* 72 */ - UPPER, /* 73 */ - UPPER, /* 74 */ - UPPER, /* 75 */ - UPPER, /* 76 */ - UPPER, /* 77 */ - UPPER, /* 78 */ - UPPER, /* 79 */ - UPPER, /* 80 */ - UPPER, /* 81 */ - UPPER, /* 82 */ - UPPER, /* 83 */ - UPPER, /* 84 */ - UPPER, /* 85 */ - UPPER, /* 86 */ - UPPER, /* 87 */ - UPPER, /* 88 */ - UPPER, /* 89 */ - UPPER, /* 90 */ - PUNCT, /* 91 */ - PUNCT, /* 92 */ - PUNCT, /* 93 */ - PUNCT, /* 94 */ - PUNCT, /* 95 */ - PUNCT, /* 96 */ - HEX | LOWER, /* 97 */ - HEX | LOWER, /* 98 */ - HEX | LOWER, /* 99 */ - HEX | LOWER, /* 100 */ - HEX | LOWER, /* 101 */ - HEX | LOWER, /* 102 */ - LOWER, /* 103 */ - LOWER, /* 104 */ - LOWER, /* 105 */ - LOWER, /* 106 */ - LOWER, /* 107 */ - LOWER, /* 108 */ - LOWER, /* 109 */ - LOWER, /* 110 */ - LOWER, /* 111 */ - LOWER, /* 112 */ - LOWER, /* 113 */ - LOWER, /* 114 */ - LOWER, /* 115 */ - LOWER, /* 116 */ - LOWER, /* 117 */ - LOWER, /* 118 */ - LOWER, /* 119 */ - LOWER, /* 120 */ - LOWER, /* 121 */ - LOWER, /* 122 */ - PUNCT, /* 123 */ - PUNCT, /* 124 */ - PUNCT, /* 125 */ - PUNCT, /* 126 */ - PUNCT, /* 127 */ - 0, /* 128 */ - 0, /* 129 */ - 0, /* 130 */ - 0, /* 131 */ - 0, /* 132 */ - 0, /* 133 */ - 0, /* 134 */ - 0, /* 135 */ - 0, /* 136 */ - 0, /* 137 */ - 0, /* 138 */ - 0, /* 139 */ - 0, /* 140 */ - 0, /* 141 */ - 0, /* 142 */ - 0, /* 143 */ - 0, /* 144 */ - 0, /* 145 */ - 0, /* 146 */ - 0, /* 147 */ - 0, /* 148 */ - 0, /* 149 */ - 0, /* 150 */ - 0, /* 151 */ - 0, /* 152 */ - 0, /* 153 */ - 0, /* 154 */ - 0, /* 155 */ - 0, /* 156 */ - 0, /* 157 */ - 0, /* 158 */ - 0, /* 159 */ - 0, /* 160 */ - 0, /* 161 */ - 0, /* 162 */ - 0, /* 163 */ - 0, /* 164 */ - 0, /* 165 */ - 0, /* 166 */ - 0, /* 167 */ - 0, /* 168 */ - 0, /* 169 */ - 0, /* 170 */ - 0, /* 171 */ - 0, /* 172 */ - 0, /* 173 */ - 0, /* 174 */ - 0, /* 175 */ - 0, /* 176 */ - 0, /* 177 */ - 0, /* 178 */ - 0, /* 179 */ - 0, /* 180 */ - 0, /* 181 */ - 0, /* 182 */ - 0, /* 183 */ - 0, /* 184 */ - 0, /* 185 */ - 0, /* 186 */ - 0, /* 187 */ - 0, /* 188 */ - 0, /* 189 */ - 0, /* 190 */ - 0, /* 191 */ - 0, /* 192 */ - 0, /* 193 */ - 0, /* 194 */ - 0, /* 195 */ - 0, /* 196 */ - 0, /* 197 */ - 0, /* 198 */ - 0, /* 199 */ - 0, /* 200 */ - 0, /* 201 */ - 0, /* 202 */ - 0, /* 203 */ - 0, /* 204 */ - 0, /* 205 */ - 0, /* 206 */ - 0, /* 207 */ - 0, /* 208 */ - 0, /* 209 */ - 0, /* 210 */ - 0, /* 211 */ - 0, /* 212 */ - 0, /* 213 */ - 0, /* 214 */ - 0, /* 215 */ - 0, /* 216 */ - 0, /* 217 */ - 0, /* 218 */ - 0, /* 219 */ - 0, /* 220 */ - 0, /* 221 */ - 0, /* 222 */ - 0, /* 223 */ - 0, /* 224 */ - 0, /* 225 */ - 0, /* 226 */ - 0, /* 227 */ - 0, /* 228 */ - 0, /* 229 */ - 0, /* 230 */ - 0, /* 231 */ - 0, /* 232 */ - 0, /* 233 */ - 0, /* 234 */ - 0, /* 235 */ - 0, /* 236 */ - 0, /* 237 */ - 0, /* 238 */ - 0, /* 239 */ - 0, /* 240 */ - 0, /* 241 */ - 0, /* 242 */ - 0, /* 243 */ - 0, /* 244 */ - 0, /* 245 */ - 0, /* 246 */ - 0, /* 247 */ - 0, /* 248 */ - 0, /* 249 */ - 0, /* 250 */ - 0, /* 251 */ - 0, /* 252 */ - 0, /* 253 */ - 0, /* 254 */ - 0 /* 255 */ -}; - -int -fast_isalnum(uint8_t c) -{ - return fastctypes[c] & (UPPER | LOWER | OCTAL | DEC | HEX); -} - -int -fast_isalpha(uint8_t c) -{ - return fastctypes[c] & (UPPER | LOWER); -} - -int -fast_isascii(uint8_t c) -{ - return (c > 0 && c <= 127); -} - -int -fast_iscntrl(uint8_t c) -{ - return (c > 0 && c < 32) || c == 127; -} - -int -fast_isprint(uint8_t c) -{ - return (c >= 32 && c < 127); -} - -int -fast_isdigit(uint8_t c) -{ - return fastctypes[c] & DEC; -} - -int -fast_islower(uint8_t c) -{ - return fastctypes[c] & LOWER; -} - -int -fast_isupper(uint8_t c) -{ - return fastctypes[c] & UPPER; -} - -int -fast_isspace(uint8_t c) -{ - return fastctypes[c] & SPACE; -} - -int -fast_tolower(uint8_t c) -{ - return (fastctypes[c] & UPPER) ? 'a' + (c - 'A') : c; -} - -int -fast_toupper(uint8_t c) -{ - return (fastctypes[c] & LOWER) ? 'A' + (c - 'a') : c; -} - -int -fast_isxdigit(uint8_t c) -{ - return fastctypes[c] & HEX; -} diff --git a/enzevalos_iphone/netpgp/lib/fastctype.h b/enzevalos_iphone/netpgp/lib/fastctype.h deleted file mode 100644 index c6006835..00000000 --- a/enzevalos_iphone/netpgp/lib/fastctype.h +++ /dev/null @@ -1,62 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef FASTCTYPE_H_ -#define FASTCTYPE_H_ - -#ifdef HAVE_INTTYPES_H -#include <inttypes.h> -#endif - -int fast_isalnum(uint8_t); -int fast_isalpha(uint8_t); -int fast_isascii(uint8_t); -int fast_iscntrl(uint8_t); -int fast_isdigit(uint8_t); -int fast_islower(uint8_t); -int fast_isupper(uint8_t); -int fast_isprint(uint8_t); -int fast_isspace(uint8_t); -int fast_isxdigit(uint8_t); -int fast_tolower(uint8_t); -int fast_toupper(uint8_t); - -#define isalnum(x) fast_isalnum(x) -#define isalpha(x) fast_isalpha(x) -#define isascii(x) fast_isascii(x) -#define iscntrl(x) fast_iscntrl(x) -#define isdigit(x) fast_isdigit(x) -#define islower(x) fast_islower(x) -#define isupper(x) fast_isupper(x) -#define isprint(x) fast_isprint(x) -#define isspace(x) fast_isspace(x) -#define tolower(x) fast_tolower(x) -#define toupper(x) fast_toupper(x) -#define isxdigit(x) fast_isxdigit(x) - -#endif diff --git a/enzevalos_iphone/netpgp/lib/keyring.c b/enzevalos_iphone/netpgp/lib/keyring.c deleted file mode 100644 index 6b9f8f5e..00000000 --- a/enzevalos_iphone/netpgp/lib/keyring.c +++ /dev/null @@ -1,1153 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: keyring.c,v 1.47 2010/10/31 19:45:53 stacktic Exp $"); -#endif - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - -#include <regex.h> -#include <stdlib.h> -#include <string.h> - -#ifdef HAVE_TERMIOS_H -#include <termios.h> -#endif - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#include "types.h" -#include "keyring.h" -#include "packet-parse.h" -#include "signature.h" -#include "netpgpsdk.h" -#include "readerwriter.h" -#include "netpgpdefs.h" -#include "packet.h" -#include "crypto.h" -#include "validate.h" -#include "netpgpdefs.h" -#include "netpgpdigest.h" - - - -/** - \ingroup HighLevel_Keyring - - \brief Creates a new __ops_key_t struct - - \return A new __ops_key_t struct, initialised to zero. - - \note The returned __ops_key_t struct must be freed after use with __ops_keydata_free. -*/ - -__ops_key_t * -__ops_keydata_new(void) -{ - return calloc(1, sizeof(__ops_key_t)); -} - - -/** - \ingroup HighLevel_Keyring - - \brief Frees keydata and its memory - - \param keydata Key to be freed. - - \note This frees the keydata itself, as well as any other memory alloc-ed by it. -*/ -void -__ops_keydata_free(__ops_key_t *keydata) -{ - unsigned n; - - for (n = 0; n < keydata->uidc; ++n) { - __ops_userid_free(&keydata->uids[n]); - } - free(keydata->uids); - keydata->uids = NULL; - keydata->uidc = 0; - - for (n = 0; n < keydata->packetc; ++n) { - __ops_subpacket_free(&keydata->packets[n]); - } - free(keydata->packets); - keydata->packets = NULL; - keydata->packetc = 0; - - if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) { - __ops_pubkey_free(&keydata->key.pubkey); - } else { - __ops_seckey_free(&keydata->key.seckey); - } - - free(keydata); -} - -/** - \ingroup HighLevel_KeyGeneral - - \brief Returns the public key in the given keydata. - \param keydata - - \return Pointer to public key - - \note This is not a copy, do not free it after use. -*/ - -const __ops_pubkey_t * -__ops_get_pubkey(const __ops_key_t *keydata) -{ - return (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) ? - &keydata->key.pubkey : - &keydata->key.seckey.pubkey; -} - -/** -\ingroup HighLevel_KeyGeneral - -\brief Check whether this is a secret key or not. -*/ - -unsigned -__ops_is_key_secret(const __ops_key_t *data) -{ - return data->type != OPS_PTAG_CT_PUBLIC_KEY; -} - -/** - \ingroup HighLevel_KeyGeneral - - \brief Returns the secret key in the given keydata. - - \note This is not a copy, do not free it after use. - - \note This returns a const. If you need to be able to write to this - pointer, use __ops_get_writable_seckey -*/ - -const __ops_seckey_t * -__ops_get_seckey(const __ops_key_t *data) -{ - return (data->type == OPS_PTAG_CT_SECRET_KEY) ? - &data->key.seckey : NULL; -} - -/** - \ingroup HighLevel_KeyGeneral - - \brief Returns the secret key in the given keydata. - - \note This is not a copy, do not free it after use. - - \note If you do not need to be able to modify this key, there is an - equivalent read-only function __ops_get_seckey. -*/ - -__ops_seckey_t * -__ops_get_writable_seckey(__ops_key_t *data) -{ - return (data->type == OPS_PTAG_CT_SECRET_KEY) ? - &data->key.seckey : NULL; -} - -/* utility function to zero out memory */ -void -__ops_forget(void *vp, unsigned size) -{ - (void) memset(vp, 0x0, size); -} - -typedef struct { - FILE *passfp; - const __ops_key_t *key; - char *passphrase; - __ops_seckey_t *seckey; -} decrypt_t; - -static __ops_cb_ret_t -decrypt_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - decrypt_t *decrypt; - char pass[MAX_PASSPHRASE_LENGTH]; - - decrypt = __ops_callback_arg(cbinfo); - switch (pkt->tag) { - case OPS_PARSER_PTAG: - case OPS_PTAG_CT_USER_ID: - case OPS_PTAG_CT_SIGNATURE: - case OPS_PTAG_CT_SIGNATURE_HEADER: - case OPS_PTAG_CT_SIGNATURE_FOOTER: - case OPS_PTAG_CT_TRUST: - break; - - case OPS_GET_PASSPHRASE: - (void) __ops_getpassphrase(decrypt->passfp, pass, sizeof(pass)); - *content->skey_passphrase.passphrase = netpgp_strdup(pass); - __ops_forget(pass, (unsigned)sizeof(pass)); - return OPS_KEEP_MEMORY; - - case OPS_PARSER_ERRCODE: - switch (content->errcode.errcode) { - case OPS_E_P_MPI_FORMAT_ERROR: - /* Generally this means a bad passphrase */ - fprintf(stderr, "Bad passphrase!\n"); - return OPS_RELEASE_MEMORY; - - case OPS_E_P_PACKET_CONSUMED: - /* And this is because of an error we've accepted */ - return OPS_RELEASE_MEMORY; - default: - break; - } - (void) fprintf(stderr, "parse error: %s\n", - __ops_errcode(content->errcode.errcode)); - return OPS_FINISHED; - - case OPS_PARSER_ERROR: - fprintf(stderr, "parse error: %s\n", content->error); - return OPS_FINISHED; - - case OPS_PTAG_CT_SECRET_KEY: - if ((decrypt->seckey = calloc(1, sizeof(*decrypt->seckey))) == NULL) { - (void) fprintf(stderr, "decrypt_cb: bad alloc\n"); - return OPS_FINISHED; - } - decrypt->seckey->checkhash = calloc(1, OPS_CHECKHASH_SIZE); - *decrypt->seckey = content->seckey; - return OPS_KEEP_MEMORY; - - case OPS_PARSER_PACKET_END: - /* nothing to do */ - break; - - default: - fprintf(stderr, "Unexpected tag %d (0x%x)\n", pkt->tag, - pkt->tag); - return OPS_FINISHED; - } - - return OPS_RELEASE_MEMORY; -} - -/** -\ingroup Core_Keys -\brief Decrypts secret key from given keydata with given passphrase -\param key Key from which to get secret key -\param passphrase Passphrase to use to decrypt secret key -\return secret key -*/ -__ops_seckey_t * -__ops_decrypt_seckey(const __ops_key_t *key, void *passfp) -{ - __ops_stream_t *stream; - const int printerrors = 1; - decrypt_t decrypt; - - (void) memset(&decrypt, 0x0, sizeof(decrypt)); - decrypt.key = key; - decrypt.passfp = passfp; - stream = __ops_new(sizeof(*stream)); - __ops_keydata_reader_set(stream, key); - __ops_set_callback(stream, decrypt_cb, &decrypt); - stream->readinfo.accumulate = 1; - __ops_parse(stream, !printerrors); - return decrypt.seckey; -} - -/** -\ingroup Core_Keys -\brief Set secret key in content -\param content Content to be set -\param key Keydata to get secret key from -*/ -void -__ops_set_seckey(__ops_contents_t *cont, const __ops_key_t *key) -{ - *cont->get_seckey.seckey = &key->key.seckey; -} - -/** -\ingroup Core_Keys -\brief Get Key ID from keydata -\param key Keydata to get Key ID from -\return Pointer to Key ID inside keydata -*/ -const uint8_t * -__ops_get_key_id(const __ops_key_t *key) -{ - return key->sigid; -} - -/** -\ingroup Core_Keys -\brief How many User IDs in this key? -\param key Keydata to check -\return Num of user ids -*/ -unsigned -__ops_get_userid_count(const __ops_key_t *key) -{ - return key->uidc; -} - -/** -\ingroup Core_Keys -\brief Get indexed user id from key -\param key Key to get user id from -\param index Which key to get -\return Pointer to requested user id -*/ -const uint8_t * -__ops_get_userid(const __ops_key_t *key, unsigned subscript) -{ - return key->uids[subscript]; -} - -/** - \ingroup HighLevel_Supported - \brief Checks whether key's algorithm and type are supported by OpenPGP::SDK - \param keydata Key to be checked - \return 1 if key algorithm and type are supported by OpenPGP::SDK; 0 if not -*/ - -unsigned -__ops_is_key_supported(const __ops_key_t *key) -{ - if (key->type == OPS_PTAG_CT_PUBLIC_KEY) { - switch(key->key.pubkey.alg) { - case OPS_PKA_RSA: - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - return 1; - default: - break; - } - } - return 0; -} - -/* \todo check where userid pointers are copied */ -/** -\ingroup Core_Keys -\brief Copy user id, including contents -\param dst Destination User ID -\param src Source User ID -\note If dst already has a userid, it will be freed. -*/ -static uint8_t * -__ops_copy_userid(uint8_t **dst, const uint8_t *src) -{ - size_t len; - - len = strlen((const char *) src); - if (*dst) { - free(*dst); - } - if ((*dst = calloc(1, len + 1)) == NULL) { - (void) fprintf(stderr, "__ops_copy_userid: bad alloc\n"); - } else { - (void) memcpy(*dst, src, len); - } - return *dst; -} - -/* \todo check where pkt pointers are copied */ -/** -\ingroup Core_Keys -\brief Copy packet, including contents -\param dst Destination packet -\param src Source packet -\note If dst already has a packet, it will be freed. -*/ -static __ops_subpacket_t * -__ops_copy_packet(__ops_subpacket_t *dst, const __ops_subpacket_t *src) -{ - if (dst->raw) { - free(dst->raw); - } - if ((dst->raw = calloc(1, src->length)) == NULL) { - (void) fprintf(stderr, "__ops_copy_packet: bad alloc\n"); - } else { - dst->length = src->length; - (void) memcpy(dst->raw, src->raw, src->length); - } - return dst; -} - -/** -\ingroup Core_Keys -\brief Add User ID to key -\param key Key to which to add User ID -\param userid User ID to add -\return Pointer to new User ID -*/ -uint8_t * -__ops_add_userid(__ops_key_t *key, const uint8_t *userid) -{ - uint8_t **uidp; - - EXPAND_ARRAY(key, uid); - /* initialise new entry in array */ - uidp = &key->uids[key->uidc++]; - *uidp = NULL; - /* now copy it */ - return __ops_copy_userid(uidp, userid); -} - -void print_packet_hex(const __ops_subpacket_t *pkt); - -/** -\ingroup Core_Keys -\brief Add packet to key -\param keydata Key to which to add packet -\param packet Packet to add -\return Pointer to new packet -*/ -__ops_subpacket_t * -__ops_add_subpacket(__ops_key_t *keydata, const __ops_subpacket_t *packet) -{ - __ops_subpacket_t *subpktp; - - EXPAND_ARRAY(keydata, packet); - /* initialise new entry in array */ - subpktp = &keydata->packets[keydata->packetc++]; - subpktp->length = 0; - subpktp->raw = NULL; - /* now copy it */ - return __ops_copy_packet(subpktp, packet); -} - -/** -\ingroup Core_Keys -\brief Add selfsigned User ID to key -\param keydata Key to which to add user ID -\param userid Self-signed User ID to add -\return 1 if OK; else 0 -*/ -unsigned -__ops_add_selfsigned_userid(__ops_key_t *key, uint8_t *userid) -{ - __ops_create_sig_t *sig; - __ops_subpacket_t sigpacket; - __ops_memory_t *mem_userid = NULL; - __ops_output_t *useridoutput = NULL; - __ops_memory_t *mem_sig = NULL; - __ops_output_t *sigoutput = NULL; - - /* - * create signature packet for this userid - */ - - /* create userid pkt */ - __ops_setup_memory_write(&useridoutput, &mem_userid, 128); - __ops_write_struct_userid(useridoutput, userid); - - /* create sig for this pkt */ - sig = __ops_create_sig_new(); - __ops_sig_start_key_sig(sig, &key->key.seckey.pubkey, userid, OPS_CERT_POSITIVE); - __ops_add_time(sig, (int64_t)time(NULL), "birth"); - __ops_add_key_flags(sig, OPS_KEYFLAG_SIGN_DATA | OPS_KEYFLAG_CERT_KEYS | OPS_KEYFLAG_ENC_COMM | OPS_KEYFLAG_ENC_STORAGE); - __ops_add_issuer_keyid(sig, key->sigid); - __ops_add_primary_userid(sig, 1); - __ops_end_hashed_subpkts(sig); - - __ops_setup_memory_write(&sigoutput, &mem_sig, 128); - __ops_write_sig(sigoutput, sig, &key->key.seckey.pubkey, &key->key.seckey); - - /* add this packet to key */ - sigpacket.length = __ops_mem_len(mem_sig); - sigpacket.raw = __ops_mem_data(mem_sig); - - /* add userid to key */ - (void) __ops_add_userid(key, userid); - (void) __ops_add_subpacket(key, &sigpacket); - - /* cleanup */ - __ops_create_sig_delete(sig); - __ops_output_delete(useridoutput); - __ops_output_delete(sigoutput); - __ops_memory_free(mem_userid); - __ops_memory_free(mem_sig); - - return 1; -} - -/** -\ingroup Core_Keys -\brief Initialise __ops_key_t -\param keydata Keydata to initialise -\param type OPS_PTAG_CT_PUBLIC_KEY or OPS_PTAG_CT_SECRET_KEY -*/ -void -__ops_keydata_init(__ops_key_t *keydata, const __ops_content_enum type) -{ - if (keydata->type != OPS_PTAG_CT_RESERVED) { - (void) fprintf(stderr, - "__ops_keydata_init: wrong keydata type\n"); - } else if (type != OPS_PTAG_CT_PUBLIC_KEY && - type != OPS_PTAG_CT_SECRET_KEY) { - (void) fprintf(stderr, "__ops_keydata_init: wrong type\n"); - } else { - keydata->type = type; - } -} - -/* used to point to data during keyring read */ -typedef struct keyringcb_t { - __ops_keyring_t *keyring; /* the keyring we're reading */ -} keyringcb_t; - - -static __ops_cb_ret_t -cb_keyring_read(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - __ops_keyring_t *keyring; - __ops_revoke_t *revocation; - __ops_key_t *key; - keyringcb_t *cb; - - cb = __ops_callback_arg(cbinfo); - keyring = cb->keyring; - switch (pkt->tag) { - case OPS_PARSER_PTAG: - case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: - /* we get these because we didn't prompt */ - break; - case OPS_PTAG_CT_SIGNATURE_HEADER: - key = &keyring->keys[keyring->keyc - 1]; - EXPAND_ARRAY(key, subsig); - key->subsigs[key->subsigc].uid = key->uidc - 1; - (void) memcpy(&key->subsigs[key->subsigc].sig, &pkt->u.sig, - sizeof(pkt->u.sig)); - key->subsigc += 1; - break; - case OPS_PTAG_CT_SIGNATURE: - key = &keyring->keys[keyring->keyc - 1]; - EXPAND_ARRAY(key, subsig); - key->subsigs[key->subsigc].uid = key->uidc - 1; - (void) memcpy(&key->subsigs[key->subsigc].sig, &pkt->u.sig, - sizeof(pkt->u.sig)); - key->subsigc += 1; - break; - case OPS_PTAG_CT_TRUST: - key = &keyring->keys[keyring->keyc - 1]; - key->subsigs[key->subsigc - 1].trustlevel = pkt->u.ss_trust.level; - key->subsigs[key->subsigc - 1].trustamount = pkt->u.ss_trust.amount; - break; - case OPS_PTAG_SS_KEY_EXPIRY: - EXPAND_ARRAY(keyring, key); - if (keyring->keyc > 0) { - keyring->keys[keyring->keyc - 1].key.pubkey.duration = pkt->u.ss_time; - } - break; - case OPS_PTAG_SS_ISSUER_KEY_ID: - key = &keyring->keys[keyring->keyc - 1]; - (void) memcpy(&key->subsigs[key->subsigc - 1].sig.info.signer_id, - pkt->u.ss_issuer, - sizeof(pkt->u.ss_issuer)); - key->subsigs[key->subsigc - 1].sig.info.signer_id_set = 1; - break; - case OPS_PTAG_SS_CREATION_TIME: - key = &keyring->keys[keyring->keyc - 1]; - key->subsigs[key->subsigc - 1].sig.info.birthtime = pkt->u.ss_time; - key->subsigs[key->subsigc - 1].sig.info.birthtime_set = 1; - break; - case OPS_PTAG_SS_EXPIRATION_TIME: - key = &keyring->keys[keyring->keyc - 1]; - key->subsigs[key->subsigc - 1].sig.info.duration = pkt->u.ss_time; - key->subsigs[key->subsigc - 1].sig.info.duration_set = 1; - break; - case OPS_PTAG_SS_PRIMARY_USER_ID: - key = &keyring->keys[keyring->keyc - 1]; - key->uid0 = key->uidc - 1; - break; - case OPS_PTAG_SS_REVOCATION_REASON: - key = &keyring->keys[keyring->keyc - 1]; - if (key->uidc == 0) { - /* revoke whole key */ - key->revoked = 1; - revocation = &key->revocation; - } else { - /* revoke the user id */ - EXPAND_ARRAY(key, revoke); - revocation = &key->revokes[key->revokec]; - key->revokes[key->revokec].uid = key->uidc - 1; - key->revokec += 1; - } - revocation->code = pkt->u.ss_revocation.code; - revocation->reason = netpgp_strdup(__ops_show_ss_rr_code(pkt->u.ss_revocation.code)); - break; - case OPS_PTAG_CT_SIGNATURE_FOOTER: - case OPS_PARSER_ERRCODE: - break; - - default: - break; - } - - return OPS_RELEASE_MEMORY; -} - -/** - \ingroup HighLevel_KeyringRead - - \brief Reads a keyring from a file - - \param keyring Pointer to an existing __ops_keyring_t struct - \param armour 1 if file is armoured; else 0 - \param filename Filename of keyring to be read - - \return __ops 1 if OK; 0 on error - - \note Keyring struct must already exist. - - \note Can be used with either a public or secret keyring. - - \note You must call __ops_keyring_free() after usage to free alloc-ed memory. - - \note If you call this twice on the same keyring struct, without calling - __ops_keyring_free() between these calls, you will introduce a memory leak. - - \sa __ops_keyring_read_from_mem() - \sa __ops_keyring_free() - -*/ - -unsigned -__ops_keyring_fileread(__ops_keyring_t *keyring, - const unsigned armour, - const char *filename) -{ - __ops_stream_t *stream; - keyringcb_t cb; - unsigned res = 1; - int fd; - - (void) memset(&cb, 0x0, sizeof(cb)); - cb.keyring = keyring; - stream = __ops_new(sizeof(*stream)); - - /* add this for the moment, */ - /* - * \todo need to fix the problems with reading signature subpackets - * later - */ - - /* __ops_parse_options(parse,OPS_PTAG_SS_ALL,OPS_PARSE_RAW); */ - __ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); - -#ifdef O_BINARY - fd = open(filename, O_RDONLY | O_BINARY); -#else - fd = open(filename, O_RDONLY); -#endif - if (fd < 0) { - __ops_stream_delete(stream); - perror(filename); - return 0; - } -#ifdef USE_MMAP_FOR_FILES - __ops_reader_set_mmap(stream, fd); -#else - __ops_reader_set_fd(stream, fd); -#endif - - __ops_set_callback(stream, cb_keyring_read, &cb); - - if (armour) { - __ops_reader_push_dearmour(stream); - } - res = __ops_parse_and_accumulate(keyring, stream); - __ops_print_errors(__ops_stream_get_errors(stream)); - - if (armour) { - __ops_reader_pop_dearmour(stream); - } - - (void)close(fd); - - __ops_stream_delete(stream); - - return res; -} - -/** - \ingroup HighLevel_KeyringRead - - \brief Reads a keyring from memory - - \param keyring Pointer to existing __ops_keyring_t struct - \param armour 1 if file is armoured; else 0 - \param mem Pointer to a __ops_memory_t struct containing keyring to be read - - \return __ops 1 if OK; 0 on error - - \note Keyring struct must already exist. - - \note Can be used with either a public or secret keyring. - - \note You must call __ops_keyring_free() after usage to free alloc-ed memory. - - \note If you call this twice on the same keyring struct, without calling - __ops_keyring_free() between these calls, you will introduce a memory leak. - - \sa __ops_keyring_fileread - \sa __ops_keyring_free -*/ -unsigned -__ops_keyring_read_from_mem(__ops_io_t *io, - __ops_keyring_t *keyring, - const unsigned armour, - __ops_memory_t *mem) -{ - __ops_stream_t *stream; - const unsigned noaccum = 0; - keyringcb_t cb; - unsigned res; - - (void) memset(&cb, 0x0, sizeof(cb)); - cb.keyring = keyring; - stream = __ops_new(sizeof(*stream)); - __ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); - __ops_setup_memory_read(io, &stream, mem, &cb, cb_keyring_read, - noaccum); - if (armour) { - __ops_reader_push_dearmour(stream); - } - res = (unsigned)__ops_parse_and_accumulate(keyring, stream); - __ops_print_errors(__ops_stream_get_errors(stream)); - if (armour) { - __ops_reader_pop_dearmour(stream); - } - /* don't call teardown_memory_read because memory was passed in */ - __ops_stream_delete(stream); - return res; -} - -/** - \ingroup HighLevel_KeyringRead - - \brief Frees keyring's contents (but not keyring itself) - - \param keyring Keyring whose data is to be freed - - \note This does not free keyring itself, just the memory alloc-ed in it. - */ -void -__ops_keyring_free(__ops_keyring_t *keyring) -{ - (void)free(keyring->keys); - keyring->keys = NULL; - keyring->keyc = keyring->keyvsize = 0; -} - -/** - \ingroup HighLevel_KeyringFind - - \brief Finds key in keyring from its Key ID - - \param keyring Keyring to be searched - \param keyid ID of required key - - \return Pointer to key, if found; NULL, if not found - - \note This returns a pointer to the key inside the given keyring, - not a copy. Do not free it after use. - -*/ -const __ops_key_t * -__ops_getkeybyid(__ops_io_t *io, const __ops_keyring_t *keyring, - const uint8_t *keyid, unsigned *from, __ops_pubkey_t **pubkey) -{ - uint8_t nullid[OPS_KEY_ID_SIZE]; - - (void) memset(nullid, 0x0, sizeof(nullid)); - for ( ; keyring && *from < keyring->keyc; *from += 1) { - if (__ops_get_debug_level(__FILE__)) { - hexdump(io->errs, "keyring sig keyid", keyring->keys[*from].sigid, OPS_KEY_ID_SIZE); - hexdump(io->errs, "keyring enc keyid", keyring->keys[*from].encid, OPS_KEY_ID_SIZE); - hexdump(io->errs, "keyid", keyid, OPS_KEY_ID_SIZE); - } - if (memcmp(keyring->keys[*from].sigid, keyid, OPS_KEY_ID_SIZE) == 0 || - memcmp(&keyring->keys[*from].sigid[OPS_KEY_ID_SIZE / 2], - keyid, OPS_KEY_ID_SIZE / 2) == 0) { - if (pubkey) { - *pubkey = &keyring->keys[*from].key.pubkey; - } - return &keyring->keys[*from]; - } - if (memcmp(&keyring->keys[*from].encid, nullid, sizeof(nullid)) == 0) { - continue; - } - if (memcmp(&keyring->keys[*from].encid, keyid, OPS_KEY_ID_SIZE) == 0 || - memcmp(&keyring->keys[*from].encid[OPS_KEY_ID_SIZE / 2], keyid, OPS_KEY_ID_SIZE / 2) == 0) { - if (pubkey) { - *pubkey = &keyring->keys[*from].enckey; - } - return &keyring->keys[*from]; - } - } - return NULL; -} - -/* convert a string keyid into a binary keyid */ -static void -str2keyid(const char *userid, uint8_t *keyid, size_t len) -{ - static const char *uppers = "0123456789ABCDEF"; - static const char *lowers = "0123456789abcdef"; - const char *hi; - const char *lo; - uint8_t hichar; - uint8_t lochar; - size_t j; - int i; - - for (i = 0, j = 0 ; j < len && userid[i] && userid[i + 1] ; i += 2, j++) { - if ((hi = strchr(uppers, userid[i])) == NULL) { - if ((hi = strchr(lowers, userid[i])) == NULL) { - break; - } - hichar = (uint8_t)(hi - lowers); - } else { - hichar = (uint8_t)(hi - uppers); - } - if ((lo = strchr(uppers, userid[i + 1])) == NULL) { - if ((lo = strchr(lowers, userid[i + 1])) == NULL) { - break; - } - lochar = (uint8_t)(lo - lowers); - } else { - lochar = (uint8_t)(lo - uppers); - } - keyid[j] = (hichar << 4) | (lochar); - } - keyid[j] = 0x0; -} - -/* return the next key which matches, starting searching at *from */ -static const __ops_key_t * -getkeybyname(__ops_io_t *io, - const __ops_keyring_t *keyring, - const char *name, - unsigned *from) -{ - const __ops_key_t *kp; - uint8_t **uidp; - unsigned i = 0; - __ops_key_t *keyp; - unsigned savedstart; - regex_t r; - uint8_t keyid[OPS_KEY_ID_SIZE + 1]; - size_t len; - - if (!keyring || !name || !from) { - return NULL; - } - len = strlen(name); - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->outs, "[%u] name '%s', len %zu\n", - *from, name, len); - } - /* first try name as a keyid */ - (void) memset(keyid, 0x0, sizeof(keyid)); - str2keyid(name, keyid, sizeof(keyid)); - if (__ops_get_debug_level(__FILE__)) { - hexdump(io->outs, "keyid", keyid, 4); - } - savedstart = *from; - if ((kp = __ops_getkeybyid(io, keyring, keyid, from, NULL)) != NULL) { - return kp; - } - *from = savedstart; - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->outs, "regex match '%s' from %u\n", - name, *from); - } - /* match on full name or email address as a NOSUB, ICASE regexp */ - (void) regcomp(&r, name, REG_EXTENDED | REG_ICASE); - for (keyp = &keyring->keys[*from]; *from < keyring->keyc; *from += 1, keyp++) { - uidp = keyp->uids; - for (i = 0 ; i < keyp->uidc; i++, uidp++) { - if (regexec(&r, (char *)*uidp, 0, NULL, 0) == 0) { - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->outs, - "MATCHED keyid \"%s\" len %" PRIsize "u\n", - (char *) *uidp, len); - } - regfree(&r); - return keyp; - } - } - } - regfree(&r); - return NULL; -} - -/** - \ingroup HighLevel_KeyringFind - - \brief Finds key from its User ID - - \param keyring Keyring to be searched - \param userid User ID of required key - - \return Pointer to Key, if found; NULL, if not found - - \note This returns a pointer to the key inside the keyring, not a - copy. Do not free it. - -*/ -const __ops_key_t * -__ops_getkeybyname(__ops_io_t *io, - const __ops_keyring_t *keyring, - const char *name) -{ - unsigned from; - - from = 0; - return getkeybyname(io, keyring, name, &from); -} - -const __ops_key_t * -__ops_getnextkeybyname(__ops_io_t *io, - const __ops_keyring_t *keyring, - const char *name, - unsigned *n) -{ - return getkeybyname(io, keyring, name, n); -} - -/** - \ingroup HighLevel_KeyringList - - \brief Prints all keys in keyring to stdout. - - \param keyring Keyring to use - - \return none -*/ -int -__ops_keyring_list(__ops_io_t *io, const __ops_keyring_t *keyring, const int psigs) -{ - __ops_key_t *key; - unsigned n; - - (void) fprintf(io->res, "%u key%s\n", keyring->keyc, - (keyring->keyc == 1) ? "" : "s"); - for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { - if (__ops_is_key_secret(key)) { - __ops_print_keydata(io, keyring, key, "sec", - &key->key.seckey.pubkey, 0); - } else { - __ops_print_keydata(io, keyring, key, "signature ", &key->key.pubkey, psigs); - } - (void) fputc('\n', io->res); - } - return 1; -} - -int -__ops_keyring_json(__ops_io_t *io, const __ops_keyring_t *keyring, mj_t *obj, const int psigs) -{ - __ops_key_t *key; - unsigned n; - - (void) memset(obj, 0x0, sizeof(*obj)); - mj_create(obj, "array"); - obj->size = keyring->keyvsize; - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->errs, "__ops_keyring_json: vsize %u\n", obj->size); - } - if ((obj->value.v = calloc(sizeof(*obj->value.v), obj->size)) == NULL) { - (void) fprintf(io->errs, "calloc failure\n"); - return 0; - } - for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { - if (__ops_is_key_secret(key)) { - __ops_sprint_mj(io, keyring, key, &obj->value.v[obj->c], - "sec", &key->key.seckey.pubkey, psigs); - } else { - __ops_sprint_mj(io, keyring, key, &obj->value.v[obj->c], - "signature ", &key->key.pubkey, psigs); - } - if (obj->value.v[obj->c].type != 0) { - obj->c += 1; - } - } - if (__ops_get_debug_level(__FILE__)) { - char *s; - - mj_asprint(&s, obj); - (void) fprintf(stderr, "__ops_keyring_json: '%s'\n", s); - free(s); - } - return 1; -} - - -/* this interface isn't right - hook into callback for getting passphrase */ -char * -__ops_export_key(__ops_io_t *io, const __ops_key_t *keydata, uint8_t *passphrase) -{ - __ops_output_t *output; - __ops_memory_t *mem; - char *cp; - - __OPS_USED(io); - __ops_setup_memory_write(&output, &mem, 128); - if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) { - __ops_write_xfer_pubkey(output, keydata, 1); - } else { - __ops_write_xfer_seckey(output, keydata, passphrase, - strlen((char *)passphrase), 1); - } - cp = netpgp_strdup(__ops_mem_data(mem)); - __ops_teardown_memory_write(output, mem); - return cp; -} - -/* add a key to a public keyring */ -int -__ops_add_to_pubring(__ops_keyring_t *keyring, const __ops_pubkey_t *pubkey, __ops_content_enum tag) -{ - __ops_key_t *key; - time_t duration; - - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "__ops_add_to_pubring (type %u)\n", tag); - } - switch(tag) { - case OPS_PTAG_CT_PUBLIC_KEY: - EXPAND_ARRAY(keyring, key); - key = &keyring->keys[keyring->keyc++]; - duration = key->key.pubkey.duration; - (void) memset(key, 0x0, sizeof(*key)); - key->type = tag; - __ops_keyid(key->sigid, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype); - __ops_fingerprint(&key->sigfingerprint, pubkey, keyring->hashtype); - key->key.pubkey = *pubkey; - key->key.pubkey.duration = duration; - return 1; - case OPS_PTAG_CT_PUBLIC_SUBKEY: - /* subkey is not the first */ - key = &keyring->keys[keyring->keyc - 1]; - __ops_keyid(key->encid, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype); - duration = key->key.pubkey.duration; - (void) memcpy(&key->enckey, pubkey, sizeof(key->enckey)); - key->enckey.duration = duration; - return 1; - default: - return 0; - } -} - -/* add a key to a secret keyring */ -int -__ops_add_to_secring(__ops_keyring_t *keyring, const __ops_seckey_t *seckey) -{ - const __ops_pubkey_t *pubkey; - __ops_key_t *key; - - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "__ops_add_to_secring\n"); - } - if (keyring->keyc > 0) { - key = &keyring->keys[keyring->keyc - 1]; - if (__ops_get_debug_level(__FILE__) && - key->key.pubkey.alg == OPS_PKA_DSA && - seckey->pubkey.alg == OPS_PKA_ELGAMAL) { - fprintf(stderr, "__ops_add_to_secring: found elgamal seckey\n"); - } - } - EXPAND_ARRAY(keyring, key); - key = &keyring->keys[keyring->keyc++]; - (void) memset(key, 0x0, sizeof(*key)); - pubkey = &seckey->pubkey; - __ops_keyid(key->sigid, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype); - __ops_fingerprint(&key->sigfingerprint, pubkey, keyring->hashtype); - key->type = OPS_PTAG_CT_SECRET_KEY; - key->key.seckey = *seckey; - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "__ops_add_to_secring: keyc %u\n", keyring->keyc); - } - return 1; -} - -/* append one keyring to another */ -int -__ops_append_keyring(__ops_keyring_t *keyring, __ops_keyring_t *newring) -{ - unsigned i; - - for (i = 0 ; i < newring->keyc ; i++) { - EXPAND_ARRAY(keyring, key); - (void) memcpy(&keyring->keys[keyring->keyc], &newring->keys[i], - sizeof(newring->keys[i])); - keyring->keyc += 1; - } - return 1; -} diff --git a/enzevalos_iphone/netpgp/lib/keyring.h b/enzevalos_iphone/netpgp/lib/keyring.h deleted file mode 100644 index 927791da..00000000 --- a/enzevalos_iphone/netpgp/lib/keyring.h +++ /dev/null @@ -1,152 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ - -#ifndef KEYRING_H_ -#define KEYRING_H_ - -#include "packet.h" -#include "packet-parse.h" -#include "mj.h" - -enum { - MAX_ID_LENGTH = 128, - MAX_PASSPHRASE_LENGTH = 256 -}; - -typedef struct __ops_key_t __ops_key_t; - -/** \struct __ops_keyring_t - * A keyring - */ -typedef struct __ops_keyring_t { - DYNARRAY(__ops_key_t, key); - __ops_hash_alg_t hashtype; -} __ops_keyring_t; - -const __ops_key_t *__ops_getkeybyid(__ops_io_t *, - const __ops_keyring_t *, - const uint8_t *, - unsigned *, - __ops_pubkey_t **); -const __ops_key_t *__ops_getkeybyname(__ops_io_t *, - const __ops_keyring_t *, - const char *); -const __ops_key_t *__ops_getnextkeybyname(__ops_io_t *, - const __ops_keyring_t *, - const char *, - unsigned *); -void __ops_keydata_free(__ops_key_t *); -void __ops_keyring_free(__ops_keyring_t *); -void __ops_dump_keyring(const __ops_keyring_t *); -const __ops_pubkey_t *__ops_get_pubkey(const __ops_key_t *); -unsigned __ops_is_key_secret(const __ops_key_t *); -const __ops_seckey_t *__ops_get_seckey(const __ops_key_t *); -__ops_seckey_t *__ops_get_writable_seckey(__ops_key_t *); -__ops_seckey_t *__ops_decrypt_seckey(const __ops_key_t *, void *); - -unsigned __ops_keyring_fileread(__ops_keyring_t *, const unsigned, - const char *); - -int __ops_keyring_list(__ops_io_t *, const __ops_keyring_t *, const int); -int __ops_keyring_json(__ops_io_t *, const __ops_keyring_t *, mj_t *, const int); - -void __ops_set_seckey(__ops_contents_t *, const __ops_key_t *); -void __ops_forget(void *, unsigned); - -const uint8_t *__ops_get_key_id(const __ops_key_t *); -unsigned __ops_get_userid_count(const __ops_key_t *); -const uint8_t *__ops_get_userid(const __ops_key_t *, unsigned); -unsigned __ops_is_key_supported(const __ops_key_t *); - -uint8_t *__ops_add_userid(__ops_key_t *, const uint8_t *); -__ops_subpacket_t *__ops_add_subpacket(__ops_key_t *, - const __ops_subpacket_t *); - -unsigned __ops_add_selfsigned_userid(__ops_key_t *, uint8_t *); - -__ops_key_t *__ops_keydata_new(void); -void __ops_keydata_init(__ops_key_t *, const __ops_content_enum); - -int __ops_parse_and_accumulate(__ops_keyring_t *, __ops_stream_t *); - -int __ops_sprint_keydata(__ops_io_t *, const __ops_keyring_t *, - const __ops_key_t *, char **, const char *, - const __ops_pubkey_t *, const int); -int __ops_sprint_mj(__ops_io_t *, const __ops_keyring_t *, - const __ops_key_t *, mj_t *, const char *, - const __ops_pubkey_t *, const int); -int __ops_hkp_sprint_keydata(__ops_io_t *, const __ops_keyring_t *, - const __ops_key_t *, char **, - const __ops_pubkey_t *, const int); -void __ops_print_keydata(__ops_io_t *, const __ops_keyring_t *, const __ops_key_t *, - const char *, const __ops_pubkey_t *, const int); -void __ops_print_sig(__ops_io_t *, const __ops_key_t *, const char *, - const __ops_pubkey_t *); -void __ops_print_pubkey(const __ops_pubkey_t *); -int __ops_sprint_pubkey(const __ops_key_t *, char *, size_t); - -int __ops_list_packets(__ops_io_t *, - char *, - unsigned, - __ops_keyring_t *, - __ops_keyring_t *, - void *, - __ops_cbfunc_t *); - -char *__ops_export_key(__ops_io_t *, const __ops_key_t *, uint8_t *); - -int __ops_add_to_pubring(__ops_keyring_t *, const __ops_pubkey_t *, __ops_content_enum tag); -int __ops_add_to_secring(__ops_keyring_t *, const __ops_seckey_t *); - -int __ops_append_keyring(__ops_keyring_t *, __ops_keyring_t *); - -#endif /* KEYRING_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/memory.h b/enzevalos_iphone/netpgp/lib/memory.h deleted file mode 100644 index 8429380b..00000000 --- a/enzevalos_iphone/netpgp/lib/memory.h +++ /dev/null @@ -1,87 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#ifndef MEMORY_H_ -#define MEMORY_H_ - -#include <sys/types.h> - -#include "packet.h" - -/** __ops_memory_t - */ -typedef struct __ops_memory_t { - uint8_t *buf; - size_t length; - size_t allocated; - unsigned mmapped; -} __ops_memory_t; - - -__ops_memory_t *__ops_memory_new(void); -void __ops_memory_free(__ops_memory_t *); -void __ops_memory_init(__ops_memory_t *, size_t); -void __ops_memory_pad(__ops_memory_t *, size_t); -void __ops_memory_add(__ops_memory_t *, const uint8_t *, size_t); -void __ops_memory_place_int(__ops_memory_t *, unsigned, unsigned, size_t); -void __ops_memory_make_packet(__ops_memory_t *, __ops_content_enum); -void __ops_memory_clear(__ops_memory_t *); -void __ops_memory_release(__ops_memory_t *); - -void __ops_writer_set_memory(__ops_output_t *, __ops_memory_t *); - -size_t __ops_mem_len(const __ops_memory_t *); -void *__ops_mem_data(__ops_memory_t *); -int __ops_mem_readfile(__ops_memory_t *, const char *); - -void __ops_random(void *, size_t); - -#endif /* MEMORY_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/misc.c b/enzevalos_iphone/netpgp/lib/misc.c deleted file mode 100644 index 0b90c170..00000000 --- a/enzevalos_iphone/netpgp/lib/misc.c +++ /dev/null @@ -1,1353 +0,0 @@ -/*- - * Copyright (c) 2009,2010 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: misc.c,v 1.37 2010/11/04 06:45:28 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/mman.h> - -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_OPENSSL_RAND_H -#include <openssl/rand.h> -#endif - -#include "errors.h" -#include "packet.h" -#include "crypto.h" -#include "create.h" -#include "fastctype.h" -#include "packet-parse.h" -#include "packet-show.h" -#include "signature.h" -#include "netpgpsdk.h" -#include "netpgpdefs.h" -#include "memory.h" -#include "readerwriter.h" -#include "version.h" -#include "netpgpdigest.h" - -#ifdef WIN32 -#define vsnprintf _vsnprintf -#endif - - -typedef struct { - __ops_keyring_t *keyring; -} accumulate_t; - -/** - * \ingroup Core_Callbacks - */ -static __ops_cb_ret_t -accumulate_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - __ops_keyring_t *keyring; - accumulate_t *accumulate; - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "accumulate callback: packet tag %u\n", pkt->tag); - } - accumulate = __ops_callback_arg(cbinfo); - keyring = accumulate->keyring; - switch (pkt->tag) { - case OPS_PTAG_CT_PUBLIC_KEY: - case OPS_PTAG_CT_PUBLIC_SUBKEY: - __ops_add_to_pubring(keyring, &content->pubkey, pkt->tag); - return OPS_KEEP_MEMORY; - case OPS_PTAG_CT_SECRET_KEY: - case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: - __ops_add_to_secring(keyring, &content->seckey); - return OPS_KEEP_MEMORY; - case OPS_PTAG_CT_USER_ID: - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "User ID: %s for key %d\n", - content->userid, - keyring->keyc - 1); - } - if (keyring->keyc == 0) { - OPS_ERROR(cbinfo->errors, OPS_E_P_NO_USERID, "No userid found"); - } else { - __ops_add_userid(&keyring->keys[keyring->keyc - 1], content->userid); - } - return OPS_KEEP_MEMORY; - case OPS_PARSER_PACKET_END: - if (keyring->keyc > 0) { - __ops_add_subpacket(&keyring->keys[keyring->keyc - 1], - &content->packet); - return OPS_KEEP_MEMORY; - } - return OPS_RELEASE_MEMORY; - case OPS_PARSER_ERROR: - (void) fprintf(stderr, "Error: %s\n", content->error); - return OPS_FINISHED; - case OPS_PARSER_ERRCODE: - (void) fprintf(stderr, "parse error: %s\n", - __ops_errcode(content->errcode.errcode)); - break; - default: - break; - } - /* XXX: we now exclude so many things, we should either drop this or */ - /* do something to pass on copies of the stuff we keep */ - return __ops_stacked_callback(pkt, cbinfo); -} - -/** - * \ingroup Core_Parse - * - * Parse packets from an input stream until EOF or error. - * - * Key data found in the parsed data is added to #keyring. - * - * \param keyring Pointer to an existing keyring - * \param parse Options to use when parsing -*/ -int -__ops_parse_and_accumulate(__ops_keyring_t *keyring, __ops_stream_t *parse) -{ - accumulate_t accumulate; - const int printerrors = 1; - int ret; - - if (parse->readinfo.accumulate) { - (void) fprintf(stderr, - "__ops_parse_and_accumulate: already init\n"); - return 0; - } - - (void) memset(&accumulate, 0x0, sizeof(accumulate)); - - accumulate.keyring = keyring; - - __ops_callback_push(parse, accumulate_cb, &accumulate); - parse->readinfo.accumulate = 1; - ret = __ops_parse(parse, !printerrors); - - return ret; -} - - -/** \file - * \brief Error Handling - */ -#define ERRNAME(code) { code, #code } - -static __ops_errcode_name_map_t errcode_name_map[] = { - ERRNAME(OPS_E_OK), - ERRNAME(OPS_E_FAIL), - ERRNAME(OPS_E_SYSTEM_ERROR), - ERRNAME(OPS_E_UNIMPLEMENTED), - - ERRNAME(OPS_E_R), - ERRNAME(OPS_E_R_READ_FAILED), - ERRNAME(OPS_E_R_EARLY_EOF), - ERRNAME(OPS_E_R_BAD_FORMAT), - ERRNAME(OPS_E_R_UNCONSUMED_DATA), - - ERRNAME(OPS_E_W), - ERRNAME(OPS_E_W_WRITE_FAILED), - ERRNAME(OPS_E_W_WRITE_TOO_SHORT), - - ERRNAME(OPS_E_P), - ERRNAME(OPS_E_P_NOT_ENOUGH_DATA), - ERRNAME(OPS_E_P_UNKNOWN_TAG), - ERRNAME(OPS_E_P_PACKET_CONSUMED), - ERRNAME(OPS_E_P_MPI_FORMAT_ERROR), - - ERRNAME(OPS_E_C), - - ERRNAME(OPS_E_V), - ERRNAME(OPS_E_V_BAD_SIGNATURE), - ERRNAME(OPS_E_V_NO_SIGNATURE), - ERRNAME(OPS_E_V_UNKNOWN_SIGNER), - - ERRNAME(OPS_E_ALG), - ERRNAME(OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG), - ERRNAME(OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG), - ERRNAME(OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG), - ERRNAME(OPS_E_ALG_UNSUPPORTED_HASH_ALG), - - ERRNAME(OPS_E_PROTO), - ERRNAME(OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT), - ERRNAME(OPS_E_PROTO_UNKNOWN_SS), - ERRNAME(OPS_E_PROTO_CRITICAL_SS_IGNORED), - ERRNAME(OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN), - ERRNAME(OPS_E_PROTO_BAD_SIGNATURE_VRSN), - ERRNAME(OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN), - ERRNAME(OPS_E_PROTO_BAD_PKSK_VRSN), - ERRNAME(OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN), - ERRNAME(OPS_E_PROTO_BAD_SK_CHECKSUM), - - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -/** - * \ingroup Core_Errors - * \brief returns error code name - * \param errcode - * \return error code name or "Unknown" - */ -const char * -__ops_errcode(const __ops_errcode_t errcode) -{ - return (__ops_str_from_map((int) errcode, - (__ops_map_t *) errcode_name_map)); -} - -/* generic grab new storage function */ -void * -__ops_new(size_t size) -{ - void *vp; - - if ((vp = calloc(1, size)) == NULL) { - (void) fprintf(stderr, - "allocation failure for %" PRIsize "u bytes", size); - } - return vp; -} - -/** - * \ingroup Core_Errors - * \brief Pushes the given error on the given errorstack - * \param errstack Error stack to use - * \param errcode Code of error to push - * \param sys_errno System errno (used if errcode=OPS_E_SYSTEM_ERROR) - * \param file Source filename where error occurred - * \param line Line in source file where error occurred - * \param fmt Comment - * - */ - -void -__ops_push_error(__ops_error_t **errstack, __ops_errcode_t errcode, - int sys_errno, const char *file, int line, const char *fmt,...) -{ - /* first get the varargs and generate the comment */ - __ops_error_t *err; - unsigned maxbuf = 128; - va_list args; - char *comment; - - if ((comment = calloc(1, maxbuf + 1)) == NULL) { - (void) fprintf(stderr, "calloc comment failure\n"); - return; - } - - va_start(args, fmt); - vsnprintf(comment, maxbuf + 1, fmt, args); - va_end(args); - - /* alloc a new error and add it to the top of the stack */ - - if ((err = calloc(1, sizeof(*err))) == NULL) { - (void) fprintf(stderr, "calloc comment failure\n"); - return; - } - - err->next = *errstack; - *errstack = err; - - /* fill in the details */ - err->errcode = errcode; - err->sys_errno = sys_errno; - err->file = file; - err->line = line; - - err->comment = comment; -} - -/** -\ingroup Core_Errors -\brief print this error -\param err Error to print -*/ -void -__ops_print_error(__ops_error_t *err) -{ - printf("%s:%d: ", err->file, err->line); - if (err->errcode == OPS_E_SYSTEM_ERROR) { - printf("system error %d returned from %s()\n", err->sys_errno, - err->comment); - } else { - printf("%s, %s\n", __ops_errcode(err->errcode), err->comment); - } -} - -/** -\ingroup Core_Errors -\brief Print all errors on stack -\param errstack Error stack to print -*/ -void -__ops_print_errors(__ops_error_t *errstack) -{ - __ops_error_t *err; - - for (err = errstack; err != NULL; err = err->next) { - __ops_print_error(err); - } -} - -/** -\ingroup Core_Errors -\brief Return 1 if given error is present anywhere on stack -\param errstack Error stack to check -\param errcode Error code to look for -\return 1 if found; else 0 -*/ -int -__ops_has_error(__ops_error_t *errstack, __ops_errcode_t errcode) -{ - __ops_error_t *err; - - for (err = errstack; err != NULL; err = err->next) { - if (err->errcode == errcode) { - return 1; - } - } - return 0; -} - -/** -\ingroup Core_Errors -\brief Frees all errors on stack -\param errstack Error stack to free -*/ -void -__ops_free_errors(__ops_error_t *errstack) -{ - __ops_error_t *next; - - while (errstack != NULL) { - next = errstack->next; - free(errstack->comment); - free(errstack); - errstack = next; - } -} - -/* hash a 32-bit integer */ -static int -hash_uint32(__ops_hash_t *hash, uint32_t n) -{ - uint8_t ibuf[4]; - - ibuf[0] = (uint8_t)(n >> 24) & 0xff; - ibuf[1] = (uint8_t)(n >> 16) & 0xff; - ibuf[2] = (uint8_t)(n >> 8) & 0xff; - ibuf[3] = (uint8_t)n & 0xff; - (*hash->add)(hash, (const uint8_t *)(void *)ibuf, (unsigned)sizeof(ibuf)); - return sizeof(ibuf); -} - -/* hash a string - first length, then string itself */ -static int -hash_string(__ops_hash_t *hash, const uint8_t *buf, uint32_t len) -{ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "hash_string", buf, len); - } - hash_uint32(hash, len); - (*hash->add)(hash, buf, len); - return (int)(sizeof(len) + len); -} - -/* hash a bignum, possibly padded - first length, then string itself */ -static int -hash_bignum(__ops_hash_t *hash, BIGNUM *bignum) -{ - uint8_t *bn; - size_t len; - int padbyte; - - if (BN_is_zero(bignum)) { - hash_uint32(hash, 0); - return sizeof(len); - } - if ((len = (size_t) BN_num_bytes(bignum)) < 1) { - (void) fprintf(stderr, "hash_bignum: bad size\n"); - return 0; - } - if ((bn = calloc(1, len + 1)) == NULL) { - (void) fprintf(stderr, "hash_bignum: bad bn alloc\n"); - return 0; - } - BN_bn2bin(bignum, bn + 1); - bn[0] = 0x0; - padbyte = (bn[1] & 0x80) ? 1 : 0; - hash_string(hash, bn + 1 - padbyte, (unsigned)(len + padbyte)); - free(bn); - return (int)(sizeof(len) + len + padbyte); -} - -/** \file - */ - -/** - * \ingroup Core_Keys - * \brief Calculate a public key fingerprint. - * \param fp Where to put the calculated fingerprint - * \param key The key for which the fingerprint is calculated - */ -int -__ops_fingerprint(__ops_fingerprint_t *fp, const __ops_pubkey_t *key, __ops_hash_alg_t hashtype) -{ - __ops_memory_t *mem; - __ops_hash_t hash; - const char *type; - uint32_t len; - - mem = __ops_memory_new(); - if (key->version == 2 || key->version == 3) { - if (key->alg != OPS_PKA_RSA && - key->alg != OPS_PKA_RSA_ENCRYPT_ONLY && - key->alg != OPS_PKA_RSA_SIGN_ONLY) { - (void) fprintf(stderr, - "__ops_fingerprint: bad algorithm\n"); - return 0; - } - __ops_hash_md5(&hash); - if (!hash.init(&hash)) { - (void) fprintf(stderr, - "__ops_fingerprint: bad md5 alloc\n"); - return 0; - } - hash_bignum(&hash, key->key.rsa.n); - hash_bignum(&hash, key->key.rsa.e); - fp->length = hash.finish(&hash, fp->fingerprint); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "v2/v3 fingerprint", fp->fingerprint, fp->length); - } - } else if (hashtype == OPS_HASH_MD5) { - __ops_hash_md5(&hash); - if (!hash.init(&hash)) { - (void) fprintf(stderr, - "__ops_fingerprint: bad md5 alloc\n"); - return 0; - } - type = (key->alg == OPS_PKA_RSA) ? "ssh-rsa" : "ssh-dss"; - hash_string(&hash, (const uint8_t *)(const void *)type, (unsigned)strlen(type)); - switch(key->alg) { - case OPS_PKA_RSA: - hash_bignum(&hash, key->key.rsa.e); - hash_bignum(&hash, key->key.rsa.n); - break; - case OPS_PKA_DSA: - hash_bignum(&hash, key->key.dsa.p); - hash_bignum(&hash, key->key.dsa.q); - hash_bignum(&hash, key->key.dsa.g); - hash_bignum(&hash, key->key.dsa.y); - break; - default: - break; - } - fp->length = hash.finish(&hash, fp->fingerprint); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "md5 fingerprint", fp->fingerprint, fp->length); - } - } else { - __ops_build_pubkey(mem, key, 0); - __ops_hash_sha1(&hash); - if (!hash.init(&hash)) { - (void) fprintf(stderr, - "__ops_fingerprint: bad sha1 alloc\n"); - return 0; - } - len = (unsigned)__ops_mem_len(mem); - __ops_hash_add_int(&hash, 0x99, 1); - __ops_hash_add_int(&hash, len, 2); - hash.add(&hash, __ops_mem_data(mem), len); - fp->length = hash.finish(&hash, fp->fingerprint); - __ops_memory_free(mem); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha1 fingerprint", fp->fingerprint, fp->length); - } - } - return 1; -} - -/** - * \ingroup Core_Keys - * \brief Calculate the Key ID from the public key. - * \param keyid Space for the calculated ID to be stored - * \param key The key for which the ID is calculated - */ - -int -__ops_keyid(uint8_t *keyid, const size_t idlen, const __ops_pubkey_t *key, __ops_hash_alg_t hashtype) -{ - __ops_fingerprint_t finger; - - if (key->version == 2 || key->version == 3) { - unsigned n; - uint8_t bn[NETPGP_BUFSIZ]; - - n = (unsigned) BN_num_bytes(key->key.rsa.n); - if (n > sizeof(bn)) { - (void) fprintf(stderr, "__ops_keyid: bad num bytes\n"); - return 0; - } - if (key->alg != OPS_PKA_RSA && - key->alg != OPS_PKA_RSA_ENCRYPT_ONLY && - key->alg != OPS_PKA_RSA_SIGN_ONLY) { - (void) fprintf(stderr, "__ops_keyid: bad algorithm\n"); - return 0; - } - BN_bn2bin(key->key.rsa.n, bn); - (void) memcpy(keyid, bn + n - idlen, idlen); - } else { - __ops_fingerprint(&finger, key, hashtype); - (void) memcpy(keyid, - finger.fingerprint + finger.length - idlen, - idlen); - } - return 1; -} - -/** -\ingroup Core_Hashes -\brief Add to the hash -\param hash Hash to add to -\param n Int to add -\param length Length of int in bytes -*/ -void -__ops_hash_add_int(__ops_hash_t *hash, unsigned n, unsigned length) -{ - uint8_t c; - - while (length--) { - c = n >> (length * 8); - hash->add(hash, &c, 1); - } -} - -/** -\ingroup Core_Hashes -\brief Setup hash for given hash algorithm -\param hash Hash to set up -\param alg Hash algorithm to use -*/ -void -__ops_hash_any(__ops_hash_t *hash, __ops_hash_alg_t alg) -{ - switch (alg) { - case OPS_HASH_MD5: - __ops_hash_md5(hash); - break; - - case OPS_HASH_SHA1: - __ops_hash_sha1(hash); - break; - - case OPS_HASH_SHA256: - __ops_hash_sha256(hash); - break; - - case OPS_HASH_SHA384: - __ops_hash_sha384(hash); - break; - - case OPS_HASH_SHA512: - __ops_hash_sha512(hash); - break; - - case OPS_HASH_SHA224: - __ops_hash_sha224(hash); - break; - - default: - (void) fprintf(stderr, "__ops_hash_any: bad algorithm\n"); - } -} - -/** -\ingroup Core_Hashes -\brief Returns size of hash for given hash algorithm -\param alg Hash algorithm to use -\return Size of hash algorithm in bytes -*/ -unsigned -__ops_hash_size(__ops_hash_alg_t alg) -{ - switch (alg) { - case OPS_HASH_MD5: - return 16; - - case OPS_HASH_SHA1: - return 20; - - case OPS_HASH_SHA256: - return 32; - - case OPS_HASH_SHA224: - return 28; - - case OPS_HASH_SHA512: - return 64; - - case OPS_HASH_SHA384: - return 48; - - default: - (void) fprintf(stderr, "__ops_hash_size: bad algorithm\n"); - } - - return 0; -} - -/** -\ingroup Core_Hashes -\brief Returns hash enum corresponding to given string -\param hash Text name of hash algorithm i.e. "SHA1" -\returns Corresponding enum i.e. OPS_HASH_SHA1 -*/ -__ops_hash_alg_t -__ops_str_to_hash_alg(const char *hash) -{ - if (hash == NULL) { - return OPS_DEFAULT_HASH_ALGORITHM; - } - if (netpgp_strcasecmp(hash, "SHA1") == 0) { - return OPS_HASH_SHA1; - } - if (netpgp_strcasecmp(hash, "MD5") == 0) { - return OPS_HASH_MD5; - } - if (netpgp_strcasecmp(hash, "SHA256") == 0) { - return OPS_HASH_SHA256; - } - /* - if (netpgp_strcasecmp(hash,"SHA224") == 0) { - return OPS_HASH_SHA224; - } - */ - if (netpgp_strcasecmp(hash, "SHA512") == 0) { - return OPS_HASH_SHA512; - } - if (netpgp_strcasecmp(hash, "SHA384") == 0) { - return OPS_HASH_SHA384; - } - return OPS_HASH_UNKNOWN; -} - -/** -\ingroup Core_Hashes -\brief Hash given data -\param out Where to write the hash -\param alg Hash algorithm to use -\param in Data to hash -\param length Length of data -\return Size of hash created -*/ -unsigned -__ops_hash(uint8_t *out, __ops_hash_alg_t alg, const void *in, size_t length) -{ - __ops_hash_t hash; - - __ops_hash_any(&hash, alg); - if (!hash.init(&hash)) { - (void) fprintf(stderr, "__ops_hash: bad alloc\n"); - /* we'll just continue here - don't want to return a 0 hash */ - /* XXX - agc - no way to return failure */ - } - hash.add(&hash, in, (unsigned)length); - return hash.finish(&hash, out); -} - -/** -\ingroup Core_Hashes -\brief Calculate hash for MDC packet -\param preamble Preamble to hash -\param sz_preamble Size of preamble -\param plaintext Plaintext to hash -\param sz_plaintext Size of plaintext -\param hashed Resulting hash -*/ -void -__ops_calc_mdc_hash(const uint8_t *preamble, - const size_t sz_preamble, - const uint8_t *plaintext, - const unsigned sz_plaintext, - uint8_t *hashed) -{ - __ops_hash_t hash; - uint8_t c; - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "preamble", preamble, sz_preamble); - hexdump(stderr, "plaintext", plaintext, sz_plaintext); - } - /* init */ - __ops_hash_any(&hash, OPS_HASH_SHA1); - if (!hash.init(&hash)) { - (void) fprintf(stderr, "__ops_calc_mdc_hash: bad alloc\n"); - /* we'll just continue here - it will die anyway */ - /* agc - XXX - no way to return failure */ - } - - /* preamble */ - hash.add(&hash, preamble, (unsigned)sz_preamble); - /* plaintext */ - hash.add(&hash, plaintext, sz_plaintext); - /* MDC packet tag */ - c = MDC_PKT_TAG; - hash.add(&hash, &c, 1); - /* MDC packet len */ - c = OPS_SHA1_HASH_SIZE; - hash.add(&hash, &c, 1); - - /* finish */ - hash.finish(&hash, hashed); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "hashed", hashed, OPS_SHA1_HASH_SIZE); - } -} - -/** -\ingroup HighLevel_Supported -\brief Is this Hash Algorithm supported? -\param hash_alg Hash Algorithm to check -\return 1 if supported; else 0 -*/ -unsigned -__ops_is_hash_alg_supported(const __ops_hash_alg_t *hash_alg) -{ - switch (*hash_alg) { - case OPS_HASH_MD5: - case OPS_HASH_SHA1: - case OPS_HASH_SHA256: - return 1; - - default: - return 0; - } -} - -/* structure to map string to cipher def */ -typedef struct str2cipher_t { - const char *s; /* cipher name */ - __ops_symm_alg_t i; /* cipher def */ -} str2cipher_t; - -static str2cipher_t str2cipher[] = { - { "cast5", OPS_SA_CAST5 }, - { "idea", OPS_SA_IDEA }, - { "aes128", OPS_SA_AES_128 }, - { "aes256", OPS_SA_AES_256 }, - { "camellia128", OPS_SA_CAMELLIA_128 }, - { "camellia256", OPS_SA_CAMELLIA_256 }, - { "tripledes", OPS_SA_TRIPLEDES }, - { NULL, 0 } -}; - -/* convert from a string to a cipher definition */ -__ops_symm_alg_t -__ops_str_to_cipher(const char *cipher) -{ - str2cipher_t *sp; - - for (sp = str2cipher ; cipher && sp->s ; sp++) { - if (netpgp_strcasecmp(cipher, sp->s) == 0) { - return sp->i; - } - } - return OPS_SA_DEFAULT_CIPHER; -} - -void -__ops_random(void *dest, size_t length) -{ - RAND_bytes(dest, (int)length); -} - -/** -\ingroup HighLevel_Memory -\brief Memory to initialise -\param mem memory to initialise -\param needed Size to initialise to -*/ -void -__ops_memory_init(__ops_memory_t *mem, size_t needed) -{ - uint8_t *temp; - - mem->length = 0; - if (mem->buf) { - if (mem->allocated < needed) { - if ((temp = realloc(mem->buf, needed)) == NULL) { - (void) fprintf(stderr, "__ops_memory_init: bad alloc\n"); - } else { - mem->buf = temp; - mem->allocated = needed; - } - } - } else { - if ((mem->buf = calloc(1, needed)) == NULL) { - (void) fprintf(stderr, "__ops_memory_init: bad alloc\n"); - } else { - mem->allocated = needed; - } - } -} - -/** -\ingroup HighLevel_Memory -\brief Pad memory to required length -\param mem Memory to use -\param length New size -*/ -void -__ops_memory_pad(__ops_memory_t *mem, size_t length) -{ - uint8_t *temp; - - if (mem->allocated < mem->length) { - (void) fprintf(stderr, "__ops_memory_pad: bad alloc in\n"); - return; - } - if (mem->allocated < mem->length + length) { - mem->allocated = mem->allocated * 2 + length; - temp = realloc(mem->buf, mem->allocated); - if (temp == NULL) { - (void) fprintf(stderr, "__ops_memory_pad: bad alloc\n"); - } else { - mem->buf = temp; - } - } - if (mem->allocated < mem->length + length) { - (void) fprintf(stderr, "__ops_memory_pad: bad alloc out\n"); - } -} - -/** -\ingroup HighLevel_Memory -\brief Add data to memory -\param mem Memory to which to add -\param src Data to add -\param length Length of data to add -*/ -void -__ops_memory_add(__ops_memory_t *mem, const uint8_t *src, size_t length) -{ - __ops_memory_pad(mem, length); - (void) memcpy(mem->buf + mem->length, src, length); - mem->length += length; -} - -/* XXX: this could be refactored via the writer, but an awful lot of */ -/* hoops to jump through for 2 lines of code! */ -void -__ops_memory_place_int(__ops_memory_t *mem, unsigned offset, unsigned n, - size_t length) -{ - if (mem->allocated < offset + length) { - (void) fprintf(stderr, - "__ops_memory_place_int: bad alloc\n"); - } else { - while (length-- > 0) { - mem->buf[offset++] = n >> (length * 8); - } - } -} - -/** - * \ingroup HighLevel_Memory - * \brief Retains allocated memory and set length of stored data to zero. - * \param mem Memory to clear - * \sa __ops_memory_release() - * \sa __ops_memory_free() - */ -void -__ops_memory_clear(__ops_memory_t *mem) -{ - mem->length = 0; -} - -/** -\ingroup HighLevel_Memory -\brief Free memory and associated data -\param mem Memory to free -\note This does not free mem itself -\sa __ops_memory_clear() -\sa __ops_memory_free() -*/ -void -__ops_memory_release(__ops_memory_t *mem) -{ - if (mem->mmapped) { - (void) munmap(mem->buf, mem->length); - } else { - free(mem->buf); - } - mem->buf = NULL; - mem->length = 0; -} - -void -__ops_memory_make_packet(__ops_memory_t *out, __ops_content_enum tag) -{ - size_t extra; - - extra = (out->length < 192) ? 1 : (out->length < 8192 + 192) ? 2 : 5; - __ops_memory_pad(out, extra + 1); - memmove(out->buf + extra + 1, out->buf, out->length); - - out->buf[0] = OPS_PTAG_ALWAYS_SET | OPS_PTAG_NEW_FORMAT | tag; - - if (out->length < 192) { - out->buf[1] = (uint8_t)out->length; - } else if (out->length < 8192 + 192) { - out->buf[1] = (uint8_t)((out->length - 192) >> 8) + 192; - out->buf[2] = (uint8_t)(out->length - 192); - } else { - out->buf[1] = 0xff; - out->buf[2] = (uint8_t)(out->length >> 24); - out->buf[3] = (uint8_t)(out->length >> 16); - out->buf[4] = (uint8_t)(out->length >> 8); - out->buf[5] = (uint8_t)(out->length); - } - - out->length += extra + 1; -} - -/** - \ingroup HighLevel_Memory - \brief Create a new zeroed __ops_memory_t - \return Pointer to new __ops_memory_t - \note Free using __ops_memory_free() after use. - \sa __ops_memory_free() -*/ - -__ops_memory_t * -__ops_memory_new(void) -{ - return calloc(1, sizeof(__ops_memory_t)); -} - -/** - \ingroup HighLevel_Memory - \brief Free memory ptr and associated memory - \param mem Memory to be freed - \sa __ops_memory_release() - \sa __ops_memory_clear() -*/ - -void -__ops_memory_free(__ops_memory_t *mem) -{ - __ops_memory_release(mem); - free(mem); -} - -/** - \ingroup HighLevel_Memory - \brief Get length of data stored in __ops_memory_t struct - \return Number of bytes in data -*/ -size_t -__ops_mem_len(const __ops_memory_t *mem) -{ - return mem->length; -} - -/** - \ingroup HighLevel_Memory - \brief Get data stored in __ops_memory_t struct - \return Pointer to data -*/ -void * -__ops_mem_data(__ops_memory_t *mem) -{ - return mem->buf; -} - -/* read a gile into an __ops_memory_t */ -int -__ops_mem_readfile(__ops_memory_t *mem, const char *f) -{ - struct stat st; - FILE *fp; - int cc; - - if ((fp = fopen(f, "rb")) == NULL) { - (void) fprintf(stderr, - "__ops_mem_readfile: can't open \"%s\"\n", f); - return 0; - } - (void) fstat(fileno(fp), &st); - mem->allocated = (size_t)st.st_size; - mem->buf = mmap(NULL, mem->allocated, PROT_READ, - MAP_PRIVATE | MAP_FILE, fileno(fp), 0); - if (mem->buf == MAP_FAILED) { - /* mmap failed for some reason - try to allocate memory */ - if ((mem->buf = calloc(1, mem->allocated)) == NULL) { - (void) fprintf(stderr, "__ops_mem_readfile: calloc\n"); - (void) fclose(fp); - return 0; - } - /* read into contents of mem */ - for (mem->length = 0 ; - (cc = (int)read(fileno(fp), &mem->buf[mem->length], - (size_t)(mem->allocated - mem->length))) > 0 ; - mem->length += (size_t)cc) { - } - } else { - mem->length = mem->allocated; - mem->mmapped = 1; - } - (void) fclose(fp); - return (mem->allocated == mem->length); -} - -typedef struct { - uint16_t sum; -} sum16_t; - - -/** - * Searches the given map for the given type. - * Returns a human-readable descriptive string if found, - * returns NULL if not found - * - * It is the responsibility of the calling function to handle the - * error case sensibly (i.e. don't just print out the return string. - * - */ -static const char * -str_from_map_or_null(int type, __ops_map_t *map) -{ - __ops_map_t *row; - - for (row = map; row->string != NULL; row++) { - if (row->type == type) { - return row->string; - } - } - return NULL; -} - -/** - * \ingroup Core_Print - * - * Searches the given map for the given type. - * Returns a readable string if found, "Unknown" if not. - */ - -const char * -__ops_str_from_map(int type, __ops_map_t *map) -{ - const char *str; - - str = str_from_map_or_null(type, map); - return (str) ? str : "Unknown"; -} - -#define LINELEN 16 - -/* show hexadecimal/ascii dump */ -void -hexdump(FILE *fp, const char *header, const uint8_t *src, size_t length) -{ - size_t i; - char line[LINELEN + 1]; - - (void) fprintf(fp, "%s%s", (header) ? header : "", (header) ? "\n" : ""); - (void) fprintf(fp, "[%" PRIsize "u char%s]\n", length, (length == 1) ? "" : "s"); - for (i = 0 ; i < length ; i++) { - if (i % LINELEN == 0) { - (void) fprintf(fp, "%.5" PRIsize "u | ", i); - } - (void) fprintf(fp, "%.02x ", (uint8_t)src[i]); - line[i % LINELEN] = (isprint(src[i])) ? src[i] : '.'; - if (i % LINELEN == LINELEN - 1) { - line[LINELEN] = 0x0; - (void) fprintf(fp, " | %s\n", line); - } - } - if (i % LINELEN != 0) { - for ( ; i % LINELEN != 0 ; i++) { - (void) fprintf(fp, " "); - line[i % LINELEN] = ' '; - } - line[LINELEN] = 0x0; - (void) fprintf(fp, " | %s\n", line); - } -} - -/** - * \ingroup HighLevel_Functions - * \brief Closes down OpenPGP::SDK. - * - * Close down OpenPGP:SDK, release any resources under the control of - * the library. - */ - -void -__ops_finish(void) -{ - __ops_crypto_finish(); -} - -static int -sum16_reader(void *dest_, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - const uint8_t *dest = dest_; - sum16_t *arg = __ops_reader_get_arg(readinfo); - int r; - int n; - - r = __ops_stacked_read(dest_, length, errors, readinfo, cbinfo); - if (r < 0) { - return r; - } - for (n = 0; n < r; ++n) { - arg->sum = (arg->sum + dest[n]) & 0xffff; - } - return r; -} - -static void -sum16_destroyer(__ops_reader_t *readinfo) -{ - free(__ops_reader_get_arg(readinfo)); -} - -/** - \ingroup Internal_Readers_Sum16 - \param stream Parse settings -*/ - -void -__ops_reader_push_sum16(__ops_stream_t *stream) -{ - sum16_t *arg; - - if ((arg = calloc(1, sizeof(*arg))) == NULL) { - (void) fprintf(stderr, "__ops_reader_push_sum16: bad alloc\n"); - } else { - __ops_reader_push(stream, sum16_reader, sum16_destroyer, arg); - } -} - -/** - \ingroup Internal_Readers_Sum16 - \param stream Parse settings - \return sum -*/ -uint16_t -__ops_reader_pop_sum16(__ops_stream_t *stream) -{ - uint16_t sum; - sum16_t *arg; - - arg = __ops_reader_get_arg(__ops_readinfo(stream)); - sum = arg->sum; - __ops_reader_pop(stream); - free(arg); - return sum; -} - -/* small useful functions for setting the file-level debugging levels */ -/* if the debugv list contains the filename in question, we're debugging it */ - -enum { - MAX_DEBUG_NAMES = 32 -}; - -static int debugc; -static char *debugv[MAX_DEBUG_NAMES]; - -/* set the debugging level per filename */ -int -__ops_set_debug_level(const char *f) -{ - const char *name; - int i; - - if (f == NULL) { - f = "all"; - } - if ((name = strrchr(f, '/')) == NULL) { - name = f; - } else { - name += 1; - } - for (i = 0; i < debugc && i < MAX_DEBUG_NAMES; i++) { - if (strcmp(debugv[i], name) == 0) { - return 1; - } - } - if (i == MAX_DEBUG_NAMES) { - return 0; - } - debugv[debugc++] = netpgp_strdup(name); - return 1; -} - -/* get the debugging level per filename */ -int -__ops_get_debug_level(const char *f) -{ - const char *name; - int i; - - if ((name = strrchr(f, '/')) == NULL) { - name = f; - } else { - name += 1; - } - for (i = 0; i < debugc; i++) { - if (strcmp(debugv[i], "all") == 0 || - strcmp(debugv[i], name) == 0) { - return 1; - } - } - return 0; -} - -/* return the version for the library */ -const char * -__ops_get_info(const char *type) -{ - if (strcmp(type, "version") == 0) { - return NETPGP_VERSION_STRING; - } - if (strcmp(type, "maintainer") == 0) { - return NETPGP_MAINTAINER; - } - return "[unknown]"; -} - -/* local version of asprintf so we don't have to play autoconf games */ -int -__ops_asprintf(char **ret, const char *fmt, ...) -{ - va_list args; - char buf[120 * 1024]; /* XXX - "huge" buffer on stack */ - int cc; - - va_start(args, fmt); - cc = vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if ((*ret = calloc(1, (size_t)(cc + 1))) == NULL) { - *ret = NULL; - return -1; - } - (void) memcpy(*ret, buf, (size_t)cc); - (*ret)[cc] = 0x0; - return cc; -} - -void -netpgp_log(const char *fmt, ...) -{ - va_list vp; - time_t t; - char buf[BUFSIZ * 2]; - int cc; - - (void) time(&t); - cc = snprintf(buf, sizeof(buf), "%.24s: netpgp: ", ctime(&t)); - va_start(vp, fmt); - (void) vsnprintf(&buf[cc], sizeof(buf) - (size_t)cc, fmt, vp); - va_end(vp); - /* do something with message */ - /* put into log buffer? */ -} - -/* portable replacement for strdup(3) */ -char * -netpgp_strdup(const char *s) -{ - size_t len; - char *cp; - - len = strlen(s); - if ((cp = calloc(1, len + 1)) != NULL) { - (void) memcpy(cp, s, len); - cp[len] = 0x0; - } - return cp; -} - -/* portable replacement for strcasecmp(3) */ -int -netpgp_strcasecmp(const char *s1, const char *s2) -{ - int n; - - for (n = 0 ; *s1 && *s2 && (n = tolower(*s1) - tolower(*s2)) == 0 ; s1++, s2++) { - } - return n; -} diff --git a/enzevalos_iphone/netpgp/lib/mj.c b/enzevalos_iphone/netpgp/lib/mj.c deleted file mode 100644 index 9679678b..00000000 --- a/enzevalos_iphone/netpgp/lib/mj.c +++ /dev/null @@ -1,575 +0,0 @@ -/*- - * Copyright (c) 2010 Alistair Crooks <agc@NetBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include <sys/types.h> - -#include <inttypes.h> -#include <regex.h> -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "mj.h" -#include "defs.h" - -/* save 'n' chars of 's' in malloc'd memory */ -static char * -strnsave(const char *s, int n, unsigned esc) -{ - char *newc; - char *cp; - int i; - - if (n < 0) { - n = (int)strlen(s); - } - NEWARRAY(char, cp, (n * 2) + 1, "strnsave", return NULL); - if (esc) { - newc = cp; - for (i = 0 ; i < n ; i++) { - if (*s == '\\') { - *newc++ = *s++; - } else if (*s == '"') { - *newc++ = '\\'; - } - *newc++ = *s++; - } - *newc = 0x0; - } else { - (void) memcpy(cp, s, (unsigned)n); - cp[n] = 0x0; - } - return cp; -} - -/* look in an object for the item */ -static int -findentry(mj_t *atom, const char *name, const unsigned from, const unsigned incr) -{ - unsigned i; - - for (i = from ; i < atom->c ; i += incr) { - if (strcmp(name, atom->value.v[i].value.s) == 0) { - return i; - } - } - return -1; -} - -/* create a real number */ -static void -create_number(mj_t *atom, double d) -{ - char number[128]; - - atom->type = MJ_NUMBER; - atom->c = snprintf(number, sizeof(number), "%g", d); - atom->value.s = strnsave(number, (int)atom->c, 0); -} - -/* create an integer */ -static void -create_integer(mj_t *atom, int64_t i) -{ - char number[128]; - - atom->type = MJ_NUMBER; - atom->c = snprintf(number, sizeof(number), "%" PRIi64, i); - atom->value.s = strnsave(number, (int)atom->c, 0); -} - -/* create a string */ -static void -create_string(mj_t *atom, const char *s) -{ - atom->type = MJ_STRING; - atom->value.s = strnsave(s, -1, 1); - atom->c = (unsigned)strlen(atom->value.s); -} - -#define MJ_OPEN_BRACKET (MJ_OBJECT + 1) /* 8 */ -#define MJ_CLOSE_BRACKET (MJ_OPEN_BRACKET + 1) /* 9 */ -#define MJ_OPEN_BRACE (MJ_CLOSE_BRACKET + 1) /* 10 */ -#define MJ_CLOSE_BRACE (MJ_OPEN_BRACE + 1) /* 11 */ -#define MJ_COLON (MJ_CLOSE_BRACE + 1) /* 12 */ -#define MJ_COMMA (MJ_COLON + 1) /* 13 */ - -/* return the token type, and start and finish locations in string */ -static int -gettok(const char *s, int *from, int *to, int *tok) -{ - static regex_t tokregex; - regmatch_t matches[15]; - static int compiled; - - if (!compiled) { - compiled = 1; - (void) regcomp(&tokregex, - "[ \t\r\n]*(([+-]?[0-9]{1,21}(\\.[0-9]*)?([eE][-+][0-9]+)?)|" - "(\"([^\"]|\\\\.)*\")|(null)|(false)|(true)|([][{}:,]))", - REG_EXTENDED); - } - if (regexec(&tokregex, &s[*from = *to], 15, matches, 0) != 0) { - return *tok = -1; - } - *to = *from + (int)(matches[1].rm_eo); - *tok = (matches[2].rm_so >= 0) ? MJ_NUMBER : - (matches[5].rm_so >= 0) ? MJ_STRING : - (matches[7].rm_so >= 0) ? MJ_NULL : - (matches[8].rm_so >= 0) ? MJ_FALSE : - (matches[9].rm_so >= 0) ? MJ_TRUE : - (matches[10].rm_so < 0) ? -1 : - (s[*from + (int)(matches[10].rm_so)] == '[') ? MJ_OPEN_BRACKET : - (s[*from + (int)(matches[10].rm_so)] == ']') ? MJ_CLOSE_BRACKET : - (s[*from + (int)(matches[10].rm_so)] == '{') ? MJ_OPEN_BRACE : - (s[*from + (int)(matches[10].rm_so)] == '}') ? MJ_CLOSE_BRACE : - (s[*from + (int)(matches[10].rm_so)] == ':') ? MJ_COLON : - MJ_COMMA; - *from += (int)(matches[1].rm_so); - return *tok; -} - -/* minor function used to indent a JSON field */ -static void -indent(FILE *fp, unsigned depth, const char *trailer) -{ - unsigned i; - - for (i = 0 ; i < depth ; i++) { - (void) fprintf(fp, " "); - } - if (trailer) { - (void) fprintf(fp, "%s", trailer); - } -} - -/***************************************************************************/ - -/* return the number of entries in the array */ -int -mj_arraycount(mj_t *atom) -{ - return atom->c; -} - -/* create a new JSON node */ -int -mj_create(mj_t *atom, const char *type, ...) -{ - va_list args; - - if (strcmp(type, "false") == 0) { - atom->type = MJ_FALSE; - atom->c = 0; - } else if (strcmp(type, "true") == 0) { - atom->type = MJ_TRUE; - atom->c = 1; - } else if (strcmp(type, "null") == 0) { - atom->type = MJ_NULL; - } else if (strcmp(type, "number") == 0) { - va_start(args, type); - create_number(atom, (double)va_arg(args, double)); - va_end(args); - } else if (strcmp(type, "integer") == 0) { - va_start(args, type); - create_integer(atom, (int64_t)va_arg(args, int64_t)); - va_end(args); - } else if (strcmp(type, "string") == 0) { - va_start(args, type); - create_string(atom, (char *)va_arg(args, char *)); - va_end(args); - } else if (strcmp(type, "array") == 0) { - atom->type = MJ_ARRAY; - } else if (strcmp(type, "object") == 0) { - atom->type = MJ_OBJECT; - } else { - (void) fprintf(stderr, "weird type '%s'\n", type); - return 0; - } - return 1; -} - -/* put a JSON tree into a text string */ -int -mj_snprint(char *buf, size_t size, mj_t *atom) -{ - unsigned i; - int cc; - - switch(atom->type) { - case MJ_NULL: - return snprintf(buf, size, "null"); - case MJ_FALSE: - return snprintf(buf, size, "false"); - case MJ_TRUE: - return snprintf(buf, size, "true"); - case MJ_NUMBER: - return snprintf(buf, size, "%s", atom->value.s); - case MJ_STRING: - return snprintf(buf, size, "\"%s\"", atom->value.s); - case MJ_ARRAY: - cc = snprintf(buf, size, "[ "); - for (i = 0 ; i < atom->c ; i++) { - cc += mj_snprint(&buf[cc], size - cc, &atom->value.v[i]); - if (i < atom->c - 1) { - cc += snprintf(&buf[cc], size - cc, ", "); - } - } - return cc + snprintf(&buf[cc], size - cc, "]\n"); - case MJ_OBJECT: - cc = snprintf(buf, size, "{ "); - for (i = 0 ; i < atom->c ; i += 2) { - cc += mj_snprint(&buf[cc], size - cc, &atom->value.v[i]); - cc += snprintf(&buf[cc], size - cc, ":"); - cc += mj_snprint(&buf[cc], size - cc, &atom->value.v[i + 1]); - if (i + 1 < atom->c - 1) { - cc += snprintf(&buf[cc], size - cc, ", "); - } - } - return cc + snprintf(&buf[cc], size - cc, "}\n"); - default: - (void) fprintf(stderr, "mj_snprint: weird type %d\n", atom->type); - return 0; - } -} - -/* allocate and print the atom */ -int -mj_asprint(char **buf, mj_t *atom) -{ - int size; - - size = mj_string_size(atom); - if ((*buf = calloc(1, (unsigned)(size + 1))) == NULL) { - return -1; - } - (void) mj_snprint(*buf, (unsigned)(size + 1), atom); - return size + 1; -} - -/* read into a JSON tree from a string */ -int -mj_parse(mj_t *atom, const char *s, int *from, int *to, int *tok) -{ - int i; - - switch(atom->type = *tok = gettok(s, from, to, tok)) { - case MJ_NUMBER: - atom->value.s = strnsave(&s[*from], *to - *from, 1); - atom->c = atom->size = (unsigned)strlen(atom->value.s); - return gettok(s, from, to, tok); - case MJ_STRING: - atom->value.s = strnsave(&s[*from + 1], *to - *from - 2, 1); - atom->c = atom->size = (unsigned)strlen(atom->value.s); - return gettok(s, from, to, tok); - case MJ_NULL: - case MJ_FALSE: - case MJ_TRUE: - atom->c = (unsigned)*to; - return gettok(s, from, to, tok); - case MJ_OPEN_BRACKET: - mj_create(atom, "array"); - ALLOC(mj_t, atom->value.v, atom->size, atom->c, 10, 10, "mj_parse()", return 0); - while (mj_parse(&atom->value.v[atom->c++], s, from, to, tok) >= 0 && *tok != MJ_CLOSE_BRACKET) { - if (*tok != MJ_COMMA) { - (void) fprintf(stderr, "1. expected comma (got %d) at '%s'\n", *tok, &s[*from]); - break; - } - ALLOC(mj_t, atom->value.v, atom->size, atom->c, 10, 10, "mj_parse()", return 0); - } - return gettok(s, from, to, tok); - case MJ_OPEN_BRACE: - mj_create(atom, "object"); - ALLOC(mj_t, atom->value.v, atom->size, atom->c, 10, 10, "mj_parse()", return 0); - for (i = 0 ; mj_parse(&atom->value.v[atom->c++], s, from, to, tok) >= 0 && *tok != MJ_CLOSE_BRACE ; i++) { - if (((i % 2) == 0 && *tok != MJ_COLON) || ((i % 2) == 1 && *tok != MJ_COMMA)) { - (void) fprintf(stderr, "2. expected comma (got %d) at '%s'\n", *tok, &s[*from]); - break; - } - ALLOC(mj_t, atom->value.v, atom->size, atom->c, 10, 10, "mj_parse()", return 0); - } - return gettok(s, from, to, tok); - default: - return *tok; - } -} - -/* return the index of the item which corresponds to the name in the array */ -int -mj_object_find(mj_t *atom, const char *name, const unsigned from, const unsigned incr) -{ - return findentry(atom, name, from, incr); -} - -/* find an atom in a composite mj JSON node */ -mj_t * -mj_get_atom(mj_t *atom, ...) -{ - unsigned i; - va_list args; - char *name; - int n; - - switch(atom->type) { - case MJ_ARRAY: - va_start(args, atom); - i = va_arg(args, int); - va_end(args); - return (i < atom->c) ? &atom->value.v[i] : NULL; - case MJ_OBJECT: - va_start(args, atom); - name = va_arg(args, char *); - va_end(args); - return ((n = findentry(atom, name, 0, 2)) >= 0) ? &atom->value.v[n + 1] : NULL; - default: - return NULL; - } -} - -/* perform a deep copy on an mj JSON atom */ -int -mj_deepcopy(mj_t *dst, mj_t *src) -{ - unsigned i; - - switch(src->type) { - case MJ_FALSE: - case MJ_TRUE: - case MJ_NULL: - (void) memcpy(dst, src, sizeof(*dst)); - return 1; - case MJ_STRING: - case MJ_NUMBER: - (void) memcpy(dst, src, sizeof(*dst)); - dst->value.s = strnsave(src->value.s, -1, 0); - dst->c = dst->size = (unsigned)strlen(dst->value.s); - return 1; - case MJ_ARRAY: - case MJ_OBJECT: - (void) memcpy(dst, src, sizeof(*dst)); - NEWARRAY(mj_t, dst->value.v, dst->size, "mj_deepcopy()", return 0); - for (i = 0 ; i < src->c ; i++) { - if (!mj_deepcopy(&dst->value.v[i], &src->value.v[i])) { - return 0; - } - } - return 1; - default: - (void) fprintf(stderr, "weird type '%d'\n", src->type); - return 0; - } -} - -/* do a deep delete on the object */ -void -mj_delete(mj_t *atom) -{ - unsigned i; - - switch(atom->type) { - case MJ_STRING: - case MJ_NUMBER: - free(atom->value.s); - break; - case MJ_ARRAY: - case MJ_OBJECT: - for (i = 0 ; i < atom->c ; i++) { - mj_delete(&atom->value.v[i]); - } - break; - default: - break; - } -} - -/* return the string size needed for the textual output of the JSON node */ -int -mj_string_size(mj_t *atom) -{ - unsigned i; - int cc; - - switch(atom->type) { - case MJ_NULL: - case MJ_TRUE: - return 4; - case MJ_FALSE: - return 5; - case MJ_NUMBER: - return atom->c; - case MJ_STRING: - return atom->c + 2; - case MJ_ARRAY: - for (cc = 2, i = 0 ; i < atom->c ; i++) { - cc += mj_string_size(&atom->value.v[i]); - if (i < atom->c - 1) { - cc += 2; - } - } - return cc + 1 + 1; - case MJ_OBJECT: - for (cc = 2, i = 0 ; i < atom->c ; i += 2) { - cc += mj_string_size(&atom->value.v[i]) + 1 + mj_string_size(&atom->value.v[i + 1]); - if (i + 1 < atom->c - 1) { - cc += 2; - } - } - return cc + 1 + 1; - default: - (void) fprintf(stderr, "mj_string_size: weird type %d\n", atom->type); - return 0; - } -} - -/* create a new atom, and append it to the array or object */ -int -mj_append(mj_t *atom, const char *type, ...) -{ - va_list args; - - if (atom->type != MJ_ARRAY && atom->type != MJ_OBJECT) { - return 0; - } - ALLOC(mj_t, atom->value.v, atom->size, atom->c, 10, 10, "mj_append()", return 0); - va_start(args, type); - if (strcmp(type, "string") == 0) { - create_string(&atom->value.v[atom->c++], (char *)va_arg(args, char *)); - } else if (strcmp(type, "integer") == 0) { - create_integer(&atom->value.v[atom->c++], (int64_t)va_arg(args, int64_t)); - } else if (strcmp(type, "object") == 0 || strcmp(type, "array") == 0) { - mj_deepcopy(&atom->value.v[atom->c++], (mj_t *)va_arg(args, mj_t *)); - } else { - (void) fprintf(stderr, "mj_append: weird type '%s'\n", type); - } - va_end(args); - return 1; -} - -/* append a field to an object */ -int -mj_append_field(mj_t *atom, const char *name, const char *type, ...) -{ - va_list args; - - if (atom->type != MJ_OBJECT) { - return 0; - } - mj_append(atom, "string", name); - ALLOC(mj_t, atom->value.v, atom->size, atom->c, 10, 10, "mj_append_field()", return 0); - va_start(args, type); - if (strcmp(type, "string") == 0) { - create_string(&atom->value.v[atom->c++], (char *)va_arg(args, char *)); - } else if (strcmp(type, "integer") == 0) { - create_integer(&atom->value.v[atom->c++], (int64_t)va_arg(args, int64_t)); - } else if (strcmp(type, "object") == 0 || strcmp(type, "array") == 0) { - mj_deepcopy(&atom->value.v[atom->c++], (mj_t *)va_arg(args, mj_t *)); - } else { - (void) fprintf(stderr, "mj_append_field: weird type '%s'\n", type); - } - va_end(args); - return 1; -} - -/* make sure a JSON object is politically correct */ -int -mj_lint(mj_t *obj) -{ - unsigned i; - int ret; - - switch(obj->type) { - case MJ_NULL: - case MJ_FALSE: - case MJ_TRUE: - if (obj->value.s != NULL) { - (void) fprintf(stderr, "null/false/true: non zero string\n"); - return 0; - } - return 1; - case MJ_NUMBER: - case MJ_STRING: - if (obj->c > obj->size) { - (void) fprintf(stderr, "string/number lint c (%u) > size (%u)\n", obj->c, obj->size); - return 0; - } - return 1; - case MJ_ARRAY: - case MJ_OBJECT: - if (obj->c > obj->size) { - (void) fprintf(stderr, "array/object lint c (%u) > size (%u)\n", obj->c, obj->size); - return 0; - } - for (ret = 1, i = 0 ; i < obj->c ; i++) { - if (!mj_lint(&obj->value.v[i])) { - (void) fprintf(stderr, "array/object lint found at %d of %p\n", i, obj); - ret = 0; - } - } - return ret; - default: - (void) fprintf(stderr, "problem type %d in %p\n", obj->type, obj); - return 0; - } -} - -/* pretty-print a JSON struct - can be called recursively */ -int -mj_pretty(mj_t *mj, void *vp, unsigned depth, const char *trailer) -{ - unsigned i; - FILE *fp; - - fp = (FILE *)vp; - switch(mj->type) { - case MJ_NUMBER: - case MJ_TRUE: - case MJ_FALSE: - case MJ_NULL: - indent(fp, depth, mj->value.s); - break; - case MJ_STRING: - indent(fp, depth, NULL); - (void) fprintf(fp, "\"%s\"", mj->value.s); - break; - case MJ_ARRAY: - indent(fp, depth, "[\n"); - for (i = 0 ; i < mj->c ; i++) { - mj_pretty(&mj->value.v[i], fp, depth + 1, (i < mj->c - 1) ? ",\n" : "\n"); - } - indent(fp, depth, "]"); - break; - case MJ_OBJECT: - indent(fp, depth, "{\n"); - for (i = 0 ; i < mj->c ; i += 2) { - mj_pretty(&mj->value.v[i], fp, depth + 1, " : "); - mj_pretty(&mj->value.v[i + 1], fp, 0, (i < mj->c - 2) ? ",\n" : "\n"); - } - indent(fp, depth, "}"); - break; - } - indent(fp, 0, trailer); - return 1; -} diff --git a/enzevalos_iphone/netpgp/lib/mj.h b/enzevalos_iphone/netpgp/lib/mj.h deleted file mode 100644 index 422236c6..00000000 --- a/enzevalos_iphone/netpgp/lib/mj.h +++ /dev/null @@ -1,69 +0,0 @@ -/*- - * Copyright (c) 2010 Alistair Crooks <agc@NetBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef MJ_H_ -#define MJ_H_ 20100718 - -enum { - MJ_NULL = 1, - MJ_FALSE = 2, - MJ_TRUE = 3, - MJ_NUMBER = 4, - MJ_STRING = 5, - MJ_ARRAY = 6, - MJ_OBJECT = 7 -}; - -/* a minimalist JSON node */ -typedef struct mj_t { - unsigned type; /* type of JSON node */ - unsigned c; /* # of chars */ - unsigned size; /* size of array */ - union { - struct mj_t *v; /* sub-objects */ - char *s; /* string value */ - } value; -} mj_t; - -/* creation and deletion */ -int mj_create(mj_t *, const char *, ...); -int mj_parse(mj_t *, const char *, int *, int *, int *); -int mj_append(mj_t *, const char *, ...); -int mj_append_field(mj_t *, const char *, const char *, ...); -int mj_deepcopy(mj_t *, mj_t *); -void mj_delete(mj_t *); - -/* JSON object access */ -int mj_arraycount(mj_t *); -int mj_object_find(mj_t *, const char *, const unsigned, const unsigned); -mj_t *mj_get_atom(mj_t *, ...); -int mj_lint(mj_t *); - -/* textual output */ -int mj_snprint(char *, size_t, mj_t *); -int mj_asprint(char **, mj_t *); -int mj_string_size(mj_t *); -int mj_pretty(mj_t *, void *, unsigned, const char *); - -#endif diff --git a/enzevalos_iphone/netpgp/lib/netpgp.c b/enzevalos_iphone/netpgp/lib/netpgp.c deleted file mode 100644 index 9115b838..00000000 --- a/enzevalos_iphone/netpgp/lib/netpgp.c +++ /dev/null @@ -1,1972 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: netpgp.c,v 1.80 2010/11/04 15:38:45 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <sys/mman.h> - -#ifdef HAVE_SYS_RESOURCE_H -#include <sys/resource.h> -#endif - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - -#include <errno.h> -#include <regex.h> -#include <stdarg.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#include <errno.h> - -#ifdef HAVE_LIMITS_H -#include <limits.h> -#endif - -#include "netpgp.h" - -#include "packet.h" -#include "packet-parse.h" -#include "keyring.h" -#include "errors.h" -#include "packet-show.h" -#include "create.h" -#include "netpgpsdk.h" -#include "memory.h" -#include "validate.h" -#include "readerwriter.h" -#include "netpgpdefs.h" -#include "crypto.h" -#include "ops-ssh.h" -#include "defs.h" - -/* read any gpg config file */ -static int -conffile(netpgp_t *netpgp, char *homedir, char *userid, size_t length) -{ - regmatch_t matchv[10]; - regex_t keyre; - char buf[BUFSIZ]; - FILE *fp; - - __OPS_USED(netpgp); - (void) snprintf(buf, sizeof(buf), "%s/gpg.conf", homedir); - if ((fp = fopen(buf, "r")) == NULL) { - return 0; - } - (void) memset(&keyre, 0x0, sizeof(keyre)); - (void) regcomp(&keyre, "^[ \t]*default-key[ \t]+([0-9a-zA-F]+)", - REG_EXTENDED); - while (fgets(buf, (int)sizeof(buf), fp) != NULL) { - if (regexec(&keyre, buf, 10, matchv, 0) == 0) { - (void) memcpy(userid, &buf[(int)matchv[1].rm_so], - MIN((unsigned)(matchv[1].rm_eo - - matchv[1].rm_so), length)); - if (netpgp->passfp == NULL) { - (void) fprintf(stderr, - "netpgp: default key set to \"%.*s\"\n", - (int)(matchv[1].rm_eo - matchv[1].rm_so), - &buf[(int)matchv[1].rm_so]); - } - } - } - (void) fclose(fp); - regfree(&keyre); - return 1; -} - -/* small function to pretty print an 8-character raw userid */ -static char * -userid_to_id(const uint8_t *userid, char *id) -{ - static const char *hexes = "0123456789abcdef"; - int i; - - for (i = 0; i < 8 ; i++) { - id[i * 2] = hexes[(unsigned)(userid[i] & 0xf0) >> 4]; - id[(i * 2) + 1] = hexes[userid[i] & 0xf]; - } - id[8 * 2] = 0x0; - return id; -} - -/* print out the successful signature information */ -static void -resultp(__ops_io_t *io, - const char *f, - __ops_validation_t *res, - __ops_keyring_t *ring) -{ - const __ops_key_t *key; - __ops_pubkey_t *sigkey; - unsigned from; - unsigned i; - time_t t; - char id[MAX_ID_LENGTH + 1]; - - for (i = 0; i < res->validc; i++) { - (void) fprintf(io->res, - "Good signature for %s made %s", - (f) ? f : "<stdin>", - ctime(&res->valid_sigs[i].birthtime)); - if (res->duration > 0) { - t = res->birthtime + res->duration; - (void) fprintf(io->res, "Valid until %s", ctime(&t)); - } - (void) fprintf(io->res, - "using %s key %s\n", - __ops_show_pka(res->valid_sigs[i].key_alg), - userid_to_id(res->valid_sigs[i].signer_id, id)); - from = 0; - key = __ops_getkeybyid(io, ring, - (const uint8_t *) res->valid_sigs[i].signer_id, - &from, &sigkey); - if (sigkey == &key->enckey) { - (void) fprintf(io->res, - "WARNING: signature for %s made with encryption key\n", - (f) ? f : "<stdin>"); - } - __ops_print_keydata(io, ring, key, "signature ", &key->key.pubkey, 0); - } -} - -/* check there's enough space in the arrays */ -static int -size_arrays(netpgp_t *netpgp, unsigned needed) -{ - char **temp; - - if (netpgp->size == 0) { - /* only get here first time around */ - netpgp->size = needed; - if ((netpgp->name = calloc(sizeof(char *), needed)) == NULL) { - (void) fprintf(stderr, "size_arrays: bad alloc\n"); - return 0; - } - if ((netpgp->value = calloc(sizeof(char *), needed)) == NULL) { - free(netpgp->name); - (void) fprintf(stderr, "size_arrays: bad alloc\n"); - return 0; - } - } else if (netpgp->c == netpgp->size) { - /* only uses 'needed' when filled array */ - netpgp->size += needed; - temp = realloc(netpgp->name, sizeof(char *) * needed); - if (temp == NULL) { - (void) fprintf(stderr, "size_arrays: bad alloc\n"); - return 0; - } - netpgp->name = temp; - temp = realloc(netpgp->value, sizeof(char *) * needed); - if (temp == NULL) { - (void) fprintf(stderr, "size_arrays: bad alloc\n"); - return 0; - } - netpgp->value = temp; - } - return 1; -} - -/* find the name in the array */ -static int -findvar(netpgp_t *netpgp, const char *name) -{ - unsigned i; - - for (i = 0 ; i < netpgp->c && strcmp(netpgp->name[i], name) != 0; i++) { - } - return (i == netpgp->c) ? -1 : (int)i; -} - -/* read a keyring and return it */ -static void * -readkeyring(netpgp_t *netpgp, const char *name) -{ - __ops_keyring_t *keyring; - const unsigned noarmor = 0; - char f[MAXPATHLEN]; - char *filename; - char *homedir; - - homedir = netpgp_getvar(netpgp, "homedir"); - if ((filename = netpgp_getvar(netpgp, name)) == NULL) { - (void) snprintf(f, sizeof(f), "%s/%s.gpg", homedir, name); - filename = f; - } - if ((keyring = calloc(1, sizeof(*keyring))) == NULL) { - (void) fprintf(stderr, "readkeyring: bad alloc\n"); - return NULL; - } - if (!__ops_keyring_fileread(keyring, noarmor, filename)) { - free(keyring); - (void) fprintf(stderr, "Can't read %s %s\n", name, filename); - return NULL; - } - netpgp_setvar(netpgp, name, filename); - return keyring; -} - -/* read keys from ssh key files */ -static int -readsshkeys(netpgp_t *netpgp, char *homedir, const char *needseckey) -{ - __ops_keyring_t *pubring; - __ops_keyring_t *secring; - struct stat st; - unsigned hashtype; - char *hash; - char f[MAXPATHLEN]; - char *filename; - - if ((filename = netpgp_getvar(netpgp, "sshkeyfile")) == NULL) { - /* set reasonable default for RSA key */ - (void) snprintf(f, sizeof(f), "%s/id_rsa.pub", homedir); - filename = f; - } else if (strcmp(&filename[strlen(filename) - 4], ".pub") != 0) { - /* got ssh keys, check for pub file name */ - (void) snprintf(f, sizeof(f), "%s.pub", filename); - filename = f; - } - /* check the pub file exists */ - if (stat(filename, &st) != 0) { - (void) fprintf(stderr, "readsshkeys: bad pubkey filename '%s'\n", filename); - return 0; - } - if ((pubring = calloc(1, sizeof(*pubring))) == NULL) { - (void) fprintf(stderr, "readsshkeys: bad alloc\n"); - return 0; - } - /* openssh2 keys use md5 by default */ - hashtype = OPS_HASH_MD5; - if ((hash = netpgp_getvar(netpgp, "hash")) != NULL) { - /* openssh 2 hasn't really caught up to anything else yet */ - if (netpgp_strcasecmp(hash, "md5") == 0) { - hashtype = OPS_HASH_MD5; - } else if (netpgp_strcasecmp(hash, "sha1") == 0) { - hashtype = OPS_HASH_SHA1; - } else if (netpgp_strcasecmp(hash, "sha256") == 0) { - hashtype = OPS_HASH_SHA256; - } - } - if (!__ops_ssh2_readkeys(netpgp->io, pubring, NULL, filename, NULL, hashtype)) { - free(pubring); - (void) fprintf(stderr, "readsshkeys: can't read %s\n", - filename); - return 0; - } - if (netpgp->pubring == NULL) { - netpgp->pubring = pubring; - } else { - __ops_append_keyring(netpgp->pubring, pubring); - } - if (needseckey) { - netpgp_setvar(netpgp, "sshpubfile", filename); - /* try to take the ".pub" off the end */ - if (filename == f) { - f[strlen(f) - 4] = 0x0; - } else { - (void) snprintf(f, sizeof(f), "%.*s", - (int)strlen(filename) - 4, filename); - filename = f; - } - if ((secring = calloc(1, sizeof(*secring))) == NULL) { - (void) fprintf(stderr, "readsshkeys: bad alloc\n"); - return 0; - } - if (!__ops_ssh2_readkeys(netpgp->io, pubring, secring, NULL, filename, hashtype)) { - (void) fprintf(stderr, "readsshkeys: can't read sec %s\n", filename); - return 0; - } - netpgp->secring = secring; - netpgp_setvar(netpgp, "sshsecfile", filename); - } - return 1; -} - -/* set ssh uid to first one in pubring */ -static void -set_first_pubring(__ops_keyring_t *pubring, char *id, size_t len, int last) -{ - uint8_t *src; - int i; - int n; - - (void) memset(id, 0x0, len); - src = pubring->keys[(last) ? pubring->keyc - 1 : 0].sigid; - for (i = 0, n = 0 ; i < OPS_KEY_ID_SIZE ; i += 2) { - n += snprintf(&id[n], len - n, "%02x%02x", src[i], src[i + 1]); - } - id[n] = 0x0; -} - -/* find the time - in a specific %Y-%m-%d format - using a regexp */ -static int -grabdate(char *s, int64_t *t) -{ - static regex_t r; - static int compiled; - regmatch_t matches[10]; - struct tm tm; - - if (!compiled) { - compiled = 1; - (void) regcomp(&r, "([0-9][0-9][0-9][0-9])[-/]([0-9][0-9])[-/]([0-9][0-9])", REG_EXTENDED); - } - if (regexec(&r, s, 10, matches, 0) == 0) { - (void) memset(&tm, 0x0, sizeof(tm)); - tm.tm_year = (int)strtol(&s[(int)matches[1].rm_so], NULL, 10); - tm.tm_mon = (int)strtol(&s[(int)matches[2].rm_so], NULL, 10) - 1; - tm.tm_mday = (int)strtol(&s[(int)matches[3].rm_so], NULL, 10); - *t = mktime(&tm); - return 1; - } - return 0; -} - -/* get expiration in seconds */ -static uint64_t -get_duration(char *s) -{ - uint64_t now; - int64_t t; - char *mult; - - if (s == NULL) { - return 0; - } - now = (uint64_t)strtoull(s, NULL, 10); - if ((mult = strchr("hdwmy", s[strlen(s) - 1])) != NULL) { - switch(*mult) { - case 'h': - return now * 60 * 60; - case 'd': - return now * 60 * 60 * 24; - case 'w': - return now * 60 * 60 * 24 * 7; - case 'm': - return now * 60 * 60 * 24 * 31; - case 'y': - return now * 60 * 60 * 24 * 365; - } - } - if (grabdate(s, &t)) { - return t; - } - return (uint64_t)strtoll(s, NULL, 10); -} - -/* get birthtime in seconds */ -static int64_t -get_birthtime(char *s) -{ - int64_t t; - - if (s == NULL) { - return time(NULL); - } - if (grabdate(s, &t)) { - return t; - } - return (uint64_t)strtoll(s, NULL, 10); -} - -/* resolve the userid */ -static const __ops_key_t * -resolve_userid(netpgp_t *netpgp, const __ops_keyring_t *keyring, const char *userid) -{ - const __ops_key_t *key; - __ops_io_t *io; - - if (userid == NULL) { - userid = netpgp_getvar(netpgp, "userid"); - if (userid == NULL) - return NULL; - } else if (userid[0] == '0' && userid[1] == 'x') { - userid += 2; - } - io = netpgp->io; - if ((key = __ops_getkeybyname(io, keyring, userid)) == NULL) { - (void) fprintf(io->errs, "Can't find key '%s'\n", userid); - } - return key; -} - -/* append a key to a keyring */ -static int -appendkey(__ops_io_t *io, __ops_key_t *key, char *ringfile) -{ - __ops_output_t *create; - const unsigned noarmor = 0; - int fd; - - if ((fd = __ops_setup_file_append(&create, ringfile)) < 0) { - fd = __ops_setup_file_write(&create, ringfile, 0); - } - if (fd < 0) { - (void) fprintf(io->errs, "can't open pubring '%s'\n", ringfile); - return 0; - } - if (!__ops_write_xfer_pubkey(create, key, noarmor)) { - (void) fprintf(io->errs, "Cannot write pubkey\n"); - return 0; - } - __ops_teardown_file_write(create, fd); - return 1; -} - -/* return 1 if the file contains ascii-armoured text */ -static unsigned -isarmoured(__ops_io_t *io, const char *f, const void *memory, const char *text) -{ - unsigned armoured; - FILE *fp; - char buf[BUFSIZ]; - - armoured = 0; - if (f) { - if ((fp = fopen(f, "r")) == NULL) { - (void) fprintf(io->errs, "isarmoured: can't open '%s'\n", f); - return 0; - } - if (fgets(buf, (int)sizeof(buf), fp) != NULL) { - armoured = (strncmp(buf, text, strlen(text)) == 0); - } - (void) fclose(fp); - } else { - armoured = (strncmp(memory, text, strlen(text)) == 0); - } - return armoured; -} - -/* vararg print function */ -static void -p(FILE *fp, const char *s, ...) -{ - va_list args; - - va_start(args, s); - while (s != NULL) { - (void) fprintf(fp, "%s", s); - s = va_arg(args, char *); - } - va_end(args); -} - -/* print a JSON object to the FILE stream */ -static void -pobj(FILE *fp, mj_t *obj, int depth) -{ - unsigned i; - - if (obj == NULL) { - (void) fprintf(stderr, "No object found\n"); - return; - } - for (i = 0 ; i < (unsigned)depth ; i++) { - p(fp, " ", NULL); - } - switch(obj->type) { - case MJ_NULL: - case MJ_FALSE: - case MJ_TRUE: - p(fp, (obj->type == MJ_NULL) ? "null" : (obj->type == MJ_FALSE) ? "false" : "true", NULL); - break; - case MJ_NUMBER: - p(fp, obj->value.s, NULL); - break; - case MJ_STRING: - (void) fprintf(fp, "%.*s", (int)(obj->c), obj->value.s); - break; - case MJ_ARRAY: - for (i = 0 ; i < obj->c ; i++) { - pobj(fp, &obj->value.v[i], depth + 1); - if (i < obj->c - 1) { - (void) fprintf(fp, ", "); - } - } - (void) fprintf(fp, "\n"); - break; - case MJ_OBJECT: - for (i = 0 ; i < obj->c ; i += 2) { - pobj(fp, &obj->value.v[i], depth + 1); - p(fp, ": ", NULL); - pobj(fp, &obj->value.v[i + 1], 0); - if (i < obj->c - 1) { - p(fp, ", ", NULL); - } - } - p(fp, "\n", NULL); - break; - default: - break; - } -} - -/* return the time as a string */ -static char * -ptimestr(char *dest, size_t size, time_t t) -{ - struct tm *tm; - - tm = gmtime(&t); - (void) snprintf(dest, size, "%04d-%02d-%02d", - tm->tm_year + 1900, - tm->tm_mon + 1, - tm->tm_mday); - return dest; -} - -/* format a JSON object */ -static void -format_json_key(FILE *fp, mj_t *obj, const int psigs) -{ - int64_t birthtime; - int64_t duration; - time_t now; - char tbuf[32]; - char *s; - mj_t *sub; - int i; - - if (__ops_get_debug_level(__FILE__)) { - mj_asprint(&s, obj); - (void) fprintf(stderr, "formatobj: json is '%s'\n", s); - free(s); - } - if (obj->c == 2 && obj->value.v[1].type == MJ_STRING && - strcmp(obj->value.v[1].value.s, "[REVOKED]") == 0) { - /* whole key has been rovoked - just return */ - return; - } - pobj(fp, &obj->value.v[mj_object_find(obj, "header", 0, 2) + 1], 0); - p(fp, " ", NULL); - pobj(fp, &obj->value.v[mj_object_find(obj, "key bits", 0, 2) + 1], 0); - p(fp, "/", NULL); - pobj(fp, &obj->value.v[mj_object_find(obj, "pka", 0, 2) + 1], 0); - p(fp, " ", NULL); - pobj(fp, &obj->value.v[mj_object_find(obj, "key id", 0, 2) + 1], 0); - birthtime = strtoll(obj->value.v[mj_object_find(obj, "birthtime", 0, 2) + 1].value.s, NULL, 10); - p(fp, " ", ptimestr(tbuf, sizeof(tbuf), birthtime), NULL); - duration = strtoll(obj->value.v[mj_object_find(obj, "duration", 0, 2) + 1].value.s, NULL, 10); - if (duration > 0) { - now = time(NULL); - p(fp, " ", (birthtime + duration < now) ? "[EXPIRED " : "[EXPIRES ", - ptimestr(tbuf, sizeof(tbuf), birthtime + duration), "]", NULL); - } - p(fp, "\n", "Key fingerprint: ", NULL); - pobj(fp, &obj->value.v[mj_object_find(obj, "fingerprint", 0, 2) + 1], 0); - p(fp, "\n", NULL); - /* go to field after \"duration\" */ - for (i = mj_object_find(obj, "duration", 0, 2) + 2; i < mj_arraycount(obj) ; i += 2) { - if (strcmp(obj->value.v[i].value.s, "uid") == 0) { - sub = &obj->value.v[i + 1]; - p(fp, "uid", NULL); - pobj(fp, &sub->value.v[0], (psigs) ? 4 : 14); /* human name */ - pobj(fp, &sub->value.v[1], 1); /* any revocation */ - p(fp, "\n", NULL); - } else if (strcmp(obj->value.v[i].value.s, "encryption") == 0) { - sub = &obj->value.v[i + 1]; - p(fp, "encryption", NULL); - pobj(fp, &sub->value.v[0], 1); /* size */ - p(fp, "/", NULL); - pobj(fp, &sub->value.v[1], 0); /* alg */ - p(fp, " ", NULL); - pobj(fp, &sub->value.v[2], 0); /* id */ - p(fp, " ", ptimestr(tbuf, sizeof(tbuf), strtoll(sub->value.v[3].value.s, NULL, 10)), - "\n", NULL); - } else if (strcmp(obj->value.v[i].value.s, "sig") == 0) { - sub = &obj->value.v[i + 1]; - p(fp, "sig", NULL); - pobj(fp, &sub->value.v[0], 8); /* size */ - p(fp, " ", ptimestr(tbuf, sizeof(tbuf), strtoll(sub->value.v[1].value.s, NULL, 10)), - " ", NULL); /* time */ - pobj(fp, &sub->value.v[2], 0); /* human name */ - p(fp, "\n", NULL); - } else { - fprintf(stderr, "weird '%s'\n", obj->value.v[i].value.s); - pobj(fp, &obj->value.v[i], 0); /* human name */ - } - } - p(fp, "\n", NULL); -} - -/* save a pgp pubkey to a temp file */ -static int -savepubkey(char *res, char *f, size_t size) -{ - size_t len; - int cc; - int wc; - int fd; - - (void) snprintf(f, size, "/tmp/pgp2ssh.XXXXXXX"); - if ((fd = mkstemp(f)) < 0) { - (void) fprintf(stderr, "can't create temp file '%s'\n", f); - return 0; - } - len = strlen(res); - for (cc = 0 ; (wc = (int)MIN(write(fd, &res[cc], len - cc),INT_MAX)) > 0 ; cc += wc) { - } - (void) close(fd); - return 1; -} - -/* format a uint32_t */ -static int -formatu32(uint8_t *buffer, uint32_t value) -{ - buffer[0] = (uint8_t)(value >> 24) & 0xff; - buffer[1] = (uint8_t)(value >> 16) & 0xff; - buffer[2] = (uint8_t)(value >> 8) & 0xff; - buffer[3] = (uint8_t)value & 0xff; - return sizeof(uint32_t); -} - -/* format a string as (len, string) */ -static int -formatstring(char *buffer, const uint8_t *s, size_t len) -{ - int cc; - - cc = formatu32((uint8_t *)buffer, (int)MIN(len,INT_MAX)); - (void) memcpy(&buffer[cc], s, len); - return cc + (int)MIN(len,INT_MAX); -} - -/* format a bignum, checking for "interesting" high bit values */ -static int -formatbignum(char *buffer, BIGNUM *bn) -{ - size_t len; - uint8_t *cp; - int cc; - - len = (size_t) BN_num_bytes(bn); - if ((cp = calloc(1, len + 1)) == NULL) { - (void) fprintf(stderr, "calloc failure in formatbignum\n"); - return 0; - } - (void) BN_bn2bin(bn, cp + 1); - cp[0] = 0x0; - cc = (cp[1] & 0x80) ? formatstring(buffer, cp, len + 1) : formatstring(buffer, &cp[1], len); - free(cp); - return cc; -} - -/***************************************************************************/ -/* exported functions start here */ -/***************************************************************************/ - -/* initialise a netpgp_t structure */ -int -netpgp_init(netpgp_t *netpgp) -{ - __ops_io_t *io; - char id[MAX_ID_LENGTH]; - char *homedir; - char *userid; - char *stream; - char *passfd; - char *results; - int coredumps; - int last; - -#ifdef HAVE_SYS_RESOURCE_H - struct rlimit limit; - - coredumps = netpgp_getvar(netpgp, "coredumps") != NULL; - if (!coredumps) { - (void) memset(&limit, 0x0, sizeof(limit)); - if (setrlimit(RLIMIT_CORE, &limit) != 0) { - (void) fprintf(stderr, - "netpgp: warning - can't turn off core dumps\n"); - coredumps = 1; - } - } -#else - coredumps = 1; -#endif - if ((io = calloc(1, sizeof(*io))) == NULL) { - (void) fprintf(stderr, "netpgp_init: bad alloc\n"); - return 0; - } - io->outs = stdout; - if ((stream = netpgp_getvar(netpgp, "outs")) != NULL && - strcmp(stream, "<stderr>") == 0) { - io->outs = stderr; - } - io->errs = stderr; - if ((stream = netpgp_getvar(netpgp, "errs")) != NULL && - strcmp(stream, "<stdout>") == 0) { - io->errs = stdout; - } - if ((results = netpgp_getvar(netpgp, "res")) == NULL) { - io->res = io->errs; - } else if (strcmp(results, "<stdout>") == 0) { - io->res = stdout; - } else if (strcmp(results, "<stderr>") == 0) { - io->res = stderr; - } else { - if ((io->res = fopen(results, "w")) == NULL) { - (void) fprintf(io->errs, "Can't open results %s for writing\n", - results); - free(io); - return 0; - } - } - netpgp->io = io; - if ((passfd = netpgp_getvar(netpgp, "pass-fd")) != NULL && - (netpgp->passfp = fdopen(atoi(passfd), "r")) == NULL) { - (void) fprintf(io->errs, "Can't open fd %s for reading\n", - passfd); - return 0; - } - if (coredumps) { - (void) fprintf(io->errs, - "netpgp: warning: core dumps enabled\n"); - } - if ((homedir = netpgp_getvar(netpgp, "homedir")) == NULL) { - (void) fprintf(io->errs, "netpgp: bad homedir\n"); - return 0; - } - /* read from either gpg files or ssh keys */ - if (netpgp_getvar(netpgp, "ssh keys") == NULL) { - if ((userid = netpgp_getvar(netpgp, "userid")) == NULL) { - (void) memset(id, 0x0, sizeof(id)); - (void) conffile(netpgp, homedir, id, sizeof(id)); - if (id[0] != 0x0) { - netpgp_setvar(netpgp, "userid", userid = id); - } - } - if (userid == NULL) { - if (netpgp_getvar(netpgp, "need userid") != NULL) { - (void) fprintf(io->errs, - "Cannot find user id\n"); - return 0; - } - } else { - (void) netpgp_setvar(netpgp, "userid", userid); - } - netpgp->pubring = readkeyring(netpgp, "pubring"); - if (netpgp->pubring == NULL) { - (void) fprintf(io->errs, "Can't read pub keyring\n"); - return 0; - } - netpgp->secring = readkeyring(netpgp, "secring"); - if (netpgp->secring == NULL) { - (void) fprintf(io->errs, "Can't read sec keyring\n"); - return 0; - } - } else { - last = (netpgp->pubring != NULL); - if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need seckey"))) { - (void) fprintf(io->errs, "Can't read ssh keys\n"); - return 0; - } - if ((userid = netpgp_getvar(netpgp, "userid")) == NULL) { - set_first_pubring(netpgp->pubring, id, sizeof(id), last); - netpgp_setvar(netpgp, "userid", userid = id); - } - if (userid == NULL) { - if (netpgp_getvar(netpgp, "need userid") != NULL) { - (void) fprintf(io->errs, - "Cannot find user id\n"); - return 0; - } - } else { - (void) netpgp_setvar(netpgp, "userid", userid); - } - } - return 1; -} - -/* finish off with the netpgp_t struct */ -int -netpgp_end(netpgp_t *netpgp) -{ - unsigned i; - - for (i = 0 ; i < netpgp->c ; i++) { - if (netpgp->name[i] != NULL) { - free(netpgp->name[i]); - } - if (netpgp->value[i] != NULL) { - free(netpgp->value[i]); - } - } - if (netpgp->name != NULL) { - free(netpgp->name); - } - if (netpgp->value != NULL) { - free(netpgp->value); - } - if (netpgp->pubring != NULL) { - __ops_keyring_free(netpgp->pubring); - } - if (netpgp->secring != NULL) { - __ops_keyring_free(netpgp->secring); - } - free(netpgp->io); - return 1; -} - -/* list the keys in a keyring */ -int -netpgp_list_keys(netpgp_t *netpgp, const int psigs) -{ - if (netpgp->pubring == NULL) { - (void) fprintf(stderr, "No keyring\n"); - return 0; - } - return __ops_keyring_list(netpgp->io, netpgp->pubring, psigs); -} - -/* list the keys in a keyring, returning a JSON string */ -int -netpgp_list_keys_json(netpgp_t *netpgp, char **json, const int psigs) -{ - mj_t obj; - int ret; - - if (netpgp->pubring == NULL) { - (void) fprintf(stderr, "No keyring\n"); - return 0; - } - (void) memset(&obj, 0x0, sizeof(obj)); - if (!__ops_keyring_json(netpgp->io, netpgp->pubring, &obj, psigs)) { - (void) fprintf(stderr, "No keys in keyring\n"); - return 0; - } - ret = mj_asprint(json, &obj); - mj_delete(&obj); - return ret; -} - -DEFINE_ARRAY(strings_t, char *); - -#ifndef HKP_VERSION -#define HKP_VERSION 1 -#endif - -/* find and list some keys in a keyring */ -int -netpgp_match_keys(netpgp_t *netpgp, char *name, const char *fmt, void *vp, const int psigs) -{ - const __ops_key_t *key; - unsigned k; - strings_t pubs; - FILE *fp = (FILE *)vp; - - if (name[0] == '0' && name[1] == 'x') { - name += 2; - } - (void) memset(&pubs, 0x0, sizeof(pubs)); - k = 0; - do { - key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring, - name, &k); - if (key != NULL) { - ALLOC(char *, pubs.v, pubs.size, pubs.c, 10, 10, - "netpgp_match_keys", return 0); - if (strcmp(fmt, "mr") == 0) { - __ops_hkp_sprint_keydata(netpgp->io, netpgp->pubring, - key, &pubs.v[pubs.c], - &key->key.pubkey, psigs); - } else { - __ops_sprint_keydata(netpgp->io, netpgp->pubring, - key, &pubs.v[pubs.c], - "signature ", - &key->key.pubkey, psigs); - } - if (pubs.v[pubs.c] != NULL) { - pubs.c += 1; - } - k += 1; - } - } while (key != NULL); - if (strcmp(fmt, "mr") == 0) { - (void) fprintf(fp, "info:%d:%d\n", HKP_VERSION, pubs.c); - } else { - (void) fprintf(fp, "%d key%s found\n", pubs.c, - (pubs.c == 1) ? "" : "s"); - } - for (k = 0 ; k < pubs.c ; k++) { - (void) fprintf(fp, "%s%s", pubs.v[k], (k < pubs.c - 1) ? "\n" : ""); - free(pubs.v[k]); - } - free(pubs.v); - return pubs.c; -} - -/* find and list some keys in a keyring - return JSON string */ -int -netpgp_match_keys_json(netpgp_t *netpgp, char **json, char *name, const char *fmt, const int psigs) -{ - const __ops_key_t *key; - unsigned k; - mj_t id_array; - int ret; - - if (name[0] == '0' && name[1] == 'x') { - name += 2; - } - (void) memset(&id_array, 0x0, sizeof(id_array)); - k = 0; - *json = NULL; - mj_create(&id_array, "array"); - do { - key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring, - name, &k); - if (key != NULL) { - if (strcmp(fmt, "mr") == 0) { -#if 0 - __ops_hkp_sprint_keydata(netpgp->io, netpgp->pubring, - key, &pubs.v[pubs.c], - &key->key.pubkey, psigs); -#endif - } else { - ALLOC(mj_t, id_array.value.v, id_array.size, - id_array.c, 10, 10, "netpgp_match_keys_json", return 0); - __ops_sprint_mj(netpgp->io, netpgp->pubring, - key, &id_array.value.v[id_array.c++], - "signature ", - &key->key.pubkey, psigs); - } - k += 1; - } - } while (key != NULL); - ret = mj_asprint(json, &id_array); - mj_delete(&id_array); - return ret; -} - -/* find and list some public keys in a keyring */ -int -netpgp_match_pubkeys(netpgp_t *netpgp, char *name, void *vp) -{ - const __ops_key_t *key; - unsigned k; - strings_t pubs; - FILE *fp = (FILE *)vp; - - (void) memset(&pubs, 0x0, sizeof(pubs)); - do { - key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring, - name, &k); - if (key != NULL) { - char out[1024 * 64]; - - ALLOC(char *, pubs.v, pubs.size, pubs.c, 10, 10, - "netpgp_match_pubkeys", return 0); - (void) __ops_sprint_pubkey(key, out, sizeof(out)); - pubs.v[pubs.c++] = netpgp_strdup(out); - k += 1; - } - } while (key != NULL); - (void) fprintf(fp, "info:%d:%d\n", HKP_VERSION, pubs.c); - for (k = 0 ; k < pubs.c ; k++) { - (void) fprintf(fp, "%s", pubs.v[k]); - free(pubs.v[k]); - } - free(pubs.v); - return pubs.c; -} - -/* find a key in a keyring */ -int -netpgp_find_key(netpgp_t *netpgp, char *id) -{ - __ops_io_t *io; - - io = netpgp->io; - if (id == NULL) { - (void) fprintf(io->errs, "NULL id to search for\n"); - return 0; - } - return __ops_getkeybyname(netpgp->io, netpgp->pubring, id) != NULL; -} - -/* get a key in a keyring */ -char * -netpgp_get_key(netpgp_t *netpgp, const char *name, const char *fmt) -{ - const __ops_key_t *key; - char *newkey; - - if ((key = resolve_userid(netpgp, netpgp->pubring, name)) == NULL) { - return NULL; - } - if (strcmp(fmt, "mr") == 0) { - return (__ops_hkp_sprint_keydata(netpgp->io, netpgp->pubring, - key, &newkey, - &key->key.pubkey, - netpgp_getvar(netpgp, "subkey sigs") != NULL) > 0) ? newkey : NULL; - } - return (__ops_sprint_keydata(netpgp->io, netpgp->pubring, - key, &newkey, "signature", - &key->key.pubkey, - netpgp_getvar(netpgp, "subkey sigs") != NULL) > 0) ? newkey : NULL; -} - -/* export a given key */ -char * -netpgp_export_key(netpgp_t *netpgp, char *name) -{ - const __ops_key_t *key; - __ops_io_t *io; - - io = netpgp->io; - if ((key = resolve_userid(netpgp, netpgp->pubring, name)) == NULL) { - return NULL; - } - - char pass[MAX_PASSPHRASE_LENGTH]; - __ops_forget(pass, (unsigned)sizeof(pass)); //clear pass array - if (netpgp->passfp) { - __ops_getpassphrase(netpgp->passfp, pass, sizeof(pass)); - } - - char *result = __ops_export_key(io, key, (strlen(pass) > 0) ? (uint8_t *)pass : NULL); - __ops_forget(pass, (unsigned)sizeof(pass)); - - return result; -} - -#define IMPORT_ARMOR_HEAD "-----BEGIN PGP PUBLIC KEY BLOCK-----" - -/* import a key into our keyring */ -int -netpgp_import_key(netpgp_t *netpgp, char *f) -{ - __ops_io_t *io; - unsigned realarmor; - int done; - - io = netpgp->io; - realarmor = isarmoured(io, f, NULL, IMPORT_ARMOR_HEAD); - done = __ops_keyring_fileread(netpgp->pubring, realarmor, f); - if (!done) { - (void) fprintf(io->errs, "Cannot import key from file %s\n", f); - return 0; - } - return __ops_keyring_list(io, netpgp->pubring, 0); -} - -/* import a key into our keyring */ -int -netpgp_import_public_key(netpgp_t *netpgp, char *f) -{ - __ops_keyring_t *keyring; // read keyring - __ops_io_t *io; - unsigned realarmor; - int done; - __ops_key_t *key; - unsigned n = 0; - - - io = netpgp->io; - realarmor = isarmoured(io, f, NULL, IMPORT_ARMOR_HEAD); - -// keyring = readkeyring(netpgp, f); - if ((keyring = calloc(1, sizeof(*keyring))) == NULL) { - (void) fprintf(stderr, "readkeyring: bad alloc\n"); - return 0; - } - - done = __ops_keyring_fileread(keyring, realarmor, f); - if (!done) { - (void) fprintf(io->errs, "Cannot import key from file %s\n", f); - return 0; - } - - char *ringfile = netpgp_getvar(netpgp, "pubring"); - for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { - if (!__ops_is_key_secret(key)) { - if (key->type == OPS_PTAG_CT_PUBLIC_KEY) { - if (!appendkey(io, key, ringfile)) { - (void) fprintf(io->errs, "Cannot write pubkey to '%s'\n", ringfile); - return 0; - } - } - } - } - - - // append to netpgp keyring (I could load again but don't have to) - done = __ops_append_keyring(netpgp->pubring, keyring); - - if (keyring != NULL) { - __ops_keyring_free(keyring); - free(keyring); - } - - return done; -} - -///* import a key into our keyring */ -//int -//netpgp_import_secure_key(netpgp_t *netpgp, char *f) -//{ -// __ops_io_t *io; -// unsigned realarmor; -// int done; -// -// io = netpgp->io; -// realarmor = isarmoured(io, f, NULL, IMPORT_ARMOR_HEAD); -// done = __ops_keyring_fileread(netpgp->secring, realarmor, f); -// if (!done) { -// (void) fprintf(io->errs, "Cannot import key from file %s\n", f); -// return 0; -// } -// -// /* import secret key */ -// __ops_keyring_t *keyring = netpgp->secring; -// __ops_key_t *key; -// unsigned n = 0; -// -// for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { -// if (!__ops_is_key_secret(key)) { -// char *ringfile = netpgp_getvar(netpgp, "pubring"); -// if (!appendkey(io, key, ringfile)) { -// (void) fprintf(io->errs, "Cannot write pubkey to '%s'\n", ringfile); -// return 0; -// } -// } -// (void) fputc('\n', io->res); -// } -// -//// for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { -//// if (__ops_is_key_secret(key)) { -//// const unsigned noarmor = 1; -//// __ops_output_t *create; -//// int fd; -//// -//// char *ringfile = netpgp_getvar(netpgp, "secring"); -//// if ((fd = __ops_setup_file_append(&create, ringfile)) < 0) { -//// fd = __ops_setup_file_write(&create, ringfile, 0); -//// } -//// if (fd < 0) { -//// (void) fprintf(io->errs, "can't append secring '%s'\n", ringfile); -//// return 0; -//// } -//// if (!__ops_write_xfer_seckey(create, key, NULL, 0, noarmor)) { -//// (void) fprintf(io->errs, "Cannot write seckey\n"); -//// return 0; -//// } -//// __ops_teardown_file_write(create, fd); -//// } -//// } -// -// return __ops_keyring_list(io, netpgp->pubring, 0); -//} - - -/* generate a new key */ -/* output directory have to exists */ -int -netpgp_generate_key_rich(netpgp_t *netpgp, char *id, int numbits, char *output_directory, int save_to_default_keyring) -{ - __ops_output_t *create; - const unsigned noarmor = 0; - __ops_key_t *key; - __ops_io_t *io; - uint8_t *uid; - char newid[1024]; - char filename[MAXPATHLEN]; - char dir[MAXPATHLEN]; - char *cp; - char *ringfile; - int fd; - - uid = NULL; - io = netpgp->io; - /* generate a new key */ - if (id) { - (void) snprintf(newid, sizeof(newid), "%s", id); - } else { - (void) snprintf(newid, sizeof(newid), - "RSA %d-bit key <%s@localhost>", numbits, getenv("LOGNAME")); - } - uid = (uint8_t *)newid; - key = __ops_rsa_new_selfsign_key(numbits, 65537UL, uid, - netpgp_getvar(netpgp, "hash"), - netpgp_getvar(netpgp, "cipher")); - if (key == NULL) { - (void) fprintf(io->errs, "Cannot generate key\n"); - return 0; - } - - - cp = NULL; - __ops_sprint_keydata(netpgp->io, NULL, key, &cp, "signature ", &key->key.seckey.pubkey, 0); - (void) fprintf(stdout, "%s", cp); - /* write public key */ - if (output_directory) { - (void) snprintf(dir, sizeof(dir), "%s", output_directory); - (void) fprintf(io->errs, "netpgp: generated keys in directory %s\n", dir); - (void) snprintf(ringfile = filename, sizeof(filename), "%s/pubring.gpg", dir); - if (!appendkey(io, key, ringfile)) { - (void) fprintf(io->errs, "Cannot write pubkey to '%s'\n", ringfile); - return 0; - } - } - - /* write to default keyring */ - if (save_to_default_keyring) { - ringfile = netpgp_getvar(netpgp, "pubring"); - if (!appendkey(io, key, ringfile)) { - (void) fprintf(io->errs, "Cannot write pubkey to '%s'\n", ringfile); - return 0; - } - } - - if (netpgp->pubring != NULL) { - __ops_keyring_free(netpgp->pubring); - } - - char pass[MAX_PASSPHRASE_LENGTH]; - __ops_forget(pass, (unsigned)sizeof(pass)); //clear pass array - if (netpgp->passfp) { - __ops_getpassphrase(netpgp->passfp, pass, sizeof(pass)); - } - - /* write secret key */ - if (output_directory) { - (void) snprintf(ringfile = filename, sizeof(filename), "%s/secring.gpg", dir); - if ((fd = __ops_setup_file_append(&create, ringfile)) < 0) { - fd = __ops_setup_file_write(&create, ringfile, 0); - } - if (fd < 0) { - (void) fprintf(io->errs, "can't append secring '%s'\n", ringfile); - return 0; - } - if (!__ops_write_xfer_seckey(create, key, (strlen(pass) > 0) ? (uint8_t *)pass : NULL, strlen(pass), noarmor)) { - (void) fprintf(io->errs, "Cannot write seckey\n"); - return 0; - } - __ops_teardown_file_write(create, fd); - } - - /* write to default keyring */ - if (save_to_default_keyring) { - ringfile = netpgp_getvar(netpgp, "secring"); - if ((fd = __ops_setup_file_append(&create, ringfile)) < 0) { - fd = __ops_setup_file_write(&create, ringfile, 0); - } - if (fd < 0) { - (void) fprintf(io->errs, "can't append secring '%s'\n", ringfile); - return 0; - } - if (!__ops_write_xfer_seckey(create, key, (strlen(pass) > 0) ? (uint8_t *)pass : NULL, strlen(pass), noarmor)) { - (void) fprintf(io->errs, "Cannot write seckey\n"); - return 0; - } - __ops_teardown_file_write(create, fd); - } - if (netpgp->secring != NULL) { - __ops_keyring_free(netpgp->secring); - } - - __ops_forget(pass, (unsigned)sizeof(pass)); - __ops_keydata_free(key); - free(cp); - return 1; -} - -/* generate a new key */ -int -netpgp_generate_key(netpgp_t *netpgp, char *id, int numbits) -{ - return netpgp_generate_key_rich(netpgp, id, numbits, NULL, 1); -} - -/* encrypt a file */ -int -netpgp_encrypt_file(netpgp_t *netpgp, - const char *userid, - const char *f, - char *out, - int armored) -{ - const __ops_key_t *key; - const unsigned overwrite = 1; - const char *suffix; - __ops_io_t *io; - char outname[MAXPATHLEN]; - - io = netpgp->io; - if (f == NULL) { - (void) fprintf(io->errs, - "netpgp_encrypt_file: no filename specified\n"); - return 0; - } - suffix = (armored) ? ".asc" : ".gpg"; - /* get key with which to sign */ - if ((key = resolve_userid(netpgp, netpgp->pubring, userid)) == NULL) { - return 0; - } - if (out == NULL) { - (void) snprintf(outname, sizeof(outname), "%s%s", f, suffix); - out = outname; - } - return (int)__ops_encrypt_file(io, f, out, key, (unsigned)armored, - overwrite, netpgp_getvar(netpgp, "cipher"), netpgp_getvar(netpgp, "dont use subkey to encrypt") != NULL ? 1 : 0); -} - -#define ARMOR_HEAD "-----BEGIN PGP MESSAGE-----" - -/* decrypt a file */ -int -netpgp_decrypt_file(netpgp_t *netpgp, const char *f, char *out, int armored) -{ - const unsigned overwrite = 1; - __ops_io_t *io; - unsigned realarmor; - unsigned sshkeys; - - __OPS_USED(armored); - io = netpgp->io; - if (f == NULL) { - (void) fprintf(io->errs, - "netpgp_decrypt_file: no filename specified\n"); - return 0; - } - realarmor = isarmoured(io, f, NULL, ARMOR_HEAD); - sshkeys = (unsigned)(netpgp_getvar(netpgp, "ssh keys") != NULL); - return __ops_decrypt_file(netpgp->io, f, out, netpgp->secring, - netpgp->pubring, - realarmor, overwrite, sshkeys, - netpgp->passfp, get_passphrase_cb); -} - -/* sign a file */ -int -netpgp_sign_file(netpgp_t *netpgp, - const char *userid, - const char *f, - char *out, - int armored, - int cleartext, - int detached) -{ - const __ops_key_t *keypair; - const __ops_key_t *pubkey; - __ops_seckey_t *seckey; - const unsigned overwrite = 1; - __ops_io_t *io; - const char *hashalg; - int ret; - - io = netpgp->io; - if (f == NULL) { - (void) fprintf(io->errs, - "netpgp_sign_file: no filename specified\n"); - return 0; - } - /* get key with which to sign */ - if ((keypair = resolve_userid(netpgp, netpgp->secring, userid)) == NULL) { - return 0; - } - ret = 1; - do { - if (netpgp->passfp == NULL) { - /* print out the user id */ - pubkey = __ops_getkeybyname(io, netpgp->pubring, userid); - if (pubkey == NULL) { - (void) fprintf(io->errs, - "netpgp: warning - using pubkey from secring\n"); - __ops_print_keydata(io, netpgp->pubring, keypair, "signature ", - &keypair->key.seckey.pubkey, 0); - } else { - __ops_print_keydata(io, netpgp->pubring, pubkey, "signature ", - &pubkey->key.pubkey, 0); - } - } - if (netpgp_getvar(netpgp, "ssh keys") == NULL) { - /* now decrypt key */ - seckey = __ops_decrypt_seckey(keypair, netpgp->passfp); - if (seckey == NULL) { - (void) fprintf(io->errs, "Bad passphrase\n"); - } - } else { - __ops_keyring_t *secring; - - secring = netpgp->secring; - seckey = &secring->keys[0].key.seckey; - } - } while (seckey == NULL); - /* sign file */ - hashalg = netpgp_getvar(netpgp, "hash"); - if (seckey->pubkey.alg == OPS_PKA_DSA) { - hashalg = "sha1"; - } - if (detached) { - ret = __ops_sign_detached(io, f, out, seckey, hashalg, - get_birthtime(netpgp_getvar(netpgp, "birthtime")), - get_duration(netpgp_getvar(netpgp, "duration")), - (unsigned)armored, - overwrite); - } else { - ret = __ops_sign_file(io, f, out, seckey, hashalg, - get_birthtime(netpgp_getvar(netpgp, "birthtime")), - get_duration(netpgp_getvar(netpgp, "duration")), - (unsigned)armored, (unsigned)cleartext, - overwrite); - } - __ops_forget(seckey, (unsigned)sizeof(*seckey)); - return ret; -} - -#define ARMOR_SIG_HEAD "-----BEGIN PGP SIGNATURE-----\r\n" - -/* verify a file */ -int -netpgp_verify_file(netpgp_t *netpgp, const char *in, const char *out, int armored) -{ - __ops_validation_t result; - __ops_io_t *io; - unsigned realarmor; - - __OPS_USED(armored); - (void) memset(&result, 0x0, sizeof(result)); - io = netpgp->io; - if (in == NULL) { - (void) fprintf(io->errs, - "netpgp_verify_file: no filename specified\n"); - return 0; - } - realarmor = isarmoured(io, in, NULL, ARMOR_SIG_HEAD); - if (__ops_validate_file(io, &result, in, out, (const int)realarmor, netpgp->pubring)) { - resultp(io, in, &result, netpgp->pubring); - return 1; - } - if (result.validc + result.invalidc + result.unknownc == 0) { - (void) fprintf(io->errs, - "\"%s\": No signatures found - is this a signed file?\n", - in); - } else if (result.invalidc == 0 && result.unknownc == 0) { - (void) fprintf(io->errs, - "\"%s\": file verification failure: invalid signature time\n", in); - } else { - (void) fprintf(io->errs, -"\"%s\": verification failure: %u invalid signatures, %u unknown signatures\n", - in, result.invalidc, result.unknownc); - } - return 0; -} - -/* sign some memory */ -int -netpgp_sign_memory(netpgp_t *netpgp, - const char *userid, - char *mem, - size_t size, - char *out, - size_t outsize, - const unsigned armored, - const unsigned cleartext) -{ - const __ops_key_t *keypair; - const __ops_key_t *pubkey; - __ops_seckey_t *seckey; - __ops_memory_t *signedmem; - __ops_io_t *io; - const char *hashalg; - int ret; - - io = netpgp->io; - if (mem == NULL) { - (void) fprintf(io->errs, - "netpgp_sign_memory: no memory to sign\n"); - return 0; - } - if ((keypair = resolve_userid(netpgp, netpgp->secring, userid)) == NULL) { - return 0; - } - ret = 1; - do { - if (netpgp->passfp == NULL) { - /* print out the user id */ - pubkey = __ops_getkeybyname(io, netpgp->pubring, userid); - if (pubkey == NULL) { - (void) fprintf(io->errs, - "netpgp: warning - using pubkey from secring\n"); - __ops_print_keydata(io, netpgp->pubring, keypair, "signature ", - &keypair->key.seckey.pubkey, 0); - } else { - __ops_print_keydata(io, netpgp->pubring, pubkey, "signature ", - &pubkey->key.pubkey, 0); - } - } - /* now decrypt key */ - seckey = __ops_decrypt_seckey(keypair, netpgp->passfp); - if (seckey == NULL) { - (void) fprintf(io->errs, "Bad passphrase\n"); - } - } while (seckey == NULL); - /* sign file */ - (void) memset(out, 0x0, outsize); - hashalg = netpgp_getvar(netpgp, "hash"); - if (seckey->pubkey.alg == OPS_PKA_DSA) { - hashalg = "sha1"; - } - signedmem = __ops_sign_buf(io, mem, size, seckey, - get_birthtime(netpgp_getvar(netpgp, "birthtime")), - get_duration(netpgp_getvar(netpgp, "duration")), - hashalg, armored, cleartext); - if (signedmem) { - size_t m; - - m = MIN(__ops_mem_len(signedmem), outsize); - (void) memcpy(out, __ops_mem_data(signedmem), m); - __ops_memory_free(signedmem); - ret = (int)m; - } else { - ret = 0; - } - __ops_forget(seckey, (unsigned)sizeof(*seckey)); - return ret; -} - -/* verify memory */ -int -netpgp_verify_memory(netpgp_t *netpgp, const void *in, const size_t size, - void *out, size_t outsize, const int armored) -{ - __ops_validation_t result; - __ops_memory_t *signedmem; - __ops_memory_t *cat; - __ops_io_t *io; - size_t m; - int ret; - - (void) memset(&result, 0x0, sizeof(result)); - io = netpgp->io; - if (in == NULL) { - (void) fprintf(io->errs, - "netpgp_verify_memory: no memory to verify\n"); - return 0; - } - signedmem = __ops_memory_new(); - __ops_memory_add(signedmem, in, size); - if (out) { - cat = __ops_memory_new(); - } - ret = __ops_validate_mem(io, &result, signedmem, - (out) ? &cat : NULL, - armored, netpgp->pubring); - /* signedmem is freed from pgp_validate_mem */ - if (ret) { - resultp(io, "<stdin>", &result, netpgp->pubring); - if (out) { - m = MIN(__ops_mem_len(cat), outsize); - (void) memcpy(out, __ops_mem_data(cat), m); - __ops_memory_free(cat); - } else { - m = 1; - } - return (int)m; - } - if (result.validc + result.invalidc + result.unknownc == 0) { - (void) fprintf(io->errs, - "No signatures found - is this memory signed?\n"); - } else if (result.invalidc == 0 && result.unknownc == 0) { - (void) fprintf(io->errs, - "memory verification failure: invalid signature time\n"); - } else { - (void) fprintf(io->errs, -"memory verification failure: %u invalid signatures, %u unknown signatures\n", - result.invalidc, result.unknownc); - } - return 0; -} - -/* encrypt some memory */ -int -netpgp_encrypt_memory(netpgp_t *netpgp, - const char *userid, - void *in, - const size_t insize, - char *out, - size_t outsize, - int armored) -{ - const __ops_key_t *keypair; - __ops_memory_t *enc; - __ops_io_t *io; - size_t m; - - io = netpgp->io; - if (in == NULL) { - (void) fprintf(io->errs, - "netpgp_encrypt_buf: no memory to encrypt\n"); - return 0; - } - if ((keypair = resolve_userid(netpgp, netpgp->pubring, userid)) == NULL) { - return 0; - } - if (in == out) { - (void) fprintf(io->errs, - "netpgp_encrypt_buf: input and output bufs need to be different\n"); - return 0; - } - if (outsize < insize) { - (void) fprintf(io->errs, - "netpgp_encrypt_buf: input size is larger than output size\n"); - return 0; - } - enc = __ops_encrypt_buf(io, in, insize, keypair, (unsigned)armored, - netpgp_getvar(netpgp, "cipher"), netpgp_getvar(netpgp, "dont use subkey to encrypt") != NULL ? 1 : 0); - m = MIN(__ops_mem_len(enc), outsize); - (void) memcpy(out, __ops_mem_data(enc), m); - __ops_memory_free(enc); - return (int)m; -} - -/* decrypt a chunk of memory */ -int -netpgp_decrypt_memory(netpgp_t *netpgp, const void *input, const size_t insize, - char *out, size_t outsize, const int armored) -{ - __ops_memory_t *mem; - __ops_io_t *io; - unsigned realarmour; - unsigned sshkeys; - size_t m; - - __OPS_USED(armored); - io = netpgp->io; - if (input == NULL) { - (void) fprintf(io->errs, - "netpgp_decrypt_memory: no memory\n"); - return 0; - } - realarmour = isarmoured(io, NULL, input, ARMOR_HEAD); - sshkeys = (unsigned)(netpgp_getvar(netpgp, "ssh keys") != NULL); - mem = __ops_decrypt_buf(netpgp->io, input, insize, netpgp->secring, - netpgp->pubring, - realarmour, sshkeys, - netpgp->passfp, - get_passphrase_cb); - m = MIN(__ops_mem_len(mem), outsize); - (void) memcpy(out, __ops_mem_data(mem), m); - __ops_memory_free(mem); - return (int)m; -} - -/* wrappers for the ops_debug_level functions we added to openpgpsdk */ - -/* set the debugging level per filename */ -int -netpgp_set_debug(const char *f) -{ - return __ops_set_debug_level(f); -} - -/* get the debugging level per filename */ -int -netpgp_get_debug(const char *f) -{ - return __ops_get_debug_level(f); -} - -/* return the version for the library */ -const char * -netpgp_get_info(const char *type) -{ - return __ops_get_info(type); -} - -/* list all the packets in a file */ -int -netpgp_list_packets(netpgp_t *netpgp, char *f, int armor, char *pubringname) -{ - __ops_keyring_t *keyring; - const unsigned noarmor = 0; - struct stat st; - __ops_io_t *io; - char ringname[MAXPATHLEN]; - char *homedir; - int ret; - - io = netpgp->io; - if (f == NULL) { - (void) fprintf(io->errs, "No file containing packets\n"); - return 0; - } - if (stat(f, &st) < 0) { - (void) fprintf(io->errs, "No such file '%s'\n", f); - return 0; - } - homedir = netpgp_getvar(netpgp, "homedir"); - if (pubringname == NULL) { - (void) snprintf(ringname, sizeof(ringname), - "%s/pubring.gpg", homedir); - pubringname = ringname; - } - if ((keyring = calloc(1, sizeof(*keyring))) == NULL) { - (void) fprintf(io->errs, "netpgp_list_packets: bad alloc\n"); - return 0; - } - if (!__ops_keyring_fileread(keyring, noarmor, pubringname)) { - free(keyring); - (void) fprintf(io->errs, "Cannot read pub keyring %s\n", - pubringname); - return 0; - } - netpgp->pubring = keyring; - netpgp_setvar(netpgp, "pubring", pubringname); - ret = __ops_list_packets(io, f, (unsigned)armor, - netpgp->secring, - netpgp->pubring, - netpgp->passfp, - get_passphrase_cb); - free(keyring); - return ret; -} - -/* set a variable */ -int -netpgp_setvar(netpgp_t *netpgp, const char *name, const char *value) -{ - char *newval; - int i; - - /* protect against the case where 'value' is netpgp->value[i] */ - newval = netpgp_strdup(value); - if ((i = findvar(netpgp, name)) < 0) { - /* add the element to the array */ - if (size_arrays(netpgp, netpgp->size + 15)) { - netpgp->name[i = netpgp->c++] = netpgp_strdup(name); - } - } else { - /* replace the element in the array */ - if (netpgp->value[i]) { - free(netpgp->value[i]); - netpgp->value[i] = NULL; - } - } - /* sanity checks for range of values */ - if (strcmp(name, "hash") == 0 || strcmp(name, "algorithm") == 0) { - if (__ops_str_to_hash_alg(newval) == OPS_HASH_UNKNOWN) { - free(newval); - return 0; - } - } - netpgp->value[i] = newval; - return 1; -} - -/* unset a variable */ -int -netpgp_unsetvar(netpgp_t *netpgp, const char *name) -{ - int i; - - if ((i = findvar(netpgp, name)) >= 0) { - if (netpgp->value[i]) { - free(netpgp->value[i]); - netpgp->value[i] = NULL; - } - netpgp->value[i] = NULL; - return 1; - } - return 0; -} - -/* get a variable's value (NULL if not set) */ -char * -netpgp_getvar(netpgp_t *netpgp, const char *name) -{ - int i; - - return ((i = findvar(netpgp, name)) < 0) ? NULL : netpgp->value[i]; -} - -/* increment a value */ -int -netpgp_incvar(netpgp_t *netpgp, const char *name, const int delta) -{ - char *cp; - char num[16]; - int val; - - val = 0; - if ((cp = netpgp_getvar(netpgp, name)) != NULL) { - val = atoi(cp); - } - (void) snprintf(num, sizeof(num), "%d", val + delta); - netpgp_setvar(netpgp, name, num); - return 1; -} - -/* set the home directory value to "home/subdir" */ -int -netpgp_set_homedir(netpgp_t *netpgp, char *home, const char *subdir, const int quiet) -{ - struct stat st; - char d[MAXPATHLEN]; - - if (home == NULL) { - if (!quiet) { - (void) fprintf(stderr, "NULL HOME directory\n"); - } - return 0; - } - (void) snprintf(d, sizeof(d), "%s%s", home, (subdir) ? subdir : ""); - if (stat(d, &st) == 0) { - if ((st.st_mode & S_IFMT) == S_IFDIR) { - netpgp_setvar(netpgp, "homedir", d); - return 1; - } - (void) fprintf(stderr, "netpgp: homedir \"%s\" is not a dir\n", - d); - return 0; - } - if (!quiet) { - (void) fprintf(stderr, - "netpgp: warning homedir \"%s\" not found\n", d); - } - netpgp_setvar(netpgp, "homedir", d); - return 1; -} - -/* validate all sigs in the pub keyring */ -int -netpgp_validate_sigs(netpgp_t *netpgp) -{ - __ops_validation_t result; - - return (int)__ops_validate_all_sigs(&result, netpgp->pubring, NULL); -} - -/* print the json out on 'fp' */ -int -netpgp_format_json(void *vp, const char *json, const int psigs) -{ - mj_t ids; - FILE *fp; - int from; - int idc; - int tok; - int to; - int i; - - if ((fp = (FILE *)vp) == NULL || json == NULL) { - return 0; - } - /* ids is an array of strings, each containing 1 entry */ - (void) memset(&ids, 0x0, sizeof(ids)); - from = to = tok = 0; - /* convert from string into an mj structure */ - (void) mj_parse(&ids, json, &from, &to, &tok); - if ((idc = mj_arraycount(&ids)) == 1 && strchr(json, '{') == NULL) { - idc = 0; - } - (void) fprintf(fp, "%d key%s found\n", idc, (idc == 1) ? "" : "s"); - for (i = 0 ; i < idc ; i++) { - format_json_key(fp, &ids.value.v[i], psigs); - } - /* clean up */ - mj_delete(&ids); - return idc; -} - -/* find a key in keyring, and write it in ssh format */ -int -netpgp_write_sshkey(netpgp_t *netpgp, char *s, const char *userid, char *out, size_t size) -{ - const __ops_key_t *key; - __ops_keyring_t *keyring; - __ops_io_t *io; - unsigned k; - size_t cc; - char f[MAXPATHLEN]; - - if ((io = calloc(1, sizeof(__ops_io_t))) == NULL) { - (void) fprintf(stderr, "netpgp_save_sshpub: bad alloc 1\n"); - return 0; - } - io->outs = stdout; - io->errs = stderr; - io->res = stderr; - netpgp->io = io; - /* write new to temp file */ - savepubkey(s, f, sizeof(f)); - if ((keyring = calloc(1, sizeof(*keyring))) == NULL) { - (void) fprintf(stderr, "netpgp_save_sshpub: bad alloc 2\n"); - return 0; - } - if (!__ops_keyring_fileread(netpgp->pubring = keyring, 1, f)) { - (void) fprintf(stderr, "can't import key\n"); - return 0; - } - /* get rsa key */ - k = 0; - key = __ops_getnextkeybyname(netpgp->io, netpgp->pubring, userid, &k); - if (key == NULL) { - (void) fprintf(stderr, "no key found for '%s'\n", userid); - return 0; - } - if (key->key.pubkey.alg != OPS_PKA_RSA) { - /* we're not interested in supporting DSA either :-) */ - (void) fprintf(stderr, "key not RSA '%s'\n", userid); - return 0; - } - /* XXX - check trust sigs */ - /* XXX - check expiry */ - /* XXX - check start */ - /* XXX - check not weak key */ - /* get rsa e and n */ - (void) memset(out, 0x0, size); - cc = formatstring((char *)out, (const uint8_t *)"ssh-rsa", 7); - cc += formatbignum((char *)&out[cc], key->key.pubkey.key.rsa.e); - cc += formatbignum((char *)&out[cc], key->key.pubkey.key.rsa.n); - free(io); - free(keyring); - return (int)MIN(cc,INT_MAX); -} diff --git a/enzevalos_iphone/netpgp/lib/netpgp.h b/enzevalos_iphone/netpgp/lib/netpgp.h deleted file mode 100644 index f0ffb86a..00000000 --- a/enzevalos_iphone/netpgp/lib/netpgp.h +++ /dev/null @@ -1,113 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@netbsd.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef NETPGP_H_ -#define NETPGP_H_ - -#ifndef __BEGIN_DECLS -# if defined(__cplusplus) -# define __BEGIN_DECLS extern "C" { -# define __END_DECLS } -# else -# define __BEGIN_DECLS -# define __END_DECLS -# endif -#endif - -__BEGIN_DECLS - -/* structure used to hold (key,value) pair information */ -typedef struct netpgp_t { - unsigned c; /* # of elements used */ - unsigned size; /* size of array */ - char **name; /* key names */ - char **value; /* value information */ - void *pubring; /* public key ring */ - void *secring; /* s3kr1t key ring */ - void *io; /* the io struct for results/errs */ - void *passfp; /* file pointer for password input */ -} netpgp_t; - -/* begin and end */ -int netpgp_init(netpgp_t *); -int netpgp_end(netpgp_t *); - -/* debugging, reflection and information */ -int netpgp_set_debug(const char *); -int netpgp_get_debug(const char *); -const char *netpgp_get_info(const char *); -int netpgp_list_packets(netpgp_t *, char *, int, char *); - -/* variables */ -int netpgp_setvar(netpgp_t *, const char *, const char *); -char *netpgp_getvar(netpgp_t *, const char *); -int netpgp_incvar(netpgp_t *, const char *, const int); -int netpgp_unsetvar(netpgp_t *, const char *); - -/* set home directory information */ -int netpgp_set_homedir(netpgp_t *, char *, const char *, const int); - -/* key management */ -int netpgp_list_keys(netpgp_t *, const int); -int netpgp_list_keys_json(netpgp_t *, char **, const int); -int netpgp_find_key(netpgp_t *, char *); -char *netpgp_get_key(netpgp_t *, const char *, const char *); -char *netpgp_export_key(netpgp_t *, char *); -int netpgp_import_key(netpgp_t *netpgp, char *f); -int netpgp_import_public_key(netpgp_t *netpgp, char *f); -//int netpgp_import_secure_key(netpgp_t *netpgp, char *f); -int netpgp_generate_key(netpgp_t *, char *, int); -int netpgp_generate_key_rich(netpgp_t *netpgp, char *id, int numbits, char *output_directory, int save_to_default_keyring); - -/* file management */ -int netpgp_encrypt_file(netpgp_t *, const char *, const char *, char *, int); -int netpgp_decrypt_file(netpgp_t *, const char *, char *, int); -int netpgp_sign_file(netpgp_t *, const char *, const char *, char *, int, int, int); -int netpgp_verify_file(netpgp_t *, const char *, const char *, int); - -/* memory signing and encryption */ -int netpgp_sign_memory(netpgp_t *, const char *, char *, size_t, char *, size_t, const unsigned, const unsigned); -int netpgp_verify_memory(netpgp_t *, const void *, const size_t, void *, size_t, const int); -int netpgp_encrypt_memory(netpgp_t *, const char *, void *, const size_t, char *, size_t, int); -int netpgp_decrypt_memory(netpgp_t *, const void *, const size_t, char *, size_t, const int); - -/* match and hkp-related functions */ -int netpgp_match_keys_json(netpgp_t *, char **, char *, const char *, const int); -int netpgp_match_keys(netpgp_t *, char *, const char *, void *, const int); -int netpgp_match_pubkeys(netpgp_t *, char *, void *); -int netpgp_format_json(void *, const char *, const int); - -int netpgp_validate_sigs(netpgp_t *); - -/* save pgp key in ssh format */ -int netpgp_write_sshkey(netpgp_t *, char *, const char *, char *, size_t); - - -__END_DECLS - -#endif /* !NETPGP_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/netpgpdefs.h b/enzevalos_iphone/netpgp/lib/netpgpdefs.h deleted file mode 100644 index 755b2b4e..00000000 --- a/enzevalos_iphone/netpgp/lib/netpgpdefs.h +++ /dev/null @@ -1,68 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@netbsd.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef NETPGPDEFS_H_ -#define NETPGPDEFS_H_ 1 - -#define PRItime "ll" - -#ifdef WIN32 -#define PRIsize "I" -#else -#define PRIsize "z" -#endif - -/* for silencing unused parameter warnings */ -#define __OPS_USED(x) /*LINTED*/(void)&(x) - -#ifndef __UNCONST -#define __UNCONST(a) ((void *)(unsigned long)(const void *)(a)) -#endif - -/* number of elements in an array */ -#define OPS_ARRAY_SIZE(a) (sizeof(a)/sizeof(*(a))) - -void hexdump(FILE *, const char *, const uint8_t *, size_t); - -const char *__ops_str_from_map(int, __ops_map_t *); - -int __ops_set_debug_level(const char *); -int __ops_get_debug_level(const char *); - -void *__ops_new(size_t); - -#define NETPGP_BUFSIZ 8192 - -#define CALLBACK(t, cbinfo, pkt) do { \ - (pkt)->tag = (t); \ - if (__ops_callback(pkt, cbinfo) == OPS_RELEASE_MEMORY) { \ - __ops_parser_content_free(pkt); \ - } \ -} while(/* CONSTCOND */0) - -#endif /* !NETPGPDEFS_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/netpgpdigest.h b/enzevalos_iphone/netpgp/lib/netpgpdigest.h deleted file mode 100644 index 2bd151f4..00000000 --- a/enzevalos_iphone/netpgp/lib/netpgpdigest.h +++ /dev/null @@ -1,55 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@netbsd.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef NETPGPDIGEST_H_ -#define NETPGPDIGEST_H_ - -/* header file to define the sizes for various digest arrays */ - -#ifdef HAVE_OPENSSL_MD5_H -#include <openssl/md5.h> -#endif - -#ifdef HAVE_OPENSSL_SHA_H -#include <openssl/sha.h> -#endif - -/* Apple */ -#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H -#undef MD5_DIGEST_LENGTH -#undef SHA_DIGEST_LENGTH -#define COMMON_DIGEST_FOR_OPENSSL 1 -#include <CommonCrypto/CommonDigest.h> -#endif - -/* SHA1 Hash Size */ -#define OPS_SHA1_HASH_SIZE SHA_DIGEST_LENGTH -#define OPS_SHA256_HASH_SIZE SHA256_DIGEST_LENGTH -#define OPS_CHECKHASH_SIZE OPS_SHA1_HASH_SIZE - -#endif /* NETPGPDIGEST_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/netpgpsdk.h b/enzevalos_iphone/netpgp/lib/netpgpsdk.h deleted file mode 100644 index 2acd693b..00000000 --- a/enzevalos_iphone/netpgp/lib/netpgpsdk.h +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * Copyright (c) 2009,2010 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef NETPGPSDK_H_ -#define NETPGPSDK_H_ - -#include "keyring.h" -#include "crypto.h" -#include "signature.h" -#include "packet-show.h" - -typedef struct __ops_validation_t { - unsigned validc; - __ops_sig_info_t *valid_sigs; - unsigned invalidc; - __ops_sig_info_t *invalid_sigs; - unsigned unknownc; - __ops_sig_info_t *unknown_sigs; - time_t birthtime; - time_t duration; -} __ops_validation_t; - -void __ops_validate_result_free(__ops_validation_t *); - -unsigned -__ops_validate_key_sigs(__ops_validation_t *, - const __ops_key_t *, - const __ops_keyring_t *, - __ops_cb_ret_t cb(const __ops_packet_t *, __ops_cbdata_t *)); - -unsigned -__ops_validate_all_sigs(__ops_validation_t *, - const __ops_keyring_t *, - __ops_cb_ret_t cb(const __ops_packet_t *, __ops_cbdata_t *)); - -unsigned __ops_check_sig(const uint8_t *, - unsigned, const __ops_sig_t *, const __ops_pubkey_t *); - -const char *__ops_get_info(const char *type); - -int __ops_asprintf(char **, const char *, ...); - -void netpgp_log(const char *, ...); - -int netpgp_strcasecmp(const char *, const char *); -char *netpgp_strdup(const char *); - - -#endif diff --git a/enzevalos_iphone/netpgp/lib/openssl_crypto.c b/enzevalos_iphone/netpgp/lib/openssl_crypto.c deleted file mode 100644 index 94a1cb50..00000000 --- a/enzevalos_iphone/netpgp/lib/openssl_crypto.c +++ /dev/null @@ -1,1050 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: openssl_crypto.c,v 1.32 2010/11/07 06:56:52 agc Exp $"); -#endif - -#ifdef HAVE_OPENSSL_DSA_H -#include <openssl/dsa.h> -#endif - -#ifdef HAVE_OPENSSL_RSA_H -#include <openssl/rsa.h> -#endif - -#ifdef HAVE_OPENSSL_ERR_H -#include <openssl/err.h> -#endif - -#include <openssl/pem.h> -#include <openssl/evp.h> - -#include <stdlib.h> -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#include "crypto.h" -#include "keyring.h" -#include "readerwriter.h" -#include "netpgpdefs.h" -#include "netpgpdigest.h" -#include "packet.h" - - -static void -test_seckey(const __ops_seckey_t *seckey) -{ - RSA *test = RSA_new(); - - test->n = BN_dup(seckey->pubkey.key.rsa.n); - test->e = BN_dup(seckey->pubkey.key.rsa.e); - - test->d = BN_dup(seckey->key.rsa.d); - test->p = BN_dup(seckey->key.rsa.p); - test->q = BN_dup(seckey->key.rsa.q); - - if (RSA_check_key(test) != 1) { - (void) fprintf(stderr, - "test_seckey: RSA_check_key failed\n"); - } - RSA_free(test); -} - -static int -md5_init(__ops_hash_t *hash) -{ - if (hash->data) { - (void) fprintf(stderr, "md5_init: hash data non-null\n"); - } - if ((hash->data = calloc(1, sizeof(MD5_CTX))) == NULL) { - (void) fprintf(stderr, "md5_init: bad alloc\n"); - return 0; - } - MD5_Init(hash->data); - return 1; -} - -static void -md5_add(__ops_hash_t *hash, const uint8_t *data, unsigned length) -{ - MD5_Update(hash->data, data, length); -} - -static unsigned -md5_finish(__ops_hash_t *hash, uint8_t *out) -{ - MD5_Final(out, hash->data); - free(hash->data); - hash->data = NULL; - return 16; -} - -static const __ops_hash_t md5 = { - OPS_HASH_MD5, - MD5_DIGEST_LENGTH, - "MD5", - md5_init, - md5_add, - md5_finish, - NULL -}; - -/** - \ingroup Core_Crypto - \brief Initialise to MD5 - \param hash Hash to initialise -*/ -void -__ops_hash_md5(__ops_hash_t *hash) -{ - *hash = md5; -} - -static int -sha1_init(__ops_hash_t *hash) -{ - if (hash->data) { - (void) fprintf(stderr, "sha1_init: hash data non-null\n"); - } - if ((hash->data = calloc(1, sizeof(SHA_CTX))) == NULL) { - (void) fprintf(stderr, "sha1_init: bad alloc\n"); - return 0; - } - SHA1_Init(hash->data); - return 1; -} - -static void -sha1_add(__ops_hash_t *hash, const uint8_t *data, unsigned length) -{ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha1_add", data, length); - } - SHA1_Update(hash->data, data, length); -} - -static unsigned -sha1_finish(__ops_hash_t *hash, uint8_t *out) -{ - SHA1_Final(out, hash->data); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha1_finish", out, OPS_SHA1_HASH_SIZE); - } - free(hash->data); - hash->data = NULL; - return OPS_SHA1_HASH_SIZE; -} - -static const __ops_hash_t sha1 = { - OPS_HASH_SHA1, - OPS_SHA1_HASH_SIZE, - "SHA1", - sha1_init, - sha1_add, - sha1_finish, - NULL -}; - -/** - \ingroup Core_Crypto - \brief Initialise to SHA1 - \param hash Hash to initialise -*/ -void -__ops_hash_sha1(__ops_hash_t *hash) -{ - *hash = sha1; -} - -static int -sha256_init(__ops_hash_t *hash) -{ - if (hash->data) { - (void) fprintf(stderr, "sha256_init: hash data non-null\n"); - } - if ((hash->data = calloc(1, sizeof(SHA256_CTX))) == NULL) { - (void) fprintf(stderr, "sha256_init: bad alloc\n"); - return 0; - } - SHA256_Init(hash->data); - return 1; -} - -static void -sha256_add(__ops_hash_t *hash, const uint8_t *data, unsigned length) -{ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha256_add", data, length); - } - SHA256_Update(hash->data, data, length); -} - -static unsigned -sha256_finish(__ops_hash_t *hash, uint8_t *out) -{ - SHA256_Final(out, hash->data); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha1_finish", out, SHA256_DIGEST_LENGTH); - } - free(hash->data); - hash->data = NULL; - return SHA256_DIGEST_LENGTH; -} - -static const __ops_hash_t sha256 = { - OPS_HASH_SHA256, - SHA256_DIGEST_LENGTH, - "SHA256", - sha256_init, - sha256_add, - sha256_finish, - NULL -}; - -void -__ops_hash_sha256(__ops_hash_t *hash) -{ - *hash = sha256; -} - -/* - * SHA384 - */ -static int -sha384_init(__ops_hash_t *hash) -{ - if (hash->data) { - (void) fprintf(stderr, "sha384_init: hash data non-null\n"); - } - if ((hash->data = calloc(1, sizeof(SHA512_CTX))) == NULL) { - (void) fprintf(stderr, "sha384_init: bad alloc\n"); - return 0; - } - SHA384_Init(hash->data); - return 1; -} - -static void -sha384_add(__ops_hash_t *hash, const uint8_t *data, unsigned length) -{ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha384_add", data, length); - } - SHA384_Update(hash->data, data, length); -} - -static unsigned -sha384_finish(__ops_hash_t *hash, uint8_t *out) -{ - SHA384_Final(out, hash->data); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha384_finish", out, SHA384_DIGEST_LENGTH); - } - free(hash->data); - hash->data = NULL; - return SHA384_DIGEST_LENGTH; -} - -static const __ops_hash_t sha384 = { - OPS_HASH_SHA384, - SHA384_DIGEST_LENGTH, - "SHA384", - sha384_init, - sha384_add, - sha384_finish, - NULL -}; - -void -__ops_hash_sha384(__ops_hash_t *hash) -{ - *hash = sha384; -} - -/* - * SHA512 - */ -static int -sha512_init(__ops_hash_t *hash) -{ - if (hash->data) { - (void) fprintf(stderr, "sha512_init: hash data non-null\n"); - } - if ((hash->data = calloc(1, sizeof(SHA512_CTX))) == NULL) { - (void) fprintf(stderr, "sha512_init: bad alloc\n"); - return 0; - } - SHA512_Init(hash->data); - return 1; -} - -static void -sha512_add(__ops_hash_t *hash, const uint8_t *data, unsigned length) -{ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha512_add", data, length); - } - SHA512_Update(hash->data, data, length); -} - -static unsigned -sha512_finish(__ops_hash_t *hash, uint8_t *out) -{ - SHA512_Final(out, hash->data); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha512_finish", out, SHA512_DIGEST_LENGTH); - } - free(hash->data); - hash->data = NULL; - return SHA512_DIGEST_LENGTH; -} - -static const __ops_hash_t sha512 = { - OPS_HASH_SHA512, - SHA512_DIGEST_LENGTH, - "SHA512", - sha512_init, - sha512_add, - sha512_finish, - NULL -}; - -void -__ops_hash_sha512(__ops_hash_t *hash) -{ - *hash = sha512; -} - -/* - * SHA224 - */ - -static int -sha224_init(__ops_hash_t *hash) -{ - if (hash->data) { - (void) fprintf(stderr, "sha224_init: hash data non-null\n"); - } - if ((hash->data = calloc(1, sizeof(SHA256_CTX))) == NULL) { - (void) fprintf(stderr, "sha256_init: bad alloc\n"); - return 0; - } - SHA224_Init(hash->data); - return 1; -} - -static void -sha224_add(__ops_hash_t *hash, const uint8_t *data, unsigned length) -{ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha224_add", data, length); - } - SHA224_Update(hash->data, data, length); -} - -static unsigned -sha224_finish(__ops_hash_t *hash, uint8_t *out) -{ - SHA224_Final(out, hash->data); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sha224_finish", out, SHA224_DIGEST_LENGTH); - } - free(hash->data); - hash->data = NULL; - return SHA224_DIGEST_LENGTH; -} - -static const __ops_hash_t sha224 = { - OPS_HASH_SHA224, - SHA224_DIGEST_LENGTH, - "SHA224", - sha224_init, - sha224_add, - sha224_finish, - NULL -}; - -void -__ops_hash_sha224(__ops_hash_t *hash) -{ - *hash = sha224; -} - -unsigned -__ops_dsa_verify(const uint8_t *hash, size_t hash_length, - const __ops_dsa_sig_t *sig, - const __ops_dsa_pubkey_t *dsa) -{ - unsigned qlen; - DSA_SIG *osig; - DSA *odsa; - int ret; - - osig = DSA_SIG_new(); - osig->r = sig->r; - osig->s = sig->s; - - odsa = DSA_new(); - odsa->p = dsa->p; - odsa->q = dsa->q; - odsa->g = dsa->g; - odsa->pub_key = dsa->y; - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "input hash", hash, hash_length); - (void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q)); - } - if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) { - hash_length = qlen; - } - ret = DSA_do_verify(hash, (int)hash_length, osig, odsa); - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "ret=%d\n", ret); - } - if (ret < 0) { - (void) fprintf(stderr, "__ops_dsa_verify: DSA verification\n"); - return 0; - } - - odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL; - DSA_free(odsa); - - osig->r = osig->s = NULL; - DSA_SIG_free(osig); - - return (unsigned)ret; -} - -/** - \ingroup Core_Crypto - \brief Recovers message digest from the signature - \param out Where to write decrypted data to - \param in Encrypted data - \param length Length of encrypted data - \param pubkey RSA public key - \return size of recovered message digest -*/ -int -__ops_rsa_public_decrypt(uint8_t *out, - const uint8_t *in, - size_t length, - const __ops_rsa_pubkey_t *pubkey) -{ - RSA *orsa; - int n; - - orsa = RSA_new(); - orsa->n = pubkey->n; - orsa->e = pubkey->e; - - n = RSA_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); - - orsa->n = orsa->e = NULL; - RSA_free(orsa); - - return n; -} - -/** - \ingroup Core_Crypto - \brief Signs data with RSA - \param out Where to write signature - \param in Data to sign - \param length Length of data - \param seckey RSA secret key - \param pubkey RSA public key - \return number of bytes decrypted -*/ -int -__ops_rsa_private_encrypt(uint8_t *out, - const uint8_t *in, - size_t length, - const __ops_rsa_seckey_t *seckey, - const __ops_rsa_pubkey_t *pubkey) -{ - RSA *orsa; - int n; - - orsa = RSA_new(); - orsa->n = BN_dup(pubkey->n); - orsa->d = seckey->d; - orsa->p = seckey->q; /* p and q are round the other way in openssl */ - orsa->q = seckey->p; - - /* debug */ - orsa->e = BN_dup(pubkey->e); - /* If this isn't set, it's very likely that the programmer hasn't */ - /* decrypted the secret key. RSA_check_key segfaults in that case. */ - /* Use __ops_decrypt_seckey() to do that. */ - if (orsa->d == NULL) { - (void) fprintf(stderr, "orsa is not set\n"); - return 0; - } - if (RSA_check_key(orsa) != 1) { - (void) fprintf(stderr, "RSA_check_key is not set\n"); - return 0; - } - /* end debug */ - - n = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING); - - orsa->n = orsa->d = orsa->p = orsa->q = NULL; - RSA_free(orsa); - - return n; -} - -/** -\ingroup Core_Crypto -\brief Decrypts RSA-encrypted data -\param out Where to write the plaintext -\param in Encrypted data -\param length Length of encrypted data -\param seckey RSA secret key -\param pubkey RSA public key -\return size of recovered plaintext -*/ -int -__ops_rsa_private_decrypt(uint8_t *out, - const uint8_t *in, - size_t length, - const __ops_rsa_seckey_t *seckey, - const __ops_rsa_pubkey_t *pubkey) -{ - RSA *keypair; - int n; - char errbuf[1024]; - - keypair = RSA_new(); - keypair->n = pubkey->n; /* XXX: do we need n? */ - keypair->d = seckey->d; - keypair->p = seckey->q; - keypair->q = seckey->p; - - /* debug */ - keypair->e = pubkey->e; - if (RSA_check_key(keypair) != 1) { - (void) fprintf(stderr, "RSA_check_key is not set\n"); - return 0; - } - /* end debug */ - - n = RSA_private_decrypt((int)length, in, out, keypair, RSA_NO_PADDING); - - if (__ops_get_debug_level(__FILE__)) { - printf("__ops_rsa_private_decrypt: n=%d\n",n); - } - - errbuf[0] = '\0'; - if (n == -1) { - unsigned long err = ERR_get_error(); - - ERR_error_string(err, &errbuf[0]); - (void) fprintf(stderr, "openssl error : %s\n", errbuf); - } - keypair->n = keypair->d = keypair->p = keypair->q = NULL; - RSA_free(keypair); - - return n; -} - -/** - \ingroup Core_Crypto - \brief RSA-encrypts data - \param out Where to write the encrypted data - \param in Plaintext - \param length Size of plaintext - \param pubkey RSA Public Key -*/ -int -__ops_rsa_public_encrypt(uint8_t *out, - const uint8_t *in, - size_t length, - const __ops_rsa_pubkey_t *pubkey) -{ - RSA *orsa; - int n; - - /* printf("__ops_rsa_public_encrypt: length=%ld\n", length); */ - - orsa = RSA_new(); - orsa->n = pubkey->n; - orsa->e = pubkey->e; - - /* printf("len: %ld\n", length); */ - /* __ops_print_bn("n: ", orsa->n); */ - /* __ops_print_bn("e: ", orsa->e); */ - n = RSA_public_encrypt((int)length, in, out, orsa, RSA_NO_PADDING); - - if (n == -1) { - BIO *fd_out; - - fd_out = BIO_new_fd(fileno(stderr), BIO_NOCLOSE); - ERR_print_errors(fd_out); - } - orsa->n = orsa->e = NULL; - RSA_free(orsa); - - return n; -} - -/** - \ingroup Core_Crypto - \brief Finalise openssl - \note Would usually call __ops_finish() instead - \sa __ops_finish() -*/ -void -__ops_crypto_finish(void) -{ - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state((unsigned long)0); -} - -/** - \ingroup Core_Hashes - \brief Get Hash name - \param hash Hash struct - \return Hash name -*/ -const char * -__ops_text_from_hash(__ops_hash_t *hash) -{ - return hash->name; -} - -/** - \ingroup HighLevel_KeyGenerate - \brief Generates an RSA keypair - \param numbits Modulus size - \param e Public Exponent - \param keydata Pointer to keydata struct to hold new key - \return 1 if key generated successfully; otherwise 0 - \note It is the caller's responsibility to call __ops_keydata_free(keydata) -*/ -static unsigned -rsa_generate_keypair(__ops_key_t *keydata, - const int numbits, - const unsigned long e, - const char *hashalg, - const char *cipher) -{ - __ops_seckey_t *seckey; - RSA *rsa; - BN_CTX *ctx; - __ops_output_t *output; - __ops_memory_t *mem; - - ctx = BN_CTX_new(); - __ops_keydata_init(keydata, OPS_PTAG_CT_SECRET_KEY); - seckey = __ops_get_writable_seckey(keydata); - - /* generate the key pair */ - - rsa = RSA_generate_key(numbits, e, NULL, NULL); - - /* populate __ops key from ssl key */ - - seckey->pubkey.version = OPS_V4; - seckey->pubkey.birthtime = time(NULL); - seckey->pubkey.days_valid = 0; - seckey->pubkey.alg = OPS_PKA_RSA; - - seckey->pubkey.key.rsa.n = BN_dup(rsa->n); - seckey->pubkey.key.rsa.e = BN_dup(rsa->e); - - seckey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; - seckey->s2k_specifier = OPS_S2KS_SALTED; - /* seckey->s2k_specifier=OPS_S2KS_SIMPLE; */ - if ((seckey->hash_alg = __ops_str_to_hash_alg(hashalg)) == OPS_HASH_UNKNOWN) { - seckey->hash_alg = OPS_HASH_SHA1; - } - seckey->alg = __ops_str_to_cipher(cipher); - seckey->octetc = 0; - seckey->checksum = 0; - - seckey->key.rsa.d = BN_dup(rsa->d); - seckey->key.rsa.p = BN_dup(rsa->p); - seckey->key.rsa.q = BN_dup(rsa->q); - seckey->key.rsa.u = BN_mod_inverse(NULL, rsa->p, rsa->q, ctx); - if (seckey->key.rsa.u == NULL) { - (void) fprintf(stderr, "seckey->key.rsa.u is NULL\n"); - return 0; - } - BN_CTX_free(ctx); - - RSA_free(rsa); - - __ops_keyid(keydata->sigid, OPS_KEY_ID_SIZE, &keydata->key.seckey.pubkey, seckey->hash_alg); - __ops_fingerprint(&keydata->sigfingerprint, &keydata->key.seckey.pubkey, seckey->hash_alg); - - /* Generate checksum */ - - output = NULL; - mem = NULL; - - __ops_setup_memory_write(&output, &mem, 128); - - __ops_push_checksum_writer(output, seckey); - - switch (seckey->pubkey.alg) { - case OPS_PKA_DSA: - return __ops_write_mpi(output, seckey->key.dsa.x); - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - if (!__ops_write_mpi(output, seckey->key.rsa.d) || - !__ops_write_mpi(output, seckey->key.rsa.p) || - !__ops_write_mpi(output, seckey->key.rsa.q) || - !__ops_write_mpi(output, seckey->key.rsa.u)) { - return 0; - } - break; - case OPS_PKA_ELGAMAL: - return __ops_write_mpi(output, seckey->key.elgamal.x); - - default: - (void) fprintf(stderr, "Bad seckey->pubkey.alg\n"); - return 0; - } - - /* close rather than pop, since its the only one on the stack */ - __ops_writer_close(output); - __ops_teardown_memory_write(output, mem); - - /* should now have checksum in seckey struct */ - - /* test */ - if (__ops_get_debug_level(__FILE__)) { - test_seckey(seckey); - } - - return 1; -} - -/** - \ingroup HighLevel_KeyGenerate - \brief Creates a self-signed RSA keypair - \param numbits Modulus size - \param e Public Exponent - \param userid User ID - \return The new keypair or NULL - - \note It is the caller's responsibility to call __ops_keydata_free(keydata) - \sa rsa_generate_keypair() - \sa __ops_keydata_free() -*/ -__ops_key_t * -__ops_rsa_new_selfsign_key(const int numbits, - const unsigned long e, - uint8_t *userid, - const char *hashalg, - const char *cipher) -{ - __ops_key_t *keydata; - - keydata = __ops_keydata_new(); - if (!rsa_generate_keypair(keydata, numbits, e, hashalg, cipher) || - !__ops_add_selfsigned_userid(keydata, userid)) { - __ops_keydata_free(keydata); - return NULL; - } - return keydata; -} - -DSA_SIG * -__ops_dsa_sign(uint8_t *hashbuf, - unsigned hashsize, - const __ops_dsa_seckey_t *secdsa, - const __ops_dsa_pubkey_t *pubdsa) -{ - DSA_SIG *dsasig; - DSA *odsa; - - odsa = DSA_new(); - odsa->p = pubdsa->p; - odsa->q = pubdsa->q; - odsa->g = pubdsa->g; - odsa->pub_key = pubdsa->y; - odsa->priv_key = secdsa->x; - - dsasig = DSA_do_sign(hashbuf, (int)hashsize, odsa); - - odsa->p = odsa->q = odsa->g = odsa->pub_key = odsa->priv_key = NULL; - DSA_free(odsa); - - return dsasig; -} - -int -openssl_read_pem_seckey(const char *f, __ops_key_t *key, const char *type, int verbose) -{ - FILE *fp; - char prompt[BUFSIZ]; - char *pass; - DSA *dsa; - RSA *rsa; - int ok; - - OpenSSL_add_all_algorithms(); - if ((fp = fopen(f, "r")) == NULL) { - if (verbose) { - (void) fprintf(stderr, "can't open '%s'\n", f); - } - return 0; - } - ok = 1; - if (strcmp(type, "ssh-rsa") == 0) { - if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL)) == NULL) { - (void) snprintf(prompt, sizeof(prompt), "netpgp PEM %s passphrase: ", f); - do { - pass = getpass(prompt); - rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, pass); - } while (rsa == NULL); - } - key->key.seckey.key.rsa.d = rsa->d; - key->key.seckey.key.rsa.p = rsa->p; - key->key.seckey.key.rsa.q = rsa->q; - key->key.seckey.key.rsa.d = rsa->d; - } else if (strcmp(type, "ssh-dss") == 0) { - if ((dsa = PEM_read_DSAPrivateKey(fp, NULL, NULL, NULL)) == NULL) { - ok = 0; - } else { - key->key.seckey.key.dsa.x = dsa->priv_key; - } - } else { - ok = 0; - } - (void) fclose(fp); - return ok; -} - -/* - * Decide the number of bits in the random componont k - * - * It should be in the same range as p for signing (which - * is deprecated), but can be much smaller for encrypting. - * - * Until I research it further, I just mimic gpg behaviour. - * It has a special mapping table, for values <= 5120, - * above that it uses 'arbitrary high number'. Following - * algorihm hovers 10-70 bits above gpg values. And for - * larger p, it uses gpg's algorihm. - * - * The point is - if k gets large, encryption will be - * really slow. It does not matter for decryption. - */ -static int -decide_k_bits(int p_bits) -{ - return (p_bits <= 5120) ? p_bits / 10 + 160 : (p_bits / 8 + 200) * 3 / 2; -} - -int -__ops_elgamal_public_encrypt(uint8_t *g_to_k, uint8_t *encm, - const uint8_t *in, - size_t size, - const __ops_elgamal_pubkey_t *pubkey) -{ - int ret = 0; - int k_bits; - BIGNUM *m; - BIGNUM *p; - BIGNUM *g; - BIGNUM *y; - BIGNUM *k; - BIGNUM *yk; - BIGNUM *c1; - BIGNUM *c2; - BN_CTX *tmp; - - m = BN_bin2bn(in, (int)size, NULL); - p = pubkey->p; - g = pubkey->g; - y = pubkey->y; - k = BN_new(); - yk = BN_new(); - c1 = BN_new(); - c2 = BN_new(); - tmp = BN_CTX_new(); - if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp) { - goto done; - } - /* - * generate k - */ - k_bits = decide_k_bits(BN_num_bits(p)); - if (!BN_rand(k, k_bits, 0, 0)) { - goto done; - } - /* - * c1 = g^k c2 = m * y^k - */ - if (!BN_mod_exp(c1, g, k, p, tmp)) { - goto done; - } - if (!BN_mod_exp(yk, y, k, p, tmp)) { - goto done; - } - if (!BN_mod_mul(c2, m, yk, p, tmp)) { - goto done; - } - /* result */ - BN_bn2bin(c1, g_to_k); - ret = BN_num_bytes(c1); /* c1 = g^k */ - BN_bn2bin(c2, encm); - ret += BN_num_bytes(c2); /* c2 = m * y^k */ -done: - if (tmp) { - BN_CTX_free(tmp); - } - if (c2) { - BN_clear_free(c2); - } - if (c1) { - BN_clear_free(c1); - } - if (yk) { - BN_clear_free(yk); - } - if (k) { - BN_clear_free(k); - } - if (g) { - BN_clear_free(g); - } - return ret; -} - -int -__ops_elgamal_private_decrypt(uint8_t *out, - const uint8_t *g_to_k, - const uint8_t *in, - size_t length, - const __ops_elgamal_seckey_t *seckey, - const __ops_elgamal_pubkey_t *pubkey) -{ - BIGNUM *bndiv; - BIGNUM *c1x; - BN_CTX *tmp; - BIGNUM *c1; - BIGNUM *c2; - BIGNUM *p; - BIGNUM *x; - BIGNUM *m; - int ret; - - ret = 0; - /* c1 and c2 are in g_to_k and in, respectively*/ - c1 = BN_bin2bn(g_to_k, (int)length, NULL); - c2 = BN_bin2bn(in, (int)length, NULL); - /* other bits */ - p = pubkey->p; - x = seckey->x; - c1x = BN_new(); - bndiv = BN_new(); - m = BN_new(); - tmp = BN_CTX_new(); - if (!c1 || !c2 || !p || !x || !c1x || !bndiv || !m || !tmp) { - goto done; - } - /* - * m = c2 / (c1^x) - */ - if (!BN_mod_exp(c1x, c1, x, p, tmp)) { - goto done; - } - if (!BN_mod_inverse(bndiv, c1x, p, tmp)) { - goto done; - } - if (!BN_mod_mul(m, c2, bndiv, p, tmp)) { - goto done; - } - /* result */ - ret = BN_bn2bin(m, out); -done: - if (tmp) { - BN_CTX_free(tmp); - } - if (m) { - BN_clear_free(m); - } - if (bndiv) { - BN_clear_free(bndiv); - } - if (c1x) { - BN_clear_free(c1x); - } - if (x) { - BN_clear_free(x); - } - if (p) { - BN_clear_free(p); - } - if (c1) { - BN_clear_free(c1); - } - if (c2) { - BN_clear_free(c2); - } - return ret; -} diff --git a/enzevalos_iphone/netpgp/lib/ops-ssh.h b/enzevalos_iphone/netpgp/lib/ops-ssh.h deleted file mode 100644 index c73f1156..00000000 --- a/enzevalos_iphone/netpgp/lib/ops-ssh.h +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef OPS_SSH_H_ -#define OPS_SSH_H_ - -#include "keyring.h" -#include "types.h" - -int __ops_ssh2pubkey(__ops_io_t *, const char *, __ops_key_t *, __ops_hash_alg_t); -int __ops_ssh2seckey(__ops_io_t *, const char *, __ops_key_t *, __ops_pubkey_t *, __ops_hash_alg_t); - -int __ops_ssh2_readkeys(__ops_io_t *, __ops_keyring_t *, __ops_keyring_t *, - const char *, const char *, unsigned); - -#endif diff --git a/enzevalos_iphone/netpgp/lib/packet-parse.c b/enzevalos_iphone/netpgp/lib/packet-parse.c deleted file mode 100644 index 4b001bc3..00000000 --- a/enzevalos_iphone/netpgp/lib/packet-parse.c +++ /dev/null @@ -1,3494 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - * \brief Parser for OpenPGP packets - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: packet-parse.c,v 1.44 2010/11/07 06:56:52 agc Exp $"); -#endif - -#ifdef HAVE_OPENSSL_CAST_H -#include <openssl/cast.h> -#endif - -#include <stdarg.h> -#include <stdlib.h> -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_LIMITS_H -#include <limits.h> -#endif - -#include "packet.h" -#include "packet-parse.h" -#include "keyring.h" -#include "errors.h" -#include "packet-show.h" -#include "create.h" -#include "readerwriter.h" -#include "netpgpdefs.h" -#include "crypto.h" -#include "netpgpdigest.h" - -#define ERRP(cbinfo, cont, err) do { \ - cont.u.error = err; \ - CALLBACK(OPS_PARSER_ERROR, cbinfo, &cont); \ - return 0; \ - /*NOTREACHED*/ \ -} while(/*CONSTCOND*/0) - -/** - * limread_data reads the specified amount of the subregion's data - * into a data_t structure - * - * \param data Empty structure which will be filled with data - * \param len Number of octets to read - * \param subregion - * \param stream How to parse - * - * \return 1 on success, 0 on failure - */ -static int -limread_data(__ops_data_t *data, unsigned len, - __ops_region_t *subregion, __ops_stream_t *stream) -{ - data->len = len; - - if (subregion->length - subregion->readc < len) { - (void) fprintf(stderr, "limread_data: bad length\n"); - return 0; - } - - data->contents = calloc(1, data->len); - if (!data->contents) { - return 0; - } - - return __ops_limited_read(data->contents, data->len, subregion, - &stream->errors, &stream->readinfo, &stream->cbinfo); -} - -/** - * read_data reads the remainder of the subregion's data - * into a data_t structure - * - * \param data - * \param subregion - * \param stream - * - * \return 1 on success, 0 on failure - */ -static int -read_data(__ops_data_t *data, __ops_region_t *region, __ops_stream_t *stream) -{ - int cc; - - cc = region->length - region->readc; - return (cc >= 0) ? limread_data(data, (unsigned)cc, region, stream) : 0; -} - -/** - * Reads the remainder of the subregion as a string. - * It is the user's responsibility to free the memory allocated here. - */ - -static int -read_unsig_str(uint8_t **str, __ops_region_t *subregion, - __ops_stream_t *stream) -{ - size_t len; - - len = subregion->length - subregion->readc; - if ((*str = calloc(1, len + 1)) == NULL) { - return 0; - } - if (len && - !__ops_limited_read(*str, len, subregion, &stream->errors, - &stream->readinfo, &stream->cbinfo)) { - return 0; - } - (*str)[len] = '\0'; - return 1; -} - -static int -read_string(char **str, __ops_region_t *subregion, __ops_stream_t *stream) -{ - return read_unsig_str((uint8_t **) str, subregion, stream); -} - -void -__ops_init_subregion(__ops_region_t *subregion, __ops_region_t *region) -{ - (void) memset(subregion, 0x0, sizeof(*subregion)); - subregion->parent = region; -} - -/* - * XXX: replace __ops_ptag_t with something more appropriate for limiting reads - */ - -/** - * low-level function to read data from reader function - * - * Use this function, rather than calling the reader directly. - * - * If the accumulate flag is set in *stream, the function - * adds the read data to the accumulated data, and updates - * the accumulated length. This is useful if, for example, - * the application wants access to the raw data as well as the - * parsed data. - * - * This function will also try to read the entire amount asked for, but not - * if it is over INT_MAX. Obviously many callers will know that they - * never ask for that much and so can avoid the extra complexity of - * dealing with return codes and filled-in lengths. - * - * \param *dest - * \param *plength - * \param flags - * \param *stream - * - * \return OPS_R_OK - * \return OPS_R_PARTIAL_READ - * \return OPS_R_EOF - * \return OPS_R_EARLY_EOF - * - * \sa #__ops_reader_ret_t for details of return codes - */ - -static int -sub_base_read(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - size_t n; - - /* reading more than this would look like an error */ - if (length > INT_MAX) - length = INT_MAX; - - for (n = 0; n < length;) { - int r; - - r = readinfo->reader((char *) dest + n, length - n, errors, - readinfo, cbinfo); - if (r > (int)(length - n)) { - (void) fprintf(stderr, "sub_base_read: bad read\n"); - return 0; - } - if (r < 0) { - return r; - } - if (r == 0) { - break; - } - n += (unsigned)r; - } - - if (n == 0) { - return 0; - } - if (readinfo->accumulate) { - if (readinfo->asize < readinfo->alength) { - (void) fprintf(stderr, "sub_base_read: bad size\n"); - return 0; - } - if (readinfo->alength + n > readinfo->asize) { - uint8_t *temp; - - readinfo->asize = (readinfo->asize * 2) + (unsigned)n; - temp = realloc(readinfo->accumulated, readinfo->asize); - if (temp == NULL) { - (void) fprintf(stderr, - "sub_base_read: bad alloc\n"); - return 0; - } - readinfo->accumulated = temp; - } - if (readinfo->asize < readinfo->alength + n) { - (void) fprintf(stderr, "sub_base_read: bad realloc\n"); - return 0; - } - (void) memcpy(readinfo->accumulated + readinfo->alength, dest, - n); - } - /* we track length anyway, because it is used for packet offsets */ - readinfo->alength += (unsigned)n; - /* and also the position */ - readinfo->position += (unsigned)n; - - return (int)n; -} - -int -__ops_stacked_read(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - return sub_base_read(dest, length, errors, readinfo->next, cbinfo); -} - -/* This will do a full read so long as length < MAX_INT */ -static int -base_read(uint8_t *dest, size_t length, __ops_stream_t *stream) -{ - return sub_base_read(dest, length, &stream->errors, &stream->readinfo, - &stream->cbinfo); -} - -/* - * Read a full size_t's worth. If the return is < than length, then - * *last_read tells you why - < 0 for an error, == 0 for EOF - */ - -static size_t -full_read(uint8_t *dest, - size_t length, - int *last_read, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - size_t t; - int r = 0; /* preset in case some loon calls with length - * == 0 */ - - for (t = 0; t < length;) { - r = sub_base_read(dest + t, length - t, errors, readinfo, - cbinfo); - if (r <= 0) { - *last_read = r; - return t; - } - t += (size_t)r; - } - - *last_read = r; - - return t; -} - - - -/** Read a scalar value of selected length from reader. - * - * Read an unsigned scalar value from reader in Big Endian representation. - * - * This function does not know or care about packet boundaries. It - * also assumes that an EOF is an error. - * - * \param *result The scalar value is stored here - * \param *reader Our reader - * \param length How many bytes to read - * \return 1 on success, 0 on failure - */ -static unsigned -_read_scalar(unsigned *result, unsigned length, - __ops_stream_t *stream) -{ - unsigned t = 0; - - if (length > sizeof(*result)) { - (void) fprintf(stderr, "_read_scalar: bad length\n"); - return 0; - } - - while (length--) { - uint8_t c; - int r; - - r = base_read(&c, 1, stream); - if (r != 1) - return 0; - t = (t << 8) + c; - } - - *result = t; - return 1; -} - -/** - * \ingroup Core_ReadPackets - * \brief Read bytes from a region within the packet. - * - * Read length bytes into the buffer pointed to by *dest. - * Make sure we do not read over the packet boundary. - * Updates the Packet Tag's __ops_ptag_t::readc. - * - * If length would make us read over the packet boundary, or if - * reading fails, we call the callback with an error. - * - * Note that if the region is indeterminate, this can return a short - * read - check region->last_read for the length. EOF is indicated by - * a success return and region->last_read == 0 in this case (for a - * region of known length, EOF is an error). - * - * This function makes sure to respect packet boundaries. - * - * \param dest The destination buffer - * \param length How many bytes to read - * \param region Pointer to packet region - * \param errors Error stack - * \param readinfo Reader info - * \param cbinfo Callback info - * \return 1 on success, 0 on error - */ -unsigned -__ops_limited_read(uint8_t *dest, - size_t length, - __ops_region_t *region, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - size_t r; - int lr; - - if (!region->indeterminate && - region->readc + length > region->length) { - OPS_ERROR(errors, OPS_E_P_NOT_ENOUGH_DATA, "Not enough data"); - return 0; - } - r = full_read(dest, length, &lr, errors, readinfo, cbinfo); - if (lr < 0) { - OPS_ERROR(errors, OPS_E_R_READ_FAILED, "Read failed"); - return 0; - } - if (!region->indeterminate && r != length) { - OPS_ERROR(errors, OPS_E_R_READ_FAILED, "Read failed"); - return 0; - } - region->last_read = (unsigned)r; - do { - region->readc += (unsigned)r; - if (region->parent && region->length > region->parent->length) { - (void) fprintf(stderr, - "ops_limited_read: bad length\n"); - return 0; - } - } while ((region = region->parent) != NULL); - return 1; -} - -/** - \ingroup Core_ReadPackets - \brief Call __ops_limited_read on next in stack -*/ -unsigned -__ops_stacked_limited_read(uint8_t *dest, unsigned length, - __ops_region_t *region, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - return __ops_limited_read(dest, length, region, errors, - readinfo->next, cbinfo); -} - -static unsigned -limread(uint8_t *dest, unsigned length, - __ops_region_t *region, __ops_stream_t *info) -{ - return __ops_limited_read(dest, length, region, &info->errors, - &info->readinfo, &info->cbinfo); -} - -static unsigned -exact_limread(uint8_t *dest, unsigned len, - __ops_region_t *region, - __ops_stream_t *stream) -{ - unsigned ret; - - stream->exact_read = 1; - ret = limread(dest, len, region, stream); - stream->exact_read = 0; - return ret; -} - -/** Skip over length bytes of this packet. - * - * Calls limread() to skip over some data. - * - * This function makes sure to respect packet boundaries. - * - * \param length How many bytes to skip - * \param *region Pointer to packet region - * \param *stream How to parse - * \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limread()). - */ -static int -limskip(unsigned length, __ops_region_t *region, __ops_stream_t *stream) -{ - uint8_t buf[NETPGP_BUFSIZ]; - - while (length > 0) { - unsigned n = length % NETPGP_BUFSIZ; - - if (!limread(buf, n, region, stream)) { - return 0; - } - length -= n; - } - return 1; -} - -/** Read a scalar. - * - * Read a big-endian scalar of length bytes, respecting packet - * boundaries (by calling limread() to read the raw data). - * - * This function makes sure to respect packet boundaries. - * - * \param *dest The scalar value is stored here - * \param length How many bytes make up this scalar (at most 4) - * \param *region Pointer to current packet region - * \param *stream How to parse - * \param *cb The callback - * \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limread()). - * - * \see RFC4880 3.1 - */ -static int -limread_scalar(unsigned *dest, - unsigned len, - __ops_region_t *region, - __ops_stream_t *stream) -{ - uint8_t c[4] = ""; - unsigned t; - unsigned n; - - if (len > 4) { - (void) fprintf(stderr, "limread_scalar: bad length\n"); - return 0; - } - /*LINTED*/ - if (/*CONSTCOND*/sizeof(*dest) < 4) { - (void) fprintf(stderr, "limread_scalar: bad dest\n"); - return 0; - } - if (!limread(c, len, region, stream)) { - return 0; - } - for (t = 0, n = 0; n < len; ++n) { - t = (t << 8) + c[n]; - } - *dest = t; - return 1; -} - -/** Read a scalar. - * - * Read a big-endian scalar of length bytes, respecting packet - * boundaries (by calling limread() to read the raw data). - * - * The value read is stored in a size_t, which is a different size - * from an unsigned on some platforms. - * - * This function makes sure to respect packet boundaries. - * - * \param *dest The scalar value is stored here - * \param length How many bytes make up this scalar (at most 4) - * \param *region Pointer to current packet region - * \param *stream How to parse - * \param *cb The callback - * \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limread()). - * - * \see RFC4880 3.1 - */ -static int -limread_size_t(size_t *dest, - unsigned length, - __ops_region_t *region, - __ops_stream_t *stream) -{ - unsigned tmp; - - /* - * Note that because the scalar is at most 4 bytes, we don't care if - * size_t is bigger than usigned - */ - if (!limread_scalar(&tmp, length, region, stream)) - return 0; - - *dest = tmp; - return 1; -} - -/** Read a timestamp. - * - * Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar - * of 4 bytes. - * - * This function reads the timestamp using limread_scalar(). - * - * This function makes sure to respect packet boundaries. - * - * \param *dest The timestamp is stored here - * \param *ptag Pointer to current packet's Packet Tag. - * \param *reader Our reader - * \param *cb The callback - * \return see limread_scalar() - * - * \see RFC4880 3.5 - */ -static int -limited_read_time(time_t *dest, __ops_region_t *region, - __ops_stream_t *stream) -{ - uint8_t c; - time_t mytime = 0; - int i; - - /* - * Cannot assume that time_t is 4 octets long - - * SunOS 5.10 and NetBSD both have 64-bit time_ts. - */ - if (/* CONSTCOND */sizeof(time_t) == 4) { - return limread_scalar((unsigned *)(void *)dest, 4, region, stream); - } - for (i = 0; i < 4; i++) { - if (!limread(&c, 1, region, stream)) { - return 0; - } - mytime = (mytime << 8) + c; - } - *dest = mytime; - return 1; -} - -/** - * \ingroup Core_MPI - * Read a multiprecision integer. - * - * Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar - * indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most - * significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is - * encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted). - * - * Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are - * supposed to be cleared - I guess. XXX - does anything actually say so? - * - * This function makes sure to respect packet boundaries. - * - * \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed - * by the caller XXX right ben? - * \param *ptag Pointer to current packet's Packet Tag. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX - * see comment below - the callback is called with a OPS_PARSER_ERROR in case of an error) - * - * \see RFC4880 3.2 - */ -static int -limread_mpi(BIGNUM **pbn, __ops_region_t *region, __ops_stream_t *stream) -{ - uint8_t buf[NETPGP_BUFSIZ] = ""; - /* an MPI has a 2 byte length part. - * Length is given in bits, so the - * largest we should ever need for - * the buffer is NETPGP_BUFSIZ bytes. */ - unsigned length; - unsigned nonzero; - unsigned ret; - - stream->reading_mpi_len = 1; - ret = (unsigned)limread_scalar(&length, 2, region, stream); - - stream->reading_mpi_len = 0; - if (!ret) - return 0; - - nonzero = length & 7; /* there should be this many zero bits in the - * MS byte */ - if (!nonzero) - nonzero = 8; - length = (length + 7) / 8; - - if (length == 0) { - /* if we try to read a length of 0, then fail */ - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "limread_mpi: 0 length\n"); - } - return 0; - } - if (length > NETPGP_BUFSIZ) { - (void) fprintf(stderr, "limread_mpi: bad length\n"); - return 0; - } - if (!limread(buf, length, region, stream)) { - return 0; - } - if (((unsigned)buf[0] >> nonzero) != 0 || - !((unsigned)buf[0] & (1U << (nonzero - 1U)))) { - OPS_ERROR(&stream->errors, OPS_E_P_MPI_FORMAT_ERROR, "MPI Format error"); - /* XXX: Ben, one part of - * this constraint does - * not apply to - * encrypted MPIs the - * draft says. -- peter */ - return 0; - } - *pbn = BN_bin2bn(buf, (int)length, NULL); - return 1; -} - -/** Read some data with a New-Format length from reader. - * - * \sa Internet-Draft RFC4880.txt Section 4.2.2 - * - * \param *length Where the decoded length will be put - * \param *stream How to parse - * \return 1 if OK, else 0 - * - */ - -static unsigned -read_new_length(unsigned *length, unsigned* indeterminate, __ops_stream_t *stream) -{ - uint8_t c; - *indeterminate = 0; - if (base_read(&c, 1, stream) != 1) - return 0; - if (c < 192) { - /* 1. One-octet packet */ - *length = c; - return 1; - } else if (c >= 192 && c <= 223) { - /* 2. Two-octet packet */ - unsigned t = (c - 192) << 8; - - if (base_read(&c, 1, stream) != 1) - return 0; - *length = t + c + 192; - return 1; - } else if (c == 255) { - /* 3. Five-Octet packet */ - return _read_scalar(length, 4, stream); - } else if (c >= 224 && c < 255) { - /* 4. Partial Body Length */ - *indeterminate = 1; - *length = 1 << (c & 0x1F); - return 1; - } - return 0; -} - -/** Read the length information for a new format Packet Tag. - * - * New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and - * decodes it to the proper length information. - * - * This function makes sure to respect packet boundaries. - * - * \param *length return the length here - * \param *ptag Pointer to current packet's Packet Tag. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX - * see comment below) - * - * \see RFC4880 4.2.2 - * \see __ops_ptag_t - */ -static int -limited_read_new_length(unsigned *length, unsigned* indeterminate, - __ops_region_t *region, __ops_stream_t *stream) -{ - uint8_t c; - *indeterminate = 0; - if (limread(&c, 1, region, stream) != 1) - return 0; - if (c < 192) { - /* 1. One-octet packet */ - *length = c; - return 1; - } else if (c >= 192 && c <= 223) { - /* 2. Two-octet packet */ - unsigned t = (c - 192) << 8; - - if (limread(&c, 1, region, stream) != 1) - return 0; - *length = t + c + 192; - return 1; - } else if (c == 255) { - /* 3. Five-Octet packet */ - return limread_scalar(length, 4, region, stream); - } else if (c >= 224 && c < 255) { - /* 4. Partial Body Length */ - *indeterminate = 1; - *length = 1 << (c & 0x1F); - return 1; - } - return 0; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -void -__ops_data_free(__ops_data_t *data) -{ - free(data->contents); - data->contents = NULL; - data->len = 0; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -static void -string_free(char **str) -{ - free(*str); - *str = NULL; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -/* ! Free packet memory, set pointer to NULL */ -void -__ops_subpacket_free(__ops_subpacket_t *packet) -{ - free(packet->raw); - packet->raw = NULL; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -static void -__ops_headers_free(__ops_headers_t *headers) -{ - unsigned n; - - for (n = 0; n < headers->headerc; ++n) { - free(headers->headers[n].key); - free(headers->headers[n].value); - } - free(headers->headers); - headers->headers = NULL; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -static void -cleartext_trailer_free(struct _ops_hash_t **trailer) -{ - free(*trailer); - *trailer = NULL; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -static void -__ops_cmd_get_passphrase_free(__ops_seckey_passphrase_t *skp) -{ - if (skp->passphrase && *skp->passphrase) { - free(*skp->passphrase); - *skp->passphrase = NULL; - } -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -static void -free_BN(BIGNUM **pp) -{ - BN_free(*pp); - *pp = NULL; -} - -/** - * \ingroup Core_Create - * \brief Free the memory used when parsing a signature - * \param sig - */ -static void -sig_free(__ops_sig_t *sig) -{ - switch (sig->info.key_alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_SIGN_ONLY: - free_BN(&sig->info.sig.rsa.sig); - break; - - case OPS_PKA_DSA: - free_BN(&sig->info.sig.dsa.r); - free_BN(&sig->info.sig.dsa.s); - break; - - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - free_BN(&sig->info.sig.elgamal.r); - free_BN(&sig->info.sig.elgamal.s); - break; - - case OPS_PKA_PRIVATE00: - case OPS_PKA_PRIVATE01: - case OPS_PKA_PRIVATE02: - case OPS_PKA_PRIVATE03: - case OPS_PKA_PRIVATE04: - case OPS_PKA_PRIVATE05: - case OPS_PKA_PRIVATE06: - case OPS_PKA_PRIVATE07: - case OPS_PKA_PRIVATE08: - case OPS_PKA_PRIVATE09: - case OPS_PKA_PRIVATE10: - __ops_data_free(&sig->info.sig.unknown); - break; - - default: - (void) fprintf(stderr, "sig_free: bad sig type\n"); - } -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -/* ! Free any memory allocated when parsing the packet content */ -void -__ops_parser_content_free(__ops_packet_t *c) -{ - switch (c->tag) { - case OPS_PARSER_PTAG: - case OPS_PTAG_CT_COMPRESSED: - case OPS_PTAG_SS_CREATION_TIME: - case OPS_PTAG_SS_EXPIRATION_TIME: - case OPS_PTAG_SS_KEY_EXPIRY: - case OPS_PTAG_SS_TRUST: - case OPS_PTAG_SS_ISSUER_KEY_ID: - case OPS_PTAG_CT_1_PASS_SIG: - case OPS_PTAG_SS_PRIMARY_USER_ID: - case OPS_PTAG_SS_REVOCABLE: - case OPS_PTAG_SS_REVOCATION_KEY: - case OPS_PTAG_CT_LITDATA_HEADER: - case OPS_PTAG_CT_LITDATA_BODY: - case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY: - case OPS_PTAG_CT_UNARMOURED_TEXT: - case OPS_PTAG_CT_ARMOUR_TRAILER: - case OPS_PTAG_CT_SIGNATURE_HEADER: - case OPS_PTAG_CT_SE_DATA_HEADER: - case OPS_PTAG_CT_SE_IP_DATA_HEADER: - case OPS_PTAG_CT_SE_IP_DATA_BODY: - case OPS_PTAG_CT_MDC: - case OPS_GET_SECKEY: - break; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER: - __ops_headers_free(&c->u.cleartext_head); - break; - - case OPS_PTAG_CT_ARMOUR_HEADER: - __ops_headers_free(&c->u.armour_header.headers); - break; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER: - cleartext_trailer_free(&c->u.cleartext_trailer); - break; - - case OPS_PTAG_CT_TRUST: - __ops_data_free(&c->u.trust); - break; - - case OPS_PTAG_CT_SIGNATURE: - case OPS_PTAG_CT_SIGNATURE_FOOTER: - sig_free(&c->u.sig); - break; - - case OPS_PTAG_CT_PUBLIC_KEY: - case OPS_PTAG_CT_PUBLIC_SUBKEY: - __ops_pubkey_free(&c->u.pubkey); - break; - - case OPS_PTAG_CT_USER_ID: - __ops_userid_free(&c->u.userid); - break; - - case OPS_PTAG_SS_SIGNERS_USER_ID: - __ops_userid_free(&c->u.ss_signer); - break; - - case OPS_PTAG_CT_USER_ATTR: - __ops_data_free(&c->u.userattr); - break; - - case OPS_PTAG_SS_PREFERRED_SKA: - __ops_data_free(&c->u.ss_skapref); - break; - - case OPS_PTAG_SS_PREFERRED_HASH: - __ops_data_free(&c->u.ss_hashpref); - break; - - case OPS_PTAG_SS_PREF_COMPRESS: - __ops_data_free(&c->u.ss_zpref); - break; - - case OPS_PTAG_SS_KEY_FLAGS: - __ops_data_free(&c->u.ss_key_flags); - break; - - case OPS_PTAG_SS_KEYSERV_PREFS: - __ops_data_free(&c->u.ss_key_server_prefs); - break; - - case OPS_PTAG_SS_FEATURES: - __ops_data_free(&c->u.ss_features); - break; - - case OPS_PTAG_SS_NOTATION_DATA: - __ops_data_free(&c->u.ss_notation.name); - __ops_data_free(&c->u.ss_notation.value); - break; - - case OPS_PTAG_SS_REGEXP: - string_free(&c->u.ss_regexp); - break; - - case OPS_PTAG_SS_POLICY_URI: - string_free(&c->u.ss_policy); - break; - - case OPS_PTAG_SS_PREF_KEYSERV: - string_free(&c->u.ss_keyserv); - break; - - case OPS_PTAG_SS_USERDEFINED00: - case OPS_PTAG_SS_USERDEFINED01: - case OPS_PTAG_SS_USERDEFINED02: - case OPS_PTAG_SS_USERDEFINED03: - case OPS_PTAG_SS_USERDEFINED04: - case OPS_PTAG_SS_USERDEFINED05: - case OPS_PTAG_SS_USERDEFINED06: - case OPS_PTAG_SS_USERDEFINED07: - case OPS_PTAG_SS_USERDEFINED08: - case OPS_PTAG_SS_USERDEFINED09: - case OPS_PTAG_SS_USERDEFINED10: - __ops_data_free(&c->u.ss_userdef); - break; - - case OPS_PTAG_SS_RESERVED: - __ops_data_free(&c->u.ss_unknown); - break; - - case OPS_PTAG_SS_REVOCATION_REASON: - string_free(&c->u.ss_revocation.reason); - break; - - case OPS_PTAG_SS_EMBEDDED_SIGNATURE: - __ops_data_free(&c->u.ss_embedded_sig); - break; - - case OPS_PARSER_PACKET_END: - __ops_subpacket_free(&c->u.packet); - break; - - case OPS_PARSER_ERROR: - case OPS_PARSER_ERRCODE: - break; - - case OPS_PTAG_CT_SECRET_KEY: - case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: - __ops_seckey_free(&c->u.seckey); - break; - - case OPS_PTAG_CT_PK_SESSION_KEY: - case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: - __ops_pk_sesskey_free(&c->u.pk_sesskey); - break; - - case OPS_GET_PASSPHRASE: - __ops_cmd_get_passphrase_free(&c->u.skey_passphrase); - break; - - default: - fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); - } -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -void -__ops_pk_sesskey_free(__ops_pk_sesskey_t *sk) -{ - switch (sk->alg) { - case OPS_PKA_RSA: - free_BN(&sk->params.rsa.encrypted_m); - break; - - case OPS_PKA_ELGAMAL: - free_BN(&sk->params.elgamal.g_to_k); - free_BN(&sk->params.elgamal.encrypted_m); - break; - - default: - (void) fprintf(stderr, "__ops_pk_sesskey_free: bad alg\n"); - break; - } -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -/* ! Free the memory used when parsing a public key */ -void -__ops_pubkey_free(__ops_pubkey_t *p) -{ - switch (p->alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - free_BN(&p->key.rsa.n); - free_BN(&p->key.rsa.e); - break; - - case OPS_PKA_DSA: - free_BN(&p->key.dsa.p); - free_BN(&p->key.dsa.q); - free_BN(&p->key.dsa.g); - free_BN(&p->key.dsa.y); - break; - - case OPS_PKA_ELGAMAL: - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - free_BN(&p->key.elgamal.p); - free_BN(&p->key.elgamal.g); - free_BN(&p->key.elgamal.y); - break; - - case OPS_PKA_NOTHING: - /* nothing to free */ - break; - - default: - (void) fprintf(stderr, "__ops_pubkey_free: bad alg\n"); - } -} - -/** - \ingroup Core_ReadPackets -*/ -static int -parse_pubkey_data(__ops_pubkey_t *key, __ops_region_t *region, - __ops_stream_t *stream) -{ - uint8_t c = 0x0; - - if (region->readc != 0) { - /* We should not have read anything so far */ - (void) fprintf(stderr, "parse_pubkey_data: bad length\n"); - return 0; - } - if (!limread(&c, 1, region, stream)) { - return 0; - } - key->version = (__ops_version_t)c; - switch (key->version) { - case OPS_V2: - case OPS_V3: - case OPS_V4: - break; - default: - OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN, - "Bad public key version (0x%02x)", key->version); - return 0; - } - if (!limited_read_time(&key->birthtime, region, stream)) { - return 0; - } - - key->days_valid = 0; - if ((key->version == 2 || key->version == 3) && - !limread_scalar(&key->days_valid, 2, region, stream)) { - return 0; - } - - if (!limread(&c, 1, region, stream)) { - return 0; - } - key->alg = c; - - switch (key->alg) { - case OPS_PKA_DSA: - if (!limread_mpi(&key->key.dsa.p, region, stream) || - !limread_mpi(&key->key.dsa.q, region, stream) || - !limread_mpi(&key->key.dsa.g, region, stream) || - !limread_mpi(&key->key.dsa.y, region, stream)) { - return 0; - } - break; - - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - if (!limread_mpi(&key->key.rsa.n, region, stream) || - !limread_mpi(&key->key.rsa.e, region, stream)) { - return 0; - } - break; - - case OPS_PKA_ELGAMAL: - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - if (!limread_mpi(&key->key.elgamal.p, region, stream) || - !limread_mpi(&key->key.elgamal.g, region, stream) || - !limread_mpi(&key->key.elgamal.y, region, stream)) { - return 0; - } - break; - - default: - OPS_ERROR_1(&stream->errors, - OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, - "Unsupported Public Key algorithm (%s)", - __ops_show_pka(key->alg)); - return 0; - } - - return 1; -} - - -/** - * \ingroup Core_ReadPackets - * \brief Parse a public key packet. - * - * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys. - * - * Once the key has been parsed successfully, it is passed to the callback. - * - * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - * - * \see RFC4880 5.5.2 - */ -static int -parse_pubkey(__ops_content_enum tag, __ops_region_t *region, - __ops_stream_t *stream) -{ - __ops_packet_t pkt; - - if (!parse_pubkey_data(&pkt.u.pubkey, region, stream)) { - (void) fprintf(stderr, "parse_pubkey: parse_pubkey_data failed\n"); - return 0; - } - - /* XXX: this test should be done for all packets, surely? */ - if (region->readc != region->length) { - OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, - "Unconsumed data (%d)", region->length - region->readc); - return 0; - } - CALLBACK(tag, &stream->cbinfo, &pkt); - - return 1; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse one user attribute packet. - * - * User attribute packets contain one or more attribute subpackets. - * For now, handle the whole packet as raw data. - */ - -static int -parse_userattr(__ops_region_t *region, __ops_stream_t *stream) -{ - - __ops_packet_t pkt; - - /* - * xxx- treat as raw data for now. Could break down further into - * attribute sub-packets later - rachel - */ - if (region->readc != 0) { - /* We should not have read anything so far */ - (void) fprintf(stderr, "parse_userattr: bad length\n"); - return 0; - } - if (!read_data(&pkt.u.userattr, region, stream)) { - return 0; - } - CALLBACK(OPS_PTAG_CT_USER_ATTR, &stream->cbinfo, &pkt); - return 1; -} - -/** -\ingroup Core_Create -\brief Free allocated memory -*/ -/* ! Free the memory used when parsing this packet type */ -void -__ops_userid_free(uint8_t **id) -{ - free(*id); - *id = NULL; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse a user id. - * - * This function parses an user id packet, which is basically just a char array the size of the packet. - * - * The char array is to be treated as an UTF-8 string. - * - * The userid gets null terminated by this function. Freeing it is the responsibility of the caller. - * - * Once the userid has been parsed successfully, it is passed to the callback. - * - * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - * - * \see RFC4880 5.11 - */ -static int -parse_userid(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - - if (region->readc != 0) { - /* We should not have read anything so far */ - (void) fprintf(stderr, "parse_userid: bad length\n"); - return 0; - } - - if ((pkt.u.userid = calloc(1, region->length + 1)) == NULL) { - (void) fprintf(stderr, "parse_userid: bad alloc\n"); - return 0; - } - - if (region->length && - !limread(pkt.u.userid, region->length, region, - stream)) { - return 0; - } - pkt.u.userid[region->length] = 0x0; - CALLBACK(OPS_PTAG_CT_USER_ID, &stream->cbinfo, &pkt); - return 1; -} - -static __ops_hash_t * -parse_hash_find(__ops_stream_t *stream, const uint8_t *keyid) -{ - __ops_hashtype_t *hp; - size_t n; - - for (n = 0, hp = stream->hashes; n < stream->hashc; n++, hp++) { - if (memcmp(hp->keyid, keyid, OPS_KEY_ID_SIZE) == 0) { - return &hp->hash; - } - } - return NULL; -} - -/** - * \ingroup Core_Parse - * \brief Parse a version 3 signature. - * - * This function parses an version 3 signature packet, handling RSA and DSA signatures. - * - * Once the signature has been parsed successfully, it is passed to the callback. - * - * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - * - * \see RFC4880 5.2.2 - */ -static int -parse_v3_sig(__ops_region_t *region, - __ops_stream_t *stream) -{ - __ops_packet_t pkt; - uint8_t c = 0x0; - - /* clear signature */ - (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); - - pkt.u.sig.info.version = OPS_V3; - - /* hash info length */ - if (!limread(&c, 1, region, stream)) { - return 0; - } - if (c != 5) { - ERRP(&stream->cbinfo, pkt, "bad hash info length"); - } - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.sig.info.type = (__ops_sig_type_t)c; - /* XXX: check signature type */ - - if (!limited_read_time(&pkt.u.sig.info.birthtime, region, stream)) { - return 0; - } - pkt.u.sig.info.birthtime_set = 1; - - if (!limread(pkt.u.sig.info.signer_id, OPS_KEY_ID_SIZE, region, - stream)) { - return 0; - } - pkt.u.sig.info.signer_id_set = 1; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.sig.info.key_alg = (__ops_pubkey_alg_t)c; - /* XXX: check algorithm */ - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.sig.info.hash_alg = (__ops_hash_alg_t)c; - /* XXX: check algorithm */ - - if (!limread(pkt.u.sig.hash2, 2, region, stream)) { - return 0; - } - - switch (pkt.u.sig.info.key_alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_SIGN_ONLY: - if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { - return 0; - } - break; - - case OPS_PKA_DSA: - if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream) || - !limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { - return 0; - } - break; - - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, - stream) || - !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, - stream)) { - return 0; - } - break; - - default: - OPS_ERROR_1(&stream->errors, - OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, - "Unsupported signature key algorithm (%s)", - __ops_show_pka(pkt.u.sig.info.key_alg)); - return 0; - } - - if (region->readc != region->length) { - OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, - "Unconsumed data (%d)", - region->length - region->readc); - return 0; - } - if (pkt.u.sig.info.signer_id_set) { - pkt.u.sig.hash = parse_hash_find(stream, - pkt.u.sig.info.signer_id); - } - CALLBACK(OPS_PTAG_CT_SIGNATURE, &stream->cbinfo, &pkt); - return 1; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse one signature sub-packet. - * - * Version 4 signatures can have an arbitrary amount of (hashed and - * unhashed) subpackets. Subpackets are used to hold optional - * attributes of subpackets. - * - * This function parses one such signature subpacket. - * - * Once the subpacket has been parsed successfully, it is passed to the callback. - * - * \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - * - * \see RFC4880 5.2.3 - */ -static int -parse_one_sig_subpacket(__ops_sig_t *sig, - __ops_region_t *region, - __ops_stream_t *stream) -{ - __ops_region_t subregion; - __ops_packet_t pkt; - uint8_t bools = 0x0; - uint8_t c = 0x0; - unsigned doread = 1; - unsigned t8; - unsigned t7; - unsigned indeterminate; - - __ops_init_subregion(&subregion, region); - if (!limited_read_new_length(&subregion.length, &indeterminate, region, stream)) { - return 0; - } - - if (subregion.length > region->length) { - ERRP(&stream->cbinfo, pkt, "Subpacket too long"); - } - - if (!limread(&c, 1, &subregion, stream)) { - return 0; - } - - t8 = (c & 0x7f) / 8; - t7 = 1 << (c & 7); - - pkt.critical = (unsigned)c >> 7; - pkt.tag = (__ops_content_enum)(OPS_PTAG_SIG_SUBPKT_BASE + (c & 0x7f)); - - /* Application wants it delivered raw */ - if (stream->ss_raw[t8] & t7) { - pkt.u.ss_raw.tag = pkt.tag; - pkt.u.ss_raw.length = subregion.length - 1; - pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length); - if (pkt.u.ss_raw.raw == NULL) { - (void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n"); - return 0; - } - if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length, - &subregion, stream)) { - return 0; - } - CALLBACK(OPS_PTAG_RAW_SS, &stream->cbinfo, &pkt); - return 1; - } - switch (pkt.tag) { - case OPS_PTAG_SS_CREATION_TIME: - case OPS_PTAG_SS_EXPIRATION_TIME: - case OPS_PTAG_SS_KEY_EXPIRY: - if (!limited_read_time(&pkt.u.ss_time, &subregion, stream)) - return 0; - if (pkt.tag == OPS_PTAG_SS_CREATION_TIME) { - sig->info.birthtime = pkt.u.ss_time; - sig->info.birthtime_set = 1; - } - if (pkt.tag == OPS_PTAG_SS_EXPIRATION_TIME) { - sig->info.duration = pkt.u.ss_time; - sig->info.duration_set = 1; - } - break; - - case OPS_PTAG_SS_TRUST: - if (!limread(&pkt.u.ss_trust.level, 1, &subregion, stream) || - !limread(&pkt.u.ss_trust.amount, 1, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_REVOCABLE: - if (!limread(&bools, 1, &subregion, stream)) { - return 0; - } - pkt.u.ss_revocable = !!bools; - break; - - case OPS_PTAG_SS_ISSUER_KEY_ID: - if (!limread(pkt.u.ss_issuer, OPS_KEY_ID_SIZE, &subregion, stream)) { - return 0; - } - (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, OPS_KEY_ID_SIZE); - sig->info.signer_id_set = 1; - break; - - case OPS_PTAG_SS_PREFERRED_SKA: - if (!read_data(&pkt.u.ss_skapref, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_PREFERRED_HASH: - if (!read_data(&pkt.u.ss_hashpref, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_PREF_COMPRESS: - if (!read_data(&pkt.u.ss_zpref, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_PRIMARY_USER_ID: - if (!limread(&bools, 1, &subregion, stream)) { - return 0; - } - pkt.u.ss_primary_userid = !!bools; - break; - - case OPS_PTAG_SS_KEY_FLAGS: - if (!read_data(&pkt.u.ss_key_flags, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_KEYSERV_PREFS: - if (!read_data(&pkt.u.ss_key_server_prefs, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_FEATURES: - if (!read_data(&pkt.u.ss_features, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_SIGNERS_USER_ID: - if (!read_unsig_str(&pkt.u.ss_signer, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_EMBEDDED_SIGNATURE: - /* \todo should do something with this sig? */ - if (!read_data(&pkt.u.ss_embedded_sig, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_NOTATION_DATA: - if (!limread_data(&pkt.u.ss_notation.flags, 4, - &subregion, stream)) { - return 0; - } - if (!limread_size_t(&pkt.u.ss_notation.name.len, 2, - &subregion, stream)) { - return 0; - } - if (!limread_size_t(&pkt.u.ss_notation.value.len, 2, - &subregion, stream)) { - return 0; - } - if (!limread_data(&pkt.u.ss_notation.name, - (unsigned)pkt.u.ss_notation.name.len, - &subregion, stream)) { - return 0; - } - if (!limread_data(&pkt.u.ss_notation.value, - (unsigned)pkt.u.ss_notation.value.len, - &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_POLICY_URI: - if (!read_string(&pkt.u.ss_policy, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_REGEXP: - if (!read_string(&pkt.u.ss_regexp, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_PREF_KEYSERV: - if (!read_string(&pkt.u.ss_keyserv, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_USERDEFINED00: - case OPS_PTAG_SS_USERDEFINED01: - case OPS_PTAG_SS_USERDEFINED02: - case OPS_PTAG_SS_USERDEFINED03: - case OPS_PTAG_SS_USERDEFINED04: - case OPS_PTAG_SS_USERDEFINED05: - case OPS_PTAG_SS_USERDEFINED06: - case OPS_PTAG_SS_USERDEFINED07: - case OPS_PTAG_SS_USERDEFINED08: - case OPS_PTAG_SS_USERDEFINED09: - case OPS_PTAG_SS_USERDEFINED10: - if (!read_data(&pkt.u.ss_userdef, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_RESERVED: - if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_REVOCATION_REASON: - /* first byte is the machine-readable code */ - if (!limread(&pkt.u.ss_revocation.code, 1, &subregion, stream)) { - return 0; - } - /* the rest is a human-readable UTF-8 string */ - if (!read_string(&pkt.u.ss_revocation.reason, &subregion, - stream)) { - return 0; - } - break; - - case OPS_PTAG_SS_REVOCATION_KEY: - /* octet 0 = class. Bit 0x80 must be set */ - if (!limread(&pkt.u.ss_revocation_key.class, 1, - &subregion, stream)) { - return 0; - } - if (!(pkt.u.ss_revocation_key.class & 0x80)) { - printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: " - "Bit 0x80 should be set\n"); - return 0; - } - /* octet 1 = algid */ - if (!limread(&pkt.u.ss_revocation_key.algid, 1, - &subregion, stream)) { - return 0; - } - /* octets 2-21 = fingerprint */ - if (!limread(&pkt.u.ss_revocation_key.fingerprint[0], - OPS_FINGERPRINT_SIZE, &subregion, stream)) { - return 0; - } - break; - - default: - if (stream->ss_parsed[t8] & t7) { - OPS_ERROR_1(&stream->errors, OPS_E_PROTO_UNKNOWN_SS, - "Unknown signature subpacket type (%d)", - c & 0x7f); - } - doread = 0; - break; - } - - /* Application doesn't want it delivered parsed */ - if (!(stream->ss_parsed[t8] & t7)) { - if (pkt.critical) { - OPS_ERROR_1(&stream->errors, - OPS_E_PROTO_CRITICAL_SS_IGNORED, - "Critical signature subpacket ignored (%d)", - c & 0x7f); - } - if (!doread && - !limskip(subregion.length - 1, &subregion, stream)) { - return 0; - } - if (doread) { - __ops_parser_content_free(&pkt); - } - return 1; - } - if (doread && subregion.readc != subregion.length) { - OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, - "Unconsumed data (%d)", - subregion.length - subregion.readc); - return 0; - } - CALLBACK(pkt.tag, &stream->cbinfo, &pkt); - return 1; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse several signature subpackets. - * - * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set. - * This function parses this length and then calls parse_one_sig_subpacket() for each subpacket until the - * entire set is consumed. - * - * This function does not call the callback directly, parse_one_sig_subpacket() does for each subpacket. - * - * \param *ptag Pointer to the Packet Tag. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - * - * \see RFC4880 5.2.3 - */ -static int -parse_sig_subpkts(__ops_sig_t *sig, - __ops_region_t *region, - __ops_stream_t *stream) -{ - __ops_region_t subregion; - __ops_packet_t pkt; - - __ops_init_subregion(&subregion, region); - if (!limread_scalar(&subregion.length, 2, region, stream)) { - return 0; - } - - if (subregion.length > region->length) { - ERRP(&stream->cbinfo, pkt, "Subpacket set too long"); - } - - while (subregion.readc < subregion.length) { - if (!parse_one_sig_subpacket(sig, &subregion, stream)) { - return 0; - } - } - - if (subregion.readc != subregion.length) { - if (!limskip(subregion.length - subregion.readc, - &subregion, stream)) { - ERRP(&stream->cbinfo, pkt, -"parse_sig_subpkts: subpacket length read mismatch"); - } - ERRP(&stream->cbinfo, pkt, "Subpacket length mismatch"); - } - return 1; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse a version 4 signature. - * - * This function parses a version 4 signature including all its hashed and unhashed subpackets. - * - * Once the signature packet has been parsed successfully, it is passed to the callback. - * - * \param *ptag Pointer to the Packet Tag. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - * - * \see RFC4880 5.2.3 - */ -static int -parse_v4_sig(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - uint8_t c = 0x0; - - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "\nparse_v4_sig\n"); - } - /* clear signature */ - (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); - - /* - * We need to hash the packet data from version through the hashed - * subpacket data - */ - - pkt.u.sig.v4_hashstart = stream->readinfo.alength - 1; - - /* Set version,type,algorithms */ - - pkt.u.sig.info.version = OPS_V4; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.sig.info.type = (__ops_sig_type_t)c; - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "signature type=%d (%s)\n", - pkt.u.sig.info.type, - __ops_show_sig_type(pkt.u.sig.info.type)); - } - /* XXX: check signature type */ - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.sig.info.key_alg = (__ops_pubkey_alg_t)c; - /* XXX: check key algorithm */ - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "key_alg=%d (%s)\n", - pkt.u.sig.info.key_alg, - __ops_show_pka(pkt.u.sig.info.key_alg)); - } - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.sig.info.hash_alg = (__ops_hash_alg_t)c; - /* XXX: check hash algorithm */ - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "hash_alg=%d %s\n", - pkt.u.sig.info.hash_alg, - __ops_show_hash_alg(pkt.u.sig.info.hash_alg)); - } - CALLBACK(OPS_PTAG_CT_SIGNATURE_HEADER, &stream->cbinfo, &pkt); - - if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { - return 0; - } - - pkt.u.sig.info.v4_hashlen = stream->readinfo.alength - - pkt.u.sig.v4_hashstart; - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "v4_hashlen=%zd\n", pkt.u.sig.info.v4_hashlen); - } - - /* copy hashed subpackets */ - if (pkt.u.sig.info.v4_hashed) { - free(pkt.u.sig.info.v4_hashed); - } - pkt.u.sig.info.v4_hashed = calloc(1, pkt.u.sig.info.v4_hashlen); - if (pkt.u.sig.info.v4_hashed == NULL) { - (void) fprintf(stderr, "parse_v4_sig: bad alloc\n"); - return 0; - } - - if (!stream->readinfo.accumulate) { - /* We must accumulate, else we can't check the signature */ - fprintf(stderr, "*** ERROR: must set accumulate to 1\n"); - return 0; - } - (void) memcpy(pkt.u.sig.info.v4_hashed, - stream->readinfo.accumulated + pkt.u.sig.v4_hashstart, - pkt.u.sig.info.v4_hashlen); - - if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { - return 0; - } - - if (!limread(pkt.u.sig.hash2, 2, region, stream)) { - return 0; - } - - switch (pkt.u.sig.info.key_alg) { - case OPS_PKA_RSA: - if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { - return 0; - } - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n"); - BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig); - (void) fprintf(stderr, "\n"); - } - break; - - case OPS_PKA_DSA: - if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream)) { - /* - * usually if this fails, it just means we've reached - * the end of the keyring - */ - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, - "Error reading DSA r field in signature"); - } - return 0; - } - if (!limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { - ERRP(&stream->cbinfo, pkt, - "Error reading DSA s field in signature"); - } - break; - - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, - stream) || - !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, - stream)) { - return 0; - } - break; - - case OPS_PKA_PRIVATE00: - case OPS_PKA_PRIVATE01: - case OPS_PKA_PRIVATE02: - case OPS_PKA_PRIVATE03: - case OPS_PKA_PRIVATE04: - case OPS_PKA_PRIVATE05: - case OPS_PKA_PRIVATE06: - case OPS_PKA_PRIVATE07: - case OPS_PKA_PRIVATE08: - case OPS_PKA_PRIVATE09: - case OPS_PKA_PRIVATE10: - if (!read_data(&pkt.u.sig.info.sig.unknown, region, stream)) { - return 0; - } - break; - - default: - OPS_ERROR_1(&stream->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, - "Bad v4 signature key algorithm (%s)", - __ops_show_pka(pkt.u.sig.info.key_alg)); - return 0; - } - if (region->readc != region->length) { - OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, - "Unconsumed data (%d)", - region->length - region->readc); - return 0; - } - CALLBACK(OPS_PTAG_CT_SIGNATURE_FOOTER, &stream->cbinfo, &pkt); - return 1; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse a signature subpacket. - * - * This function calls the appropriate function to handle v3 or v4 signatures. - * - * Once the signature packet has been parsed successfully, it is passed to the callback. - * - * \param *ptag Pointer to the Packet Tag. - * \param *reader Our reader - * \param *cb The callback - * \return 1 on success, 0 on error - */ -static int -parse_sig(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - uint8_t c = 0x0; - - if (region->readc != 0) { - /* We should not have read anything so far */ - (void) fprintf(stderr, "parse_sig: bad length\n"); - return 0; - } - - (void) memset(&pkt, 0x0, sizeof(pkt)); - if (!limread(&c, 1, region, stream)) { - return 0; - } - if (c == 2 || c == 3) { - return parse_v3_sig(region, stream); - } - if (c == 4) { - return parse_v4_sig(region, stream); - } - OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_SIGNATURE_VRSN, - "Bad signature version (%d)", c); - return 0; -} - -/** - \ingroup Core_ReadPackets - \brief Parse Compressed packet -*/ -static int -parse_compressed(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - uint8_t c = 0x0; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - - pkt.u.compressed = (__ops_compression_type_t)c; - - CALLBACK(OPS_PTAG_CT_COMPRESSED, &stream->cbinfo, &pkt); - - /* - * The content of a compressed data packet is more OpenPGP packets - * once decompressed, so recursively handle them - */ - - return __ops_decompress(region, stream, pkt.u.compressed); -} - -/* XXX: this could be improved by sharing all hashes that are the */ -/* same, then duping them just before checking the signature. */ -static void -parse_hash_init(__ops_stream_t *stream, __ops_hash_alg_t type, - const uint8_t *keyid) -{ - __ops_hashtype_t *hash; - - hash = realloc(stream->hashes, - (stream->hashc + 1) * sizeof(*stream->hashes)); - if (hash == NULL) { - (void) fprintf(stderr, "parse_hash_init: bad alloc 0\n"); - /* just continue and die here */ - /* XXX - agc - no way to return failure */ - } else { - stream->hashes = hash; - } - hash = &stream->hashes[stream->hashc++]; - - __ops_hash_any(&hash->hash, type); - if (!hash->hash.init(&hash->hash)) { - (void) fprintf(stderr, "parse_hash_init: bad alloc\n"); - /* just continue and die here */ - /* XXX - agc - no way to return failure */ - } - (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); -} - -/** - \ingroup Core_ReadPackets - \brief Parse a One Pass Signature packet -*/ -static int -parse_one_pass(__ops_region_t * region, __ops_stream_t * stream) -{ - __ops_packet_t pkt; - uint8_t c = 0x0; - - if (!limread(&pkt.u.one_pass_sig.version, 1, region, stream)) { - return 0; - } - if (pkt.u.one_pass_sig.version != 3) { - OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN, - "Bad one-pass signature version (%d)", - pkt.u.one_pass_sig.version); - return 0; - } - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.one_pass_sig.sig_type = (__ops_sig_type_t)c; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.one_pass_sig.hash_alg = (__ops_hash_alg_t)c; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.one_pass_sig.key_alg = (__ops_pubkey_alg_t)c; - - if (!limread(pkt.u.one_pass_sig.keyid, - (unsigned)sizeof(pkt.u.one_pass_sig.keyid), - region, stream)) { - return 0; - } - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.one_pass_sig.nested = !!c; - CALLBACK(OPS_PTAG_CT_1_PASS_SIG, &stream->cbinfo, &pkt); - /* XXX: we should, perhaps, let the app choose whether to hash or not */ - parse_hash_init(stream, pkt.u.one_pass_sig.hash_alg, - pkt.u.one_pass_sig.keyid); - return 1; -} - -/** - \ingroup Core_ReadPackets - \brief Parse a Trust packet -*/ -static int -parse_trust(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - - if (!read_data(&pkt.u.trust, region, stream)) { - return 0; - } - CALLBACK(OPS_PTAG_CT_TRUST, &stream->cbinfo, &pkt); - return 1; -} - -static void -parse_hash_data(__ops_stream_t *stream, const void *data, - size_t length) -{ - size_t n; - - for (n = 0; n < stream->hashc; ++n) { - stream->hashes[n].hash.add(&stream->hashes[n].hash, data, (unsigned)length); - } -} - -/** - \ingroup Core_ReadPackets - \brief Parse a Literal Data packet -*/ -static int -parse_litdata(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_memory_t *mem; - __ops_packet_t pkt; - uint8_t c = 0x0; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.litdata_header.format = (__ops_litdata_enum)c; - if (!limread(&c, 1, region, stream)) { - return 0; - } - if (!limread((uint8_t *)pkt.u.litdata_header.filename, - (unsigned)c, region, stream)) { - return 0; - } - pkt.u.litdata_header.filename[c] = '\0'; - if (!limited_read_time(&pkt.u.litdata_header.mtime, region, stream)) { - return 0; - } - CALLBACK(OPS_PTAG_CT_LITDATA_HEADER, &stream->cbinfo, &pkt); - mem = pkt.u.litdata_body.mem = __ops_memory_new(); - __ops_memory_init(pkt.u.litdata_body.mem, - (unsigned)((region->length * 101) / 100) + 12); - pkt.u.litdata_body.data = mem->buf; - - while (region->readc < region->length) { - unsigned readc = region->length - region->readc; - - if (!limread(mem->buf, readc, region, stream)) { - return 0; - } - pkt.u.litdata_body.length = readc; - parse_hash_data(stream, pkt.u.litdata_body.data, region->length); - CALLBACK(OPS_PTAG_CT_LITDATA_BODY, &stream->cbinfo, &pkt); - } - - /* XXX - get rid of mem here? */ - - return 1; -} - -/** - * \ingroup Core_Create - * - * __ops_seckey_free() frees the memory associated with "key". Note that - * the key itself is not freed. - * - * \param key - */ - -void -__ops_seckey_free(__ops_seckey_t *key) -{ - switch (key->pubkey.alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - free_BN(&key->key.rsa.d); - free_BN(&key->key.rsa.p); - free_BN(&key->key.rsa.q); - free_BN(&key->key.rsa.u); - break; - - case OPS_PKA_DSA: - free_BN(&key->key.dsa.x); - break; - - default: - (void) fprintf(stderr, - "__ops_seckey_free: Unknown algorithm: %d (%s)\n", - key->pubkey.alg, - __ops_show_pka(key->pubkey.alg)); - } - free(key->checkhash); -} - -static int -consume_packet(__ops_region_t *region, __ops_stream_t *stream, unsigned warn) -{ - __ops_packet_t pkt; - __ops_data_t remainder; - - if (region->indeterminate) { - ERRP(&stream->cbinfo, pkt, - "Can't consume indeterminate packets"); - } - - if (read_data(&remainder, region, stream)) { - /* now throw it away */ - __ops_data_free(&remainder); - if (warn) { - OPS_ERROR(&stream->errors, OPS_E_P_PACKET_CONSUMED, - "Warning: packet consumer"); - } - return 1; - } - OPS_ERROR(&stream->errors, OPS_E_P_PACKET_NOT_CONSUMED, - (warn) ? "Warning: Packet was not consumed" : - "Packet was not consumed"); - return warn; -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse a secret key - */ -static int -parse_seckey(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - __ops_region_t encregion; - __ops_region_t *saved_region = NULL; - __ops_crypt_t decrypt; - __ops_hash_t checkhash; - unsigned blocksize; - unsigned crypted; - uint8_t c = 0x0; - int ret = 1; - - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "\n---------\nparse_seckey:\n"); - fprintf(stderr, - "region length=%u, readc=%u, remainder=%u\n", - region->length, region->readc, - region->length - region->readc); - } - (void) memset(&pkt, 0x0, sizeof(pkt)); - if (!parse_pubkey_data(&pkt.u.seckey.pubkey, region, stream)) { - return 0; - } - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "parse_seckey: public key parsed\n"); - __ops_print_pubkey(&pkt.u.seckey.pubkey); - } - stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != OPS_V4); - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.seckey.s2k_usage = (__ops_s2k_usage_t)c; - - if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED || - pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.seckey.alg = (__ops_symm_alg_t)c; - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.seckey.s2k_specifier = (__ops_s2k_specifier_t)c; - switch (pkt.u.seckey.s2k_specifier) { - case OPS_S2KS_SIMPLE: - case OPS_S2KS_SALTED: - case OPS_S2KS_ITERATED_AND_SALTED: - break; - default: - (void) fprintf(stderr, - "parse_seckey: bad seckey\n"); - return 0; - } - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.seckey.hash_alg = (__ops_hash_alg_t)c; - if (pkt.u.seckey.s2k_specifier != OPS_S2KS_SIMPLE && - !limread(pkt.u.seckey.salt, 8, region, stream)) { - return 0; - } - if (pkt.u.seckey.s2k_specifier == - OPS_S2KS_ITERATED_AND_SALTED) { - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.seckey.octetc = - (16 + ((unsigned)c & 15)) << - (((unsigned)c >> 4) + 6); - } - } else if (pkt.u.seckey.s2k_usage != OPS_S2KU_NONE) { - /* this is V3 style, looks just like a V4 simple hash */ - pkt.u.seckey.alg = (__ops_symm_alg_t)c; - pkt.u.seckey.s2k_usage = OPS_S2KU_ENCRYPTED; - pkt.u.seckey.s2k_specifier = OPS_S2KS_SIMPLE; - pkt.u.seckey.hash_alg = OPS_HASH_MD5; - } - crypted = pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED || - pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED; - - if (crypted) { - __ops_packet_t seckey; - __ops_hash_t hashes[(OPS_MAX_KEY_SIZE + OPS_MIN_HASH_SIZE - 1) / OPS_MIN_HASH_SIZE]; - unsigned passlen; - uint8_t key[OPS_MAX_KEY_SIZE + OPS_MAX_HASH_SIZE]; - char *passphrase; - int hashsize; - int keysize; - int n; - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "crypted seckey\n"); - } - blocksize = __ops_block_size(pkt.u.seckey.alg); - if (blocksize == 0 || blocksize > OPS_MAX_BLOCK_SIZE) { - (void) fprintf(stderr, - "parse_seckey: bad blocksize\n"); - return 0; - } - - if (!limread(pkt.u.seckey.iv, blocksize, region, stream)) { - return 0; - } - (void) memset(&seckey, 0x0, sizeof(seckey)); - passphrase = NULL; - seckey.u.skey_passphrase.passphrase = &passphrase; - seckey.u.skey_passphrase.seckey = &pkt.u.seckey; - CALLBACK(OPS_GET_PASSPHRASE, &stream->cbinfo, &seckey); - if (!passphrase) { - if (__ops_get_debug_level(__FILE__)) { - /* \todo make into proper error */ - (void) fprintf(stderr, - "parse_seckey: can't get passphrase\n"); - } - if (!consume_packet(region, stream, 0)) { - return 0; - } - - CALLBACK(OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, - &stream->cbinfo, &pkt); - - return 1; - } - keysize = __ops_key_size(pkt.u.seckey.alg); - if (keysize == 0 || keysize > OPS_MAX_KEY_SIZE) { - (void) fprintf(stderr, - "parse_seckey: bad keysize\n"); - return 0; - } - - hashsize = __ops_hash_size(pkt.u.seckey.hash_alg); - if (hashsize == 0 || hashsize > OPS_MAX_HASH_SIZE) { - (void) fprintf(stderr, - "parse_seckey: bad hashsize\n"); - return 0; - } - - for (n = 0; n * hashsize < keysize; ++n) { - int i; - - __ops_hash_any(&hashes[n], - pkt.u.seckey.hash_alg); - if (!hashes[n].init(&hashes[n])) { - (void) fprintf(stderr, - "parse_seckey: bad alloc\n"); - return 0; - } - /* preload hashes with zeroes... */ - for (i = 0; i < n; ++i) { - hashes[n].add(&hashes[n], - (const uint8_t *) "", 1); - } - } - passlen = (unsigned)strlen(passphrase); - for (n = 0; n * hashsize < keysize; ++n) { - unsigned i; - - switch (pkt.u.seckey.s2k_specifier) { - case OPS_S2KS_SALTED: - hashes[n].add(&hashes[n], - pkt.u.seckey.salt, - OPS_SALT_SIZE); - /* FALLTHROUGH */ - case OPS_S2KS_SIMPLE: - hashes[n].add(&hashes[n], - (uint8_t *)passphrase, (unsigned)passlen); - break; - - case OPS_S2KS_ITERATED_AND_SALTED: - for (i = 0; i < pkt.u.seckey.octetc; - i += passlen + OPS_SALT_SIZE) { - unsigned j; - - j = passlen + OPS_SALT_SIZE; - if (i + j > pkt.u.seckey.octetc && i != 0) { - j = pkt.u.seckey.octetc - i; - } - hashes[n].add(&hashes[n], - pkt.u.seckey.salt, - (unsigned)(j > OPS_SALT_SIZE) ? - OPS_SALT_SIZE : j); - if (j > OPS_SALT_SIZE) { - hashes[n].add(&hashes[n], - (uint8_t *) passphrase, - j - OPS_SALT_SIZE); - } - } - break; - default: - break; - } - } - - for (n = 0; n * hashsize < keysize; ++n) { - int r; - - r = hashes[n].finish(&hashes[n], key + n * hashsize); - if (r != hashsize) { - (void) fprintf(stderr, - "parse_seckey: bad r\n"); - return 0; - } - } - - __ops_forget(passphrase, passlen); - - __ops_crypt_any(&decrypt, pkt.u.seckey.alg); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "input iv", pkt.u.seckey.iv, __ops_block_size(pkt.u.seckey.alg)); - hexdump(stderr, "key", key, CAST_KEY_LENGTH); - } - decrypt.set_iv(&decrypt, pkt.u.seckey.iv); - decrypt.set_crypt_key(&decrypt, key); - - /* now read encrypted data */ - - __ops_reader_push_decrypt(stream, &decrypt, region); - - /* - * Since all known encryption for PGP doesn't compress, we - * can limit to the same length as the current region (for - * now). - */ - __ops_init_subregion(&encregion, NULL); - encregion.length = region->length - region->readc; - if (pkt.u.seckey.pubkey.version != OPS_V4) { - encregion.length -= 2; - } - saved_region = region; - region = &encregion; - } - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "parse_seckey: end of crypted passphrase\n"); - } - if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { - pkt.u.seckey.checkhash = calloc(1, OPS_CHECKHASH_SIZE); - if (pkt.u.seckey.checkhash == NULL) { - (void) fprintf(stderr, "parse_seckey: bad alloc\n"); - return 0; - } - __ops_hash_sha1(&checkhash); - __ops_reader_push_hash(stream, &checkhash); - } else { - __ops_reader_push_sum16(stream); - } - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "parse_seckey: checkhash, reading MPIs\n"); - } - switch (pkt.u.seckey.pubkey.alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - if (!limread_mpi(&pkt.u.seckey.key.rsa.d, region, stream) || - !limread_mpi(&pkt.u.seckey.key.rsa.p, region, stream) || - !limread_mpi(&pkt.u.seckey.key.rsa.q, region, stream) || - !limread_mpi(&pkt.u.seckey.key.rsa.u, region, stream)) { - ret = 0; - } - break; - - case OPS_PKA_DSA: - if (!limread_mpi(&pkt.u.seckey.key.dsa.x, region, stream)) { - ret = 0; - } - break; - - case OPS_PKA_ELGAMAL: - if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) { - ret = 0; - } - break; - - default: - OPS_ERROR_2(&stream->errors, - OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, - "Unsupported Public Key algorithm %d (%s)", - pkt.u.seckey.pubkey.alg, - __ops_show_pka(pkt.u.seckey.pubkey.alg)); - ret = 0; - } - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "4 MPIs read\n"); - } - stream->reading_v3_secret = 0; - - if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { - uint8_t hash[OPS_CHECKHASH_SIZE]; - - __ops_reader_pop_hash(stream); - checkhash.finish(&checkhash, hash); - - if (crypted && - pkt.u.seckey.pubkey.version != OPS_V4) { - __ops_reader_pop_decrypt(stream); - region = saved_region; - } - if (ret) { - if (!limread(pkt.u.seckey.checkhash, - OPS_CHECKHASH_SIZE, region, stream)) { - return 0; - } - - if (memcmp(hash, pkt.u.seckey.checkhash, - OPS_CHECKHASH_SIZE) != 0) { - ERRP(&stream->cbinfo, pkt, - "Hash mismatch in secret key"); - } - } - } else { - uint16_t sum; - - sum = __ops_reader_pop_sum16(stream); - if (crypted && - pkt.u.seckey.pubkey.version != OPS_V4) { - __ops_reader_pop_decrypt(stream); - region = saved_region; - } - if (ret) { - if (!limread_scalar(&pkt.u.seckey.checksum, 2, - region, stream)) - return 0; - - if (sum != pkt.u.seckey.checksum) { - ERRP(&stream->cbinfo, pkt, - "Checksum mismatch in secret key"); - } - } - } - - if (crypted && pkt.u.seckey.pubkey.version == OPS_V4) { - __ops_reader_pop_decrypt(stream); - } - if (region == NULL) { - (void) fprintf(stderr, "parse_seckey: NULL region\n"); - return 0; - } - if (ret && region->readc != region->length) { - (void) fprintf(stderr, "parse_seckey: bad length\n"); - return 0; - } - if (!ret) { - return 0; - } - CALLBACK(OPS_PTAG_CT_SECRET_KEY, &stream->cbinfo, &pkt); - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "--- end of parse_seckey\n\n"); - } - return 1; -} - -/** - \ingroup Core_ReadPackets - \brief Parse a Public Key Session Key packet -*/ -static int -parse_pk_sesskey(__ops_region_t *region, - __ops_stream_t *stream) -{ - const __ops_seckey_t *secret; - __ops_packet_t sesskey; - __ops_packet_t pkt; - uint8_t *iv; - uint8_t c = 0x0; - uint8_t cs[2]; - unsigned k; - BIGNUM *g_to_k; - BIGNUM *enc_m; - int n; - uint8_t unencoded_m_buf[1024]; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.pk_sesskey.version = c; - if (pkt.u.pk_sesskey.version != 3) { - OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_PKSK_VRSN, - "Bad public-key encrypted session key version (%d)", - pkt.u.pk_sesskey.version); - return 0; - } - if (!limread(pkt.u.pk_sesskey.key_id, - (unsigned)sizeof(pkt.u.pk_sesskey.key_id), region, stream)) { - return 0; - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sesskey: pubkey id", pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id)); - } - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.pk_sesskey.alg = (__ops_pubkey_alg_t)c; - switch (pkt.u.pk_sesskey.alg) { - case OPS_PKA_RSA: - if (!limread_mpi(&pkt.u.pk_sesskey.params.rsa.encrypted_m, - region, stream)) { - return 0; - } - enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m; - g_to_k = NULL; - break; - - case OPS_PKA_DSA: - case OPS_PKA_ELGAMAL: - if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k, - region, stream) || - !limread_mpi( - &pkt.u.pk_sesskey.params.elgamal.encrypted_m, - region, stream)) { - return 0; - } - g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k; - enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m; - break; - - default: - OPS_ERROR_1(&stream->errors, - OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, - "Unknown public key algorithm in session key (%s)", - __ops_show_pka(pkt.u.pk_sesskey.alg)); - return 0; - } - - (void) memset(&sesskey, 0x0, sizeof(sesskey)); - secret = NULL; - sesskey.u.get_seckey.seckey = &secret; - sesskey.u.get_seckey.pk_sesskey = &pkt.u.pk_sesskey; - - CALLBACK(OPS_GET_SECKEY, &stream->cbinfo, &sesskey); - - if (!secret) { - CALLBACK(OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &stream->cbinfo, - &pkt); - return 1; - } - n = __ops_decrypt_decode_mpi(unencoded_m_buf, - (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret); - - if (n < 1) { - ERRP(&stream->cbinfo, pkt, "decrypted message too short"); - return 0; - } - - /* PKA */ - pkt.u.pk_sesskey.symm_alg = (__ops_symm_alg_t)unencoded_m_buf[0]; - - if (!__ops_is_sa_supported(pkt.u.pk_sesskey.symm_alg)) { - /* ERR1P */ - OPS_ERROR_1(&stream->errors, OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG, - "Symmetric algorithm %s not supported", - __ops_show_symm_alg( - pkt.u.pk_sesskey.symm_alg)); - return 0; - } - k = __ops_key_size(pkt.u.pk_sesskey.symm_alg); - - if ((unsigned) n != k + 3) { - OPS_ERROR_2(&stream->errors, OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN, - "decrypted message wrong length (got %d expected %d)", - n, k + 3); - return 0; - } - if (k > sizeof(pkt.u.pk_sesskey.key)) { - (void) fprintf(stderr, "parse_pk_sesskey: bad keylength\n"); - return 0; - } - - (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "recovered sesskey", pkt.u.pk_sesskey.key, k); - } - pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] + - (unencoded_m_buf[k + 2] << 8); - if (__ops_get_debug_level(__FILE__)) { - printf("session key checksum: %2x %2x\n", - unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); - } - - /* Check checksum */ - __ops_calc_sesskey_checksum(&pkt.u.pk_sesskey, &cs[0]); - if (unencoded_m_buf[k + 1] != cs[0] || - unencoded_m_buf[k + 2] != cs[1]) { - OPS_ERROR_4(&stream->errors, OPS_E_PROTO_BAD_SK_CHECKSUM, - "Session key checksum wrong: expected %2x %2x, got %2x %2x", - cs[0], cs[1], unencoded_m_buf[k + 1], - unencoded_m_buf[k + 2]); - return 0; - } - /* all is well */ - CALLBACK(OPS_PTAG_CT_PK_SESSION_KEY, &stream->cbinfo, &pkt); - - __ops_crypt_any(&stream->decrypt, pkt.u.pk_sesskey.symm_alg); - iv = calloc(1, stream->decrypt.blocksize); - if (iv == NULL) { - (void) fprintf(stderr, "parse_pk_sesskey: bad alloc\n"); - return 0; - } - stream->decrypt.set_iv(&stream->decrypt, iv); - stream->decrypt.set_crypt_key(&stream->decrypt, pkt.u.pk_sesskey.key); - __ops_encrypt_init(&stream->decrypt); - free(iv); - return 1; -} - -static int -__ops_decrypt_se_data(__ops_content_enum tag, __ops_region_t *region, - __ops_stream_t *stream) -{ - __ops_crypt_t *decrypt; - const int printerrors = 1; - int r = 1; - - decrypt = __ops_get_decrypt(stream); - if (decrypt) { - __ops_region_t encregion; - unsigned b = (unsigned)decrypt->blocksize; - uint8_t buf[OPS_MAX_BLOCK_SIZE + 2] = ""; - - __ops_reader_push_decrypt(stream, decrypt, region); - - __ops_init_subregion(&encregion, NULL); - encregion.length = b + 2; - - if (!exact_limread(buf, b + 2, &encregion, stream)) { - return 0; - } - if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { - __ops_reader_pop_decrypt(stream); - OPS_ERROR_4(&stream->errors, - OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT, - "Bad symmetric decrypt (%02x%02x vs %02x%02x)", - buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); - return 0; - } - if (tag == OPS_PTAG_CT_SE_DATA_BODY) { - decrypt->decrypt_resync(decrypt); - decrypt->block_encrypt(decrypt, decrypt->civ, - decrypt->civ); - } - r = __ops_parse(stream, !printerrors); - - __ops_reader_pop_decrypt(stream); - } else { - __ops_packet_t pkt; - - while (region->readc < region->length) { - unsigned len; - - len = region->length - region->readc; - if (len > sizeof(pkt.u.se_data_body.data)) - len = sizeof(pkt.u.se_data_body.data); - - if (!limread(pkt.u.se_data_body.data, len, - region, stream)) { - return 0; - } - pkt.u.se_data_body.length = len; - CALLBACK(tag, &stream->cbinfo, &pkt); - } - } - - return r; -} - -static int -__ops_decrypt_se_ip_data(__ops_content_enum tag, __ops_region_t *region, - __ops_stream_t *stream) -{ - __ops_crypt_t *decrypt; - const int printerrors = 1; - int r = 1; - - decrypt = __ops_get_decrypt(stream); - if (decrypt) { - __ops_reader_push_decrypt(stream, decrypt, region); - __ops_reader_push_se_ip_data(stream, decrypt, region); - - r = __ops_parse(stream, !printerrors); - - __ops_reader_pop_se_ip_data(stream); - __ops_reader_pop_decrypt(stream); - } else { - __ops_packet_t pkt; - - while (region->readc < region->length) { - unsigned len; - - len = region->length - region->readc; - if (len > sizeof(pkt.u.se_data_body.data)) { - len = sizeof(pkt.u.se_data_body.data); - } - - if (!limread(pkt.u.se_data_body.data, - len, region, stream)) { - return 0; - } - - pkt.u.se_data_body.length = len; - - CALLBACK(tag, &stream->cbinfo, &pkt); - } - } - - return r; -} - -/** - \ingroup Core_ReadPackets - \brief Read a Symmetrically Encrypted packet -*/ -static int -parse_se_data(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - - /* there's no info to go with this, so just announce it */ - CALLBACK(OPS_PTAG_CT_SE_DATA_HEADER, &stream->cbinfo, &pkt); - - /* - * The content of an encrypted data packet is more OpenPGP packets - * once decrypted, so recursively handle them - */ - return __ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY, region, stream); -} - -/** - \ingroup Core_ReadPackets - \brief Read a Symmetrically Encrypted Integrity Protected packet -*/ -static int -parse_se_ip_data(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - uint8_t c = 0x0; - - if (!limread(&c, 1, region, stream)) { - return 0; - } - pkt.u.se_ip_data_header = c; - - if (pkt.u.se_ip_data_header != OPS_SE_IP_DATA_VERSION) { - (void) fprintf(stderr, "parse_se_ip_data: bad version\n"); - return 0; - } - - /* - * The content of an encrypted data packet is more OpenPGP packets - * once decrypted, so recursively handle them - */ - return __ops_decrypt_se_ip_data(OPS_PTAG_CT_SE_IP_DATA_BODY, region, - stream); -} - -/** - \ingroup Core_ReadPackets - \brief Read a MDC packet -*/ -static int -parse_mdc(__ops_region_t *region, __ops_stream_t *stream) -{ - __ops_packet_t pkt; - - pkt.u.mdc.length = OPS_SHA1_HASH_SIZE; - if ((pkt.u.mdc.data = calloc(1, OPS_SHA1_HASH_SIZE)) == NULL) { - (void) fprintf(stderr, "parse_mdc: bad alloc\n"); - return 0; - } - if (!limread(pkt.u.mdc.data, OPS_SHA1_HASH_SIZE, region, stream)) { - return 0; - } - CALLBACK(OPS_PTAG_CT_MDC, &stream->cbinfo, &pkt); - free(pkt.u.mdc.data); - return 1; -} - -/** - Data relating to indeterminate-length blocks. -*/ -struct _ops_indeterminate_t { - __ops_region_t* region; - unsigned char* cdata; - unsigned readc; - unsigned length; -}; -typedef struct _ops_indeterminate_t __ops_indeterminate_t; - -/* initialise an indeterminate parser */ -static int -init_indeterminate(unsigned initial_length, __ops_stream_t* stream, __ops_indeterminate_t* data) -{ - unsigned length = initial_length; - unsigned indeterminate_flag = 1; - int r; - unsigned total_length = 0; - - data->readc = 0; - data->cdata = 0; - - while(1) { - if(!data->cdata) { - data->cdata = (unsigned char*)calloc(1, length); - if(!data->cdata) { - fprintf(stderr, "init_indeterminate: can't alloc %u bytes\n", length); - return 0; - } - } - else { - data->cdata = (unsigned char*)realloc(data->cdata, total_length+length); - if(!data->cdata) { - fprintf(stderr, "init_indeterminate: can't realloc %u bytes\n", total_length+length); - return 0; - } - } - - r = base_read(data->cdata+total_length, length, stream); - if(!r) { - fprintf(stderr, "init_indeterminate: out of data\n"); - return 0; - } - total_length += length; - - if(!indeterminate_flag) - break; - - r = read_new_length(&length, &indeterminate_flag, stream); - if(!r) { - fprintf(stderr, "init_indeterminate: could not read length header\n"); - return 0; - } - } - data->length = data->region->length = total_length; - data->region->indeterminate = 0; - return 1; -} - -void -dealloc_indeterminate(__ops_indeterminate_t* data) -{ - if(data->cdata) { - free(data->cdata); - data->cdata = 0; - } -} - -/* read from a new-style indeterminate length block */ -static int -indeterminate_reader(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - __ops_indeterminate_t *indeterminate = __ops_reader_get_arg(readinfo); - - memcpy(dest, indeterminate->cdata + indeterminate->readc, length); - indeterminate->readc += length; - - return length; -} - -/* push indeterminate data reader to stack */ -void -__ops_reader_push_indeterminate(__ops_stream_t *stream, - __ops_indeterminate_t *indeterminate) -{ - __ops_reader_push(stream, indeterminate_reader, NULL, indeterminate); -} - -/* pop indeterminate data reader from stack */ -void -__ops_reader_pop_indeterminate(__ops_stream_t *stream) -{ - __ops_reader_pop(stream); -} - -/** - * \ingroup Core_ReadPackets - * \brief Parse one packet. - * - * This function parses the packet tag. It computes the value of the - * content tag and then calls the appropriate function to handle the - * content. - * - * \param *stream How to parse - * \param *pktlen On return, will contain number of bytes in packet - * \return 1 on success, 0 on error, -1 on EOF */ -static int -__ops_parse_packet(__ops_stream_t *stream, uint32_t *pktlen) -{ - __ops_packet_t pkt; - __ops_region_t region; - __ops_indeterminate_t idata; - uint8_t ptag; - unsigned indeterminate = 0; - int ret; - - pkt.u.ptag.position = stream->readinfo.position; - - ret = base_read(&ptag, 1, stream); - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, - "__ops_parse_packet: base_read returned %d\n", - ret); - } - - /* errors in the base read are effectively EOF. */ - if (ret <= 0) { - return -1; - } - - *pktlen = 0; - - if (!(ptag & OPS_PTAG_ALWAYS_SET)) { - pkt.u.error = "Format error (ptag bit not set)"; - CALLBACK(OPS_PARSER_ERROR, &stream->cbinfo, &pkt); - return 0; - } - pkt.u.ptag.new_format = !!(ptag & OPS_PTAG_NEW_FORMAT); - if (pkt.u.ptag.new_format) { - pkt.u.ptag.type = (ptag & OPS_PTAG_NF_CONTENT_TAG_MASK); - pkt.u.ptag.length_type = 0; - if (!read_new_length(&pkt.u.ptag.length, &indeterminate, stream)) { - return 0; - } - } else { - unsigned rb; - - rb = 0; - pkt.u.ptag.type = ((unsigned)ptag & - OPS_PTAG_OF_CONTENT_TAG_MASK) - >> OPS_PTAG_OF_CONTENT_TAG_SHIFT; - pkt.u.ptag.length_type = ptag & OPS_PTAG_OF_LENGTH_TYPE_MASK; - switch (pkt.u.ptag.length_type) { - case OPS_PTAG_OLD_LEN_1: - rb = _read_scalar(&pkt.u.ptag.length, 1, stream); - break; - - case OPS_PTAG_OLD_LEN_2: - rb = _read_scalar(&pkt.u.ptag.length, 2, stream); - break; - - case OPS_PTAG_OLD_LEN_4: - rb = _read_scalar(&pkt.u.ptag.length, 4, stream); - break; - - case OPS_PTAG_OLD_LEN_INDETERMINATE: - pkt.u.ptag.length = 0; - indeterminate = 1; - rb = 1; - break; - } - if (!rb) { - return 0; - } - } - - CALLBACK(OPS_PARSER_PTAG, &stream->cbinfo, &pkt); - - __ops_init_subregion(®ion, NULL); - region.length = pkt.u.ptag.length; - region.indeterminate = indeterminate; - - if(indeterminate && pkt.u.ptag.length > 0) { - idata.region = ®ion; - if(!init_indeterminate(pkt.u.ptag.length, stream, &idata)) { - return 0; - } - __ops_reader_push_indeterminate(stream, &idata); - } - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "__ops_parse_packet: type %u\n", - pkt.u.ptag.type); - } - switch (pkt.u.ptag.type) { - case OPS_PTAG_CT_SIGNATURE: - ret = parse_sig(®ion, stream); - break; - - case OPS_PTAG_CT_PUBLIC_KEY: - case OPS_PTAG_CT_PUBLIC_SUBKEY: - ret = parse_pubkey((__ops_content_enum)pkt.u.ptag.type, ®ion, stream); - break; - - case OPS_PTAG_CT_TRUST: - ret = parse_trust(®ion, stream); - break; - - case OPS_PTAG_CT_USER_ID: - ret = parse_userid(®ion, stream); - break; - - case OPS_PTAG_CT_COMPRESSED: - ret = parse_compressed(®ion, stream); - break; - - case OPS_PTAG_CT_1_PASS_SIG: - ret = parse_one_pass(®ion, stream); - break; - - case OPS_PTAG_CT_LITDATA: - ret = parse_litdata(®ion, stream); - break; - - case OPS_PTAG_CT_USER_ATTR: - ret = parse_userattr(®ion, stream); - break; - - case OPS_PTAG_CT_SECRET_KEY: - ret = parse_seckey(®ion, stream); - break; - - case OPS_PTAG_CT_SECRET_SUBKEY: - ret = parse_seckey(®ion, stream); - break; - - case OPS_PTAG_CT_PK_SESSION_KEY: - ret = parse_pk_sesskey(®ion, stream); - break; - - case OPS_PTAG_CT_SE_DATA: - ret = parse_se_data(®ion, stream); - break; - - case OPS_PTAG_CT_SE_IP_DATA: - ret = parse_se_ip_data(®ion, stream); - break; - - case OPS_PTAG_CT_MDC: - ret = parse_mdc(®ion, stream); - break; - - default: - OPS_ERROR_1(&stream->errors, OPS_E_P_UNKNOWN_TAG, - "Unknown content tag 0x%x", - pkt.u.ptag.type); - ret = 0; - } - - if(indeterminate && pkt.u.ptag.length > 0) { - __ops_reader_pop_indeterminate(stream); - dealloc_indeterminate(&idata); - } - - /* Ensure that the entire packet has been consumed */ - - if (region.length != region.readc && !region.indeterminate) { - if (!consume_packet(®ion, stream, 0)) { - ret = -1; - } - } - - /* also consume it if there's been an error? */ - /* \todo decide what to do about an error on an */ - /* indeterminate packet */ - if (ret == 0) { - if (!consume_packet(®ion, stream, 0)) { - ret = -1; - } - } - /* set pktlen */ - - *pktlen = stream->readinfo.alength; - - /* do callback on entire packet, if desired and there was no error */ - - if (ret > 0 && stream->readinfo.accumulate) { - pkt.u.packet.length = stream->readinfo.alength; - pkt.u.packet.raw = stream->readinfo.accumulated; - stream->readinfo.accumulated = NULL; - stream->readinfo.asize = 0; - CALLBACK(OPS_PARSER_PACKET_END, &stream->cbinfo, &pkt); - } - stream->readinfo.alength = 0; - - return (ret < 0) ? -1 : (ret) ? 1 : 0; -} - -/** - * \ingroup Core_ReadPackets - * - * \brief Parse packets from an input stream until EOF or error. - * - * \details Setup the necessary parsing configuration in "stream" - * before calling __ops_parse(). - * - * That information includes : - * - * - a "reader" function to be used to get the data to be parsed - * - * - a "callback" function to be called when this library has identified - * a parseable object within the data - * - * - whether the calling function wants the signature subpackets - * returned raw, parsed or not at all. - * - * After returning, stream->errors holds any errors encountered while parsing. - * - * \param stream Parsing configuration - * \return 1 on success in all packets, 0 on error in any packet - * - * \sa CoreAPI Overview - * - * \sa __ops_print_errors() - * - */ - -int -__ops_parse(__ops_stream_t *stream, const int perrors) -{ - uint32_t pktlen; - int r; - - do { - r = __ops_parse_packet(stream, &pktlen); - } while (r != -1); - if (perrors) { - __ops_print_errors(stream->errors); - } - return (stream->errors == NULL); -} - -/** - * \ingroup Core_ReadPackets - * - * \brief Specifies whether one or more signature - * subpacket types should be returned parsed; or raw; or ignored. - * - * \param stream Pointer to previously allocated structure - * \param tag Packet tag. OPS_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag - * \param type Parse type - * \todo Make all packet types optional, not just subpackets */ -void -__ops_parse_options(__ops_stream_t *stream, - __ops_content_enum tag, - __ops_parse_type_t type) -{ - unsigned t7; - unsigned t8; - - if (tag == OPS_PTAG_SS_ALL) { - int n; - - for (n = 0; n < 256; ++n) { - __ops_parse_options(stream, - OPS_PTAG_SIG_SUBPKT_BASE + n, - type); - } - return; - } - if (tag < OPS_PTAG_SIG_SUBPKT_BASE || - tag > OPS_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) { - (void) fprintf(stderr, "__ops_parse_options: bad tag\n"); - return; - } - t8 = (tag - OPS_PTAG_SIG_SUBPKT_BASE) / 8; - t7 = 1 << ((tag - OPS_PTAG_SIG_SUBPKT_BASE) & 7); - switch (type) { - case OPS_PARSE_RAW: - stream->ss_raw[t8] |= t7; - stream->ss_parsed[t8] &= ~t7; - break; - - case OPS_PARSE_PARSED: - stream->ss_raw[t8] &= ~t7; - stream->ss_parsed[t8] |= t7; - break; - - case OPS_PARSE_IGNORE: - stream->ss_raw[t8] &= ~t7; - stream->ss_parsed[t8] &= ~t7; - break; - } -} - -/** -\ingroup Core_ReadPackets -\brief Free __ops_stream_t struct and its contents -*/ -void -__ops_stream_delete(__ops_stream_t *stream) -{ - __ops_cbdata_t *cbinfo; - __ops_cbdata_t *next; - - for (cbinfo = stream->cbinfo.next; cbinfo; cbinfo = next) { - next = cbinfo->next; - free(cbinfo); - } - if (stream->readinfo.destroyer) { - stream->readinfo.destroyer(&stream->readinfo); - } - __ops_free_errors(stream->errors); - if (stream->readinfo.accumulated) { - free(stream->readinfo.accumulated); - } - free(stream); -} - -/** -\ingroup Core_ReadPackets -\brief Returns the parse_info's reader_info -\return Pointer to the reader_info inside the parse_info -*/ -__ops_reader_t * -__ops_readinfo(__ops_stream_t *stream) -{ - return &stream->readinfo; -} - -/** -\ingroup Core_ReadPackets -\brief Sets the parse_info's callback -This is used when adding the first callback in a stack of callbacks. -\sa __ops_callback_push() -*/ - -void -__ops_set_callback(__ops_stream_t *stream, __ops_cbfunc_t *cb, void *arg) -{ - stream->cbinfo.cbfunc = cb; - stream->cbinfo.arg = arg; - stream->cbinfo.errors = &stream->errors; -} - -/** -\ingroup Core_ReadPackets -\brief Adds a further callback to a stack of callbacks -\sa __ops_set_callback() -*/ -void -__ops_callback_push(__ops_stream_t *stream, __ops_cbfunc_t *cb, void *arg) -{ - __ops_cbdata_t *cbinfo; - - if ((cbinfo = calloc(1, sizeof(*cbinfo))) == NULL) { - (void) fprintf(stderr, "__ops_callback_push: bad alloc\n"); - return; - } - (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo)); - cbinfo->io = stream->io; - stream->cbinfo.next = cbinfo; - __ops_set_callback(stream, cb, arg); -} - -/** -\ingroup Core_ReadPackets -\brief Returns callback's arg -*/ -void * -__ops_callback_arg(__ops_cbdata_t *cbinfo) -{ - return cbinfo->arg; -} - -/** -\ingroup Core_ReadPackets -\brief Returns callback's errors -*/ -void * -__ops_callback_errors(__ops_cbdata_t *cbinfo) -{ - return cbinfo->errors; -} - -/** -\ingroup Core_ReadPackets -\brief Calls the parse_cb_info's callback if present -\return Return value from callback, if present; else OPS_FINISHED -*/ -__ops_cb_ret_t -__ops_callback(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - return (cbinfo->cbfunc) ? cbinfo->cbfunc(pkt, cbinfo) : OPS_FINISHED; -} - -/** -\ingroup Core_ReadPackets -\brief Calls the next callback in the stack -\return Return value from callback -*/ -__ops_cb_ret_t -__ops_stacked_callback(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - return __ops_callback(pkt, cbinfo->next); -} - -/** -\ingroup Core_ReadPackets -\brief Returns the parse_info's errors -\return parse_info's errors -*/ -__ops_error_t * -__ops_stream_get_errors(__ops_stream_t *stream) -{ - return stream->errors; -} - -__ops_crypt_t * -__ops_get_decrypt(__ops_stream_t *stream) -{ - return (stream->decrypt.alg) ? &stream->decrypt : NULL; -} \ No newline at end of file diff --git a/enzevalos_iphone/netpgp/lib/packet-parse.h b/enzevalos_iphone/netpgp/lib/packet-parse.h deleted file mode 100644 index 9c37cf8f..00000000 --- a/enzevalos_iphone/netpgp/lib/packet-parse.h +++ /dev/null @@ -1,169 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - * Parser for OpenPGP packets - headers. - */ - -#ifndef PACKET_PARSE_H_ -#define PACKET_PARSE_H_ - -#include "types.h" -#include "packet.h" - -/** __ops_region_t */ -typedef struct __ops_region_t { - struct __ops_region_t *parent; - unsigned length; - unsigned readc; /* length read */ - unsigned last_read; - /* length of last read, only valid in deepest child */ - unsigned indeterminate:1; -} __ops_region_t; - -void __ops_init_subregion(__ops_region_t *, __ops_region_t *); - -/** __ops_cb_ret_t */ -typedef enum { - OPS_RELEASE_MEMORY, - OPS_KEEP_MEMORY, - OPS_FINISHED -} __ops_cb_ret_t; - -typedef struct __ops_cbdata_t __ops_cbdata_t; - -typedef __ops_cb_ret_t __ops_cbfunc_t(const __ops_packet_t *, - __ops_cbdata_t *); - -__ops_cb_ret_t -get_passphrase_cb(const __ops_packet_t *, __ops_cbdata_t *); - -typedef struct __ops_stream_t __ops_stream_t; -typedef struct __ops_reader_t __ops_reader_t; -typedef struct __ops_cryptinfo_t __ops_cryptinfo_t; - -/* - A reader MUST read at least one byte if it can, and should read up - to the number asked for. Whether it reads more for efficiency is - its own decision, but if it is a stacked reader it should never - read more than the length of the region it operates in (which it - would have to be given when it is stacked). - - If a read is short because of EOF, then it should return the short - read (obviously this will be zero on the second attempt, if not the - first). Because a reader is not obliged to do a full read, only a - zero return can be taken as an indication of EOF. - - If there is an error, then the callback should be notified, the - error stacked, and -1 should be returned. - - Note that although length is a size_t, a reader will never be asked - to read more than INT_MAX in one go. - - */ -typedef int __ops_reader_func_t(void *, size_t, __ops_error_t **, - __ops_reader_t *, __ops_cbdata_t *); - -typedef void __ops_reader_destroyer_t(__ops_reader_t *); - -void __ops_stream_delete(__ops_stream_t *); -__ops_error_t *__ops_stream_get_errors(__ops_stream_t *); -__ops_crypt_t *__ops_get_decrypt(__ops_stream_t *); - -void __ops_set_callback(__ops_stream_t *, __ops_cbfunc_t *, void *); -void __ops_callback_push(__ops_stream_t *, __ops_cbfunc_t *, void *); -void *__ops_callback_arg(__ops_cbdata_t *); -void *__ops_callback_errors(__ops_cbdata_t *); -void __ops_reader_set(__ops_stream_t *, __ops_reader_func_t *, - __ops_reader_destroyer_t *, void *); -void __ops_reader_push(__ops_stream_t *, __ops_reader_func_t *, - __ops_reader_destroyer_t *, void *); -void __ops_reader_pop(__ops_stream_t *); - -void *__ops_reader_get_arg(__ops_reader_t *); - -__ops_cb_ret_t __ops_callback(const __ops_packet_t *, - __ops_cbdata_t *); -__ops_cb_ret_t __ops_stacked_callback(const __ops_packet_t *, - __ops_cbdata_t *); -__ops_reader_t *__ops_readinfo(__ops_stream_t *); - -int __ops_parse(__ops_stream_t *, const int); - -/** Used to specify whether subpackets should be returned raw, parsed -* or ignored. */ -typedef enum { - OPS_PARSE_RAW, /* Callback Raw */ - OPS_PARSE_PARSED, /* Callback Parsed */ - OPS_PARSE_IGNORE /* Don't callback */ -} __ops_parse_type_t; - -void __ops_parse_options(__ops_stream_t *, __ops_content_enum, - __ops_parse_type_t); - -unsigned __ops_limited_read(uint8_t *, size_t, __ops_region_t *, - __ops_error_t **, __ops_reader_t *, - __ops_cbdata_t *); -unsigned __ops_stacked_limited_read(uint8_t *, unsigned, - __ops_region_t *, __ops_error_t **, - __ops_reader_t *, __ops_cbdata_t *); -void __ops_parse_hash_init(__ops_stream_t *, __ops_hash_alg_t, - const uint8_t *); -void __ops_parse_hash_data(__ops_stream_t *, const void *, size_t); -void __ops_parse_hash_finish(__ops_stream_t *); -__ops_hash_t *__ops_parse_hash_find(__ops_stream_t *, const uint8_t *); - -__ops_reader_func_t __ops_stacked_read; - -int __ops_decompress(__ops_region_t *, __ops_stream_t *, - __ops_compression_type_t); -unsigned __ops_writez(__ops_output_t *, const uint8_t *, - const unsigned); - -#endif /* PACKET_PARSE_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/packet-print.c b/enzevalos_iphone/netpgp/lib/packet-print.c deleted file mode 100644 index cbce4eae..00000000 --- a/enzevalos_iphone/netpgp/lib/packet-print.c +++ /dev/null @@ -1,1455 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ! \file \brief Standard API print functions - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: packet-print.c,v 1.38 2010/11/03 02:27:56 agc Exp $"); -#endif - -#include <string.h> -#include <stdio.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#include "crypto.h" -#include "keyring.h" -#include "packet-show.h" -#include "signature.h" -#include "readerwriter.h" -#include "netpgpdefs.h" -#include "netpgpsdk.h" -#include "packet.h" -#include "netpgpdigest.h" -#include "mj.h" - -/* static functions */ - -static void -print_indent(int indent) -{ - int i; - - for (i = 0; i < indent; i++) { - printf(" "); - } -} - -static void -print_name(int indent, const char *name) -{ - print_indent(indent); - if (name) { - printf("%s: ", name); - } -} - -static void -print_hexdump(int indent, const char *name, const uint8_t *data, unsigned len) -{ - print_name(indent, name); - hexdump(stdout, NULL, data, len); -} - -static void -hexdump_data(int indent, const char *name, const uint8_t *data, unsigned len) -{ - print_name(indent, name); - hexdump(stdout, NULL, data, len); -} - -static void -print_uint(int indent, const char *name, unsigned val) -{ - print_name(indent, name); - printf("%u\n", val); -} - -static void -showtime(const char *name, time_t t) -{ - printf("%s=%" PRItime "d (%.24s)", name, (long long) t, ctime(&t)); -} - -static void -print_time(int indent, const char *name, time_t t) -{ - print_indent(indent); - printf("%s: ", name); - showtime("time", t); - printf("\n"); -} - -static void -print_string_and_value(int indent, const char *name, const char *str, uint8_t value) -{ - print_name(indent, name); - printf("%s (0x%x)\n", str, value); -} - -static void -print_tagname(int indent, const char *str) -{ - print_indent(indent); - printf("%s packet\n", str); -} - -static void -print_data(int indent, const char *name, const __ops_data_t *data) -{ - print_hexdump(indent, name, data->contents, (unsigned)data->len); -} - -static void -print_bn(int indent, const char *name, const BIGNUM *bn) -{ - print_indent(indent); - printf("%s=", name); - if (bn) { - BN_print_fp(stdout, bn); - putchar('\n'); - } else { - puts("(unset)"); - } -} - -static void -print_packet_hex(const __ops_subpacket_t *pkt) -{ - hexdump(stdout, "packet contents:", pkt->raw, pkt->length); -} - -static void -print_escaped(const uint8_t *data, size_t length) -{ - while (length-- > 0) { - if ((*data >= 0x20 && *data < 0x7f && *data != '%') || - *data == '\n') { - putchar(*data); - } else { - printf("%%%02x", *data); - } - ++data; - } -} - -static void -print_string(int indent, const char *name, const char *str) -{ - print_name(indent, name); - print_escaped((const uint8_t *) str, strlen(str)); - putchar('\n'); -} - -static void -print_utf8_string(int indent, const char *name, const uint8_t *str) -{ - /* \todo Do this better for non-English character sets */ - print_string(indent, name, (const char *) str); -} - -static void -print_duration(int indent, const char *name, time_t t) -{ - int mins, hours, days, years; - - print_indent(indent); - printf("%s: ", name); - printf("duration %" PRItime "d seconds", (long long) t); - - mins = (int)(t / 60); - hours = mins / 60; - days = hours / 24; - years = days / 365; - - printf(" (approx. "); - if (years) { - printf("%d %s", years, years == 1 ? "year" : "years"); - } else if (days) { - printf("%d %s", days, days == 1 ? "day" : "days"); - } else if (hours) { - printf("%d %s", hours, hours == 1 ? "hour" : "hours"); - } - printf(")\n"); -} - -static void -print_boolean(int indent, const char *name, uint8_t boolval) -{ - print_name(indent, name); - printf("%s\n", (boolval) ? "Yes" : "No"); -} - -static void -print_text_breakdown(int indent, __ops_text_t *text) -{ - const char *prefix = ".. "; - unsigned i; - - /* these were recognised */ - for (i = 0; i < text->known.used; i++) { - print_indent(indent); - printf("%s", prefix); - printf("%s\n", text->known.strings[i]); - } - /* - * these were not recognised. the strings will contain the hex value - * of the unrecognised value in string format - see - * process_octet_str() - */ - if (text->unknown.used) { - printf("\n"); - print_indent(indent); - printf("Not Recognised: "); - } - for (i = 0; i < text->unknown.used; i++) { - print_indent(indent); - printf("%s", prefix); - printf("%s\n", text->unknown.strings[i]); - } -} - -static void -print_headers(const __ops_headers_t *h) -{ - unsigned i; - - for (i = 0; i < h->headerc; ++i) { - printf("%s=%s\n", h->headers[i].key, h->headers[i].value); - } -} - -static void -print_block(int indent, const char *name, const uint8_t *str, size_t length) -{ - int o = (int)length; - - print_indent(indent); - printf(">>>>> %s >>>>>\n", name); - - print_indent(indent); - for (; length > 0; --length) { - if (*str >= 0x20 && *str < 0x7f && *str != '%') { - putchar(*str); - } else if (*str == '\n') { - putchar(*str); - print_indent(indent); - } else { - printf("%%%02x", *str); - } - ++str; - } - if (o && str[-1] != '\n') { - putchar('\n'); - print_indent(indent); - fputs("[no newline]", stdout); - } else { - print_indent(indent); - } - printf("<<<<< %s <<<<<\n", name); -} - -/* return the number of bits in the public key */ -static int -numkeybits(const __ops_pubkey_t *pubkey) -{ - switch(pubkey->alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - return BN_num_bytes(pubkey->key.rsa.n) * 8; - case OPS_PKA_DSA: - switch(BN_num_bytes(pubkey->key.dsa.q)) { - case 20: - return 1024; - case 28: - return 2048; - case 32: - return 3072; - default: - return 0; - } - case OPS_PKA_ELGAMAL: - return BN_num_bytes(pubkey->key.elgamal.y) * 8; - default: - return -1; - } -} - -/* return the hexdump as a string */ -static char * -strhexdump(char *dest, const uint8_t *src, size_t length, const char *sep) -{ - unsigned i; - int n; - - for (n = 0, i = 0 ; i < length ; i += 2) { - n += snprintf(&dest[n], 3, "%02x", *src++); - n += snprintf(&dest[n], 10, "%02x%s", *src++, sep); - } - return dest; -} - -/* return the time as a string */ -static char * -ptimestr(char *dest, size_t size, time_t t) -{ - struct tm *tm; - - tm = gmtime(&t); - (void) snprintf(dest, size, "%04d-%02d-%02d", - tm->tm_year + 1900, - tm->tm_mon + 1, - tm->tm_mday); - return dest; -} - -/* print the sub key binding signature info */ -static int -psubkeybinding(char *buf, size_t size, const __ops_key_t *key, const char *expired) -{ - char keyid[512]; - char t[32]; - - return snprintf(buf, size, "encryption %d/%s %s %s %s\n", - numkeybits(&key->enckey), - __ops_show_pka(key->enckey.alg), - strhexdump(keyid, key->encid, OPS_KEY_ID_SIZE, ""), - ptimestr(t, sizeof(t), key->enckey.birthtime), - expired); -} - -static int -isrevoked(const __ops_key_t *key, unsigned uid) -{ - unsigned r; - - for (r = 0 ; r < key->revokec ; r++) { - if (key->revokes[r].uid == uid) { - return r; - } - } - return -1; -} - -#ifndef KB -#define KB(x) ((x) * 1024) -#endif - -/* print into a string (malloc'ed) the pubkeydata */ -int -__ops_sprint_keydata(__ops_io_t *io, const __ops_keyring_t *keyring, - const __ops_key_t *key, char **buf, const char *header, - const __ops_pubkey_t *pubkey, const int psigs) -{ - const __ops_key_t *trustkey; - unsigned from; - unsigned i; - unsigned j; - time_t now; - char uidbuf[KB(128)]; - char keyid[OPS_KEY_ID_SIZE * 3]; - char fp[(OPS_FINGERPRINT_SIZE * 3) + 1]; - char expired[128]; - char t[32]; - int cc; - int n; - int r; - - if (key == NULL || key->revoked) { - return -1; - } - now = time(NULL); - if (pubkey->duration > 0) { - cc = snprintf(expired, sizeof(expired), - (pubkey->birthtime + pubkey->duration < now) ? - "[EXPIRED " : "[EXPIRES "); - ptimestr(&expired[cc], sizeof(expired) - cc, - pubkey->birthtime + pubkey->duration); - cc += 10; - cc += snprintf(&expired[cc], sizeof(expired) - cc, "]"); - } else { - expired[0] = 0x0; - } - for (i = 0, n = 0; i < key->uidc; i++) { - if ((r = isrevoked(key, i)) >= 0 && - key->revokes[r].code == OPS_REVOCATION_COMPROMISED) { - continue; - } - n += snprintf(&uidbuf[n], sizeof(uidbuf) - n, "uid%s%s%s\n", - (psigs) ? " " : " ", - key->uids[i], - (isrevoked(key, i) >= 0) ? " [REVOKED]" : ""); - for (j = 0 ; j < key->subsigc ; j++) { - if (psigs) { - if (key->subsigs[j].uid != i) { - continue; - } - } else { - if (!(key->subsigs[j].sig.info.version == 4 && - key->subsigs[j].sig.info.type == OPS_SIG_SUBKEY && - i == key->uidc - 1)) { - continue; - } - } - from = 0; - trustkey = __ops_getkeybyid(io, keyring, key->subsigs[j].sig.info.signer_id, &from, NULL); - if (key->subsigs[j].sig.info.version == 4 && - key->subsigs[j].sig.info.type == OPS_SIG_SUBKEY) { - psubkeybinding(&uidbuf[n], sizeof(uidbuf) - n, key, expired); - } else { - n += snprintf(&uidbuf[n], sizeof(uidbuf) - n, - "sig %s %s %s\n", - strhexdump(keyid, key->subsigs[j].sig.info.signer_id, OPS_KEY_ID_SIZE, ""), - ptimestr(t, sizeof(t), key->subsigs[j].sig.info.birthtime), - (trustkey) ? (char *)trustkey->uids[trustkey->uid0] : "[unknown]"); - } - } - } - return __ops_asprintf(buf, "%s %d/%s %s %s %s\nKey fingerprint: %s\n%s", - header, - numkeybits(pubkey), - __ops_show_pka(pubkey->alg), - strhexdump(keyid, key->sigid, OPS_KEY_ID_SIZE, ""), - ptimestr(t, sizeof(t), pubkey->birthtime), - expired, - strhexdump(fp, key->sigfingerprint.fingerprint, key->sigfingerprint.length, " "), - uidbuf); -} - -/* return the key info as a JSON encoded string */ -int -__ops_sprint_mj(__ops_io_t *io, const __ops_keyring_t *keyring, - const __ops_key_t *key, mj_t *keyjson, const char *header, - const __ops_pubkey_t *pubkey, const int psigs) -{ - const __ops_key_t *trustkey; - unsigned from; - unsigned i; - unsigned j; - mj_t sub_obj; - char keyid[OPS_KEY_ID_SIZE * 3]; - char fp[(OPS_FINGERPRINT_SIZE * 3) + 1]; - int r; - - if (key == NULL || key->revoked) { - return -1; - } - (void) memset(keyjson, 0x0, sizeof(*keyjson)); - mj_create(keyjson, "object"); - mj_append_field(keyjson, "header", "string", header); - mj_append_field(keyjson, "key bits", "integer", (int64_t) numkeybits(pubkey)); - mj_append_field(keyjson, "pka", "string", __ops_show_pka(pubkey->alg)); - mj_append_field(keyjson, "key id", "string", strhexdump(keyid, key->sigid, OPS_KEY_ID_SIZE, "")); - mj_append_field(keyjson, "fingerprint", "string", - strhexdump(fp, key->sigfingerprint.fingerprint, key->sigfingerprint.length, " ")); - mj_append_field(keyjson, "birthtime", "integer", pubkey->birthtime); - mj_append_field(keyjson, "duration", "integer", pubkey->duration); - for (i = 0; i < key->uidc; i++) { - if ((r = isrevoked(key, i)) >= 0 && - key->revokes[r].code == OPS_REVOCATION_COMPROMISED) { - continue; - } - (void) memset(&sub_obj, 0x0, sizeof(sub_obj)); - mj_create(&sub_obj, "array"); - mj_append(&sub_obj, "string", key->uids[i]); - mj_append(&sub_obj, "string", (r >= 0) ? "[REVOKED]" : ""); - mj_append_field(keyjson, "uid", "array", &sub_obj); - mj_delete(&sub_obj); - for (j = 0 ; j < key->subsigc ; j++) { - if (psigs) { - if (key->subsigs[j].uid != i) { - continue; - } - } else { - if (!(key->subsigs[j].sig.info.version == 4 && - key->subsigs[j].sig.info.type == OPS_SIG_SUBKEY && - i == key->uidc - 1)) { - continue; - } - } - (void) memset(&sub_obj, 0x0, sizeof(sub_obj)); - mj_create(&sub_obj, "array"); - if (key->subsigs[j].sig.info.version == 4 && - key->subsigs[j].sig.info.type == OPS_SIG_SUBKEY) { - mj_append(&sub_obj, "integer", (int64_t)numkeybits(&key->enckey)); - mj_append(&sub_obj, "string", - (const char *)__ops_show_pka(key->enckey.alg)); - mj_append(&sub_obj, "string", - strhexdump(keyid, key->encid, OPS_KEY_ID_SIZE, "")); - mj_append(&sub_obj, "integer", (int64_t)key->enckey.birthtime); - mj_append_field(keyjson, "encryption", "array", &sub_obj); - mj_delete(&sub_obj); - } else { - mj_append(&sub_obj, "string", - strhexdump(keyid, key->subsigs[j].sig.info.signer_id, OPS_KEY_ID_SIZE, "")); - mj_append(&sub_obj, "integer", - (int64_t)(key->subsigs[j].sig.info.birthtime)); - from = 0; - trustkey = __ops_getkeybyid(io, keyring, key->subsigs[j].sig.info.signer_id, &from, NULL); - mj_append(&sub_obj, "string", - (trustkey) ? (char *)trustkey->uids[trustkey->uid0] : "[unknown]"); - mj_append_field(keyjson, "sig", "array", &sub_obj); - mj_delete(&sub_obj); - } - } - } - if (__ops_get_debug_level(__FILE__)) { - char *buf; - - mj_asprint(&buf, keyjson); - (void) fprintf(stderr, "__ops_sprint_mj: '%s'\n", buf); - free(buf); - } - return 1; -} - -int -__ops_hkp_sprint_keydata(__ops_io_t *io, const __ops_keyring_t *keyring, - const __ops_key_t *key, char **buf, - const __ops_pubkey_t *pubkey, const int psigs) -{ - const __ops_key_t *trustkey; - unsigned from; - unsigned i; - unsigned j; - char keyid[OPS_KEY_ID_SIZE * 3]; - char uidbuf[KB(128)]; - char fp[(OPS_FINGERPRINT_SIZE * 3) + 1]; - int n; - - if (key->revoked) { - return -1; - } - for (i = 0, n = 0; i < key->uidc; i++) { - n += snprintf(&uidbuf[n], sizeof(uidbuf) - n, - "uid:%lld:%lld:%s\n", - (long long)pubkey->birthtime, - (long long)pubkey->duration, - key->uids[i]); - for (j = 0 ; j < key->subsigc ; j++) { - if (psigs) { - if (key->subsigs[j].uid != i) { - continue; - } - } else { - if (!(key->subsigs[j].sig.info.version == 4 && - key->subsigs[j].sig.info.type == OPS_SIG_SUBKEY && - i == key->uidc - 1)) { - continue; - } - } - from = 0; - trustkey = __ops_getkeybyid(io, keyring, key->subsigs[j].sig.info.signer_id, &from, NULL); - if (key->subsigs[j].sig.info.version == 4 && - key->subsigs[j].sig.info.type == OPS_SIG_SUBKEY) { - n += snprintf(&uidbuf[n], sizeof(uidbuf) - n, "sub:%d:%d:%s:%lld:%lld\n", - numkeybits(pubkey), - key->subsigs[j].sig.info.key_alg, - strhexdump(keyid, key->subsigs[j].sig.info.signer_id, OPS_KEY_ID_SIZE, ""), - (long long)(key->subsigs[j].sig.info.birthtime), - (long long)pubkey->duration); - } else { - n += snprintf(&uidbuf[n], sizeof(uidbuf) - n, - "sig:%s:%lld:%s\n", - strhexdump(keyid, key->subsigs[j].sig.info.signer_id, OPS_KEY_ID_SIZE, ""), - (long long)key->subsigs[j].sig.info.birthtime, - (trustkey) ? (char *)trustkey->uids[trustkey->uid0] : ""); - } - } - } - return __ops_asprintf(buf, "pub:%s:%d:%d:%lld:%lld\n%s", - strhexdump(fp, key->sigfingerprint.fingerprint, OPS_FINGERPRINT_SIZE, ""), - pubkey->alg, - numkeybits(pubkey), - (long long)pubkey->birthtime, - (long long)pubkey->duration, - uidbuf); -} - -/* print the key data for a pub or sec key */ -void -__ops_print_keydata(__ops_io_t *io, const __ops_keyring_t *keyring, - const __ops_key_t *key, const char *header, - const __ops_pubkey_t *pubkey, const int psigs) -{ - char *cp; - - if (__ops_sprint_keydata(io, keyring, key, &cp, header, pubkey, psigs) >= 0) { - (void) fprintf(io->res, "%s", cp); - free(cp); - } -} - -/** -\ingroup Core_Print -\param pubkey -*/ -void -__ops_print_pubkey(const __ops_pubkey_t *pubkey) -{ - printf("------- PUBLIC KEY ------\n"); - print_uint(0, "Version", (unsigned)pubkey->version); - print_time(0, "Creation Time", pubkey->birthtime); - if (pubkey->version == OPS_V3) { - print_uint(0, "Days Valid", pubkey->days_valid); - } - print_string_and_value(0, "Algorithm", __ops_show_pka(pubkey->alg), - pubkey->alg); - switch (pubkey->alg) { - case OPS_PKA_DSA: - print_bn(0, "p", pubkey->key.dsa.p); - print_bn(0, "q", pubkey->key.dsa.q); - print_bn(0, "g", pubkey->key.dsa.g); - print_bn(0, "y", pubkey->key.dsa.y); - break; - - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - print_bn(0, "n", pubkey->key.rsa.n); - print_bn(0, "e", pubkey->key.rsa.e); - break; - - case OPS_PKA_ELGAMAL: - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - print_bn(0, "p", pubkey->key.elgamal.p); - print_bn(0, "g", pubkey->key.elgamal.g); - print_bn(0, "y", pubkey->key.elgamal.y); - break; - - default: - (void) fprintf(stderr, - "__ops_print_pubkey: Unusual algorithm\n"); - } - - printf("------- end of PUBLIC KEY ------\n"); -} - -int -__ops_sprint_pubkey(const __ops_key_t *key, char *out, size_t outsize) -{ - char fp[(OPS_FINGERPRINT_SIZE * 3) + 1]; - int cc; - - cc = snprintf(out, outsize, "key:%s:%d:%lld:%lld:%d:\n", - strhexdump(fp, key->sigfingerprint.fingerprint, OPS_FINGERPRINT_SIZE, ""), - key->key.pubkey.version, - (long long)key->key.pubkey.birthtime, - (long long)key->key.pubkey.days_valid, - key->key.pubkey.alg); - switch (key->key.pubkey.alg) { - case OPS_PKA_DSA: - cc += snprintf(&out[cc], outsize - cc, - "pubkey:p=%s:q=%s:g=%s:y=%s\n", - BN_bn2hex(key->key.pubkey.key.dsa.p), - BN_bn2hex(key->key.pubkey.key.dsa.q), - BN_bn2hex(key->key.pubkey.key.dsa.g), - BN_bn2hex(key->key.pubkey.key.dsa.y)); - break; - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - cc += snprintf(&out[cc], outsize - cc, - "pubkey:n=%s:e=%s\n", - BN_bn2hex(key->key.pubkey.key.rsa.n), - BN_bn2hex(key->key.pubkey.key.rsa.e)); - break; - case OPS_PKA_ELGAMAL: - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - cc += snprintf(&out[cc], outsize - cc, - "pubkey:p=%s:g=%s:y=%s\n", - BN_bn2hex(key->key.pubkey.key.elgamal.p), - BN_bn2hex(key->key.pubkey.key.elgamal.g), - BN_bn2hex(key->key.pubkey.key.elgamal.y)); - break; - default: - (void) fprintf(stderr, - "__ops_print_pubkey: Unusual algorithm\n"); - } - return cc; -} - -/** -\ingroup Core_Print -\param type -\param seckey -*/ -static void -__ops_print_seckey_verbose(const __ops_content_enum type, - const __ops_seckey_t *seckey) -{ - printf("------- SECRET KEY or ENCRYPTED SECRET KEY ------\n"); - print_tagname(0, (type == OPS_PTAG_CT_SECRET_KEY) ? - "SECRET_KEY" : - "ENCRYPTED_SECRET_KEY"); - /* __ops_print_pubkey(key); */ - printf("S2K Usage: %d\n", seckey->s2k_usage); - if (seckey->s2k_usage != OPS_S2KU_NONE) { - printf("S2K Specifier: %d\n", seckey->s2k_specifier); - printf("Symmetric algorithm: %d (%s)\n", seckey->alg, - __ops_show_symm_alg(seckey->alg)); - printf("Hash algorithm: %d (%s)\n", seckey->hash_alg, - __ops_show_hash_alg((uint8_t)seckey->hash_alg)); - if (seckey->s2k_specifier != OPS_S2KS_SIMPLE) { - print_hexdump(0, "Salt", seckey->salt, - (unsigned)sizeof(seckey->salt)); - } - if (seckey->s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED) { - printf("Octet count: %u\n", seckey->octetc); - } - print_hexdump(0, "IV", seckey->iv, __ops_block_size(seckey->alg)); - } - /* no more set if encrypted */ - if (type == OPS_PTAG_CT_ENCRYPTED_SECRET_KEY) { - return; - } - switch (seckey->pubkey.alg) { - case OPS_PKA_RSA: - print_bn(0, "d", seckey->key.rsa.d); - print_bn(0, "p", seckey->key.rsa.p); - print_bn(0, "q", seckey->key.rsa.q); - print_bn(0, "u", seckey->key.rsa.u); - break; - - case OPS_PKA_DSA: - print_bn(0, "x", seckey->key.dsa.x); - break; - - default: - (void) fprintf(stderr, - "__ops_print_seckey_verbose: unusual algorithm\n"); - } - if (seckey->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { - print_hexdump(0, "Checkhash", seckey->checkhash, - OPS_CHECKHASH_SIZE); - } else { - printf("Checksum: %04x\n", seckey->checksum); - } - printf("------- end of SECRET KEY or ENCRYPTED SECRET KEY ------\n"); -} - - -/** -\ingroup Core_Print -\param tag -\param key -*/ -static void -__ops_print_pk_sesskey(__ops_content_enum tag, - const __ops_pk_sesskey_t * key) -{ - print_tagname(0, (tag == OPS_PTAG_CT_PK_SESSION_KEY) ? - "PUBLIC KEY SESSION KEY" : - "ENCRYPTED PUBLIC KEY SESSION KEY"); - printf("Version: %d\n", key->version); - print_hexdump(0, "Key ID", key->key_id, (unsigned)sizeof(key->key_id)); - printf("Algorithm: %d (%s)\n", key->alg, - __ops_show_pka(key->alg)); - switch (key->alg) { - case OPS_PKA_RSA: - print_bn(0, "encrypted_m", key->params.rsa.encrypted_m); - break; - - case OPS_PKA_ELGAMAL: - print_bn(0, "g_to_k", key->params.elgamal.g_to_k); - print_bn(0, "encrypted_m", key->params.elgamal.encrypted_m); - break; - - default: - (void) fprintf(stderr, - "__ops_print_pk_sesskey: unusual algorithm\n"); - } - if (tag == OPS_PTAG_CT_PK_SESSION_KEY) { - printf("Symmetric algorithm: %d (%s)\n", key->symm_alg, - __ops_show_symm_alg(key->symm_alg)); - print_hexdump(0, "Key", key->key, __ops_key_size(key->symm_alg)); - printf("Checksum: %04x\n", key->checksum); - } -} - -static void -start_subpacket(int *indent, int type) -{ - *indent += 1; - print_indent(*indent); - printf("-- %s (type 0x%02x)\n", - __ops_show_ss_type((__ops_content_enum)type), - type - OPS_PTAG_SIG_SUBPKT_BASE); -} - -static void -end_subpacket(int *indent) -{ - *indent -= 1; -} - -/** -\ingroup Core_Print -\param contents -*/ -int -__ops_print_packet(__ops_printstate_t *print, const __ops_packet_t *pkt) -{ - const __ops_contents_t *content = &pkt->u; - __ops_text_t *text; - const char *str; - - if (print->unarmoured && pkt->tag != OPS_PTAG_CT_UNARMOURED_TEXT) { - print->unarmoured = 0; - puts("UNARMOURED TEXT ends"); - } - if (pkt->tag == OPS_PARSER_PTAG) { - printf("=> OPS_PARSER_PTAG: %s\n", - __ops_show_packet_tag((__ops_content_enum)content->ptag.type)); - } else { - printf("=> %s\n", __ops_show_packet_tag(pkt->tag)); - } - - switch (pkt->tag) { - case OPS_PARSER_ERROR: - printf("parse error: %s\n", content->error); - break; - - case OPS_PARSER_ERRCODE: - printf("parse error: %s\n", - __ops_errcode(content->errcode.errcode)); - break; - - case OPS_PARSER_PACKET_END: - print_packet_hex(&content->packet); - break; - - case OPS_PARSER_PTAG: - if (content->ptag.type == OPS_PTAG_CT_PUBLIC_KEY) { - print->indent = 0; - printf("\n*** NEXT KEY ***\n"); - } - printf("\n"); - print_indent(print->indent); - printf("==== ptag new_format=%u type=%u length_type=%d" - " length=0x%x (%u) position=0x%x (%u)\n", - content->ptag.new_format, - content->ptag.type, content->ptag.length_type, - content->ptag.length, content->ptag.length, - content->ptag.position, content->ptag.position); - print_tagname(print->indent, __ops_show_packet_tag((__ops_content_enum)content->ptag.type)); - break; - - case OPS_PTAG_CT_SE_DATA_HEADER: - print_tagname(print->indent, "SYMMETRIC ENCRYPTED DATA"); - break; - - case OPS_PTAG_CT_SE_IP_DATA_HEADER: - print_tagname(print->indent, - "SYMMETRIC ENCRYPTED INTEGRITY PROTECTED DATA HEADER"); - printf("Version: %d\n", content->se_ip_data_header); - break; - - case OPS_PTAG_CT_SE_IP_DATA_BODY: - print_tagname(print->indent, - "SYMMETRIC ENCRYPTED INTEGRITY PROTECTED DATA BODY"); - hexdump(stdout, "data", content->se_data_body.data, - content->se_data_body.length); - break; - - case OPS_PTAG_CT_PUBLIC_KEY: - case OPS_PTAG_CT_PUBLIC_SUBKEY: - print_tagname(print->indent, (pkt->tag == OPS_PTAG_CT_PUBLIC_KEY) ? - "PUBLIC KEY" : - "PUBLIC SUBKEY"); - __ops_print_pubkey(&content->pubkey); - break; - - case OPS_PTAG_CT_TRUST: - print_tagname(print->indent, "TRUST"); - print_data(print->indent, "Trust", &content->trust); - break; - - case OPS_PTAG_CT_USER_ID: - print_tagname(print->indent, "USER ID"); - print_utf8_string(print->indent, "userid", content->userid); - break; - - case OPS_PTAG_CT_SIGNATURE: - print_tagname(print->indent, "SIGNATURE"); - print_indent(print->indent); - print_uint(print->indent, "Signature Version", - (unsigned)content->sig.info.version); - if (content->sig.info.birthtime_set) { - print_time(print->indent, "Signature Creation Time", - content->sig.info.birthtime); - } - if (content->sig.info.duration_set) { - print_uint(print->indent, "Signature Duration", - (unsigned)content->sig.info.duration); - } - - print_string_and_value(print->indent, "Signature Type", - __ops_show_sig_type(content->sig.info.type), - content->sig.info.type); - - if (content->sig.info.signer_id_set) { - hexdump_data(print->indent, "Signer ID", - content->sig.info.signer_id, - (unsigned)sizeof(content->sig.info.signer_id)); - } - - print_string_and_value(print->indent, "Public Key Algorithm", - __ops_show_pka(content->sig.info.key_alg), - content->sig.info.key_alg); - print_string_and_value(print->indent, "Hash Algorithm", - __ops_show_hash_alg((uint8_t) - content->sig.info.hash_alg), - (uint8_t)content->sig.info.hash_alg); - print_uint(print->indent, "Hashed data len", - (unsigned)content->sig.info.v4_hashlen); - print_indent(print->indent); - hexdump_data(print->indent, "hash2", &content->sig.hash2[0], 2); - switch (content->sig.info.key_alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_SIGN_ONLY: - print_bn(print->indent, "sig", content->sig.info.sig.rsa.sig); - break; - - case OPS_PKA_DSA: - print_bn(print->indent, "r", content->sig.info.sig.dsa.r); - print_bn(print->indent, "s", content->sig.info.sig.dsa.s); - break; - - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - print_bn(print->indent, "r", content->sig.info.sig.elgamal.r); - print_bn(print->indent, "s", content->sig.info.sig.elgamal.s); - break; - - default: - (void) fprintf(stderr, - "__ops_print_packet: Unusual algorithm\n"); - return 0; - } - - if (content->sig.hash) - printf("data hash is set\n"); - - break; - - case OPS_PTAG_CT_COMPRESSED: - print_tagname(print->indent, "COMPRESSED"); - print_uint(print->indent, "Compressed Data Type", - (unsigned)content->compressed); - break; - - case OPS_PTAG_CT_1_PASS_SIG: - print_tagname(print->indent, "ONE PASS SIGNATURE"); - - print_uint(print->indent, "Version", (unsigned)content->one_pass_sig.version); - print_string_and_value(print->indent, "Signature Type", - __ops_show_sig_type(content->one_pass_sig.sig_type), - content->one_pass_sig.sig_type); - print_string_and_value(print->indent, "Hash Algorithm", - __ops_show_hash_alg((uint8_t)content->one_pass_sig.hash_alg), - (uint8_t)content->one_pass_sig.hash_alg); - print_string_and_value(print->indent, "Public Key Algorithm", - __ops_show_pka(content->one_pass_sig.key_alg), - content->one_pass_sig.key_alg); - hexdump_data(print->indent, "Signer ID", - content->one_pass_sig.keyid, - (unsigned)sizeof(content->one_pass_sig.keyid)); - print_uint(print->indent, "Nested", content->one_pass_sig.nested); - break; - - case OPS_PTAG_CT_USER_ATTR: - print_tagname(print->indent, "USER ATTRIBUTE"); - print_hexdump(print->indent, "User Attribute", - content->userattr.contents, - (unsigned)content->userattr.len); - break; - - case OPS_PTAG_RAW_SS: - if (pkt->critical) { - (void) fprintf(stderr, "contents are critical\n"); - return 0; - } - start_subpacket(&print->indent, pkt->tag); - print_uint(print->indent, "Raw Signature Subpacket: tag", - (unsigned)(content->ss_raw.tag - - (unsigned)OPS_PTAG_SIG_SUBPKT_BASE)); - print_hexdump(print->indent, "Raw Data", - content->ss_raw.raw, - (unsigned)content->ss_raw.length); - break; - - case OPS_PTAG_SS_CREATION_TIME: - start_subpacket(&print->indent, pkt->tag); - print_time(print->indent, "Signature Creation Time", content->ss_time); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_EXPIRATION_TIME: - start_subpacket(&print->indent, pkt->tag); - print_duration(print->indent, "Signature Expiration Time", - content->ss_time); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_KEY_EXPIRY: - start_subpacket(&print->indent, pkt->tag); - print_duration(print->indent, "Key Expiration Time", content->ss_time); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_TRUST: - start_subpacket(&print->indent, pkt->tag); - print_string(print->indent, "Trust Signature", ""); - print_uint(print->indent, "Level", (unsigned)content->ss_trust.level); - print_uint(print->indent, "Amount", (unsigned)content->ss_trust.amount); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_REVOCABLE: - start_subpacket(&print->indent, pkt->tag); - print_boolean(print->indent, "Revocable", content->ss_revocable); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_REVOCATION_KEY: - start_subpacket(&print->indent, pkt->tag); - /* not yet tested */ - printf(" revocation key: class=0x%x", - content->ss_revocation_key.class); - if (content->ss_revocation_key.class & 0x40) { - printf(" (sensitive)"); - } - printf(", algid=0x%x", content->ss_revocation_key.algid); - hexdump(stdout, "fingerprint", content->ss_revocation_key.fingerprint, - OPS_FINGERPRINT_SIZE); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_ISSUER_KEY_ID: - start_subpacket(&print->indent, pkt->tag); - print_hexdump(print->indent, "Issuer Key Id", - content->ss_issuer, (unsigned)sizeof(content->ss_issuer)); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_PREFERRED_SKA: - start_subpacket(&print->indent, pkt->tag); - print_data(print->indent, "Preferred Symmetric Algorithms", - &content->ss_skapref); - text = __ops_showall_ss_skapref(&content->ss_skapref); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_PRIMARY_USER_ID: - start_subpacket(&print->indent, pkt->tag); - print_boolean(print->indent, "Primary User ID", - content->ss_primary_userid); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_PREFERRED_HASH: - start_subpacket(&print->indent, pkt->tag); - print_data(print->indent, "Preferred Hash Algorithms", - &content->ss_hashpref); - text = __ops_showall_ss_hashpref(&content->ss_hashpref); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_PREF_COMPRESS: - start_subpacket(&print->indent, pkt->tag); - print_data(print->indent, "Preferred Compression Algorithms", - &content->ss_zpref); - text = __ops_showall_ss_zpref(&content->ss_zpref); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_KEY_FLAGS: - start_subpacket(&print->indent, pkt->tag); - print_data(print->indent, "Key Flags", &content->ss_key_flags); - - text = __ops_showall_ss_key_flags(&content->ss_key_flags); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_KEYSERV_PREFS: - start_subpacket(&print->indent, pkt->tag); - print_data(print->indent, "Key Server Preferences", - &content->ss_key_server_prefs); - text = __ops_show_keyserv_prefs(&content->ss_key_server_prefs); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_FEATURES: - start_subpacket(&print->indent, pkt->tag); - print_data(print->indent, "Features", &content->ss_features); - text = __ops_showall_ss_features(content->ss_features); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_NOTATION_DATA: - start_subpacket(&print->indent, pkt->tag); - print_indent(print->indent); - printf("Notation Data:\n"); - - print->indent++; - print_data(print->indent, "Flags", &content->ss_notation.flags); - text = __ops_showall_notation(content->ss_notation); - print_text_breakdown(print->indent, text); - __ops_text_free(text); - - print_data(print->indent, "Name", &content->ss_notation.name); - - print_data(print->indent, "Value", &content->ss_notation.value); - - print->indent--; - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_REGEXP: - start_subpacket(&print->indent, pkt->tag); - print_hexdump(print->indent, "Regular Expression", - (uint8_t *) content->ss_regexp, - (unsigned)strlen(content->ss_regexp)); - print_string(print->indent, NULL, content->ss_regexp); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_POLICY_URI: - start_subpacket(&print->indent, pkt->tag); - print_string(print->indent, "Policy URL", content->ss_policy); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_SIGNERS_USER_ID: - start_subpacket(&print->indent, pkt->tag); - print_utf8_string(print->indent, "Signer's User ID", content->ss_signer); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_PREF_KEYSERV: - start_subpacket(&print->indent, pkt->tag); - print_string(print->indent, "Preferred Key Server", content->ss_keyserv); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_EMBEDDED_SIGNATURE: - start_subpacket(&print->indent, pkt->tag); - end_subpacket(&print->indent);/* \todo print out contents? */ - break; - - case OPS_PTAG_SS_USERDEFINED00: - case OPS_PTAG_SS_USERDEFINED01: - case OPS_PTAG_SS_USERDEFINED02: - case OPS_PTAG_SS_USERDEFINED03: - case OPS_PTAG_SS_USERDEFINED04: - case OPS_PTAG_SS_USERDEFINED05: - case OPS_PTAG_SS_USERDEFINED06: - case OPS_PTAG_SS_USERDEFINED07: - case OPS_PTAG_SS_USERDEFINED08: - case OPS_PTAG_SS_USERDEFINED09: - case OPS_PTAG_SS_USERDEFINED10: - start_subpacket(&print->indent, pkt->tag); - print_hexdump(print->indent, "Internal or user-defined", - content->ss_userdef.contents, - (unsigned)content->ss_userdef.len); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_RESERVED: - start_subpacket(&print->indent, pkt->tag); - print_hexdump(print->indent, "Reserved", - content->ss_userdef.contents, - (unsigned)content->ss_userdef.len); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_SS_REVOCATION_REASON: - start_subpacket(&print->indent, pkt->tag); - print_hexdump(print->indent, "Revocation Reason", - &content->ss_revocation.code, - 1); - str = __ops_show_ss_rr_code(content->ss_revocation.code); - print_string(print->indent, NULL, str); - end_subpacket(&print->indent); - break; - - case OPS_PTAG_CT_LITDATA_HEADER: - print_tagname(print->indent, "LITERAL DATA HEADER"); - printf(" literal data header format=%c filename='%s'\n", - content->litdata_header.format, - content->litdata_header.filename); - showtime(" modification time", - content->litdata_header.mtime); - printf("\n"); - break; - - case OPS_PTAG_CT_LITDATA_BODY: - print_tagname(print->indent, "LITERAL DATA BODY"); - printf(" literal data body length=%u\n", - content->litdata_body.length); - printf(" data="); - print_escaped(content->litdata_body.data, - content->litdata_body.length); - printf("\n"); - break; - - case OPS_PTAG_CT_SIGNATURE_HEADER: - print_tagname(print->indent, "SIGNATURE"); - print_indent(print->indent); - print_uint(print->indent, "Signature Version", - (unsigned)content->sig.info.version); - if (content->sig.info.birthtime_set) { - print_time(print->indent, "Signature Creation Time", - content->sig.info.birthtime); - } - if (content->sig.info.duration_set) { - print_uint(print->indent, "Signature Duration", - (unsigned)content->sig.info.duration); - } - print_string_and_value(print->indent, "Signature Type", - __ops_show_sig_type(content->sig.info.type), - content->sig.info.type); - if (content->sig.info.signer_id_set) { - hexdump_data(print->indent, "Signer ID", - content->sig.info.signer_id, - (unsigned)sizeof(content->sig.info.signer_id)); - } - print_string_and_value(print->indent, "Public Key Algorithm", - __ops_show_pka(content->sig.info.key_alg), - content->sig.info.key_alg); - print_string_and_value(print->indent, "Hash Algorithm", - __ops_show_hash_alg((uint8_t)content->sig.info.hash_alg), - (uint8_t)content->sig.info.hash_alg); - print_uint(print->indent, "Hashed data len", - (unsigned)content->sig.info.v4_hashlen); - - break; - - case OPS_PTAG_CT_SIGNATURE_FOOTER: - print_indent(print->indent); - hexdump_data(print->indent, "hash2", &content->sig.hash2[0], 2); - - switch (content->sig.info.key_alg) { - case OPS_PKA_RSA: - print_bn(print->indent, "sig", content->sig.info.sig.rsa.sig); - break; - - case OPS_PKA_DSA: - print_bn(print->indent, "r", content->sig.info.sig.dsa.r); - print_bn(print->indent, "s", content->sig.info.sig.dsa.s); - break; - - case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: - print_bn(print->indent, "r", content->sig.info.sig.elgamal.r); - print_bn(print->indent, "s", content->sig.info.sig.elgamal.s); - break; - - case OPS_PKA_PRIVATE00: - case OPS_PKA_PRIVATE01: - case OPS_PKA_PRIVATE02: - case OPS_PKA_PRIVATE03: - case OPS_PKA_PRIVATE04: - case OPS_PKA_PRIVATE05: - case OPS_PKA_PRIVATE06: - case OPS_PKA_PRIVATE07: - case OPS_PKA_PRIVATE08: - case OPS_PKA_PRIVATE09: - case OPS_PKA_PRIVATE10: - print_data(print->indent, "Private/Experimental", - &content->sig.info.sig.unknown); - break; - - default: - (void) fprintf(stderr, - "__ops_print_packet: Unusual key algorithm\n"); - return 0; - } - break; - - case OPS_GET_PASSPHRASE: - print_tagname(print->indent, "OPS_GET_PASSPHRASE"); - break; - - case OPS_PTAG_CT_SECRET_KEY: - print_tagname(print->indent, "OPS_PTAG_CT_SECRET_KEY"); - __ops_print_seckey_verbose(pkt->tag, &content->seckey); - break; - - case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: - print_tagname(print->indent, "OPS_PTAG_CT_ENCRYPTED_SECRET_KEY"); - __ops_print_seckey_verbose(pkt->tag, &content->seckey); - break; - - case OPS_PTAG_CT_ARMOUR_HEADER: - print_tagname(print->indent, "ARMOUR HEADER"); - print_string(print->indent, "type", content->armour_header.type); - break; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER: - print_tagname(print->indent, "SIGNED CLEARTEXT HEADER"); - print_headers(&content->cleartext_head); - break; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY: - print_tagname(print->indent, "SIGNED CLEARTEXT BODY"); - print_block(print->indent, "signed cleartext", content->cleartext_body.data, - content->cleartext_body.length); - break; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER: - print_tagname(print->indent, "SIGNED CLEARTEXT TRAILER"); - printf("hash algorithm: %d\n", - content->cleartext_trailer->alg); - printf("\n"); - break; - - case OPS_PTAG_CT_UNARMOURED_TEXT: - if (!print->unarmoured) { - print_tagname(print->indent, "UNARMOURED TEXT"); - print->unarmoured = 1; - } - putchar('['); - print_escaped(content->unarmoured_text.data, - content->unarmoured_text.length); - putchar(']'); - break; - - case OPS_PTAG_CT_ARMOUR_TRAILER: - print_tagname(print->indent, "ARMOUR TRAILER"); - print_string(print->indent, "type", content->armour_header.type); - break; - - case OPS_PTAG_CT_PK_SESSION_KEY: - case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: - __ops_print_pk_sesskey(pkt->tag, &content->pk_sesskey); - break; - - case OPS_GET_SECKEY: - __ops_print_pk_sesskey(OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, - content->get_seckey.pk_sesskey); - break; - - default: - print_tagname(print->indent, "UNKNOWN PACKET TYPE"); - fprintf(stderr, "__ops_print_packet: unknown tag=%d (0x%x)\n", - pkt->tag, pkt->tag); - return 0; - } - return 1; -} - -static __ops_cb_ret_t -cb_list_packets(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - __ops_print_packet(&cbinfo->printstate, pkt); - return OPS_RELEASE_MEMORY; -} - -/** -\ingroup Core_Print -\param filename -\param armour -\param keyring -\param cb_get_passphrase -*/ -int -__ops_list_packets(__ops_io_t *io, - char *filename, - unsigned armour, - __ops_keyring_t *secring, - __ops_keyring_t *pubring, - void *passfp, - __ops_cbfunc_t *cb_get_passphrase) -{ - __ops_stream_t *stream = NULL; - const unsigned accumulate = 1; - const int printerrors = 1; - int fd; - - fd = __ops_setup_file_read(io, &stream, filename, NULL, cb_list_packets, - accumulate); - __ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); - stream->cryptinfo.secring = secring; - stream->cryptinfo.pubring = pubring; - stream->cbinfo.passfp = passfp; - stream->cryptinfo.getpassphrase = cb_get_passphrase; - if (armour) { - __ops_reader_push_dearmour(stream); - } - __ops_parse(stream, printerrors); - __ops_teardown_file_read(stream, fd); - return 1; -} diff --git a/enzevalos_iphone/netpgp/lib/packet-show.c b/enzevalos_iphone/netpgp/lib/packet-show.c deleted file mode 100644 index bdb0a655..00000000 --- a/enzevalos_iphone/netpgp/lib/packet-show.c +++ /dev/null @@ -1,918 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - * - * Creates printable text strings from packet contents - * - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: packet-show.c,v 1.18 2010/11/04 06:45:28 agc Exp $"); -#endif - -#include <stdlib.h> -#include <string.h> - -#include "packet-show.h" - -#include "netpgpsdk.h" -#include "netpgpdefs.h" - - -/* - * Arrays of value->text maps - */ - -static __ops_map_t packet_tag_map[] = -{ - {OPS_PTAG_CT_RESERVED, "Reserved"}, - {OPS_PTAG_CT_PK_SESSION_KEY, "Public-Key Encrypted Session Key"}, - {OPS_PTAG_CT_SIGNATURE, "Signature"}, - {OPS_PTAG_CT_SK_SESSION_KEY, "Symmetric-Key Encrypted Session Key"}, - {OPS_PTAG_CT_1_PASS_SIG, "One-Pass Signature"}, - {OPS_PTAG_CT_SECRET_KEY, "Secret Key"}, - {OPS_PTAG_CT_PUBLIC_KEY, "Public Key"}, - {OPS_PTAG_CT_SECRET_SUBKEY, "Secret Subkey"}, - {OPS_PTAG_CT_COMPRESSED, "Compressed Data"}, - {OPS_PTAG_CT_SE_DATA, "Symmetrically Encrypted Data"}, - {OPS_PTAG_CT_MARKER, "Marker"}, - {OPS_PTAG_CT_LITDATA, "Literal Data"}, - {OPS_PTAG_CT_TRUST, "Trust"}, - {OPS_PTAG_CT_USER_ID, "User ID"}, - {OPS_PTAG_CT_PUBLIC_SUBKEY, "Public Subkey"}, - {OPS_PTAG_CT_RESERVED2, "reserved2"}, - {OPS_PTAG_CT_RESERVED3, "reserved3"}, - {OPS_PTAG_CT_USER_ATTR, "User Attribute"}, - {OPS_PTAG_CT_SE_IP_DATA, - "Symmetric Encrypted and Integrity Protected Data"}, - {OPS_PTAG_CT_MDC, "Modification Detection Code"}, - {OPS_PARSER_PTAG, "OPS_PARSER_PTAG"}, - {OPS_PTAG_RAW_SS, "OPS_PTAG_RAW_SS"}, - {OPS_PTAG_SS_ALL, "OPS_PTAG_SS_ALL"}, - {OPS_PARSER_PACKET_END, "OPS_PARSER_PACKET_END"}, - {OPS_PTAG_SIG_SUBPKT_BASE, "OPS_PTAG_SIG_SUBPKT_BASE"}, - {OPS_PTAG_SS_CREATION_TIME, "SS: Signature Creation Time"}, - {OPS_PTAG_SS_EXPIRATION_TIME, "SS: Signature Expiration Time"}, - {OPS_PTAG_SS_EXPORT_CERT, "SS: Exportable Certification"}, - {OPS_PTAG_SS_TRUST, "SS: Trust Signature"}, - {OPS_PTAG_SS_REGEXP, "SS: Regular Expression"}, - {OPS_PTAG_SS_REVOCABLE, "SS: Revocable"}, - {OPS_PTAG_SS_KEY_EXPIRY, "SS: Key Expiration Time"}, - {OPS_PTAG_SS_RESERVED, "SS: Reserved"}, - {OPS_PTAG_SS_PREFERRED_SKA, "SS: Preferred Secret Key Algorithm"}, - {OPS_PTAG_SS_REVOCATION_KEY, "SS: Revocation Key"}, - {OPS_PTAG_SS_ISSUER_KEY_ID, "SS: Issuer Key Id"}, - {OPS_PTAG_SS_NOTATION_DATA, "SS: Notation Data"}, - {OPS_PTAG_SS_PREFERRED_HASH, "SS: Preferred Hash Algorithm"}, - {OPS_PTAG_SS_PREF_COMPRESS, "SS: Preferred Compression Algorithm"}, - {OPS_PTAG_SS_KEYSERV_PREFS, "SS: Key Server Preferences"}, - {OPS_PTAG_SS_PREF_KEYSERV, "SS: Preferred Key Server"}, - {OPS_PTAG_SS_PRIMARY_USER_ID, "SS: Primary User ID"}, - {OPS_PTAG_SS_POLICY_URI, "SS: Policy URI"}, - {OPS_PTAG_SS_KEY_FLAGS, "SS: Key Flags"}, - {OPS_PTAG_SS_SIGNERS_USER_ID, "SS: Signer's User ID"}, - {OPS_PTAG_SS_REVOCATION_REASON, "SS: Reason for Revocation"}, - {OPS_PTAG_SS_FEATURES, "SS: Features"}, - {OPS_PTAG_SS_SIGNATURE_TARGET, "SS: Signature Target"}, - {OPS_PTAG_SS_EMBEDDED_SIGNATURE, "SS: Embedded Signature"}, - - {OPS_PTAG_CT_LITDATA_HEADER, "CT: Literal Data Header"}, - {OPS_PTAG_CT_LITDATA_BODY, "CT: Literal Data Body"}, - {OPS_PTAG_CT_SIGNATURE_HEADER, "CT: Signature Header"}, - {OPS_PTAG_CT_SIGNATURE_FOOTER, "CT: Signature Footer"}, - {OPS_PTAG_CT_ARMOUR_HEADER, "CT: Armour Header"}, - {OPS_PTAG_CT_ARMOUR_TRAILER, "CT: Armour Trailer"}, - {OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER, "CT: Signed Cleartext Header"}, - {OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, "CT: Signed Cleartext Body"}, - {OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER, "CT: Signed Cleartext Trailer"}, - {OPS_PTAG_CT_UNARMOURED_TEXT, "CT: Unarmoured Text"}, - {OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, "CT: Encrypted Secret Key"}, - {OPS_PTAG_CT_SE_DATA_HEADER, "CT: Sym Encrypted Data Header"}, - {OPS_PTAG_CT_SE_DATA_BODY, "CT: Sym Encrypted Data Body"}, - {OPS_PTAG_CT_SE_IP_DATA_HEADER, "CT: Sym Encrypted IP Data Header"}, - {OPS_PTAG_CT_SE_IP_DATA_BODY, "CT: Sym Encrypted IP Data Body"}, - {OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, "CT: Encrypted PK Session Key"}, - {OPS_GET_PASSPHRASE, "CMD: Get Secret Key Passphrase"}, - {OPS_GET_SECKEY, "CMD: Get Secret Key"}, - {OPS_PARSER_ERROR, "OPS_PARSER_ERROR"}, - {OPS_PARSER_ERRCODE, "OPS_PARSER_ERRCODE"}, - - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_map_t ss_type_map[] = -{ - {OPS_PTAG_SS_CREATION_TIME, "Signature Creation Time"}, - {OPS_PTAG_SS_EXPIRATION_TIME, "Signature Expiration Time"}, - {OPS_PTAG_SS_TRUST, "Trust Signature"}, - {OPS_PTAG_SS_REGEXP, "Regular Expression"}, - {OPS_PTAG_SS_REVOCABLE, "Revocable"}, - {OPS_PTAG_SS_KEY_EXPIRY, "Key Expiration Time"}, - {OPS_PTAG_SS_PREFERRED_SKA, "Preferred Symmetric Algorithms"}, - {OPS_PTAG_SS_REVOCATION_KEY, "Revocation Key"}, - {OPS_PTAG_SS_ISSUER_KEY_ID, "Issuer key ID"}, - {OPS_PTAG_SS_NOTATION_DATA, "Notation Data"}, - {OPS_PTAG_SS_PREFERRED_HASH, "Preferred Hash Algorithms"}, - {OPS_PTAG_SS_PREF_COMPRESS, "Preferred Compression Algorithms"}, - {OPS_PTAG_SS_KEYSERV_PREFS, "Key Server Preferences"}, - {OPS_PTAG_SS_PREF_KEYSERV, "Preferred Key Server"}, - {OPS_PTAG_SS_PRIMARY_USER_ID, "Primary User ID"}, - {OPS_PTAG_SS_POLICY_URI, "Policy URI"}, - {OPS_PTAG_SS_KEY_FLAGS, "Key Flags"}, - {OPS_PTAG_SS_REVOCATION_REASON, "Reason for Revocation"}, - {OPS_PTAG_SS_FEATURES, "Features"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - - -static __ops_map_t ss_rr_code_map[] = -{ - {0x00, "No reason specified"}, - {0x01, "Key is superseded"}, - {0x02, "Key material has been compromised"}, - {0x03, "Key is retired and no longer used"}, - {0x20, "User ID information is no longer valid"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_map_t sig_type_map[] = -{ - {OPS_SIG_BINARY, "Signature of a binary document"}, - {OPS_SIG_TEXT, "Signature of a canonical text document"}, - {OPS_SIG_STANDALONE, "Standalone signature"}, - {OPS_CERT_GENERIC, "Generic certification of a User ID and Public Key packet"}, - {OPS_CERT_PERSONA, "Personal certification of a User ID and Public Key packet"}, - {OPS_CERT_CASUAL, "Casual certification of a User ID and Public Key packet"}, - {OPS_CERT_POSITIVE, "Positive certification of a User ID and Public Key packet"}, - {OPS_SIG_SUBKEY, "Subkey Binding Signature"}, - {OPS_SIG_PRIMARY, "Primary Key Binding Signature"}, - {OPS_SIG_DIRECT, "Signature directly on a key"}, - {OPS_SIG_REV_KEY, "Key revocation signature"}, - {OPS_SIG_REV_SUBKEY, "Subkey revocation signature"}, - {OPS_SIG_REV_CERT, "Certification revocation signature"}, - {OPS_SIG_TIMESTAMP, "Timestamp signature"}, - {OPS_SIG_3RD_PARTY, "Third-Party Confirmation signature"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_map_t pubkey_alg_map[] = -{ - {OPS_PKA_RSA, "RSA (Encrypt or Sign)"}, - {OPS_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"}, - {OPS_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"}, - {OPS_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"}, - {OPS_PKA_DSA, "DSA"}, - {OPS_PKA_RESERVED_ELLIPTIC_CURVE, "Reserved for Elliptic Curve"}, - {OPS_PKA_RESERVED_ECDSA, "Reserved for ECDSA"}, - {OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN, "Reserved (formerly Elgamal Encrypt or Sign"}, - {OPS_PKA_RESERVED_DH, "Reserved for Diffie-Hellman (X9.42)"}, - {OPS_PKA_PRIVATE00, "Private/Experimental"}, - {OPS_PKA_PRIVATE01, "Private/Experimental"}, - {OPS_PKA_PRIVATE02, "Private/Experimental"}, - {OPS_PKA_PRIVATE03, "Private/Experimental"}, - {OPS_PKA_PRIVATE04, "Private/Experimental"}, - {OPS_PKA_PRIVATE05, "Private/Experimental"}, - {OPS_PKA_PRIVATE06, "Private/Experimental"}, - {OPS_PKA_PRIVATE07, "Private/Experimental"}, - {OPS_PKA_PRIVATE08, "Private/Experimental"}, - {OPS_PKA_PRIVATE09, "Private/Experimental"}, - {OPS_PKA_PRIVATE10, "Private/Experimental"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_map_t symm_alg_map[] = -{ - {OPS_SA_PLAINTEXT, "Plaintext or unencrypted data"}, - {OPS_SA_IDEA, "IDEA"}, - {OPS_SA_TRIPLEDES, "TripleDES"}, - {OPS_SA_CAST5, "CAST5"}, - {OPS_SA_BLOWFISH, "Blowfish"}, - {OPS_SA_AES_128, "AES (128-bit key)"}, - {OPS_SA_AES_192, "AES (192-bit key)"}, - {OPS_SA_AES_256, "AES (256-bit key)"}, - {OPS_SA_TWOFISH, "Twofish(256-bit key)"}, - {OPS_SA_CAMELLIA_128, "Camellia (128-bit key)"}, - {OPS_SA_CAMELLIA_192, "Camellia (192-bit key)"}, - {OPS_SA_CAMELLIA_256, "Camellia (256-bit key)"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_map_t hash_alg_map[] = -{ - {OPS_HASH_MD5, "MD5"}, - {OPS_HASH_SHA1, "SHA1"}, - {OPS_HASH_RIPEMD, "RIPEMD160"}, - {OPS_HASH_SHA256, "SHA256"}, - {OPS_HASH_SHA384, "SHA384"}, - {OPS_HASH_SHA512, "SHA512"}, - {OPS_HASH_SHA224, "SHA224"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_map_t compression_alg_map[] = -{ - {OPS_C_NONE, "Uncompressed"}, - {OPS_C_ZIP, "ZIP(RFC1951)"}, - {OPS_C_ZLIB, "ZLIB(RFC1950)"}, - {OPS_C_BZIP2, "Bzip2(BZ2)"}, - {0x00, NULL}, /* this is the end-of-array marker */ -}; - -static __ops_bit_map_t ss_notation_map_byte0[] = -{ - {0x80, "Human-readable"}, - {0x00, NULL}, -}; - -static __ops_bit_map_t *ss_notation_map[] = -{ - ss_notation_map_byte0, -}; - -static __ops_bit_map_t ss_feature_map_byte0[] = -{ - {0x01, "Modification Detection"}, - {0x00, NULL}, -}; - -static __ops_bit_map_t *ss_feature_map[] = -{ - ss_feature_map_byte0, -}; - -static __ops_bit_map_t ss_key_flags_map[] = -{ - {0x01, "May be used to certify other keys"}, - {0x02, "May be used to sign data"}, - {0x04, "May be used to encrypt communications"}, - {0x08, "May be used to encrypt storage"}, - {0x10, "Private component may have been split by a secret-sharing mechanism"}, - {0x80, "Private component may be in possession of more than one person"}, - {0x00, NULL}, -}; - -static __ops_bit_map_t ss_key_server_prefs_map[] = -{ - {0x80, "Key holder requests that this key only be modified or updated by the key holder or an administrator of the key server"}, - {0x00, NULL}, -}; - -/* - * Private functions - */ - -static void -list_init(__ops_list_t *list) -{ - list->size = 0; - list->used = 0; - list->strings = NULL; -} - -static void -list_free_strings(__ops_list_t *list) -{ - unsigned i; - - for (i = 0; i < list->used; i++) { - free(list->strings[i]); - list->strings[i] = NULL; - } -} - -static void -list_free(__ops_list_t *list) -{ - if (list->strings) - free(list->strings); - list_init(list); -} - -static unsigned -list_resize(__ops_list_t *list) -{ - /* - * We only resize in one direction - upwards. Algorithm used : double - * the current size then add 1 - */ - char **newstrings; - int newsize; - - newsize = (list->size * 2) + 1; - newstrings = realloc(list->strings, newsize * sizeof(char *)); - if (newstrings) { - list->strings = newstrings; - list->size = newsize; - return 1; - } - (void) fprintf(stderr, "list_resize - bad alloc\n"); - return 0; -} - -static unsigned -add_str(__ops_list_t *list, const char *str) -{ - if (list->size == list->used && !list_resize(list)) { - return 0; - } - list->strings[list->used++] = __UNCONST(str); - return 1; -} - -/* find a bitfield in a map - serial search */ -static const char * -find_bitfield(__ops_bit_map_t *map, uint8_t octet) -{ - __ops_bit_map_t *row; - - for (row = map; row->string != NULL && row->mask != octet ; row++) { - } - return (row->string) ? row->string : "Unknown"; -} - -/* ! generic function to initialise __ops_text_t structure */ -void -__ops_text_init(__ops_text_t *text) -{ - list_init(&text->known); - list_init(&text->unknown); -} - -/** - * \ingroup Core_Print - * - * __ops_text_free() frees the memory used by an __ops_text_t structure - * - * \param text Pointer to a previously allocated structure. This structure and its contents will be freed. - */ -void -__ops_text_free(__ops_text_t *text) -{ - /* Strings in "known" array will be constants, so don't free them */ - list_free(&text->known); - - /* - * Strings in "unknown" array will be dynamically allocated, so do - * free them - */ - list_free_strings(&text->unknown); - list_free(&text->unknown); - - free(text); -} - -/* XXX: should this (and many others) be unsigned? */ -/* ! generic function which adds text derived from single octet map to text */ -static unsigned -add_str_from_octet_map(__ops_text_t *map, char *str, uint8_t octet) -{ - if (str && !add_str(&map->known, str)) { - /* - * value recognised, but there was a problem adding it to the - * list - */ - /* XXX - should print out error msg here, Ben? - rachel */ - return 0; - } else if (!str) { - /* - * value not recognised and there was a problem adding it to - * the unknown list - */ - unsigned len = 2 + 2 + 1; /* 2 for "0x", 2 for - * single octet in hex - * format, 1 for NUL */ - if ((str = calloc(1, len)) == NULL) { - (void) fprintf(stderr, "add_str_from_octet_map: bad alloc\n"); - return 0; - } - (void) snprintf(str, len, "0x%x", octet); - if (!add_str(&map->unknown, str)) { - return 0; - } - free(str); - } - return 1; -} - -/* ! generic function which adds text derived from single bit map to text */ -static unsigned -add_bitmap_entry(__ops_text_t *map, const char *str, uint8_t bit) -{ - const char *fmt_unknown = "Unknown bit(0x%x)"; - - if (str && !add_str(&map->known, str)) { - /* - * value recognised, but there was a problem adding it to the - * list - */ - /* XXX - should print out error msg here, Ben? - rachel */ - return 0; - } else if (!str) { - /* - * value not recognised and there was a problem adding it to - * the unknown list - * 2 chars of the string are the format definition, this will - * be replaced in the output by 2 chars of hex, so the length - * will be correct - */ - unsigned len = (unsigned)(strlen(fmt_unknown) + 1); - char *newstr; - - if ((newstr = calloc(1, len)) == NULL) { - (void) fprintf(stderr, "add_bitmap_entry: bad alloc\n"); - return 0; - } - (void) snprintf(newstr, len, fmt_unknown, bit); - if (!add_str(&map->unknown, newstr)) { - return 0; - } - free(newstr); - } - return 1; -} - -/** - * Produce a structure containing human-readable textstrings - * representing the recognised and unrecognised contents - * of this byte array. text_fn() will be called on each octet in turn. - * Each octet will generate one string representing the whole byte. - * - */ - -static __ops_text_t * -text_from_bytemapped_octets(const __ops_data_t *data, - const char *(*text_fn)(uint8_t octet)) -{ - __ops_text_t *text; - const char *str; - unsigned i; - - /* - * ! allocate and initialise __ops_text_t structure to store derived - * strings - */ - if ((text = calloc(1, sizeof(*text))) == NULL) { - return NULL; - } - - __ops_text_init(text); - - /* ! for each octet in field ... */ - for (i = 0; i < data->len; i++) { - /* ! derive string from octet */ - str = (*text_fn) (data->contents[i]); - - /* ! and add to text */ - if (!add_str_from_octet_map(text, netpgp_strdup(str), - data->contents[i])) { - __ops_text_free(text); - return NULL; - } - } - /* - * ! All values have been added to either the known or the unknown - * list - */ - return text; -} - -/** - * Produce a structure containing human-readable textstrings - * representing the recognised and unrecognised contents - * of this byte array, derived from each bit of each octet. - * - */ -static __ops_text_t * -showall_octets_bits(__ops_data_t *data, __ops_bit_map_t **map, size_t nmap) -{ - __ops_text_t *text; - const char *str; - unsigned i; - uint8_t mask, bit; - int j = 0; - - /* - * ! allocate and initialise __ops_text_t structure to store derived - * strings - */ - if ((text = calloc(1, sizeof(__ops_text_t))) == NULL) { - return NULL; - } - - __ops_text_init(text); - - /* ! for each octet in field ... */ - for (i = 0; i < data->len; i++) { - /* ! for each bit in octet ... */ - mask = 0x80; - for (j = 0; j < 8; j++, mask = (unsigned)mask >> 1) { - bit = data->contents[i] & mask; - if (bit) { - str = (i >= nmap) ? "Unknown" : - find_bitfield(map[i], bit); - if (!add_bitmap_entry(text, str, bit)) { - __ops_text_free(text); - return NULL; - } - } - } - } - return text; -} - -/* - * Public Functions - */ - -/** - * \ingroup Core_Print - * returns description of the Packet Tag - * \param packet_tag - * \return string or "Unknown" -*/ -const char * -__ops_show_packet_tag(__ops_content_enum packet_tag) -{ - const char *ret; - - ret = __ops_str_from_map(packet_tag, packet_tag_map); - if (!ret) { - ret = "Unknown Tag"; - } - return ret; -} - -/** - * \ingroup Core_Print - * - * returns description of the Signature Sub-Packet type - * \param ss_type Signature Sub-Packet type - * \return string or "Unknown" - */ -const char * -__ops_show_ss_type(__ops_content_enum ss_type) -{ - return __ops_str_from_map(ss_type, ss_type_map); -} - -/** - * \ingroup Core_Print - * - * returns description of the Revocation Reason code - * \param ss_rr_code Revocation Reason code - * \return string or "Unknown" - */ -const char * -__ops_show_ss_rr_code(__ops_ss_rr_code_t ss_rr_code) -{ - return __ops_str_from_map(ss_rr_code, ss_rr_code_map); -} - -/** - * \ingroup Core_Print - * - * returns description of the given Signature type - * \param sig_type Signature type - * \return string or "Unknown" - */ -const char * -__ops_show_sig_type(__ops_sig_type_t sig_type) -{ - return __ops_str_from_map(sig_type, sig_type_map); -} - -/** - * \ingroup Core_Print - * - * returns description of the given Public Key Algorithm - * \param pka Public Key Algorithm type - * \return string or "Unknown" - */ -const char * -__ops_show_pka(__ops_pubkey_alg_t pka) -{ - return __ops_str_from_map(pka, pubkey_alg_map); -} - -/** - * \ingroup Core_Print - * returns description of the Preferred Compression - * \param octet Preferred Compression - * \return string or "Unknown" -*/ -const char * -__ops_show_ss_zpref(uint8_t octet) -{ - return __ops_str_from_map(octet, compression_alg_map); -} - -/** - * \ingroup Core_Print - * - * returns set of descriptions of the given Preferred Compression Algorithms - * \param ss_zpref Array of Preferred Compression Algorithms - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - */ -__ops_text_t * -__ops_showall_ss_zpref(const __ops_data_t *ss_zpref) -{ - return text_from_bytemapped_octets(ss_zpref, - &__ops_show_ss_zpref); -} - - -/** - * \ingroup Core_Print - * - * returns description of the Hash Algorithm type - * \param hash Hash Algorithm type - * \return string or "Unknown" - */ -const char * -__ops_show_hash_alg(uint8_t hash) -{ - return __ops_str_from_map(hash, hash_alg_map); -} - -/** - * \ingroup Core_Print - * - * returns set of descriptions of the given Preferred Hash Algorithms - * \param ss_hashpref Array of Preferred Hash Algorithms - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - */ -__ops_text_t * -__ops_showall_ss_hashpref(const __ops_data_t *ss_hashpref) -{ - return text_from_bytemapped_octets(ss_hashpref, - &__ops_show_hash_alg); -} - -const char * -__ops_show_symm_alg(uint8_t hash) -{ - return __ops_str_from_map(hash, symm_alg_map); -} - -/** - * \ingroup Core_Print - * returns description of the given Preferred Symmetric Key Algorithm - * \param octet - * \return string or "Unknown" -*/ -const char * -__ops_show_ss_skapref(uint8_t octet) -{ - return __ops_str_from_map(octet, symm_alg_map); -} - -/** - * \ingroup Core_Print - * - * returns set of descriptions of the given Preferred Symmetric Key Algorithms - * \param ss_skapref Array of Preferred Symmetric Key Algorithms - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - */ -__ops_text_t * -__ops_showall_ss_skapref(const __ops_data_t *ss_skapref) -{ - return text_from_bytemapped_octets(ss_skapref, - &__ops_show_ss_skapref); -} - -/** - * \ingroup Core_Print - * returns description of one SS Feature - * \param octet - * \return string or "Unknown" -*/ -static const char * -__ops_show_ss_feature(uint8_t octet, unsigned offset) -{ - if (offset >= OPS_ARRAY_SIZE(ss_feature_map)) { - return "Unknown"; - } - return find_bitfield(ss_feature_map[offset], octet); -} - -/** - * \ingroup Core_Print - * - * returns set of descriptions of the given SS Features - * \param ss_features Signature Sub-Packet Features - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - */ -/* XXX: shouldn't this use show_all_octets_bits? */ -__ops_text_t * -__ops_showall_ss_features(__ops_data_t ss_features) -{ - __ops_text_t *text; - const char *str; - unsigned i; - uint8_t mask, bit; - int j; - - if ((text = calloc(1, sizeof(*text))) == NULL) { - return NULL; - } - - __ops_text_init(text); - - for (i = 0; i < ss_features.len; i++) { - mask = 0x80; - for (j = 0; j < 8; j++, mask = (unsigned)mask >> 1) { - bit = ss_features.contents[i] & mask; - if (bit) { - str = __ops_show_ss_feature(bit, i); - if (!add_bitmap_entry(text, str, bit)) { - __ops_text_free(text); - return NULL; - } - } - } - } - return text; -} - -/** - * \ingroup Core_Print - * returns description of SS Key Flag - * \param octet - * \param map - * \return -*/ -const char * -__ops_show_ss_key_flag(uint8_t octet, __ops_bit_map_t *map) -{ - return find_bitfield(map, octet); -} - -/** - * \ingroup Core_Print - * - * returns set of descriptions of the given Preferred Key Flags - * \param ss_key_flags Array of Key Flags - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - */ -__ops_text_t * -__ops_showall_ss_key_flags(const __ops_data_t *ss_key_flags) -{ - __ops_text_t *text; - const char *str; - uint8_t mask, bit; - int i; - - if ((text = calloc(1, sizeof(*text))) == NULL) { - return NULL; - } - - __ops_text_init(text); - - /* xxx - TBD: extend to handle multiple octets of bits - rachel */ - for (i = 0, mask = 0x80; i < 8; i++, mask = (unsigned)mask >> 1) { - bit = ss_key_flags->contents[0] & mask; - if (bit) { - str = __ops_show_ss_key_flag(bit, ss_key_flags_map); - if (!add_bitmap_entry(text, netpgp_strdup(str), bit)) { - __ops_text_free(text); - return NULL; - } - } - } - /* - * xxx - must add error text if more than one octet. Only one - * currently specified -- rachel - */ - return text; -} - -/** - * \ingroup Core_Print - * - * returns description of one given Key Server Preference - * - * \param prefs Byte containing bitfield of preferences - * \param map - * \return string or "Unknown" - */ -const char * -__ops_show_keyserv_pref(uint8_t prefs, __ops_bit_map_t *map) -{ - return find_bitfield(map, prefs); -} - -/** - * \ingroup Core_Print - * returns set of descriptions of given Key Server Preferences - * \param ss_key_server_prefs - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - * -*/ -__ops_text_t * -__ops_show_keyserv_prefs(const __ops_data_t *prefs) -{ - __ops_text_t *text; - const char *str; - uint8_t mask, bit; - int i = 0; - - if ((text = calloc(1, sizeof(*text))) == NULL) { - return NULL; - } - - __ops_text_init(text); - - /* xxx - TBD: extend to handle multiple octets of bits - rachel */ - - for (i = 0, mask = 0x80; i < 8; i++, mask = (unsigned)mask >> 1) { - bit = prefs->contents[0] & mask; - if (bit) { - str = __ops_show_keyserv_pref(bit, - ss_key_server_prefs_map); - if (!add_bitmap_entry(text, netpgp_strdup(str), bit)) { - __ops_text_free(text); - return NULL; - } - } - } - /* - * xxx - must add error text if more than one octet. Only one - * currently specified -- rachel - */ - return text; -} - -/** - * \ingroup Core_Print - * - * returns set of descriptions of the given SS Notation Data Flags - * \param ss_notation Signature Sub-Packet Notation Data - * \return NULL if cannot allocate memory or other error - * \return pointer to structure, if no error - */ -__ops_text_t * -__ops_showall_notation(__ops_ss_notation_t ss_notation) -{ - return showall_octets_bits(&ss_notation.flags, - ss_notation_map, - OPS_ARRAY_SIZE(ss_notation_map)); -} diff --git a/enzevalos_iphone/netpgp/lib/packet-show.h b/enzevalos_iphone/netpgp/lib/packet-show.h deleted file mode 100644 index 3bc13a1a..00000000 --- a/enzevalos_iphone/netpgp/lib/packet-show.h +++ /dev/null @@ -1,111 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ - -#ifndef PACKET_SHOW_H_ -#define PACKET_SHOW_H_ - -#include "packet.h" - -/** __ops_list_t - */ -typedef struct { - unsigned size; /* num of array slots allocated */ - unsigned used; /* num of array slots currently used */ - char **strings; -} __ops_list_t; - -/** __ops_text_t - */ -typedef struct { - __ops_list_t known; - __ops_list_t unknown; -} __ops_text_t; - -/** __ops_bit_map_t - */ -typedef struct { - uint8_t mask; - const char *string; -} __ops_bit_map_t; - -void __ops_text_init(__ops_text_t *); -void __ops_text_free(__ops_text_t *); - -const char *__ops_show_packet_tag(__ops_content_enum); -const char *__ops_show_ss_type(__ops_content_enum); - -const char *__ops_show_sig_type(__ops_sig_type_t); -const char *__ops_show_pka(__ops_pubkey_alg_t); - -__ops_text_t *__ops_showall_ss_zpref(const __ops_data_t *); -const char *__ops_show_ss_zpref(uint8_t); - -__ops_text_t *__ops_showall_ss_hashpref(const __ops_data_t *); -const char *__ops_show_hash_alg(uint8_t); -const char *__ops_show_symm_alg(uint8_t); - -__ops_text_t *__ops_showall_ss_skapref(const __ops_data_t *); -const char *__ops_show_ss_skapref(uint8_t); - -const char *__ops_show_ss_rr_code(__ops_ss_rr_code_t); - -__ops_text_t *__ops_showall_ss_features(__ops_data_t); - -__ops_text_t *__ops_showall_ss_key_flags(const __ops_data_t *); -const char *__ops_show_ss_key_flag(uint8_t, __ops_bit_map_t *); - -__ops_text_t *__ops_show_keyserv_prefs(const __ops_data_t *); -const char *__ops_show_keyserv_pref(uint8_t, __ops_bit_map_t *); - -__ops_text_t *__ops_showall_notation(__ops_ss_notation_t); - -#endif /* PACKET_SHOW_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/packet.h b/enzevalos_iphone/netpgp/lib/packet.h deleted file mode 100644 index 897e6b1c..00000000 --- a/enzevalos_iphone/netpgp/lib/packet.h +++ /dev/null @@ -1,982 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - * packet related headers. - */ - -#ifndef PACKET_H_ -#define PACKET_H_ - -#include <time.h> - -#ifdef HAVE_OPENSSL_BN_H -#include <openssl/bn.h> -#endif - -#include "types.h" -#include "errors.h" - -/* structure to keep track of printing state variables */ -typedef struct __ops_printstate_t { - unsigned unarmoured; - unsigned skipping; - int indent; -} __ops_printstate_t; - -/** General-use structure for variable-length data - */ - -typedef struct { - size_t len; - uint8_t *contents; - uint8_t mmapped; /* contents need an munmap(2) */ -} __ops_data_t; - -/************************************/ -/* Packet Tags - RFC4880, 4.2 */ -/************************************/ - -/** Packet Tag - Bit 7 Mask (this bit is always set). - * The first byte of a packet is the "Packet Tag". It always - * has bit 7 set. This is the mask for it. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_ALWAYS_SET 0x80 - -/** Packet Tag - New Format Flag. - * Bit 6 of the Packet Tag is the packet format indicator. - * If it is set, the new format is used, if cleared the - * old format is used. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_NEW_FORMAT 0x40 - - -/** Old Packet Format: Mask for content tag. - * In the old packet format bits 5 to 2 (including) - * are the content tag. This is the mask to apply - * to the packet tag. Note that you need to - * shift by #OPS_PTAG_OF_CONTENT_TAG_SHIFT bits. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_OF_CONTENT_TAG_MASK 0x3c -/** Old Packet Format: Offset for the content tag. - * As described at #OPS_PTAG_OF_CONTENT_TAG_MASK the - * content tag needs to be shifted after being masked - * out from the Packet Tag. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_OF_CONTENT_TAG_SHIFT 2 -/** Old Packet Format: Mask for length type. - * Bits 1 and 0 of the packet tag are the length type - * in the old packet format. - * - * See #__ops_ptag_of_lt_t for the meaning of the values. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_OF_LENGTH_TYPE_MASK 0x03 - - -/** Old Packet Format Lengths. - * Defines the meanings of the 2 bits for length type in the - * old packet format. - * - * \see RFC4880 4.2.1 - */ -typedef enum { - OPS_PTAG_OLD_LEN_1 = 0x00, /* Packet has a 1 byte length - - * header is 2 bytes long. */ - OPS_PTAG_OLD_LEN_2 = 0x01, /* Packet has a 2 byte length - - * header is 3 bytes long. */ - OPS_PTAG_OLD_LEN_4 = 0x02, /* Packet has a 4 byte - * length - header is 5 bytes - * long. */ - OPS_PTAG_OLD_LEN_INDETERMINATE = 0x03 /* Packet has a - * indeterminate length. */ -} __ops_ptag_of_lt_t; - - -/** New Packet Format: Mask for content tag. - * In the new packet format the 6 rightmost bits - * are the content tag. This is the mask to apply - * to the packet tag. Note that you need to - * shift by #OPS_PTAG_NF_CONTENT_TAG_SHIFT bits. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_NF_CONTENT_TAG_MASK 0x3f -/** New Packet Format: Offset for the content tag. - * As described at #OPS_PTAG_NF_CONTENT_TAG_MASK the - * content tag needs to be shifted after being masked - * out from the Packet Tag. - * - * \see RFC4880 4.2 - */ -#define OPS_PTAG_NF_CONTENT_TAG_SHIFT 0 - -/* PTag Content Tags */ -/***************************/ - -/** Package Tags (aka Content Tags) and signature subpacket types. - * This enumerates all rfc-defined packet tag values and the - * signature subpacket type values that we understand. - * - * \see RFC4880 4.3 - * \see RFC4880 5.2.3.1 - */ -typedef enum { - OPS_PTAG_CT_RESERVED = 0, /* Reserved - a packet tag must - * not have this value */ - OPS_PTAG_CT_PK_SESSION_KEY = 1, /* Public-Key Encrypted Session - * Key Packet */ - OPS_PTAG_CT_SIGNATURE = 2, /* Signature Packet */ - OPS_PTAG_CT_SK_SESSION_KEY = 3, /* Symmetric-Key Encrypted Session - * Key Packet */ - OPS_PTAG_CT_1_PASS_SIG = 4, /* One-Pass Signature - * Packet */ - OPS_PTAG_CT_SECRET_KEY = 5, /* Secret Key Packet */ - OPS_PTAG_CT_PUBLIC_KEY = 6, /* Public Key Packet */ - OPS_PTAG_CT_SECRET_SUBKEY = 7, /* Secret Subkey Packet */ - OPS_PTAG_CT_COMPRESSED = 8, /* Compressed Data Packet */ - OPS_PTAG_CT_SE_DATA = 9,/* Symmetrically Encrypted Data Packet */ - OPS_PTAG_CT_MARKER = 10,/* Marker Packet */ - OPS_PTAG_CT_LITDATA = 11, /* Literal Data Packet */ - OPS_PTAG_CT_TRUST = 12, /* Trust Packet */ - OPS_PTAG_CT_USER_ID = 13, /* User ID Packet */ - OPS_PTAG_CT_PUBLIC_SUBKEY = 14, /* Public Subkey Packet */ - OPS_PTAG_CT_RESERVED2 = 15, /* reserved */ - OPS_PTAG_CT_RESERVED3 = 16, /* reserved */ - OPS_PTAG_CT_USER_ATTR = 17, /* User Attribute Packet */ - OPS_PTAG_CT_SE_IP_DATA = 18, /* Sym. Encrypted and Integrity - * Protected Data Packet */ - OPS_PTAG_CT_MDC = 19, /* Modification Detection Code Packet */ - - OPS_PARSER_PTAG = 0x100,/* Internal Use: The packet is the "Packet - * Tag" itself - used when callback sends - * back the PTag. */ - OPS_PTAG_RAW_SS = 0x101,/* Internal Use: content is raw sig subtag */ - OPS_PTAG_SS_ALL = 0x102,/* Internal Use: select all subtags */ - OPS_PARSER_PACKET_END = 0x103, - - /* signature subpackets (0x200-2ff) (type+0x200) */ - /* only those we can parse are listed here */ - OPS_PTAG_SIG_SUBPKT_BASE = 0x200, /* Base for signature - * subpacket types - All - * signature type values - * are relative to this - * value. */ - OPS_PTAG_SS_CREATION_TIME = 0x200 + 2, /* signature creation time */ - OPS_PTAG_SS_EXPIRATION_TIME = 0x200 + 3, /* signature - * expiration time */ - - OPS_PTAG_SS_EXPORT_CERT = 0x200 + 4, /* exportable certification */ - OPS_PTAG_SS_TRUST = 0x200 + 5, /* trust signature */ - OPS_PTAG_SS_REGEXP = 0x200 + 6, /* regular expression */ - OPS_PTAG_SS_REVOCABLE = 0x200 + 7, /* revocable */ - OPS_PTAG_SS_KEY_EXPIRY = 0x200 + 9, /* key expiration - * time */ - OPS_PTAG_SS_RESERVED = 0x200 + 10, /* reserved */ - OPS_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* preferred symmetric - * algs */ - OPS_PTAG_SS_REVOCATION_KEY = 0x200 + 12, /* revocation key */ - OPS_PTAG_SS_ISSUER_KEY_ID = 0x200 + 16, /* issuer key ID */ - OPS_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* notation data */ - OPS_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* preferred hash - * algs */ - OPS_PTAG_SS_PREF_COMPRESS = 0x200 + 22, /* preferred - * compression - * algorithms */ - OPS_PTAG_SS_KEYSERV_PREFS = 0x200 + 23, /* key server - * preferences */ - OPS_PTAG_SS_PREF_KEYSERV = 0x200 + 24, /* Preferred Key - * Server */ - OPS_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* primary User ID */ - OPS_PTAG_SS_POLICY_URI = 0x200 + 26, /* Policy URI */ - OPS_PTAG_SS_KEY_FLAGS = 0x200 + 27, /* key flags */ - OPS_PTAG_SS_SIGNERS_USER_ID = 0x200 + 28, /* Signer's User ID */ - OPS_PTAG_SS_REVOCATION_REASON = 0x200 + 29, /* reason for - * revocation */ - OPS_PTAG_SS_FEATURES = 0x200 + 30, /* features */ - OPS_PTAG_SS_SIGNATURE_TARGET = 0x200 + 31, /* signature target */ - OPS_PTAG_SS_EMBEDDED_SIGNATURE = 0x200 + 32, /* embedded signature */ - - OPS_PTAG_SS_USERDEFINED00 = 0x200 + 100, /* internal or - * user-defined */ - OPS_PTAG_SS_USERDEFINED01 = 0x200 + 101, - OPS_PTAG_SS_USERDEFINED02 = 0x200 + 102, - OPS_PTAG_SS_USERDEFINED03 = 0x200 + 103, - OPS_PTAG_SS_USERDEFINED04 = 0x200 + 104, - OPS_PTAG_SS_USERDEFINED05 = 0x200 + 105, - OPS_PTAG_SS_USERDEFINED06 = 0x200 + 106, - OPS_PTAG_SS_USERDEFINED07 = 0x200 + 107, - OPS_PTAG_SS_USERDEFINED08 = 0x200 + 108, - OPS_PTAG_SS_USERDEFINED09 = 0x200 + 109, - OPS_PTAG_SS_USERDEFINED10 = 0x200 + 110, - - /* pseudo content types */ - OPS_PTAG_CT_LITDATA_HEADER = 0x300, - OPS_PTAG_CT_LITDATA_BODY = 0x300 + 1, - OPS_PTAG_CT_SIGNATURE_HEADER = 0x300 + 2, - OPS_PTAG_CT_SIGNATURE_FOOTER = 0x300 + 3, - OPS_PTAG_CT_ARMOUR_HEADER = 0x300 + 4, - OPS_PTAG_CT_ARMOUR_TRAILER = 0x300 + 5, - OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER = 0x300 + 6, - OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY = 0x300 + 7, - OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER = 0x300 + 8, - OPS_PTAG_CT_UNARMOURED_TEXT = 0x300 + 9, - OPS_PTAG_CT_ENCRYPTED_SECRET_KEY = 0x300 + 10, /* In this case the - * algorithm specific - * fields will not be - * initialised */ - OPS_PTAG_CT_SE_DATA_HEADER = 0x300 + 11, - OPS_PTAG_CT_SE_DATA_BODY = 0x300 + 12, - OPS_PTAG_CT_SE_IP_DATA_HEADER = 0x300 + 13, - OPS_PTAG_CT_SE_IP_DATA_BODY = 0x300 + 14, - OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY = 0x300 + 15, - - /* commands to the callback */ - OPS_GET_PASSPHRASE = 0x400, - OPS_GET_SECKEY = 0x400 + 1, - - /* Errors */ - OPS_PARSER_ERROR = 0x500, /* Internal Use: Parser Error */ - OPS_PARSER_ERRCODE = 0x500 + 1 /* Internal Use: Parser Error - * with errcode returned */ -} __ops_content_enum; - -enum { - OPS_REVOCATION_NO_REASON = 0, - OPS_REVOCATION_SUPERSEDED = 1, - OPS_REVOCATION_COMPROMISED = 2, - OPS_REVOCATION_RETIRED = 3, - OPS_REVOCATION_NO_LONGER_VALID = 0x20 -}; - -typedef enum { - OPS_KEYFLAG_CERT_KEYS = 0x01, - OPS_KEYFLAG_SIGN_DATA = 0x02, - OPS_KEYFLAG_ENC_COMM = 0x04, - OPS_KEYFLAG_ENC_STORAGE = 0x08, - OPS_KEYFLAG_SPLIT = 0x10, - OPS_KEYFLAG_AUTH = 0x20, - OPS_KEYFLAG_GROUP = 0x80 -} ops_key_flags_t; - -/** Structure to hold one error code */ -typedef struct { - __ops_errcode_t errcode; -} __ops_parser_errcode_t; - -/** Structure to hold one packet tag. - * \see RFC4880 4.2 - */ -typedef struct { - unsigned new_format; /* Whether this packet tag is new - * (1) or old format (0) */ - unsigned type; /* content_tag value - See - * #__ops_content_enum for meanings */ - __ops_ptag_of_lt_t length_type; /* Length type (#__ops_ptag_of_lt_t) - * - only if this packet tag is old - * format. Set to 0 if new format. */ - unsigned length; /* The length of the packet. This value - * is set when we read and compute the length - * information, not at the same moment we - * create the packet tag structure. Only - * defined if #readc is set. *//* XXX: Ben, is this correct? */ - unsigned position; /* The position (within the - * current reader) of the packet */ - unsigned size; /* number of bits */ -} __ops_ptag_t; - -/** Public Key Algorithm Numbers. - * OpenPGP assigns a unique Algorithm Number to each algorithm that is part of OpenPGP. - * - * This lists algorithm numbers for public key algorithms. - * - * \see RFC4880 9.1 - */ -typedef enum { - OPS_PKA_NOTHING = 0, /* No PKA */ - OPS_PKA_RSA = 1, /* RSA (Encrypt or Sign) */ - OPS_PKA_RSA_ENCRYPT_ONLY = 2, /* RSA Encrypt-Only (deprecated - - * \see RFC4880 13.5) */ - OPS_PKA_RSA_SIGN_ONLY = 3, /* RSA Sign-Only (deprecated - - * \see RFC4880 13.5) */ - OPS_PKA_ELGAMAL = 16, /* Elgamal (Encrypt-Only) */ - OPS_PKA_DSA = 17, /* DSA (Digital Signature Algorithm) */ - OPS_PKA_RESERVED_ELLIPTIC_CURVE = 18, /* Reserved for Elliptic - * Curve */ - OPS_PKA_RESERVED_ECDSA = 19, /* Reserved for ECDSA */ - OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* Deprecated. */ - OPS_PKA_RESERVED_DH = 21, /* Reserved for Diffie-Hellman - * (X9.42, as defined for - * IETF-S/MIME) */ - OPS_PKA_PRIVATE00 = 100,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE01 = 101,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE02 = 102,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE03 = 103,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE04 = 104,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE05 = 105,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE06 = 106,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE07 = 107,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE08 = 108,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE09 = 109,/* Private/Experimental Algorithm */ - OPS_PKA_PRIVATE10 = 110 /* Private/Experimental Algorithm */ -} __ops_pubkey_alg_t; - -/** Structure to hold one DSA public key params. - * - * \see RFC4880 5.5.2 - */ -typedef struct { - BIGNUM *p; /* DSA prime p */ - BIGNUM *q; /* DSA group order q */ - BIGNUM *g; /* DSA group generator g */ - BIGNUM *y; /* DSA public key value y (= g^x mod p - * with x being the secret) */ -} __ops_dsa_pubkey_t; - -/** Structure to hold an RSA public key. - * - * \see RFC4880 5.5.2 - */ -typedef struct { - BIGNUM *n; /* RSA public modulus n */ - BIGNUM *e; /* RSA public encryption exponent e */ -} __ops_rsa_pubkey_t; - -/** Structure to hold an ElGamal public key params. - * - * \see RFC4880 5.5.2 - */ -typedef struct { - BIGNUM *p; /* ElGamal prime p */ - BIGNUM *g; /* ElGamal group generator g */ - BIGNUM *y; /* ElGamal public key value y (= g^x mod p - * with x being the secret) */ -} __ops_elgamal_pubkey_t; - -/** Version. - * OpenPGP has two different protocol versions: version 3 and version 4. - * - * \see RFC4880 5.2 - */ -typedef enum { - OPS_V2 = 2, /* Version 2 (essentially the same as v3) */ - OPS_V3 = 3, /* Version 3 */ - OPS_V4 = 4 /* Version 4 */ -} __ops_version_t; - -/** Structure to hold a pgp public key */ -typedef struct { - __ops_version_t version;/* version of the key (v3, v4...) */ - time_t birthtime; - time_t duration; - /* validity period of the key in days since - * creation. A value of 0 has a special meaning - * indicating this key does not expire. Only used with - * v3 keys. */ - unsigned days_valid; /* v4 duration */ - __ops_pubkey_alg_t alg; /* Public Key Algorithm type */ - union { - __ops_dsa_pubkey_t dsa; /* A DSA public key */ - __ops_rsa_pubkey_t rsa; /* An RSA public key */ - __ops_elgamal_pubkey_t elgamal; /* An ElGamal public key */ - } key; /* Public Key Parameters */ -} __ops_pubkey_t; - -/** Structure to hold data for one RSA secret key - */ -typedef struct { - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *u; -} __ops_rsa_seckey_t; - -/** __ops_dsa_seckey_t */ -typedef struct { - BIGNUM *x; -} __ops_dsa_seckey_t; - -/** __ops_elgamal_seckey_t */ -typedef struct { - BIGNUM *x; -} __ops_elgamal_seckey_t; - -/** s2k_usage_t - */ -typedef enum { - OPS_S2KU_NONE = 0, - OPS_S2KU_ENCRYPTED_AND_HASHED = 254, - OPS_S2KU_ENCRYPTED = 255 -} __ops_s2k_usage_t; - -/** s2k_specifier_t - */ -typedef enum { - OPS_S2KS_SIMPLE = 0, - OPS_S2KS_SALTED = 1, - OPS_S2KS_ITERATED_AND_SALTED = 3 -} __ops_s2k_specifier_t; - -/** Symmetric Key Algorithm Numbers. - * OpenPGP assigns a unique Algorithm Number to each algorithm that is - * part of OpenPGP. - * - * This lists algorithm numbers for symmetric key algorithms. - * - * \see RFC4880 9.2 - */ -typedef enum { - OPS_SA_PLAINTEXT = 0, /* Plaintext or unencrypted data */ - OPS_SA_IDEA = 1, /* IDEA */ - OPS_SA_TRIPLEDES = 2, /* TripleDES */ - OPS_SA_CAST5 = 3, /* CAST5 */ - OPS_SA_BLOWFISH = 4, /* Blowfish */ - OPS_SA_AES_128 = 7, /* AES with 128-bit key (AES) */ - OPS_SA_AES_192 = 8, /* AES with 192-bit key */ - OPS_SA_AES_256 = 9, /* AES with 256-bit key */ - OPS_SA_TWOFISH = 10, /* Twofish with 256-bit key (TWOFISH) */ - OPS_SA_CAMELLIA_128 = 100, /* Camellia with 128-bit key (CAMELLIA) */ - OPS_SA_CAMELLIA_192 = 101, /* Camellia with 192-bit key */ - OPS_SA_CAMELLIA_256 = 102 /* Camellia with 256-bit key */ -} __ops_symm_alg_t; - -#define OPS_SA_DEFAULT_CIPHER OPS_SA_CAST5 - -/** Hashing Algorithm Numbers. - * OpenPGP assigns a unique Algorithm Number to each algorithm that is - * part of OpenPGP. - * - * This lists algorithm numbers for hash algorithms. - * - * \see RFC4880 9.4 - */ -typedef enum { - OPS_HASH_UNKNOWN = -1, /* used to indicate errors */ - OPS_HASH_MD5 = 1, /* MD5 */ - OPS_HASH_SHA1 = 2, /* SHA-1 */ - OPS_HASH_RIPEMD = 3, /* RIPEMD160 */ - - OPS_HASH_SHA256 = 8, /* SHA256 */ - OPS_HASH_SHA384 = 9, /* SHA384 */ - OPS_HASH_SHA512 = 10, /* SHA512 */ - OPS_HASH_SHA224 = 11 /* SHA224 */ -} __ops_hash_alg_t; - -#define OPS_DEFAULT_HASH_ALGORITHM OPS_HASH_SHA256 - -void __ops_calc_mdc_hash(const uint8_t *, - const size_t, - const uint8_t *, - const unsigned, - uint8_t *); -unsigned __ops_is_hash_alg_supported(const __ops_hash_alg_t *); - -/* Maximum block size for symmetric crypto */ -#define OPS_MAX_BLOCK_SIZE 16 - -/* Maximum key size for symmetric crypto */ -#define OPS_MAX_KEY_SIZE 32 - -/* Salt size for hashing */ -#define OPS_SALT_SIZE 8 - -/* Max hash size */ -#define OPS_MAX_HASH_SIZE 64 - -/** __ops_seckey_t - */ -typedef struct __ops_seckey_t { - __ops_pubkey_t pubkey; /* public key */ - __ops_s2k_usage_t s2k_usage; - __ops_s2k_specifier_t s2k_specifier; - __ops_symm_alg_t alg; /* symmetric alg */ - __ops_hash_alg_t hash_alg; /* hash algorithm */ - uint8_t salt[OPS_SALT_SIZE]; - unsigned octetc; - uint8_t iv[OPS_MAX_BLOCK_SIZE]; - union { - __ops_rsa_seckey_t rsa; - __ops_dsa_seckey_t dsa; - __ops_elgamal_seckey_t elgamal; - } key; - unsigned checksum; - uint8_t *checkhash; -} __ops_seckey_t; - -/** Signature Type. - * OpenPGP defines different signature types that allow giving - * different meanings to signatures. Signature types include 0x10 for - * generitc User ID certifications (used when Ben signs Weasel's key), - * Subkey binding signatures, document signatures, key revocations, - * etc. - * - * Different types are used in different places, and most make only - * sense in their intended location (for instance a subkey binding has - * no place on a UserID). - * - * \see RFC4880 5.2.1 - */ -typedef enum { - OPS_SIG_BINARY = 0x00, /* Signature of a binary document */ - OPS_SIG_TEXT = 0x01, /* Signature of a canonical text document */ - OPS_SIG_STANDALONE = 0x02, /* Standalone signature */ - - OPS_CERT_GENERIC = 0x10,/* Generic certification of a User ID and - * Public Key packet */ - OPS_CERT_PERSONA = 0x11,/* Persona certification of a User ID and - * Public Key packet */ - OPS_CERT_CASUAL = 0x12, /* Casual certification of a User ID and - * Public Key packet */ - OPS_CERT_POSITIVE = 0x13, /* Positive certification of a - * User ID and Public Key packet */ - - OPS_SIG_SUBKEY = 0x18, /* Subkey Binding Signature */ - OPS_SIG_PRIMARY = 0x19, /* Primary Key Binding Signature */ - OPS_SIG_DIRECT = 0x1f, /* Signature directly on a key */ - - OPS_SIG_REV_KEY = 0x20, /* Key revocation signature */ - OPS_SIG_REV_SUBKEY = 0x28, /* Subkey revocation signature */ - OPS_SIG_REV_CERT = 0x30,/* Certification revocation signature */ - - OPS_SIG_TIMESTAMP = 0x40, /* Timestamp signature */ - - OPS_SIG_3RD_PARTY = 0x50/* Third-Party Confirmation signature */ -} __ops_sig_type_t; - -/** Struct to hold params of an RSA signature */ -typedef struct __ops_rsa_sig_t { - BIGNUM *sig; /* the signature value (m^d % n) */ -} __ops_rsa_sig_t; - -/** Struct to hold params of a DSA signature */ -typedef struct __ops_dsa_sig_t { - BIGNUM *r; /* DSA value r */ - BIGNUM *s; /* DSA value s */ -} __ops_dsa_sig_t; - -/** __ops_elgamal_signature_t */ -typedef struct __ops_elgamal_sig_t { - BIGNUM *r; - BIGNUM *s; -} __ops_elgamal_sig_t; - -#define OPS_KEY_ID_SIZE 8 -#define OPS_FINGERPRINT_SIZE 20 - -/** Struct to hold a signature packet. - * - * \see RFC4880 5.2.2 - * \see RFC4880 5.2.3 - */ -typedef struct __ops_sig_info_t { - __ops_version_t version;/* signature version number */ - __ops_sig_type_t type; /* signature type value */ - time_t birthtime; /* creation time of the signature */ - time_t duration; /* number of seconds it's valid for */ - uint8_t signer_id[OPS_KEY_ID_SIZE]; /* Eight-octet key ID - * of signer */ - __ops_pubkey_alg_t key_alg; /* public key algorithm number */ - __ops_hash_alg_t hash_alg; /* hashing algorithm number */ - union { - __ops_rsa_sig_t rsa; /* An RSA Signature */ - __ops_dsa_sig_t dsa; /* A DSA Signature */ - __ops_elgamal_sig_t elgamal; /* deprecated */ - __ops_data_t unknown; /* private or experimental */ - } sig; /* signature params */ - size_t v4_hashlen; - uint8_t *v4_hashed; - unsigned birthtime_set:1; - unsigned signer_id_set:1; - unsigned duration_set:1; -} __ops_sig_info_t; - -/** Struct used when parsing a signature */ -typedef struct __ops_sig_t { - __ops_sig_info_t info; /* The signature information */ - /* The following fields are only used while parsing the signature */ - uint8_t hash2[2]; /* high 2 bytes of hashed value */ - size_t v4_hashstart; /* only valid if accumulate is set */ - __ops_hash_t *hash; /* the hash filled in for the data so far */ -} __ops_sig_t; - -/** The raw bytes of a signature subpacket */ - -typedef struct __ops_ss_raw_t { - __ops_content_enum tag; - size_t length; - uint8_t *raw; -} __ops_ss_raw_t; - -/** Signature Subpacket : Trust Level */ - -typedef struct __ops_ss_trust_t { - uint8_t level; /* Trust Level */ - uint8_t amount; /* Amount */ -} __ops_ss_trust_t; - -/** Signature Subpacket : Notation Data */ -typedef struct __ops_ss_notation_t { - __ops_data_t flags; - __ops_data_t name; - __ops_data_t value; -} __ops_ss_notation_t; - -/** Signature Subpacket : Signature Target */ -typedef struct __ops_ss_sig_target_t { - __ops_pubkey_alg_t pka_alg; - __ops_hash_alg_t hash_alg; - __ops_data_t hash; -} __ops_ss_sig_target_t; - -/** __ops_subpacket_t */ -typedef struct __ops_subpacket_t { - size_t length; - uint8_t *raw; -} __ops_subpacket_t; - -/** Types of Compression */ -typedef enum { - OPS_C_NONE = 0, - OPS_C_ZIP = 1, - OPS_C_ZLIB = 2, - OPS_C_BZIP2 = 3 -} __ops_compression_type_t; - -/** __ops_one_pass_sig_t */ -typedef struct { - uint8_t version; - __ops_sig_type_t sig_type; - __ops_hash_alg_t hash_alg; - __ops_pubkey_alg_t key_alg; - uint8_t keyid[OPS_KEY_ID_SIZE]; - unsigned nested; -} __ops_one_pass_sig_t; - -/** Signature Subpacket : Revocation Key */ -typedef struct { - uint8_t class; - uint8_t algid; - uint8_t fingerprint[OPS_FINGERPRINT_SIZE]; -} __ops_ss_revocation_key_t; - -/** Signature Subpacket : Revocation Reason */ -typedef struct { - uint8_t code; - char *reason; -} __ops_ss_revocation_t; - -/** litdata_type_t */ -typedef enum { - OPS_LDT_BINARY = 'b', - OPS_LDT_TEXT = 't', - OPS_LDT_UTF8 = 'u', - OPS_LDT_LOCAL = 'l', - OPS_LDT_LOCAL2 = '1' -} __ops_litdata_enum; - -/** __ops_litdata_header_t */ -typedef struct { - __ops_litdata_enum format; - char filename[256]; - time_t mtime; -} __ops_litdata_header_t; - -/** __ops_litdata_body_t */ -typedef struct { - unsigned length; - uint8_t *data; - void *mem; /* __ops_memory_t pointer */ -} __ops_litdata_body_t; - -/** __ops_header_var_t */ -typedef struct { - char *key; - char *value; -} __ops_header_var_t; - -/** __ops_headers_t */ -typedef struct { - __ops_header_var_t *headers; - unsigned headerc; -} __ops_headers_t; - -/** __ops_armour_header_t */ -typedef struct { - const char *type; - __ops_headers_t headers; -} __ops_armour_header_t; - -/** __ops_fixed_body_t */ -typedef struct __ops_fixed_body_t { - unsigned length; - uint8_t data[8192]; /* \todo fix hard-coded value? */ -} __ops_fixed_body_t; - -/** __ops_dyn_body_t */ -typedef struct __ops_dyn_body_t { - unsigned length; - uint8_t *data; -} __ops_dyn_body_t; - -enum { - OPS_SE_IP_DATA_VERSION = 1, - OPS_PKSK_V3 = 3 -}; - -/** __ops_pk_sesskey_params_rsa_t */ -typedef struct { - BIGNUM *encrypted_m; - BIGNUM *m; -} __ops_pk_sesskey_params_rsa_t; - -/** __ops_pk_sesskey_params_elgamal_t */ -typedef struct { - BIGNUM *g_to_k; - BIGNUM *encrypted_m; -} __ops_pk_sesskey_params_elgamal_t; - -/** __ops_pk_sesskey_params_t */ -typedef union { - __ops_pk_sesskey_params_rsa_t rsa; - __ops_pk_sesskey_params_elgamal_t elgamal; -} __ops_pk_sesskey_params_t; - -/** __ops_pk_sesskey_t */ -typedef struct { - unsigned version; - uint8_t key_id[OPS_KEY_ID_SIZE]; - __ops_pubkey_alg_t alg; - __ops_pk_sesskey_params_t params; - __ops_symm_alg_t symm_alg; - uint8_t key[OPS_MAX_KEY_SIZE]; - uint16_t checksum; -} __ops_pk_sesskey_t; - -/** __ops_seckey_passphrase_t */ -typedef struct { - const __ops_seckey_t *seckey; - char **passphrase; /* point somewhere that gets filled - * in to work around constness of - * content */ -} __ops_seckey_passphrase_t; - -/** __ops_get_seckey_t */ -typedef struct { - const __ops_seckey_t **seckey; - const __ops_pk_sesskey_t *pk_sesskey; -} __ops_get_seckey_t; - -/** __ops_parser_union_content_t */ -typedef union { - const char *error; - __ops_parser_errcode_t errcode; - __ops_ptag_t ptag; - __ops_pubkey_t pubkey; - __ops_data_t trust; - uint8_t *userid; - __ops_data_t userattr; - __ops_sig_t sig; - __ops_ss_raw_t ss_raw; - __ops_ss_trust_t ss_trust; - unsigned ss_revocable; - time_t ss_time; - uint8_t ss_issuer[OPS_KEY_ID_SIZE]; - __ops_ss_notation_t ss_notation; - __ops_subpacket_t packet; - __ops_compression_type_t compressed; - __ops_one_pass_sig_t one_pass_sig; - __ops_data_t ss_skapref; - __ops_data_t ss_hashpref; - __ops_data_t ss_zpref; - __ops_data_t ss_key_flags; - __ops_data_t ss_key_server_prefs; - unsigned ss_primary_userid; - char *ss_regexp; - char *ss_policy; - char *ss_keyserv; - __ops_ss_revocation_key_t ss_revocation_key; - __ops_data_t ss_userdef; - __ops_data_t ss_unknown; - __ops_litdata_header_t litdata_header; - __ops_litdata_body_t litdata_body; - __ops_dyn_body_t mdc; - __ops_data_t ss_features; - __ops_ss_sig_target_t ss_sig_target; - __ops_data_t ss_embedded_sig; - __ops_ss_revocation_t ss_revocation; - __ops_seckey_t seckey; - uint8_t *ss_signer; - __ops_armour_header_t armour_header; - const char *armour_trailer; - __ops_headers_t cleartext_head; - __ops_fixed_body_t cleartext_body; - struct _ops_hash_t *cleartext_trailer; - __ops_dyn_body_t unarmoured_text; - __ops_pk_sesskey_t pk_sesskey; - __ops_seckey_passphrase_t skey_passphrase; - unsigned se_ip_data_header; - __ops_dyn_body_t se_ip_data_body; - __ops_fixed_body_t se_data_body; - __ops_get_seckey_t get_seckey; -} __ops_contents_t; - -/** __ops_packet_t */ -struct __ops_packet_t { - __ops_content_enum tag; /* type of contents */ - uint8_t critical; /* for sig subpackets */ - __ops_contents_t u; /* union for contents */ -}; - -/** __ops_fingerprint_t */ -typedef struct { - uint8_t fingerprint[OPS_FINGERPRINT_SIZE]; - unsigned length; - __ops_hash_alg_t hashtype; -} __ops_fingerprint_t; - -int __ops_keyid(uint8_t *, const size_t, const __ops_pubkey_t *, __ops_hash_alg_t); -int __ops_fingerprint(__ops_fingerprint_t *, const __ops_pubkey_t *, __ops_hash_alg_t); - -void __ops_finish(void); -void __ops_pubkey_free(__ops_pubkey_t *); -void __ops_userid_free(uint8_t **); -void __ops_data_free(__ops_data_t *); -void __ops_sig_free(__ops_sig_t *); -void __ops_ss_notation_free(__ops_ss_notation_t *); -void __ops_ss_revocation_free(__ops_ss_revocation_t *); -void __ops_ss_sig_target_free(__ops_ss_sig_target_t *); - -void __ops_subpacket_free(__ops_subpacket_t *); -void __ops_parser_content_free(__ops_packet_t *); -void __ops_seckey_free(__ops_seckey_t *); -void __ops_pk_sesskey_free(__ops_pk_sesskey_t *); - -int __ops_print_packet(__ops_printstate_t *, const __ops_packet_t *); - -#define DYNARRAY(type, arr) \ - unsigned arr##c; unsigned arr##vsize; type *arr##s - -#define EXPAND_ARRAY(str, arr) do { \ - if (str->arr##c == str->arr##vsize) { \ - void *__newarr; \ - char *__newarrc; \ - unsigned __newsize; \ - __newsize = (str->arr##vsize * 2) + 10; \ - if ((__newarrc = __newarr = realloc(str->arr##s, \ - __newsize * sizeof(*str->arr##s))) == NULL) { \ - (void) fprintf(stderr, "EXPAND_ARRAY - bad realloc\n"); \ - } else { \ - (void) memset(&__newarrc[str->arr##vsize * sizeof(*str->arr##s)], \ - 0x0, (__newsize - str->arr##vsize) * sizeof(*str->arr##s)); \ - str->arr##s = __newarr; \ - str->arr##vsize = __newsize; \ - } \ - } \ -} while(/*CONSTCOND*/0) - -/** __ops_keydata_key_t - */ -typedef union { - __ops_pubkey_t pubkey; - __ops_seckey_t seckey; -} __ops_keydata_key_t; - - -/* sigpacket_t */ -typedef struct { - uint8_t **userid; - __ops_subpacket_t *packet; -} sigpacket_t; - -/* user revocation info */ -typedef struct __ops_revoke_t { - uint32_t uid; /* index in uid array */ - uint8_t code; /* revocation code */ - char *reason; /* c'mon, spill the beans */ -} __ops_revoke_t; - -/** signature subpackets */ -typedef struct __ops_subsig_t { - uint32_t uid; /* index in userid array in key */ - __ops_sig_t sig; /* trust signature */ - uint8_t trustlevel; /* level of trust */ - uint8_t trustamount; /* amount of trust */ -} __ops_subsig_t; - -/* describes a user's key */ -struct __ops_key_t { - DYNARRAY(uint8_t *, uid); /* array of user ids */ - DYNARRAY(__ops_subpacket_t, packet); /* array of raw subpackets */ - DYNARRAY(__ops_subsig_t, subsig); /* array of signature subkeys */ - DYNARRAY(__ops_revoke_t, revoke); /* array of signature revocations */ - __ops_content_enum type; /* type of key */ - __ops_keydata_key_t key; /* pubkey/seckey data */ - __ops_pubkey_t sigkey; /* signature key */ - uint8_t sigid[OPS_KEY_ID_SIZE]; - __ops_fingerprint_t sigfingerprint; /* pgp signature fingerprint */ - __ops_pubkey_t enckey; /* encryption key */ - uint8_t encid[OPS_KEY_ID_SIZE]; - __ops_fingerprint_t encfingerprint; /* pgp encryption id fingerprint */ - uint32_t uid0; /* primary uid index in uids array */ - uint8_t revoked; /* key has been revoked */ - __ops_revoke_t revocation; /* revocation reason */ -}; - -#define MDC_PKT_TAG 0xd3 - -#endif /* PACKET_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/reader.c b/enzevalos_iphone/netpgp/lib/reader.c deleted file mode 100644 index 30dd1748..00000000 --- a/enzevalos_iphone/netpgp/lib/reader.c +++ /dev/null @@ -1,2366 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: reader.c,v 1.43 2010/11/04 16:13:35 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/stat.h> - -#ifdef HAVE_SYS_MMAN_H -#include <sys/mman.h> -#endif - -#ifdef HAVE_SYS_PARAM_H -#include <sys/param.h> -#endif - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_DIRECT_H -#include <direct.h> -#endif - -#ifdef HAVE_INTTYPES_H -#include <inttypes.h> -#endif - -#ifdef HAVE_OPENSSL_IDEA_H -#include <openssl/cast.h> -#endif - -#ifdef HAVE_OPENSSL_IDEA_H -#include <openssl/idea.h> -#endif - -#ifdef HAVE_OPENSSL_AES_H -#include <openssl/aes.h> -#endif - -#ifdef HAVE_OPENSSL_DES_H -#include <openssl/des.h> -#endif - -#include <string.h> -#include <stdlib.h> -#include <stdio.h> - -#ifdef HAVE_TERMIOS_H -#include <termios.h> -#endif - -#ifdef HAVE_ERRNO_H -#include <errno.h> -#endif - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_LIMITS_H -#include <limits.h> -#endif - -#include "errors.h" -#include "crypto.h" -#include "create.h" -#include "signature.h" -#include "packet.h" -#include "packet-parse.h" -#include "packet-show.h" -#include "packet.h" -#include "keyring.h" -#include "readerwriter.h" -#include "netpgpsdk.h" -#include "netpgpdefs.h" -#include "netpgpdigest.h" - - -/* get a pass phrase from the user */ -int -__ops_getpassphrase(void *in, char *phrase, size_t size) -{ - char *p; - - if (in == NULL) { - while ((p = getpass("netpgp passphrase: ")) == NULL) { - } - (void) snprintf(phrase, size, "%s", p); - } else { - if (fgets(phrase, (int)size, in) == NULL) { - return 0; - } - phrase[strlen(phrase) - 1] = 0x0; - } - return 1; -} - -/** - * \ingroup Internal_Readers_Generic - * \brief Starts reader stack - * \param stream Parse settings - * \param reader Reader to use - * \param destroyer Destroyer to use - * \param vp Reader-specific arg - */ -void -__ops_reader_set(__ops_stream_t *stream, - __ops_reader_func_t *reader, - __ops_reader_destroyer_t *destroyer, - void *vp) -{ - stream->readinfo.reader = reader; - stream->readinfo.destroyer = destroyer; - stream->readinfo.arg = vp; -} - -/** - * \ingroup Internal_Readers_Generic - * \brief Adds to reader stack - * \param stream Parse settings - * \param reader Reader to use - * \param destroyer Reader's destroyer - * \param vp Reader-specific arg - */ -void -__ops_reader_push(__ops_stream_t *stream, - __ops_reader_func_t *reader, - __ops_reader_destroyer_t *destroyer, - void *vp) -{ - __ops_reader_t *readinfo; - - if ((readinfo = calloc(1, sizeof(*readinfo))) == NULL) { - (void) fprintf(stderr, "__ops_reader_push: bad alloc\n"); - } else { - *readinfo = stream->readinfo; - (void) memset(&stream->readinfo, 0x0, sizeof(stream->readinfo)); - stream->readinfo.next = readinfo; - stream->readinfo.parent = stream; - - /* should copy accumulate flags from other reader? RW */ - stream->readinfo.accumulate = readinfo->accumulate; - - __ops_reader_set(stream, reader, destroyer, vp); - } -} - -/** - * \ingroup Internal_Readers_Generic - * \brief Removes from reader stack - * \param stream Parse settings - */ -void -__ops_reader_pop(__ops_stream_t *stream) -{ - __ops_reader_t *next = stream->readinfo.next; - - stream->readinfo = *next; - free(next); -} - -/** - * \ingroup Internal_Readers_Generic - * \brief Gets arg from reader - * \param readinfo Reader info - * \return Pointer to reader info's arg - */ -void * -__ops_reader_get_arg(__ops_reader_t *readinfo) -{ - return readinfo->arg; -} - -/**************************************************************************/ - -#define CRC24_POLY 0x1864cfbL - -enum { - NONE = 0, - BEGIN_PGP_MESSAGE, - BEGIN_PGP_PUBLIC_KEY_BLOCK, - BEGIN_PGP_PRIVATE_KEY_BLOCK, - BEGIN_PGP_MULTI, - BEGIN_PGP_SIGNATURE, - - END_PGP_MESSAGE, - END_PGP_PUBLIC_KEY_BLOCK, - END_PGP_PRIVATE_KEY_BLOCK, - END_PGP_MULTI, - END_PGP_SIGNATURE, - - BEGIN_PGP_SIGNED_MESSAGE -}; - -/** - * \struct dearmour_t - */ -typedef struct { - enum { - OUTSIDE_BLOCK = 0, - BASE64, - AT_TRAILER_NAME - } state; - int lastseen; - __ops_stream_t *parse_info; - unsigned seen_nl:1; - unsigned prev_nl:1; - unsigned allow_headers_without_gap:1; - /* !< allow headers in armoured data that are - * not separated from the data by a blank line - * */ - unsigned allow_no_gap:1; - /* !< allow no blank line at the start of - * armoured data */ - unsigned allow_trailing_whitespace:1; - /* !< allow armoured stuff to have trailing - * whitespace where we wouldn't strictly expect - * it */ - /* it is an error to get a cleartext message without a sig */ - unsigned expect_sig:1; - unsigned got_sig:1; - /* base64 stuff */ - unsigned buffered; - uint8_t buffer[3]; - unsigned eof64; - uint32_t checksum; - uint32_t read_checksum; - /* unarmoured text blocks */ - uint8_t unarmoured[NETPGP_BUFSIZ]; - size_t unarmoredc; - /* pushed back data (stored backwards) */ - uint8_t *pushback; - unsigned pushbackc; - /* armoured block headers */ - __ops_headers_t headers; -} dearmour_t; - -static void -push_back(dearmour_t *dearmour, const uint8_t *buf, - unsigned length) -{ - unsigned n; - - if (dearmour->pushback) { - (void) fprintf(stderr, "push_back: already pushed back\n"); - } else if ((dearmour->pushback = calloc(1, length)) == NULL) { - (void) fprintf(stderr, "push_back: bad alloc\n"); - } else { - for (n = 0; n < length; ++n) { - dearmour->pushback[n] = buf[(length - n) - 1]; - } - dearmour->pushbackc = length; - } -} - -/* this struct holds a textual header line */ -typedef struct headerline_t { - const char *s; /* the header line */ - size_t len; /* its length */ - int type; /* the defined type */ -} headerline_t; - -static headerline_t headerlines[] = { - { "BEGIN PGP MESSAGE", 17, BEGIN_PGP_MESSAGE }, - { "BEGIN PGP PUBLIC KEY BLOCK", 26, BEGIN_PGP_PUBLIC_KEY_BLOCK }, - { "BEGIN PGP PRIVATE KEY BLOCK",27, BEGIN_PGP_PRIVATE_KEY_BLOCK }, - { "BEGIN PGP MESSAGE, PART ", 25, BEGIN_PGP_MULTI }, - { "BEGIN PGP SIGNATURE", 19, BEGIN_PGP_SIGNATURE }, - - { "END PGP MESSAGE", 15, END_PGP_MESSAGE }, - { "END PGP PUBLIC KEY BLOCK", 24, END_PGP_PUBLIC_KEY_BLOCK }, - { "END PGP PRIVATE KEY BLOCK", 25, END_PGP_PRIVATE_KEY_BLOCK }, - { "END PGP MESSAGE, PART ", 22, END_PGP_MULTI }, - { "END PGP SIGNATURE", 17, END_PGP_SIGNATURE }, - - { "BEGIN PGP SIGNED MESSAGE", 24, BEGIN_PGP_SIGNED_MESSAGE }, - - { NULL, 0, -1 } -}; - -/* search through the table of header lines */ -static int -findheaderline(char *headerline) -{ - headerline_t *hp; - - for (hp = headerlines ; hp->s ; hp++) { - if (strncmp(headerline, hp->s, hp->len) == 0) { - break; - } - } - return hp->type; -} - -static int -set_lastseen_headerline(dearmour_t *dearmour, char *hdr, __ops_error_t **errors) -{ - int lastseen; - int prev; - - prev = dearmour->lastseen; - if ((lastseen = findheaderline(hdr)) == -1) { - OPS_ERROR_1(errors, OPS_E_R_BAD_FORMAT, - "Unrecognised Header Line %s", hdr); - return 0; - } - dearmour->lastseen = lastseen; - if (__ops_get_debug_level(__FILE__)) { - printf("set header: hdr=%s, dearmour->lastseen=%d, prev=%d\n", - hdr, dearmour->lastseen, prev); - } - switch (dearmour->lastseen) { - case NONE: - OPS_ERROR_1(errors, OPS_E_R_BAD_FORMAT, - "Unrecognised last seen Header Line %s", hdr); - break; - - case END_PGP_MESSAGE: - if (prev != BEGIN_PGP_MESSAGE) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Got END PGP MESSAGE, but not after BEGIN"); - } - break; - - case END_PGP_PUBLIC_KEY_BLOCK: - if (prev != BEGIN_PGP_PUBLIC_KEY_BLOCK) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Got END PGP PUBLIC KEY BLOCK, but not after BEGIN"); - } - break; - - case END_PGP_PRIVATE_KEY_BLOCK: - if (prev != BEGIN_PGP_PRIVATE_KEY_BLOCK) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Got END PGP PRIVATE KEY BLOCK, but not after BEGIN"); - } - break; - - case BEGIN_PGP_MULTI: - case END_PGP_MULTI: - OPS_ERROR(errors, OPS_E_R_UNSUPPORTED, - "Multi-part messages are not yet supported"); - break; - - case END_PGP_SIGNATURE: - if (prev != BEGIN_PGP_SIGNATURE) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Got END PGP SIGNATURE, but not after BEGIN"); - } - break; - - case BEGIN_PGP_MESSAGE: - case BEGIN_PGP_PUBLIC_KEY_BLOCK: - case BEGIN_PGP_PRIVATE_KEY_BLOCK: - case BEGIN_PGP_SIGNATURE: - case BEGIN_PGP_SIGNED_MESSAGE: - break; - } - return 1; -} - -static int -read_char(dearmour_t *dearmour, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo, - unsigned skip) -{ - uint8_t c; - - do { - if (dearmour->pushbackc) { - c = dearmour->pushback[--dearmour->pushbackc]; - if (dearmour->pushbackc == 0) { - free(dearmour->pushback); - dearmour->pushback = NULL; - } - } else if (__ops_stacked_read(&c, 1, errors, readinfo, - cbinfo) != 1) { - return -1; - } - } while (skip && c == '\r'); - dearmour->prev_nl = dearmour->seen_nl; - dearmour->seen_nl = c == '\n'; - return c; -} - -static int -eat_whitespace(int first, - dearmour_t *dearmour, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo, - unsigned skip) -{ - int c = first; - - while (c == ' ' || c == '\t') { - c = read_char(dearmour, errors, readinfo, cbinfo, skip); - } - return c; -} - -static int -read_and_eat_whitespace(dearmour_t *dearmour, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo, - unsigned skip) -{ - int c; - - do { - c = read_char(dearmour, errors, readinfo, cbinfo, skip); - } while (c == ' ' || c == '\t'); - return c; -} - -static void -flush(dearmour_t *dearmour, __ops_cbdata_t *cbinfo) -{ - __ops_packet_t content; - - if (dearmour->unarmoredc > 0) { - content.u.unarmoured_text.data = dearmour->unarmoured; - content.u.unarmoured_text.length = (unsigned)dearmour->unarmoredc; - CALLBACK(OPS_PTAG_CT_UNARMOURED_TEXT, cbinfo, &content); - dearmour->unarmoredc = 0; - } -} - -static int -unarmoured_read_char(dearmour_t *dearmour, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo, - unsigned skip) -{ - int c; - - do { - c = read_char(dearmour, errors, readinfo, cbinfo, 0); - if (c < 0) { - return c; - } - dearmour->unarmoured[dearmour->unarmoredc++] = c; - if (dearmour->unarmoredc == sizeof(dearmour->unarmoured)) { - flush(dearmour, cbinfo); - } - } while (skip && c == '\r'); - return c; -} - -/** - * \param headers - * \param key - * - * \return header value if found, otherwise NULL - */ -static const char * -__ops_find_header(__ops_headers_t *headers, const char *key) -{ - unsigned n; - - for (n = 0; n < headers->headerc; ++n) { - if (strcmp(headers->headers[n].key, key) == 0) { - return headers->headers[n].value; - } - } - return NULL; -} - -/** - * \param dest - * \param src - */ -static void -__ops_dup_headers(__ops_headers_t *dest, const __ops_headers_t *src) -{ - unsigned n; - - if ((dest->headers = calloc(src->headerc, sizeof(*dest->headers))) == NULL) { - (void) fprintf(stderr, "__ops_dup_headers: bad alloc\n"); - } else { - dest->headerc = src->headerc; - for (n = 0; n < src->headerc; ++n) { - dest->headers[n].key = netpgp_strdup(src->headers[n].key); - dest->headers[n].value = netpgp_strdup(src->headers[n].value); - } - } -} - -/* - * Note that this skips CRs so implementations always see just straight LFs - * as line terminators - */ -static int -process_dash_escaped(dearmour_t *dearmour, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - __ops_fixed_body_t *body; - __ops_packet_t content2; - __ops_packet_t content; - const char *hashstr; - __ops_hash_t *hash; - int total; - - body = &content.u.cleartext_body; - if ((hash = calloc(1, sizeof(*hash))) == NULL) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "process_dash_escaped: bad alloc"); - return -1; - } - hashstr = __ops_find_header(&dearmour->headers, "Hash"); - if (hashstr) { - __ops_hash_alg_t alg; - - alg = __ops_str_to_hash_alg(hashstr); - if (!__ops_is_hash_alg_supported(&alg)) { - free(hash); - OPS_ERROR_1(errors, OPS_E_R_BAD_FORMAT, - "Unsupported hash algorithm '%s'", hashstr); - return -1; - } - if (alg == OPS_HASH_UNKNOWN) { - free(hash); - OPS_ERROR_1(errors, OPS_E_R_BAD_FORMAT, - "Unknown hash algorithm '%s'", hashstr); - return -1; - } - __ops_hash_any(hash, alg); - } else { - __ops_hash_md5(hash); - } - - if (!hash->init(hash)) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "can't initialise hash"); - return -1; - } - - body->length = 0; - total = 0; - for (;;) { - int c; - unsigned count; - - c = read_char(dearmour, errors, readinfo, cbinfo, 1); - if (c < 0) { - return -1; - } - if (dearmour->prev_nl && c == '-') { - if ((c = read_char(dearmour, errors, readinfo, cbinfo, - 0)) < 0) { - return -1; - } - if (c != ' ') { - /* then this had better be a trailer! */ - if (c != '-') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Bad dash-escaping"); - } - for (count = 2; count < 5; ++count) { - if ((c = read_char(dearmour, errors, - readinfo, cbinfo, 0)) < 0) { - return -1; - } - if (c != '-') { - OPS_ERROR(errors, - OPS_E_R_BAD_FORMAT, - "Bad dash-escaping (2)"); - } - } - dearmour->state = AT_TRAILER_NAME; - break; - } - /* otherwise we read the next character */ - if ((c = read_char(dearmour, errors, readinfo, cbinfo, - 0)) < 0) { - return -1; - } - } - if (c == '\n' && body->length) { - if (memchr(body->data + 1, '\n', body->length - 1) - != NULL) { - (void) fprintf(stderr, - "process_dash_escaped: newline found\n"); - return -1; - } - if (body->data[0] == '\n') { - hash->add(hash, (const uint8_t *)"\r", 1); - } - hash->add(hash, body->data, body->length); - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "Got body:\n%s\n", body->data); - } - CALLBACK(OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, cbinfo, - &content); - body->length = 0; - } - body->data[body->length++] = c; - total += 1; - if (body->length == sizeof(body->data)) { - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "Got body (2):\n%s\n", - body->data); - } - CALLBACK(OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, cbinfo, - &content); - body->length = 0; - } - } - if (body->data[0] != '\n') { - (void) fprintf(stderr, - "process_dash_escaped: no newline in body data\n"); - return -1; - } - if (body->length != 1) { - (void) fprintf(stderr, - "process_dash_escaped: bad body length\n"); - return -1; - } - /* don't send that one character, because it's part of the trailer */ - (void) memset(&content2, 0x0, sizeof(content2)); - CALLBACK(OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER, cbinfo, &content2); - return total; -} - -static int -add_header(dearmour_t *dearmour, const char *key, const char *value) -{ - int n; - - /* - * Check that the header is valid - */ - if (strcmp(key, "Version") == 0 || - strcmp(key, "Comment") == 0 || - strcmp(key, "MessageID") == 0 || - strcmp(key, "Hash") == 0 || - strcmp(key, "Charset") == 0) { - n = dearmour->headers.headerc; - dearmour->headers.headers = realloc(dearmour->headers.headers, - (n + 1) * sizeof(*dearmour->headers.headers)); - if (dearmour->headers.headers == NULL) { - (void) fprintf(stderr, "add_header: bad alloc\n"); - return 0; - } - dearmour->headers.headers[n].key = netpgp_strdup(key); - dearmour->headers.headers[n].value = netpgp_strdup(value); - dearmour->headers.headerc = n + 1; - return 1; - } - return 0; -} - -/* \todo what does a return value of 0 indicate? 1 is good, -1 is bad */ -static int -parse_headers(dearmour_t *dearmour, __ops_error_t **errors, - __ops_reader_t * readinfo, __ops_cbdata_t * cbinfo) -{ - unsigned nbuf; - unsigned size; - unsigned first = 1; - char *buf; - int ret = 1; - - nbuf = 0; - size = 80; - if ((buf = calloc(1, size)) == NULL) { - (void) fprintf(stderr, "parse_headers: bad calloc\n"); - return -1; - } - for (;;) { - int c; - - if ((c = read_char(dearmour, errors, readinfo, cbinfo, 1)) < 0) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "Unexpected EOF"); - ret = -1; - break; - } - if (c == '\n') { - char *s; - - if (nbuf == 0) { - break; - } - - if (nbuf >= size) { - (void) fprintf(stderr, - "parse_headers: bad size\n"); - return -1; - } - buf[nbuf] = '\0'; - - if ((s = strchr(buf, ':')) == NULL) { - if (!first && !dearmour->allow_headers_without_gap) { - /* - * then we have seriously malformed - * armour - */ - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "No colon in armour header"); - ret = -1; - break; - } else { - if (first && - !(dearmour->allow_headers_without_gap || dearmour->allow_no_gap)) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "No colon in armour header (2)"); - /* - * then we have a nasty - * armoured block with no - * headers, not even a blank - * line. - */ - buf[nbuf] = '\n'; - push_back(dearmour, (uint8_t *) buf, nbuf + 1); - ret = -1; - break; - } - } - } else { - *s = '\0'; - if (s[1] != ' ') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "No space in armour header"); - ret = -1; - goto end; - } - if (!add_header(dearmour, buf, s + 2)) { - OPS_ERROR_1(errors, OPS_E_R_BAD_FORMAT, "Invalid header %s", buf); - ret = -1; - goto end; - } - nbuf = 0; - } - first = 0; - } else { - if (size <= nbuf + 1) { - size += size + 80; - buf = realloc(buf, size); - if (buf == NULL) { - (void) fprintf(stderr, "bad alloc\n"); - ret = -1; - goto end; - } - } - buf[nbuf++] = c; - } - } - -end: - free(buf); - - return ret; -} - -static int -read4(dearmour_t *dearmour, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo, - int *pc, unsigned *pn, uint32_t *pl) -{ - int n, c; - uint32_t l = 0; - - for (n = 0; n < 4; ++n) { - c = read_char(dearmour, errors, readinfo, cbinfo, 1); - if (c < 0) { - dearmour->eof64 = 1; - return -1; - } - if (c == '-' || c == '=') { - break; - } - l <<= 6; - if (c >= 'A' && c <= 'Z') { - l += (uint32_t)(c - 'A'); - } else if (c >= 'a' && c <= 'z') { - l += (uint32_t)(c - 'a') + 26; - } else if (c >= '0' && c <= '9') { - l += (uint32_t)(c - '0') + 52; - } else if (c == '+') { - l += 62; - } else if (c == '/') { - l += 63; - } else { - --n; - l >>= 6; - } - } - - *pc = c; - *pn = n; - *pl = l; - - return 4; -} - -unsigned -__ops_crc24(unsigned checksum, uint8_t c) -{ - unsigned i; - - checksum ^= c << 16; - for (i = 0; i < 8; i++) { - checksum <<= 1; - if (checksum & 0x1000000) - checksum ^= CRC24_POLY; - } - return (unsigned)(checksum & 0xffffffL); -} - -static int -decode64(dearmour_t *dearmour, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - unsigned n; - int n2; - uint32_t l; - int c; - int ret; - - if (dearmour->buffered) { - (void) fprintf(stderr, "decode64: bad dearmour->buffered\n"); - return 0; - } - - ret = read4(dearmour, errors, readinfo, cbinfo, &c, &n, &l); - if (ret < 0) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "Badly formed base64"); - return 0; - } - if (n == 3) { - if (c != '=') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Badly terminated base64 (2)"); - return 0; - } - dearmour->buffered = 2; - dearmour->eof64 = 1; - l >>= 2; - } else if (n == 2) { - if (c != '=') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Badly terminated base64 (3)"); - return 0; - } - dearmour->buffered = 1; - dearmour->eof64 = 1; - l >>= 4; - c = read_char(dearmour, errors, readinfo, cbinfo, 0); - if (c != '=') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Badly terminated base64"); - return 0; - } - } else if (n == 0) { - if (!dearmour->prev_nl || c != '=') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Badly terminated base64 (4)"); - return 0; - } - dearmour->buffered = 0; - } else { - if (n != 4) { - (void) fprintf(stderr, - "decode64: bad n (!= 4)\n"); - return 0; - } - dearmour->buffered = 3; - if (c == '-' || c == '=') { - (void) fprintf(stderr, "decode64: bad c\n"); - return 0; - } - } - - if (dearmour->buffered < 3 && dearmour->buffered > 0) { - /* then we saw padding */ - if (c != '=') { - (void) fprintf(stderr, "decode64: bad c (=)\n"); - return 0; - } - c = read_and_eat_whitespace(dearmour, errors, readinfo, cbinfo, - 1); - if (c != '\n') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "No newline at base64 end"); - return 0; - } - c = read_char(dearmour, errors, readinfo, cbinfo, 0); - if (c != '=') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "No checksum at base64 end"); - return 0; - } - } - if (c == '=') { - /* now we are at the checksum */ - ret = read4(dearmour, errors, readinfo, cbinfo, &c, &n, - &dearmour->read_checksum); - if (ret < 0 || n != 4) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Error in checksum"); - return 0; - } - c = read_char(dearmour, errors, readinfo, cbinfo, 1); - if (dearmour->allow_trailing_whitespace) - c = eat_whitespace(c, dearmour, errors, readinfo, cbinfo, - 1); - if (c != '\n') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Badly terminated checksum"); - return 0; - } - c = read_char(dearmour, errors, readinfo, cbinfo, 0); - if (c != '-') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Bad base64 trailer (2)"); - return 0; - } - } - if (c == '-') { - for (n = 0; n < 4; ++n) - if (read_char(dearmour, errors, readinfo, cbinfo, - 0) != '-') { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Bad base64 trailer"); - return 0; - } - dearmour->eof64 = 1; - } else { - if (!dearmour->buffered) { - (void) fprintf(stderr, "decode64: not buffered\n"); - return 0; - } - } - - for (n = 0; n < dearmour->buffered; ++n) { - dearmour->buffer[n] = (uint8_t)l; - l >>= 8; - } - - for (n2 = dearmour->buffered - 1; n2 >= 0; --n2) - dearmour->checksum = __ops_crc24((unsigned)dearmour->checksum, - dearmour->buffer[n2]); - - if (dearmour->eof64 && dearmour->read_checksum != dearmour->checksum) { - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "Checksum mismatch"); - return 0; - } - return 1; -} - -static void -base64(dearmour_t *dearmour) -{ - dearmour->state = BASE64; - dearmour->checksum = CRC24_INIT; - dearmour->eof64 = 0; - dearmour->buffered = 0; -} - -/* This reader is rather strange in that it can generate callbacks for */ -/* content - this is because plaintext is not encapsulated in PGP */ -/* packets... it also calls back for the text between the blocks. */ - -static int -armoured_data_reader(void *dest_, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - __ops_packet_t content; - dearmour_t *dearmour; - unsigned first; - uint8_t *dest = dest_; - char buf[1024]; - int saved; - int ret; - - dearmour = __ops_reader_get_arg(readinfo); - saved = (int)length; - if (dearmour->eof64 && !dearmour->buffered) { - if (dearmour->state != OUTSIDE_BLOCK && - dearmour->state != AT_TRAILER_NAME) { - (void) fprintf(stderr, - "armoured_data_reader: bad dearmour state\n"); - return 0; - } - } - - while (length > 0) { - unsigned count; - unsigned n; - int c; - - flush(dearmour, cbinfo); - switch (dearmour->state) { - case OUTSIDE_BLOCK: - /* - * This code returns EOF rather than EARLY_EOF - * because if we don't see a header line at all, then - * it is just an EOF (and not a BLOCK_END) - */ - while (!dearmour->seen_nl) { - if ((c = unarmoured_read_char(dearmour, errors, - readinfo, cbinfo, 1)) < 0) { - return 0; - } - } - - /* - * flush at this point so we definitely have room for - * the header, and so we can easily erase it from the - * buffer - */ - flush(dearmour, cbinfo); - /* Find and consume the 5 leading '-' */ - for (count = 0; count < 5; ++count) { - if ((c = unarmoured_read_char(dearmour, errors, - readinfo, cbinfo, 0)) < 0) { - return 0; - } - if (c != '-') { - goto reloop; - } - } - - /* Now find the block type */ - for (n = 0; n < sizeof(buf) - 1;) { - if ((c = unarmoured_read_char(dearmour, errors, - readinfo, cbinfo, 0)) < 0) { - return 0; - } - if (c == '-') { - goto got_minus; - } - buf[n++] = c; - } - /* then I guess this wasn't a proper header */ - break; - -got_minus: - buf[n] = '\0'; - - /* Consume trailing '-' */ - for (count = 1; count < 5; ++count) { - if ((c = unarmoured_read_char(dearmour, errors, - readinfo, cbinfo, 0)) < 0) { - return 0; - } - if (c != '-') { - /* wasn't a header after all */ - goto reloop; - } - } - - /* Consume final NL */ - if ((c = unarmoured_read_char(dearmour, errors, readinfo, - cbinfo, 1)) < 0) { - return 0; - } - if (dearmour->allow_trailing_whitespace) { - if ((c = eat_whitespace(c, dearmour, errors, - readinfo, cbinfo, 1)) < 0) { - return 0; - } - } - if (c != '\n') { - /* wasn't a header line after all */ - break; - } - - /* - * Now we've seen the header, scrub it from the - * buffer - */ - dearmour->unarmoredc = 0; - - /* - * But now we've seen a header line, then errors are - * EARLY_EOF - */ - if ((ret = parse_headers(dearmour, errors, readinfo, - cbinfo)) <= 0) { - return -1; - } - - if (!set_lastseen_headerline(dearmour, buf, errors)) { - return -1; - } - - if (strcmp(buf, "BEGIN PGP SIGNED MESSAGE") == 0) { - __ops_dup_headers( - &content.u.cleartext_head, - &dearmour->headers); - CALLBACK(OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER, - cbinfo, - &content); - ret = process_dash_escaped(dearmour, errors, - readinfo, cbinfo); - if (ret <= 0) { - return ret; - } - } else { - content.u.armour_header.type = buf; - content.u.armour_header.headers = - dearmour->headers; - (void) memset(&dearmour->headers, 0x0, - sizeof(dearmour->headers)); - CALLBACK(OPS_PTAG_CT_ARMOUR_HEADER, cbinfo, - &content); - base64(dearmour); - } - break; - - case BASE64: - first = 1; - while (length > 0) { - if (!dearmour->buffered) { - if (!dearmour->eof64) { - ret = decode64(dearmour, - errors, readinfo, cbinfo); - if (ret <= 0) { - return ret; - } - } - if (!dearmour->buffered) { - if (!dearmour->eof64) { - (void) fprintf(stderr, -"armoured_data_reader: bad dearmour eof64\n"); - return 0; - } - if (first) { - dearmour->state = - AT_TRAILER_NAME; - goto reloop; - } - return -1; - } - } - if (!dearmour->buffered) { - (void) fprintf(stderr, - "armoured_data_reader: bad dearmour buffered\n"); - return 0; - } - *dest = dearmour->buffer[--dearmour->buffered]; - ++dest; - --length; - first = 0; - } - if (dearmour->eof64 && !dearmour->buffered) { - dearmour->state = AT_TRAILER_NAME; - } - break; - - case AT_TRAILER_NAME: - for (n = 0; n < sizeof(buf) - 1;) { - if ((c = read_char(dearmour, errors, readinfo, - cbinfo, 0)) < 0) { - return -1; - } - if (c == '-') { - goto got_minus2; - } - buf[n++] = c; - } - /* then I guess this wasn't a proper trailer */ - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Bad ASCII armour trailer"); - break; - -got_minus2: - buf[n] = '\0'; - - if (!set_lastseen_headerline(dearmour, buf, errors)) { - return -1; - } - - /* Consume trailing '-' */ - for (count = 1; count < 5; ++count) { - if ((c = read_char(dearmour, errors, readinfo, - cbinfo, 0)) < 0) { - return -1; - } - if (c != '-') { - /* wasn't a trailer after all */ - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Bad ASCII armour trailer (2)"); - } - } - - /* Consume final NL */ - if ((c = read_char(dearmour, errors, readinfo, cbinfo, - 1)) < 0) { - return -1; - } - if (dearmour->allow_trailing_whitespace) { - if ((c = eat_whitespace(c, dearmour, errors, - readinfo, cbinfo, 1)) < 0) { - return 0; - } - } - if (c != '\n') { - /* wasn't a trailer line after all */ - OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, - "Bad ASCII armour trailer (3)"); - } - - if (strncmp(buf, "BEGIN ", 6) == 0) { - if (!set_lastseen_headerline(dearmour, buf, - errors)) { - return -1; - } - if ((ret = parse_headers(dearmour, errors, - readinfo, cbinfo)) <= 0) { - return ret; - } - content.u.armour_header.type = buf; - content.u.armour_header.headers = - dearmour->headers; - (void) memset(&dearmour->headers, 0x0, - sizeof(dearmour->headers)); - CALLBACK(OPS_PTAG_CT_ARMOUR_HEADER, cbinfo, - &content); - base64(dearmour); - } else { - content.u.armour_trailer = buf; - CALLBACK(OPS_PTAG_CT_ARMOUR_TRAILER, cbinfo, - &content); - dearmour->state = OUTSIDE_BLOCK; - } - break; - } -reloop: - continue; - } - - return saved; -} - -static void -armoured_data_destroyer(__ops_reader_t *readinfo) -{ - free(__ops_reader_get_arg(readinfo)); -} - -/** - * \ingroup Core_Readers_Armour - * \brief Pushes dearmouring reader onto stack - * \param parse_info Usual structure containing information about to how to do the parse - * \sa __ops_reader_pop_dearmour() - */ -void -__ops_reader_push_dearmour(__ops_stream_t *parse_info) -/* - * This function originally had these params to cater for packets which - * didn't strictly match the RFC. The initial 0.5 release is only going to - * support strict checking. If it becomes desirable to support loose checking - * of armoured packets and these params are reinstated, parse_headers() must - * be fixed so that these flags work correctly. - * - * // Allow headers in armoured data that are not separated from the data by a - * blank line unsigned without_gap, - * - * // Allow no blank line at the start of armoured data unsigned no_gap, - * - * //Allow armoured data to have trailing whitespace where we strictly would not - * expect it unsigned trailing_whitespace - */ -{ - dearmour_t *dearmour; - - if ((dearmour = calloc(1, sizeof(*dearmour))) == NULL) { - (void) fprintf(stderr, "__ops_reader_push_dearmour: bad alloc\n"); - } else { - dearmour->seen_nl = 1; - /* - dearmour->allow_headers_without_gap=without_gap; - dearmour->allow_no_gap=no_gap; - dearmour->allow_trailing_whitespace=trailing_whitespace; - */ - dearmour->expect_sig = 0; - dearmour->got_sig = 0; - - __ops_reader_push(parse_info, armoured_data_reader, - armoured_data_destroyer, dearmour); - } -} - -/** - * \ingroup Core_Readers_Armour - * \brief Pops dearmour reader from stock - * \param stream - * \sa __ops_reader_push_dearmour() - */ -void -__ops_reader_pop_dearmour(__ops_stream_t *stream) -{ - dearmour_t *dearmour; - - dearmour = __ops_reader_get_arg(__ops_readinfo(stream)); - free(dearmour); - __ops_reader_pop(stream); -} - -/**************************************************************************/ - -/* this is actually used for *decrypting* */ -typedef struct { - uint8_t decrypted[1024 * 15]; - size_t c; - size_t off; - __ops_crypt_t *decrypt; - __ops_region_t *region; - unsigned prevplain:1; -} encrypted_t; - -static int -encrypted_data_reader(void *dest, - size_t length, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - encrypted_t *encrypted; - char *cdest; - int saved; - - encrypted = __ops_reader_get_arg(readinfo); - saved = (int)length; - /* - * V3 MPIs have the count plain and the cipher is reset after each - * count - */ - if (encrypted->prevplain && !readinfo->parent->reading_mpi_len) { - if (!readinfo->parent->reading_v3_secret) { - (void) fprintf(stderr, - "encrypted_data_reader: bad v3 secret\n"); - return -1; - } - encrypted->decrypt->decrypt_resync(encrypted->decrypt); - encrypted->prevplain = 0; - } else if (readinfo->parent->reading_v3_secret && - readinfo->parent->reading_mpi_len) { - encrypted->prevplain = 1; - } - while (length > 0) { - if (encrypted->c) { - unsigned n; - - /* - * if we are reading v3 we should never read - * more than we're asked for */ - if (length < encrypted->c && - (readinfo->parent->reading_v3_secret || - readinfo->parent->exact_read)) { - (void) fprintf(stderr, - "encrypted_data_reader: bad v3 read\n"); - return 0; - } - n = (int)MIN(length, encrypted->c); - (void) memcpy(dest, - encrypted->decrypted + encrypted->off, n); - encrypted->c -= n; - encrypted->off += n; - length -= n; - cdest = dest; - cdest += n; - dest = cdest; - } else { - unsigned n = encrypted->region->length; - uint8_t buffer[1024]; - - if (!n) { - return -1; - } - if (!encrypted->region->indeterminate) { - n -= encrypted->region->readc; - if (n == 0) { - return (int)(saved - length); - } - if (n > sizeof(buffer)) { - n = sizeof(buffer); - } - } else { - n = sizeof(buffer); - } - - /* - * we can only read as much as we're asked for - * in v3 keys because they're partially - * unencrypted! */ - if ((readinfo->parent->reading_v3_secret || - readinfo->parent->exact_read) && n > length) { - n = (unsigned)length; - } - - if (!__ops_stacked_limited_read(buffer, n, - encrypted->region, errors, readinfo, cbinfo)) { - return -1; - } - if (!readinfo->parent->reading_v3_secret || - !readinfo->parent->reading_mpi_len) { - encrypted->c = - __ops_decrypt_se_ip(encrypted->decrypt, - encrypted->decrypted, buffer, n); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "encrypted", buffer, 16); - hexdump(stderr, "decrypted", encrypted->decrypted, 16); - } - } else { - (void) memcpy( - &encrypted->decrypted[encrypted->off], buffer, n); - encrypted->c = n; - } - - if (encrypted->c == 0) { - (void) fprintf(stderr, - "encrypted_data_reader: 0 decrypted count\n"); - return 0; - } - - encrypted->off = 0; - } - } - - return saved; -} - -static void -encrypted_data_destroyer(__ops_reader_t *readinfo) -{ - free(__ops_reader_get_arg(readinfo)); -} - -/** - * \ingroup Core_Readers_SE - * \brief Pushes decryption reader onto stack - * \sa __ops_reader_pop_decrypt() - */ -void -__ops_reader_push_decrypt(__ops_stream_t *stream, __ops_crypt_t *decrypt, - __ops_region_t *region) -{ - encrypted_t *encrypted; - - if ((encrypted = calloc(1, sizeof(*encrypted))) == NULL) { - (void) fprintf(stderr, "__ops_reader_push_decrypted: bad alloc\n"); - } else { - encrypted->decrypt = decrypt; - encrypted->region = region; - __ops_decrypt_init(encrypted->decrypt); - __ops_reader_push(stream, encrypted_data_reader, - encrypted_data_destroyer, encrypted); - } -} - -/** - * \ingroup Core_Readers_Encrypted - * \brief Pops decryption reader from stack - * \sa __ops_reader_push_decrypt() - */ -void -__ops_reader_pop_decrypt(__ops_stream_t *stream) -{ - encrypted_t *encrypted; - - encrypted = __ops_reader_get_arg(__ops_readinfo(stream)); - encrypted->decrypt->decrypt_finish(encrypted->decrypt); - free(encrypted); - __ops_reader_pop(stream); -} - -/**************************************************************************/ - -typedef struct { - /* boolean: 0 once we've done the preamble/MDC checks */ - /* and are reading from the plaintext */ - int passed_checks; - uint8_t *plaintext; - size_t plaintext_available; - size_t plaintext_offset; - __ops_region_t *region; - __ops_crypt_t *decrypt; -} decrypt_se_ip_t; - -/* - Gets entire SE_IP data packet. - Verifies leading preamble - Verifies trailing MDC packet - Then passes up plaintext as requested -*/ -static int -se_ip_data_reader(void *dest_, - size_t len, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - decrypt_se_ip_t *se_ip; - __ops_region_t decrypted_region; - unsigned n = 0; - - se_ip = __ops_reader_get_arg(readinfo); - if (!se_ip->passed_checks) { - uint8_t *buf = NULL; - uint8_t hashed[OPS_SHA1_HASH_SIZE]; - uint8_t *preamble; - uint8_t *plaintext; - uint8_t *mdc; - uint8_t *mdc_hash; - __ops_hash_t hash; - size_t b; - size_t sz_preamble; - size_t sz_mdc_hash; - size_t sz_mdc; - size_t sz_plaintext; - - __ops_hash_any(&hash, OPS_HASH_SHA1); - if (!hash.init(&hash)) { - (void) fprintf(stderr, - "se_ip_data_reader: can't init hash\n"); - return -1; - } - - __ops_init_subregion(&decrypted_region, NULL); - decrypted_region.length = - se_ip->region->length - se_ip->region->readc; - if ((buf = calloc(1, decrypted_region.length)) == NULL) { - (void) fprintf(stderr, "se_ip_data_reader: bad alloc\n"); - return -1; - } - - /* read entire SE IP packet */ - if (!__ops_stacked_limited_read(buf, decrypted_region.length, - &decrypted_region, errors, readinfo, cbinfo)) { - free(buf); - return -1; - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "SE IP packet", buf, decrypted_region.length); - } - /* verify leading preamble */ - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "preamble", buf, se_ip->decrypt->blocksize); - } - b = se_ip->decrypt->blocksize; - if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { - fprintf(stderr, - "Bad symmetric decrypt (%02x%02x vs %02x%02x)\n", - buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); - OPS_ERROR(errors, OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT, - "Bad symmetric decrypt when parsing SE IP packet"); - free(buf); - return -1; - } - /* Verify trailing MDC hash */ - - sz_preamble = se_ip->decrypt->blocksize + 2; - sz_mdc_hash = OPS_SHA1_HASH_SIZE; - sz_mdc = 1 + 1 + sz_mdc_hash; - sz_plaintext = (decrypted_region.length - sz_preamble) - sz_mdc; - - preamble = buf; - plaintext = buf + sz_preamble; - mdc = plaintext + sz_plaintext; - mdc_hash = mdc + 2; - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "plaintext", plaintext, sz_plaintext); - hexdump(stderr, "mdc", mdc, sz_mdc); - } - __ops_calc_mdc_hash(preamble, sz_preamble, plaintext, - (unsigned)sz_plaintext, hashed); - - if (memcmp(mdc_hash, hashed, OPS_SHA1_HASH_SIZE) != 0) { - OPS_ERROR(errors, OPS_E_V_BAD_HASH, - "Bad hash in MDC packet"); - free(buf); - return 0; - } - /* all done with the checks */ - /* now can start reading from the plaintext */ - if (se_ip->plaintext) { - (void) fprintf(stderr, - "se_ip_data_reader: bad plaintext\n"); - return 0; - } - if ((se_ip->plaintext = calloc(1, sz_plaintext)) == NULL) { - (void) fprintf(stderr, - "se_ip_data_reader: bad alloc\n"); - return 0; - } - memcpy(se_ip->plaintext, plaintext, sz_plaintext); - se_ip->plaintext_available = sz_plaintext; - - se_ip->passed_checks = 1; - - free(buf); - } - n = (unsigned)len; - if (n > se_ip->plaintext_available) { - n = (unsigned)se_ip->plaintext_available; - } - - memcpy(dest_, se_ip->plaintext + se_ip->plaintext_offset, n); - se_ip->plaintext_available -= n; - se_ip->plaintext_offset += n; - /* len -= n; - not used at all, for info only */ - - return n; -} - -static void -se_ip_data_destroyer(__ops_reader_t *readinfo) -{ - decrypt_se_ip_t *se_ip; - - se_ip = __ops_reader_get_arg(readinfo); - free(se_ip->plaintext); - free(se_ip); -} - -/** - \ingroup Internal_Readers_SEIP -*/ -void -__ops_reader_push_se_ip_data(__ops_stream_t *stream, __ops_crypt_t *decrypt, - __ops_region_t * region) -{ - decrypt_se_ip_t *se_ip; - - if ((se_ip = calloc(1, sizeof(*se_ip))) == NULL) { - (void) fprintf(stderr, "__ops_reader_push_se_ip_data: bad alloc\n"); - } else { - se_ip->region = region; - se_ip->decrypt = decrypt; - __ops_reader_push(stream, se_ip_data_reader, se_ip_data_destroyer, - se_ip); - } -} - -/** - \ingroup Internal_Readers_SEIP - */ -void -__ops_reader_pop_se_ip_data(__ops_stream_t *stream) -{ - /* - * decrypt_se_ip_t - * *se_ip=__ops_reader_get_arg(__ops_readinfo(stream)); - */ - /* free(se_ip); */ - __ops_reader_pop(stream); -} - -/**************************************************************************/ - -/** Arguments for reader_fd - */ -typedef struct mmap_reader_t { - void *mem; /* memory mapped file */ - uint64_t size; /* size of file */ - uint64_t offset; /* current offset in file */ - int fd; /* file descriptor */ -} mmap_reader_t; - - -/** - * \ingroup Core_Readers - * - * __ops_reader_fd() attempts to read up to "plength" bytes from the file - * descriptor in "parse_info" into the buffer starting at "dest" using the - * rules contained in "flags" - * - * \param dest Pointer to previously allocated buffer - * \param plength Number of bytes to try to read - * \param flags Rules about reading to use - * \param readinfo Reader info - * \param cbinfo Callback info - * - * \return n Number of bytes read - * - * OPS_R_EARLY_EOF and OPS_R_ERROR push errors on the stack - */ -static int -fd_reader(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - mmap_reader_t *reader; - int n; - - __OPS_USED(cbinfo); - reader = __ops_reader_get_arg(readinfo); - n = (int)read(reader->fd, dest, length); - if (n == 0) - return 0; - if (n < 0) { - OPS_SYSTEM_ERROR_1(errors, OPS_E_R_READ_FAILED, "read", - "file descriptor %d", reader->fd); - return -1; - } - return n; -} - -static void -reader_fd_destroyer(__ops_reader_t *readinfo) -{ - free(__ops_reader_get_arg(readinfo)); -} - -/** - \ingroup Core_Readers_First - \brief Starts stack with file reader -*/ - -void -__ops_reader_set_fd(__ops_stream_t *stream, int fd) -{ - mmap_reader_t *reader; - - if ((reader = calloc(1, sizeof(*reader))) == NULL) { - (void) fprintf(stderr, "__ops_reader_set_fd: bad alloc\n"); - } else { - reader->fd = fd; - __ops_reader_set(stream, fd_reader, reader_fd_destroyer, reader); - } -} - -/**************************************************************************/ - -typedef struct { - const uint8_t *buffer; - size_t length; - size_t offset; -} reader_mem_t; - -static int -mem_reader(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - reader_mem_t *reader = __ops_reader_get_arg(readinfo); - unsigned n; - - __OPS_USED(cbinfo); - __OPS_USED(errors); - - if (reader->offset + length > reader->length) - n = (unsigned)(reader->length - reader->offset); - else - n = (unsigned)length; - - if (n == (unsigned)0) - return 0; - - memcpy(dest, reader->buffer + reader->offset, n); - reader->offset += n; - - return n; -} - -static void -mem_destroyer(__ops_reader_t *readinfo) -{ - free(__ops_reader_get_arg(readinfo)); -} - -/** - \ingroup Core_Readers_First - \brief Starts stack with memory reader -*/ - -void -__ops_reader_set_memory(__ops_stream_t *stream, const void *buffer, - size_t length) -{ - reader_mem_t *mem; - - if ((mem = calloc(1, sizeof(*mem))) == NULL) { - (void) fprintf(stderr, "__ops_reader_set_memory: bad alloc\n"); - } else { - mem->buffer = buffer; - mem->length = length; - mem->offset = 0; - __ops_reader_set(stream, mem_reader, mem_destroyer, mem); - } -} - -/**************************************************************************/ - -/** - \ingroup Core_Writers - \brief Create and initialise output and mem; Set for writing to mem - \param output Address where new output pointer will be set - \param mem Address when new mem pointer will be set - \param bufsz Initial buffer size (will automatically be increased when necessary) - \note It is the caller's responsiblity to free output and mem. - \sa __ops_teardown_memory_write() -*/ -void -__ops_setup_memory_write(__ops_output_t **output, __ops_memory_t **mem, size_t bufsz) -{ - /* - * initialise needed structures for writing to memory - */ - - *output = __ops_output_new(); - *mem = __ops_memory_new(); - - __ops_memory_init(*mem, bufsz); - - __ops_writer_set_memory(*output, *mem); -} - -/** - \ingroup Core_Writers - \brief Closes writer and frees output and mem - \param output - \param mem - \sa __ops_setup_memory_write() -*/ -void -__ops_teardown_memory_write(__ops_output_t *output, __ops_memory_t *mem) -{ - __ops_writer_close(output);/* new */ - __ops_output_delete(output); - __ops_memory_free(mem); -} - -/** - \ingroup Core_Readers - \brief Create parse_info and sets to read from memory - \param stream Address where new parse_info will be set - \param mem Memory to read from - \param arg Reader-specific arg - \param callback Callback to use with reader - \param accumulate Set if we need to accumulate as we read. (Usually 0 unless doing signature verification) - \note It is the caller's responsiblity to free parse_info - \sa __ops_teardown_memory_read() -*/ -void -__ops_setup_memory_read(__ops_io_t *io, - __ops_stream_t **stream, - __ops_memory_t *mem, - void *vp, - __ops_cb_ret_t callback(const __ops_packet_t *, - __ops_cbdata_t *), - unsigned accumulate) -{ - *stream = __ops_new(sizeof(**stream)); - (*stream)->io = (*stream)->cbinfo.io = io; - __ops_set_callback(*stream, callback, vp); - __ops_reader_set_memory(*stream, - __ops_mem_data(mem), - __ops_mem_len(mem)); - if (accumulate) { - (*stream)->readinfo.accumulate = 1; - } -} - -/** - \ingroup Core_Readers - \brief Frees stream and mem - \param stream - \param mem - \sa __ops_setup_memory_read() -*/ -void -__ops_teardown_memory_read(__ops_stream_t *stream, __ops_memory_t *mem) -{ - __ops_stream_delete(stream); - __ops_memory_free(mem); -} - -/** - \ingroup Core_Writers - \brief Create and initialise output and mem; Set for writing to file - \param output Address where new output pointer will be set - \param filename File to write to - \param allow_overwrite Allows file to be overwritten, if set. - \return Newly-opened file descriptor - \note It is the caller's responsiblity to free output and to close fd. - \sa __ops_teardown_file_write() -*/ -int -__ops_setup_file_write(__ops_output_t **output, const char *filename, - unsigned allow_overwrite) -{ - int fd = 0; - int flags = 0; - - /* - * initialise needed structures for writing to file - */ - if (filename == NULL) { - /* write to stdout */ - fd = STDOUT_FILENO; - } else { - flags = O_WRONLY | O_CREAT; - if (allow_overwrite) - flags |= O_TRUNC; - else - flags |= O_EXCL; -#ifdef O_BINARY - flags |= O_BINARY; -#endif - fd = open(filename, flags, 0600); - if (fd < 0) { - perror(filename); - return fd; - } - } - *output = __ops_output_new(); - __ops_writer_set_fd(*output, fd); - return fd; -} - -/** - \ingroup Core_Writers - \brief Closes writer, frees info, closes fd - \param output - \param fd -*/ -void -__ops_teardown_file_write(__ops_output_t *output, int fd) -{ - __ops_writer_close(output); - close(fd); - __ops_output_delete(output); -} - -/** - \ingroup Core_Writers - \brief As __ops_setup_file_write, but appends to file -*/ -int -__ops_setup_file_append(__ops_output_t **output, const char *filename) -{ - int fd; - - /* - * initialise needed structures for writing to file - */ -#ifdef O_BINARY - fd = open(filename, O_WRONLY | O_APPEND | O_BINARY, 0600); -#else - fd = open(filename, O_WRONLY | O_APPEND, 0600); -#endif - if (fd >= 0) { - *output = __ops_output_new(); - __ops_writer_set_fd(*output, fd); - } - return fd; -} - -/** - \ingroup Core_Writers - \brief As __ops_teardown_file_write() -*/ -void -__ops_teardown_file_append(__ops_output_t *output, int fd) -{ - __ops_teardown_file_write(output, fd); -} - -/** - \ingroup Core_Readers - \brief Creates parse_info, opens file, and sets to read from file - \param stream Address where new parse_info will be set - \param filename Name of file to read - \param vp Reader-specific arg - \param callback Callback to use when reading - \param accumulate Set if we need to accumulate as we read. (Usually 0 unless doing signature verification) - \note It is the caller's responsiblity to free parse_info and to close fd - \sa __ops_teardown_file_read() -*/ -int -__ops_setup_file_read(__ops_io_t *io, - __ops_stream_t **stream, - const char *filename, - void *vp, - __ops_cb_ret_t callback(const __ops_packet_t *, - __ops_cbdata_t *), - unsigned accumulate) -{ - int fd; - -#ifdef O_BINARY - fd = open(filename, O_RDONLY | O_BINARY); -#else - fd = open(filename, O_RDONLY); -#endif - if (fd < 0) { - (void) fprintf(io->errs, "can't open \"%s\"\n", filename); - return fd; - } - *stream = __ops_new(sizeof(**stream)); - (*stream)->io = (*stream)->cbinfo.io = io; - __ops_set_callback(*stream, callback, vp); -#ifdef USE_MMAP_FOR_FILES - __ops_reader_set_mmap(*stream, fd); -#else - __ops_reader_set_fd(*stream, fd); -#endif - if (accumulate) { - (*stream)->readinfo.accumulate = 1; - } - return fd; -} - -/** - \ingroup Core_Readers - \brief Frees stream and closes fd - \param stream - \param fd - \sa __ops_setup_file_read() -*/ -void -__ops_teardown_file_read(__ops_stream_t *stream, int fd) -{ - close(fd); - __ops_stream_delete(stream); -} - -__ops_cb_ret_t -__ops_litdata_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - - if (__ops_get_debug_level(__FILE__)) { - printf("__ops_litdata_cb: "); - __ops_print_packet(&cbinfo->printstate, pkt); - } - /* Read data from packet into static buffer */ - switch (pkt->tag) { - case OPS_PTAG_CT_LITDATA_BODY: - /* if writer enabled, use it */ - if (cbinfo->output) { - if (__ops_get_debug_level(__FILE__)) { - printf("__ops_litdata_cb: length is %u\n", - content->litdata_body.length); - } - __ops_write(cbinfo->output, - content->litdata_body.data, - content->litdata_body.length); - } - break; - - case OPS_PTAG_CT_LITDATA_HEADER: - /* ignore */ - break; - - default: - break; - } - - return OPS_RELEASE_MEMORY; -} - -__ops_cb_ret_t -__ops_pk_sesskey_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - unsigned from; - __ops_io_t *io; - - io = cbinfo->io; - if (__ops_get_debug_level(__FILE__)) { - __ops_print_packet(&cbinfo->printstate, pkt); - } - /* Read data from packet into static buffer */ - switch (pkt->tag) { - case OPS_PTAG_CT_PK_SESSION_KEY: - if (__ops_get_debug_level(__FILE__)) { - printf("OPS_PTAG_CT_PK_SESSION_KEY\n"); - } - if (!cbinfo->cryptinfo.secring) { - (void) fprintf(io->errs, - "__ops_pk_sesskey_cb: bad keyring\n"); - return (__ops_cb_ret_t)0; - } - from = 0; - cbinfo->cryptinfo.keydata = - __ops_getkeybyid(io, cbinfo->cryptinfo.secring, - content->pk_sesskey.key_id, &from, NULL); - if (!cbinfo->cryptinfo.keydata) { - break; - } - break; - - default: - break; - } - - return OPS_RELEASE_MEMORY; -} - -/** - \ingroup Core_Callbacks - -\brief Callback to get secret key, decrypting if necessary. - -@verbatim - This callback does the following: - * finds the session key in the keyring - * gets a passphrase if required - * decrypts the secret key, if necessary - * sets the seckey in the content struct -@endverbatim -*/ - -__ops_cb_ret_t -__ops_get_seckey_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - const __ops_seckey_t *secret; - const __ops_key_t *pubkey; - const __ops_key_t *keypair; - unsigned from; - __ops_io_t *io; - - io = cbinfo->io; - if (__ops_get_debug_level(__FILE__)) { - __ops_print_packet(&cbinfo->printstate, pkt); - } - switch (pkt->tag) { - case OPS_GET_SECKEY: - /* print key from pubring */ - from = 0; - pubkey = __ops_getkeybyid(io, cbinfo->cryptinfo.pubring, - content->get_seckey.pk_sesskey->key_id, - &from, NULL); - /* validate key from secring */ - from = 0; - cbinfo->cryptinfo.keydata = - __ops_getkeybyid(io, cbinfo->cryptinfo.secring, - content->get_seckey.pk_sesskey->key_id, - &from, NULL); - if (!cbinfo->cryptinfo.keydata || - !__ops_is_key_secret(cbinfo->cryptinfo.keydata)) { - return (__ops_cb_ret_t)0; - } - keypair = cbinfo->cryptinfo.keydata; - if (pubkey == NULL) { - pubkey = keypair; - } - do { - /* print out the user id */ - __ops_print_keydata(io, cbinfo->cryptinfo.pubring, pubkey, - "signature ", &pubkey->key.pubkey, 0); - /* now decrypt key */ - secret = __ops_decrypt_seckey(keypair, cbinfo->passfp); - if (secret == NULL) { - (void) fprintf(io->errs, "Bad passphrase\n"); - } - } while (secret == NULL); - *content->get_seckey.seckey = secret; - break; - - default: - break; - } - - return OPS_RELEASE_MEMORY; -} - -/** - \ingroup HighLevel_Callbacks - \brief Callback to use when you need to prompt user for passphrase - \param contents - \param cbinfo -*/ -__ops_cb_ret_t -get_passphrase_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - __ops_io_t *io; - - io = cbinfo->io; - if (__ops_get_debug_level(__FILE__)) { - __ops_print_packet(&cbinfo->printstate, pkt); - } - if (cbinfo->cryptinfo.keydata == NULL) { - (void) fprintf(io->errs, "get_passphrase_cb: NULL keydata\n"); - } else { - __ops_print_keydata(io, cbinfo->cryptinfo.pubring, cbinfo->cryptinfo.keydata, "signature ", - &cbinfo->cryptinfo.keydata->key.pubkey, 0); - } - switch (pkt->tag) { - case OPS_GET_PASSPHRASE: - *(content->skey_passphrase.passphrase) = - netpgp_strdup(getpass("netpgp passphrase: ")); - return OPS_KEEP_MEMORY; - default: - break; - } - return OPS_RELEASE_MEMORY; -} - -unsigned -__ops_reader_set_accumulate(__ops_stream_t *stream, unsigned state) -{ - return stream->readinfo.accumulate = state; -} - -/**************************************************************************/ - -static int -hash_reader(void *dest, - size_t length, - __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - __ops_hash_t *hash = __ops_reader_get_arg(readinfo); - int r; - - r = __ops_stacked_read(dest, length, errors, readinfo, cbinfo); - if (r <= 0) { - return r; - } - hash->add(hash, dest, (unsigned)r); - return r; -} - -/** - \ingroup Internal_Readers_Hash - \brief Push hashed data reader on stack -*/ -void -__ops_reader_push_hash(__ops_stream_t *stream, __ops_hash_t *hash) -{ - if (!hash->init(hash)) { - (void) fprintf(stderr, "__ops_reader_push_hash: can't init hash\n"); - /* just continue and die */ - /* XXX - agc - no way to return failure */ - } - __ops_reader_push(stream, hash_reader, NULL, hash); -} - -/** - \ingroup Internal_Readers_Hash - \brief Pop hashed data reader from stack -*/ -void -__ops_reader_pop_hash(__ops_stream_t *stream) -{ - __ops_reader_pop(stream); -} - -/* read memory from the previously mmap-ed file */ -static int -mmap_reader(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) -{ - mmap_reader_t *mem = __ops_reader_get_arg(readinfo); - unsigned n; - char *cmem = mem->mem; - - __OPS_USED(errors); - __OPS_USED(cbinfo); - n = (unsigned)MIN(length, (unsigned)(mem->size - mem->offset)); - if (n > 0) { - (void) memcpy(dest, &cmem[(int)mem->offset], (unsigned)n); - mem->offset += n; - } - return (int)n; -} - -/* tear down the mmap, close the fd */ -static void -mmap_destroyer(__ops_reader_t *readinfo) -{ - mmap_reader_t *mem = __ops_reader_get_arg(readinfo); - - (void) munmap(mem->mem, (unsigned)mem->size); - (void) close(mem->fd); - free(__ops_reader_get_arg(readinfo)); -} - -/* set up the file to use mmap-ed memory if available, file IO otherwise */ -void -__ops_reader_set_mmap(__ops_stream_t *stream, int fd) -{ - mmap_reader_t *mem; - struct stat st; - - if (fstat(fd, &st) != 0) { - (void) fprintf(stderr, "__ops_reader_set_mmap: can't fstat\n"); - } else if ((mem = calloc(1, sizeof(*mem))) == NULL) { - (void) fprintf(stderr, "__ops_reader_set_mmap: bad alloc\n"); - } else { - mem->size = (uint64_t)st.st_size; - mem->offset = 0; - mem->fd = fd; - mem->mem = mmap(NULL, (size_t)st.st_size, PROT_READ, - MAP_PRIVATE | MAP_FILE, fd, 0); - if (mem->mem == MAP_FAILED) { - __ops_reader_set(stream, fd_reader, reader_fd_destroyer, - mem); - } else { - __ops_reader_set(stream, mmap_reader, mmap_destroyer, - mem); - } - } -} diff --git a/enzevalos_iphone/netpgp/lib/readerwriter.h b/enzevalos_iphone/netpgp/lib/readerwriter.h deleted file mode 100644 index aa3487a4..00000000 --- a/enzevalos_iphone/netpgp/lib/readerwriter.h +++ /dev/null @@ -1,126 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef READERWRITER_H_ -#define READERWRITER_H_ - -#include "create.h" - -#include "memory.h" - -/* if this is defined, we'll use mmap in preference to file ops */ -#define USE_MMAP_FOR_FILES 1 - -void __ops_reader_set_fd(__ops_stream_t *, int); -void __ops_reader_set_mmap(__ops_stream_t *, int); -void __ops_reader_set_memory(__ops_stream_t *, const void *, size_t); - -/* Do a sum mod 65536 of all bytes read (as needed for secret keys) */ -void __ops_reader_push_sum16(__ops_stream_t *); -uint16_t __ops_reader_pop_sum16(__ops_stream_t *); - -void __ops_reader_push_se_ip_data(__ops_stream_t *, __ops_crypt_t *, - __ops_region_t *); -void __ops_reader_pop_se_ip_data(__ops_stream_t *); - -/* */ -unsigned __ops_write_mdc(__ops_output_t *, const uint8_t *); -unsigned __ops_write_se_ip_pktset(__ops_output_t *, const uint8_t *, - const unsigned, - __ops_crypt_t *); -void __ops_push_enc_crypt(__ops_output_t *, __ops_crypt_t *); -int __ops_push_enc_se_ip(__ops_output_t *, const __ops_key_t *, const char *, int); - -/* Secret Key checksum */ -void __ops_push_checksum_writer(__ops_output_t *, __ops_seckey_t *); -unsigned __ops_pop_skey_checksum_writer(__ops_output_t *); - - -/* memory writing */ -void __ops_setup_memory_write(__ops_output_t **, __ops_memory_t **, size_t); -void __ops_teardown_memory_write(__ops_output_t *, __ops_memory_t *); - -/* memory reading */ -void __ops_setup_memory_read(__ops_io_t *, - __ops_stream_t **, - __ops_memory_t *, - void *, - __ops_cb_ret_t callback(const __ops_packet_t *, - __ops_cbdata_t *), - unsigned); -void __ops_teardown_memory_read(__ops_stream_t *, __ops_memory_t *); - -/* file writing */ -int __ops_setup_file_write(__ops_output_t **, const char *, unsigned); -void __ops_teardown_file_write(__ops_output_t *, int); - -/* file appending */ -int __ops_setup_file_append(__ops_output_t **, const char *); -void __ops_teardown_file_append(__ops_output_t *, int); - -/* file reading */ -int __ops_setup_file_read(__ops_io_t *, - __ops_stream_t **, - const char *, - void *, - __ops_cb_ret_t callback(const __ops_packet_t *, - __ops_cbdata_t *), - unsigned); -void __ops_teardown_file_read(__ops_stream_t *, int); - -unsigned __ops_reader_set_accumulate(__ops_stream_t *, unsigned); - -/* useful callbacks */ -__ops_cb_ret_t __ops_litdata_cb(const __ops_packet_t *, __ops_cbdata_t *); -__ops_cb_ret_t __ops_pk_sesskey_cb(const __ops_packet_t *, __ops_cbdata_t *); -__ops_cb_ret_t __ops_get_seckey_cb(const __ops_packet_t *, __ops_cbdata_t *); - -int __ops_getpassphrase(void *, char *, size_t); - -#endif /* READERWRITER_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/signature.c b/enzevalos_iphone/netpgp/lib/signature.c deleted file mode 100644 index bb8029a7..00000000 --- a/enzevalos_iphone/netpgp/lib/signature.c +++ /dev/null @@ -1,1272 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: signature.c,v 1.32 2010/08/15 16:36:24 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/param.h> - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_OPENSSL_DSA_H -#include <openssl/dsa.h> -#endif - -#include "signature.h" -#include "crypto.h" -#include "create.h" -#include "netpgpsdk.h" -#include "readerwriter.h" -#include "validate.h" -#include "netpgpdefs.h" -#include "netpgpdigest.h" - - -/** \ingroup Core_Create - * needed for signature creation - */ -struct __ops_create_sig_t { - __ops_hash_t hash; - __ops_sig_t sig; - __ops_memory_t *mem; - __ops_output_t *output; /* how to do the writing */ - unsigned hashoff; /* hashed count offset */ - unsigned hashlen; - unsigned unhashoff; -}; - -/** - \ingroup Core_Signature - Creates new __ops_create_sig_t - \return new __ops_create_sig_t - \note It is the caller's responsibility to call __ops_create_sig_delete() - \sa __ops_create_sig_delete() -*/ -__ops_create_sig_t * -__ops_create_sig_new(void) -{ - return calloc(1, sizeof(__ops_create_sig_t)); -} - -/** - \ingroup Core_Signature - Free signature and memory associated with it - \param sig struct to free - \sa __ops_create_sig_new() -*/ -void -__ops_create_sig_delete(__ops_create_sig_t *sig) -{ - __ops_output_delete(sig->output); - sig->output = NULL; - free(sig); -} - -#if 0 -void -__ops_dump_sig(__ops_sig_t *sig) -{ -} -#endif - -static uint8_t prefix_md5[] = { - 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 -}; - -static uint8_t prefix_sha1[] = { - 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E, 0x03, 0x02, - 0x1A, 0x05, 0x00, 0x04, 0x14 -}; - -static uint8_t prefix_sha256[] = { - 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, - 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 -}; - - -/* XXX: both this and verify would be clearer if the signature were */ -/* treated as an MPI. */ -static int -rsa_sign(__ops_hash_t *hash, - const __ops_rsa_pubkey_t *pubrsa, - const __ops_rsa_seckey_t *secrsa, - __ops_output_t *out) -{ - unsigned prefixsize; - unsigned expected; - unsigned hashsize; - unsigned keysize; - unsigned n; - unsigned t; - uint8_t hashbuf[NETPGP_BUFSIZ]; - uint8_t sigbuf[NETPGP_BUFSIZ]; - uint8_t *prefix; - BIGNUM *bn; - - if (strcmp(hash->name, "SHA1") == 0) { - hashsize = OPS_SHA1_HASH_SIZE + sizeof(prefix_sha1); - prefix = prefix_sha1; - prefixsize = sizeof(prefix_sha1); - expected = OPS_SHA1_HASH_SIZE; - } else { - hashsize = OPS_SHA256_HASH_SIZE + sizeof(prefix_sha256); - prefix = prefix_sha256; - prefixsize = sizeof(prefix_sha256); - expected = OPS_SHA256_HASH_SIZE; - } - keysize = (BN_num_bits(pubrsa->n) + 7) / 8; - if (keysize > sizeof(hashbuf)) { - (void) fprintf(stderr, "rsa_sign: keysize too big\n"); - return 0; - } - if (10 + hashsize > keysize) { - (void) fprintf(stderr, "rsa_sign: hashsize too big\n"); - return 0; - } - - hashbuf[0] = 0; - hashbuf[1] = 1; - if (__ops_get_debug_level(__FILE__)) { - printf("rsa_sign: PS is %d\n", keysize - hashsize - 1 - 2); - } - for (n = 2; n < keysize - hashsize - 1; ++n) { - hashbuf[n] = 0xff; - } - hashbuf[n++] = 0; - - (void) memcpy(&hashbuf[n], prefix, prefixsize); - n += prefixsize; - if ((t = hash->finish(hash, &hashbuf[n])) != expected) { - (void) fprintf(stderr, "rsa_sign: short %s hash\n", hash->name); - return 0; - } - - __ops_write(out, &hashbuf[n], 2); - - n += t; - if (n != keysize) { - (void) fprintf(stderr, "rsa_sign: n != keysize\n"); - return 0; - } - - t = __ops_rsa_private_encrypt(sigbuf, hashbuf, keysize, secrsa, pubrsa); - bn = BN_bin2bn(sigbuf, (int)t, NULL); - __ops_write_mpi(out, bn); - BN_free(bn); - return 1; -} - -static int -dsa_sign(__ops_hash_t *hash, - const __ops_dsa_pubkey_t *dsa, - const __ops_dsa_seckey_t *sdsa, - __ops_output_t *output) -{ - unsigned hashsize; - unsigned t; - uint8_t hashbuf[NETPGP_BUFSIZ]; - DSA_SIG *dsasig; - - /* hashsize must be "equal in size to the number of bits of q, */ - /* the group generated by the DSA key's generator value */ - /* 160/8 = 20 */ - - hashsize = 20; - - /* finalise hash */ - t = hash->finish(hash, &hashbuf[0]); - if (t != 20) { - (void) fprintf(stderr, "dsa_sign: hashfinish not 20\n"); - return 0; - } - - __ops_write(output, &hashbuf[0], 2); - - /* write signature to buf */ - dsasig = __ops_dsa_sign(hashbuf, hashsize, sdsa, dsa); - - /* convert and write the sig out to memory */ - __ops_write_mpi(output, dsasig->r); - __ops_write_mpi(output, dsasig->s); - DSA_SIG_free(dsasig); - return 1; -} - -static unsigned -rsa_verify(__ops_hash_alg_t type, - const uint8_t *hash, - size_t hash_length, - const __ops_rsa_sig_t *sig, - const __ops_rsa_pubkey_t *pubrsa) -{ - const uint8_t *prefix; - unsigned n; - unsigned keysize; - unsigned plen; - unsigned debug_len_decrypted; - uint8_t sigbuf[NETPGP_BUFSIZ]; - uint8_t hashbuf_from_sig[NETPGP_BUFSIZ]; - - plen = 0; - prefix = (const uint8_t *) ""; - keysize = BN_num_bytes(pubrsa->n); - /* RSA key can't be bigger than 65535 bits, so... */ - if (keysize > sizeof(hashbuf_from_sig)) { - (void) fprintf(stderr, "rsa_verify: keysize too big\n"); - return 0; - } - if ((unsigned) BN_num_bits(sig->sig) > 8 * sizeof(sigbuf)) { - (void) fprintf(stderr, "rsa_verify: BN_numbits too big\n"); - return 0; - } - BN_bn2bin(sig->sig, sigbuf); - - n = __ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf, - (unsigned)(BN_num_bits(sig->sig) + 7) / 8, pubrsa); - debug_len_decrypted = n; - - if (n != keysize) { - /* obviously, this includes error returns */ - return 0; - } - - /* XXX: why is there a leading 0? The first byte should be 1... */ - /* XXX: because the decrypt should use keysize and not sigsize? */ - if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1) { - return 0; - } - - switch (type) { - case OPS_HASH_MD5: - prefix = prefix_md5; - plen = sizeof(prefix_md5); - break; - case OPS_HASH_SHA1: - prefix = prefix_sha1; - plen = sizeof(prefix_sha1); - break; - case OPS_HASH_SHA256: - prefix = prefix_sha256; - plen = sizeof(prefix_sha256); - break; - default: - (void) fprintf(stderr, "Unknown hash algorithm: %d\n", type); - return 0; - } - - if (keysize - plen - hash_length < 10) { - return 0; - } - - for (n = 2; n < keysize - plen - hash_length - 1; ++n) { - if (hashbuf_from_sig[n] != 0xff) { - return 0; - } - } - - if (hashbuf_from_sig[n++] != 0) { - return 0; - } - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sig hashbuf", hashbuf_from_sig, debug_len_decrypted); - hexdump(stderr, "prefix", prefix, plen); - hexdump(stderr, "sig hash", &hashbuf_from_sig[n + plen], hash_length); - hexdump(stderr, "input hash", hash, hash_length); - } - return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 && - memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0); -} - -static void -hash_add_key(__ops_hash_t *hash, const __ops_pubkey_t *key) -{ - __ops_memory_t *mem = __ops_memory_new(); - const unsigned dontmakepacket = 0; - size_t len; - - __ops_build_pubkey(mem, key, dontmakepacket); - len = __ops_mem_len(mem); - __ops_hash_add_int(hash, 0x99, 1); - __ops_hash_add_int(hash, (unsigned)len, 2); - hash->add(hash, __ops_mem_data(mem), (unsigned)len); - __ops_memory_free(mem); -} - -static void -initialise_hash(__ops_hash_t *hash, const __ops_sig_t *sig) -{ - __ops_hash_any(hash, sig->info.hash_alg); - if (!hash->init(hash)) { - (void) fprintf(stderr, - "initialise_hash: bad hash init\n"); - /* just continue and die */ - /* XXX - agc - no way to return failure */ - } -} - -static void -init_key_sig(__ops_hash_t *hash, const __ops_sig_t *sig, - const __ops_pubkey_t *key) -{ - initialise_hash(hash, sig); - hash_add_key(hash, key); -} - -static void -hash_add_trailer(__ops_hash_t *hash, const __ops_sig_t *sig, - const uint8_t *raw_packet) -{ - if (sig->info.version == OPS_V4) { - if (raw_packet) { - hash->add(hash, raw_packet + sig->v4_hashstart, - (unsigned)sig->info.v4_hashlen); - } - __ops_hash_add_int(hash, (unsigned)sig->info.version, 1); - __ops_hash_add_int(hash, 0xff, 1); - __ops_hash_add_int(hash, (unsigned)sig->info.v4_hashlen, 4); - } else { - __ops_hash_add_int(hash, (unsigned)sig->info.type, 1); - __ops_hash_add_int(hash, (unsigned)sig->info.birthtime, 4); - } -} - -/** - \ingroup Core_Signature - \brief Checks a signature - \param hash Signature Hash to be checked - \param length Signature Length - \param sig The Signature to be checked - \param signer The signer's public key - \return 1 if good; else 0 -*/ -unsigned -__ops_check_sig(const uint8_t *hash, unsigned length, - const __ops_sig_t * sig, - const __ops_pubkey_t * signer) -{ - unsigned ret; - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stdout, "hash", hash, length); - } - ret = 0; - switch (sig->info.key_alg) { - case OPS_PKA_DSA: - ret = __ops_dsa_verify(hash, length, &sig->info.sig.dsa, - &signer->key.dsa); - break; - - case OPS_PKA_RSA: - ret = rsa_verify(sig->info.hash_alg, hash, length, - &sig->info.sig.rsa, - &signer->key.rsa); - break; - - default: - (void) fprintf(stderr, "__ops_check_sig: unusual alg\n"); - ret = 0; - } - - return ret; -} - -static unsigned -hash_and_check_sig(__ops_hash_t *hash, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer) -{ - uint8_t hashout[OPS_MAX_HASH_SIZE]; - unsigned n; - - n = hash->finish(hash, hashout); - return __ops_check_sig(hashout, n, sig, signer); -} - -static unsigned -finalise_sig(__ops_hash_t *hash, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer, - const uint8_t *raw_packet) -{ - hash_add_trailer(hash, sig, raw_packet); - return hash_and_check_sig(hash, sig, signer); -} - -/** - * \ingroup Core_Signature - * - * \brief Verify a certification signature. - * - * \param key The public key that was signed. - * \param id The user ID that was signed - * \param sig The signature. - * \param signer The public key of the signer. - * \param raw_packet The raw signature packet. - * \return 1 if OK; else 0 - */ -unsigned -__ops_check_useridcert_sig(const __ops_pubkey_t *key, - const uint8_t *id, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer, - const uint8_t *raw_packet) -{ - __ops_hash_t hash; - size_t userid_len; - - userid_len = strlen((const char *) id); - init_key_sig(&hash, sig, key); - if (sig->info.version == OPS_V4) { - __ops_hash_add_int(&hash, 0xb4, 1); - __ops_hash_add_int(&hash, (unsigned)userid_len, 4); - } - hash.add(&hash, id, (unsigned)userid_len); - return finalise_sig(&hash, sig, signer, raw_packet); -} - -/** - * \ingroup Core_Signature - * - * Verify a certification signature. - * - * \param key The public key that was signed. - * \param attribute The user attribute that was signed - * \param sig The signature. - * \param signer The public key of the signer. - * \param raw_packet The raw signature packet. - * \return 1 if OK; else 0 - */ -unsigned -__ops_check_userattrcert_sig(const __ops_pubkey_t *key, - const __ops_data_t *attribute, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer, - const uint8_t *raw_packet) -{ - __ops_hash_t hash; - - init_key_sig(&hash, sig, key); - if (sig->info.version == OPS_V4) { - __ops_hash_add_int(&hash, 0xd1, 1); - __ops_hash_add_int(&hash, (unsigned)attribute->len, 4); - } - hash.add(&hash, attribute->contents, (unsigned)attribute->len); - return finalise_sig(&hash, sig, signer, raw_packet); -} - -/** - * \ingroup Core_Signature - * - * Verify a subkey signature. - * - * \param key The public key whose subkey was signed. - * \param subkey The subkey of the public key that was signed. - * \param sig The signature. - * \param signer The public key of the signer. - * \param raw_packet The raw signature packet. - * \return 1 if OK; else 0 - */ -unsigned -__ops_check_subkey_sig(const __ops_pubkey_t *key, - const __ops_pubkey_t *subkey, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer, - const uint8_t *raw_packet) -{ - __ops_hash_t hash; - unsigned ret; - - init_key_sig(&hash, sig, key); - hash_add_key(&hash, subkey); - ret = finalise_sig(&hash, sig, signer, raw_packet); - return ret; -} - -/** - * \ingroup Core_Signature - * - * Verify a direct signature. - * - * \param key The public key which was signed. - * \param sig The signature. - * \param signer The public key of the signer. - * \param raw_packet The raw signature packet. - * \return 1 if OK; else 0 - */ -unsigned -__ops_check_direct_sig(const __ops_pubkey_t *key, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer, - const uint8_t *raw_packet) -{ - __ops_hash_t hash; - unsigned ret; - - init_key_sig(&hash, sig, key); - ret = finalise_sig(&hash, sig, signer, raw_packet); - return ret; -} - -/** - * \ingroup Core_Signature - * - * Verify a signature on a hash (the hash will have already been fed - * the material that was being signed, for example signed cleartext). - * - * \param hash A hash structure of appropriate type that has been fed - * the material to be signed. This MUST NOT have been finalised. - * \param sig The signature to be verified. - * \param signer The public key of the signer. - * \return 1 if OK; else 0 - */ -unsigned -__ops_check_hash_sig(__ops_hash_t *hash, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer) -{ - return (sig->info.hash_alg == hash->alg) ? - finalise_sig(hash, sig, signer, NULL) : - 0; -} - -static void -start_sig_in_mem(__ops_create_sig_t *sig) -{ - /* since this has subpackets and stuff, we have to buffer the whole */ - /* thing to get counts before writing. */ - sig->mem = __ops_memory_new(); - __ops_memory_init(sig->mem, 100); - __ops_writer_set_memory(sig->output, sig->mem); - - /* write nearly up to the first subpacket */ - __ops_write_scalar(sig->output, (unsigned)sig->sig.info.version, 1); - __ops_write_scalar(sig->output, (unsigned)sig->sig.info.type, 1); - __ops_write_scalar(sig->output, (unsigned)sig->sig.info.key_alg, 1); - __ops_write_scalar(sig->output, (unsigned)sig->sig.info.hash_alg, 1); - - /* dummy hashed subpacket count */ - sig->hashoff = (unsigned)__ops_mem_len(sig->mem); - __ops_write_scalar(sig->output, 0, 2); -} - -/** - * \ingroup Core_Signature - * - * __ops_sig_start() creates a V4 public key signature with a SHA1 hash. - * - * \param sig The signature structure to initialise - * \param key The public key to be signed - * \param id The user ID being bound to the key - * \param type Signature type - */ -void -__ops_sig_start_key_sig(__ops_create_sig_t *sig, - const __ops_pubkey_t *key, - const uint8_t *id, - __ops_sig_type_t type) -{ - sig->output = __ops_output_new(); - - /* XXX: refactor with check (in several ways - check should - * probably use the buffered writer to construct packets - * (done), and also should share code for hash calculation) */ - sig->sig.info.version = OPS_V4; - sig->sig.info.hash_alg = OPS_HASH_SHA1; - sig->sig.info.key_alg = key->alg; - sig->sig.info.type = type; - sig->hashlen = (unsigned)-1; - init_key_sig(&sig->hash, &sig->sig, key); - __ops_hash_add_int(&sig->hash, 0xb4, 1); - __ops_hash_add_int(&sig->hash, (unsigned)strlen((const char *) id), 4); - sig->hash.add(&sig->hash, id, (unsigned)strlen((const char *) id)); - start_sig_in_mem(sig); -} - -/** - * \ingroup Core_Signature - * - * Create a V4 public key signature over some cleartext. - * - * \param sig The signature structure to initialise - * \param id - * \param type - * \todo Expand description. Allow other hashes. - */ - -void -__ops_start_sig(__ops_create_sig_t *sig, - const __ops_seckey_t *key, - const __ops_hash_alg_t hash, - const __ops_sig_type_t type) -{ - sig->output = __ops_output_new(); - - /* XXX: refactor with check (in several ways - check should - * probably use the buffered writer to construct packets - * (done), and also should share code for hash calculation) */ - sig->sig.info.version = OPS_V4; - sig->sig.info.key_alg = key->pubkey.alg; - sig->sig.info.hash_alg = hash; - sig->sig.info.type = type; - - sig->hashlen = (unsigned)-1; - - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "initialising hash for sig in mem\n"); - } - initialise_hash(&sig->hash, &sig->sig); - start_sig_in_mem(sig); -} - -/** - * \ingroup Core_Signature - * - * Add plaintext data to a signature-to-be. - * - * \param sig The signature-to-be. - * \param buf The plaintext data. - * \param length The amount of plaintext data. - */ -void -__ops_sig_add_data(__ops_create_sig_t *sig, const void *buf, size_t length) -{ - sig->hash.add(&sig->hash, buf, (unsigned)length); -} - -/** - * \ingroup Core_Signature - * - * Mark the end of the hashed subpackets in the signature - * - * \param sig - */ - -unsigned -__ops_end_hashed_subpkts(__ops_create_sig_t *sig) -{ - sig->hashlen = (unsigned)(__ops_mem_len(sig->mem) - sig->hashoff - 2); - __ops_memory_place_int(sig->mem, sig->hashoff, sig->hashlen, 2); - /* dummy unhashed subpacket count */ - sig->unhashoff = (unsigned)__ops_mem_len(sig->mem); - return __ops_write_scalar(sig->output, 0, 2); -} - -/** - * \ingroup Core_Signature - * - * Write out a signature - * - * \param sig - * \param key - * \param seckey - * \param info - * - */ - -unsigned -__ops_write_sig(__ops_output_t *output, - __ops_create_sig_t *sig, - const __ops_pubkey_t *key, - const __ops_seckey_t *seckey) -{ - unsigned ret = 0; - size_t len = __ops_mem_len(sig->mem); - - /* check key not decrypted */ - switch (seckey->pubkey.alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - if (seckey->key.rsa.d == NULL) { - (void) fprintf(stderr, "__ops_write_sig: null rsa.d\n"); - return 0; - } - break; - - case OPS_PKA_DSA: - if (seckey->key.dsa.x == NULL) { - (void) fprintf(stderr, "__ops_write_sig: null dsa.x\n"); - return 0; - } - break; - - default: - (void) fprintf(stderr, "Unsupported algorithm %d\n", - seckey->pubkey.alg); - return 0; - } - - if (sig->hashlen == (unsigned) -1) { - (void) fprintf(stderr, - "ops_write_sig: bad hashed data len\n"); - return 0; - } - - __ops_memory_place_int(sig->mem, sig->unhashoff, - (unsigned)(len - sig->unhashoff - 2), 2); - - /* add the packet from version number to end of hashed subpackets */ - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "ops_write_sig: hashed packet info\n"); - } - sig->hash.add(&sig->hash, __ops_mem_data(sig->mem), sig->unhashoff); - - /* add final trailer */ - __ops_hash_add_int(&sig->hash, (unsigned)sig->sig.info.version, 1); - __ops_hash_add_int(&sig->hash, 0xff, 1); - /* +6 for version, type, pk alg, hash alg, hashed subpacket length */ - __ops_hash_add_int(&sig->hash, sig->hashlen + 6, 4); - - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "ops_write_sig: done writing hashed\n"); - } - /* XXX: technically, we could figure out how big the signature is */ - /* and write it directly to the output instead of via memory. */ - switch (seckey->pubkey.alg) { - case OPS_PKA_RSA: - case OPS_PKA_RSA_ENCRYPT_ONLY: - case OPS_PKA_RSA_SIGN_ONLY: - if (!rsa_sign(&sig->hash, &key->key.rsa, &seckey->key.rsa, - sig->output)) { - (void) fprintf(stderr, - "__ops_write_sig: rsa_sign failure\n"); - return 0; - } - break; - - case OPS_PKA_DSA: - if (!dsa_sign(&sig->hash, &key->key.dsa, &seckey->key.dsa, - sig->output)) { - (void) fprintf(stderr, - "__ops_write_sig: dsa_sign failure\n"); - return 0; - } - break; - - default: - (void) fprintf(stderr, "Unsupported algorithm %d\n", - seckey->pubkey.alg); - return 0; - } - - ret = __ops_write_ptag(output, OPS_PTAG_CT_SIGNATURE); - if (ret) { - len = __ops_mem_len(sig->mem); - ret = __ops_write_length(output, (unsigned)len) && - __ops_write(output, __ops_mem_data(sig->mem), (unsigned)len); - } - __ops_memory_free(sig->mem); - - if (ret == 0) { - OPS_ERROR(&output->errors, OPS_E_W, "Cannot write signature"); - } - return ret; -} - -/* add a time stamp to the output */ -unsigned -__ops_add_time(__ops_create_sig_t *sig, int64_t when, const char *type) -{ - __ops_content_enum tag; - - tag = (strcmp(type, "birth") == 0) ? - OPS_PTAG_SS_CREATION_TIME : OPS_PTAG_SS_EXPIRATION_TIME; - /* just do 32-bit timestamps for just now - it's in the protocol */ - return __ops_write_ss_header(sig->output, 5, tag) && - __ops_write_scalar(sig->output, (uint32_t)when, (unsigned)sizeof(uint32_t)); -} - -/* add key flags to the output by Oliver */ -unsigned -__ops_add_key_flags(__ops_create_sig_t *sig, uint8_t flags) -{ - - __ops_content_enum tag; - - tag = OPS_PTAG_SS_KEY_FLAGS; - - return __ops_write_ss_header(sig->output, 2, tag) && - __ops_write_scalar(sig->output, (unsigned int) flags, 1); - -} - -/** - * \ingroup Core_Signature - * - * Adds issuer's key ID to the signature - * - * \param sig - * \param keyid - */ - -unsigned -__ops_add_issuer_keyid(__ops_create_sig_t *sig, - const uint8_t keyid[OPS_KEY_ID_SIZE]) -{ - return __ops_write_ss_header(sig->output, OPS_KEY_ID_SIZE + 1, - OPS_PTAG_SS_ISSUER_KEY_ID) && - __ops_write(sig->output, keyid, OPS_KEY_ID_SIZE); -} - -/** - * \ingroup Core_Signature - * - * Adds primary user ID to the signature - * - * \param sig - * \param primary - */ -void -__ops_add_primary_userid(__ops_create_sig_t *sig, unsigned primary) -{ - __ops_write_ss_header(sig->output, 2, OPS_PTAG_SS_PRIMARY_USER_ID); - __ops_write_scalar(sig->output, primary, 1); -} - -/** - * \ingroup Core_Signature - * - * Get the hash structure in use for the signature. - * - * \param sig The signature structure. - * \return The hash structure. - */ -__ops_hash_t * -__ops_sig_get_hash(__ops_create_sig_t *sig) -{ - return &sig->hash; -} - -/* open up an output file */ -static int -open_output_file(__ops_output_t **output, - const char *inname, - const char *outname, - const char *suffix, - const unsigned overwrite) -{ - int fd; - - /* setup output file */ - if (outname) { - fd = __ops_setup_file_write(output, outname, overwrite); - } else { - unsigned flen = (unsigned)(strlen(inname) + 4 + 1); - char *f = NULL; - - if ((f = calloc(1, flen)) == NULL) { - (void) fprintf(stderr, "open_output_file: bad alloc\n"); - fd = -1; - } else { - (void) snprintf(f, flen, "%s.%s", inname, suffix); - fd = __ops_setup_file_write(output, f, overwrite); - free(f); - } - } - return fd; -} - -/** -\ingroup HighLevel_Sign -\brief Sign a file -\param inname Input filename -\param outname Output filename. If NULL, a name is constructed from the input filename. -\param seckey Secret Key to use for signing -\param armored Write armoured text, if set. -\param overwrite May overwrite existing file, if set. -\return 1 if OK; else 0; - -*/ -unsigned -__ops_sign_file(__ops_io_t *io, - const char *inname, - const char *outname, - const __ops_seckey_t *seckey, - const char *hashname, - const int64_t from, - const uint64_t duration, - const unsigned armored, - const unsigned cleartext, - const unsigned overwrite) -{ - __ops_create_sig_t *sig; - __ops_sig_type_t sig_type; - __ops_hash_alg_t hash_alg; - __ops_memory_t *infile; - __ops_output_t *output; - __ops_hash_t *hash; - unsigned ret; - uint8_t keyid[OPS_KEY_ID_SIZE]; - int fd_out; - - sig = NULL; - sig_type = OPS_SIG_BINARY; - infile = NULL; - output = NULL; - hash = NULL; - fd_out = 0; - - /* find the hash algorithm */ - hash_alg = __ops_str_to_hash_alg(hashname); - if (hash_alg == OPS_HASH_UNKNOWN) { - (void) fprintf(io->errs, - "__ops_sign_file: unknown hash algorithm: \"%s\"\n", - hashname); - return 0; - } - - /* read input file into buf */ - infile = __ops_memory_new(); - if (!__ops_mem_readfile(infile, inname)) { - return 0; - } - - /* setup output file */ - fd_out = open_output_file(&output, inname, outname, - (armored) ? "asc" : "gpg", overwrite); - if (fd_out < 0) { - __ops_memory_free(infile); - return 0; - } - - /* set up signature */ - sig = __ops_create_sig_new(); - if (!sig) { - __ops_memory_free(infile); - __ops_teardown_file_write(output, fd_out); - return 0; - } - - __ops_start_sig(sig, seckey, hash_alg, sig_type); - - if (cleartext) { - if (__ops_writer_push_clearsigned(output, sig) != 1) { - return 0; - } - - /* Do the signing */ - __ops_write(output, __ops_mem_data(infile), (unsigned)__ops_mem_len(infile)); - __ops_memory_free(infile); - - /* add signature with subpackets: */ - /* - creation time */ - /* - key id */ - ret = __ops_writer_use_armored_sig(output) && - __ops_add_time(sig, (int64_t)from, "birth") && - __ops_add_time(sig, (int64_t)duration, "expiration"); - if (ret == 0) { - __ops_teardown_file_write(output, fd_out); - return 0; - } - - __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, hash_alg); - ret = __ops_add_issuer_keyid(sig, keyid) && - __ops_end_hashed_subpkts(sig) && - __ops_write_sig(output, sig, &seckey->pubkey, seckey); - - __ops_teardown_file_write(output, fd_out); - - if (ret == 0) { - OPS_ERROR(&output->errors, OPS_E_W, - "Cannot sign file as cleartext"); - } - } else { - /* set armoured/not armoured here */ - if (armored) { - __ops_writer_push_armor_msg(output); - } - - /* write one_pass_sig */ - __ops_write_one_pass_sig(output, seckey, hash_alg, sig_type); - - /* hash file contents */ - hash = __ops_sig_get_hash(sig); - hash->add(hash, __ops_mem_data(infile), (unsigned)__ops_mem_len(infile)); - -#if 1 - /* output file contents as Literal Data packet */ - __ops_write_litdata(output, __ops_mem_data(infile), - (const int)__ops_mem_len(infile), - OPS_LDT_BINARY); -#else - /* XXX - agc - sync with writer.c 1094 for ops_writez */ - __ops_setup_memory_write(&litoutput, &litmem, bufsz); - __ops_setup_memory_write(&zoutput, &zmem, bufsz); - __ops_write_litdata(litoutput, - __ops_mem_data(__ops_mem_data(infile), - (const int)__ops_mem_len(infile), OPS_LDT_BINARY); - __ops_writez(zoutput, __ops_mem_data(litmem), __ops_mem_len(litmem)); -#endif - - /* add creation time to signature */ - __ops_add_time(sig, (int64_t)from, "birth"); - __ops_add_time(sig, (int64_t)duration, "expiration"); - /* add key id to signature */ - __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, hash_alg); - __ops_add_issuer_keyid(sig, keyid); - __ops_end_hashed_subpkts(sig); - __ops_write_sig(output, sig, &seckey->pubkey, seckey); - - /* tidy up */ - __ops_teardown_file_write(output, fd_out); - - __ops_create_sig_delete(sig); - __ops_memory_free(infile); - - ret = 1; - } - - return ret; -} - -/** -\ingroup HighLevel_Sign -\brief Signs a buffer -\param input Input text to be signed -\param input_len Length of input text -\param sig_type Signature type -\param seckey Secret Key -\param armored Write armoured text, if set -\return New __ops_memory_t struct containing signed text -\note It is the caller's responsibility to call __ops_memory_free(me) - -*/ -__ops_memory_t * -__ops_sign_buf(__ops_io_t *io, - const void *input, - const size_t insize, - const __ops_seckey_t *seckey, - const int64_t from, - const uint64_t duration, - const char *hashname, - const unsigned armored, - const unsigned cleartext) -{ - __ops_litdata_enum ld_type; - __ops_create_sig_t *sig; - __ops_sig_type_t sig_type; - __ops_hash_alg_t hash_alg; - __ops_output_t *output; - __ops_memory_t *mem; - uint8_t keyid[OPS_KEY_ID_SIZE]; - __ops_hash_t *hash; - unsigned ret; - - sig = NULL; - sig_type = OPS_SIG_BINARY; - output = NULL; - mem = __ops_memory_new(); - hash = NULL; - ret = 0; - - hash_alg = __ops_str_to_hash_alg(hashname); - if (hash_alg == OPS_HASH_UNKNOWN) { - (void) fprintf(io->errs, - "__ops_sign_buf: unknown hash algorithm: \"%s\"\n", - hashname); - return NULL; - } - - /* setup literal data packet type */ - ld_type = (cleartext) ? OPS_LDT_TEXT : OPS_LDT_BINARY; - - if (input == NULL) { - (void) fprintf(io->errs, - "__ops_sign_buf: null input\n"); - return NULL; - } - - /* set up signature */ - if ((sig = __ops_create_sig_new()) == NULL) { - return NULL; - } - __ops_start_sig(sig, seckey, hash_alg, sig_type); - - /* setup writer */ - __ops_setup_memory_write(&output, &mem, insize); - - if (cleartext) { - /* Do the signing */ - /* add signature with subpackets: */ - /* - creation time */ - /* - key id */ - ret = __ops_writer_push_clearsigned(output, sig) && - __ops_write(output, input, (unsigned)insize) && - __ops_writer_use_armored_sig(output) && - __ops_add_time(sig, from, "birth") && - __ops_add_time(sig, (int64_t)duration, "expiration"); - if (ret == 0) { - return NULL; - } - __ops_output_delete(output); - } else { - /* set armoured/not armoured here */ - if (armored) { - __ops_writer_push_armor_msg(output); - } - if (__ops_get_debug_level(__FILE__)) { - fprintf(io->errs, "** Writing out one pass sig\n"); - } - /* write one_pass_sig */ - __ops_write_one_pass_sig(output, seckey, hash_alg, sig_type); - - /* hash memory */ - hash = __ops_sig_get_hash(sig); - hash->add(hash, input, (unsigned)insize); - - /* output file contents as Literal Data packet */ - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, "** Writing out data now\n"); - } - __ops_write_litdata(output, input, (const int)insize, ld_type); - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "** After Writing out data now\n"); - } - - /* add creation time to signature */ - __ops_add_time(sig, from, "birth"); - __ops_add_time(sig, (int64_t)duration, "expiration"); - /* add key id to signature */ - __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, hash_alg); - __ops_add_issuer_keyid(sig, keyid); - __ops_end_hashed_subpkts(sig); - - /* write out sig */ - __ops_write_sig(output, sig, &seckey->pubkey, seckey); - - /* tidy up */ - __ops_writer_close(output); - __ops_create_sig_delete(sig); - } - return mem; -} - -/* sign a file, and put the signature in a separate file */ -int -__ops_sign_detached(__ops_io_t *io, - const char *f, - char *sigfile, - __ops_seckey_t *seckey, - const char *hash, - const int64_t from, - const uint64_t duration, - const unsigned armored, const unsigned overwrite) -{ - __ops_create_sig_t *sig; - __ops_hash_alg_t hash_alg; - __ops_output_t *output; - __ops_memory_t *mem; - uint8_t keyid[OPS_KEY_ID_SIZE]; - int fd; - - /* find out which hash algorithm to use */ - hash_alg = __ops_str_to_hash_alg(hash); - if (hash_alg == OPS_HASH_UNKNOWN) { - (void) fprintf(io->errs,"Unknown hash algorithm: %s\n", hash); - return 0; - } - - /* setup output file */ - fd = open_output_file(&output, f, sigfile, - (armored) ? "asc" : "sig", overwrite); - if (fd < 0) { - (void) fprintf(io->errs,"Can't open output file: %s\n", f); - return 0; - } - - /* create a new signature */ - sig = __ops_create_sig_new(); - __ops_start_sig(sig, seckey, hash_alg, OPS_SIG_BINARY); - - /* read the contents of 'f', and add that to the signature */ - mem = __ops_memory_new(); - if (!__ops_mem_readfile(mem, f)) { - __ops_teardown_file_write(output, fd); - return 0; - } - /* set armoured/not armoured here */ - if (armored) { - __ops_writer_push_armor_msg(output); - } - __ops_sig_add_data(sig, __ops_mem_data(mem), __ops_mem_len(mem)); - __ops_memory_free(mem); - - /* calculate the signature */ - __ops_add_time(sig, from, "birth"); - __ops_add_time(sig, (int64_t)duration, "expiration"); - __ops_keyid(keyid, sizeof(keyid), &seckey->pubkey, hash_alg); - __ops_add_issuer_keyid(sig, keyid); - __ops_end_hashed_subpkts(sig); - __ops_write_sig(output, sig, &seckey->pubkey, seckey); - __ops_teardown_file_write(output, fd); - __ops_seckey_free(seckey); - - return 1; -} diff --git a/enzevalos_iphone/netpgp/lib/signature.h b/enzevalos_iphone/netpgp/lib/signature.h deleted file mode 100644 index cfa57570..00000000 --- a/enzevalos_iphone/netpgp/lib/signature.h +++ /dev/null @@ -1,172 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ - -#ifndef SIGNATURE_H_ -#define SIGNATURE_H_ - -#include <sys/types.h> - -#include <inttypes.h> - -#include "packet.h" -#include "create.h" -#include "memory.h" - -typedef struct __ops_create_sig_t __ops_create_sig_t; - -__ops_create_sig_t *__ops_create_sig_new(void); -void __ops_create_sig_delete(__ops_create_sig_t *); - -unsigned __ops_check_useridcert_sig(const __ops_pubkey_t *, - const uint8_t *, - const __ops_sig_t *, - const __ops_pubkey_t *, - const uint8_t *); -unsigned __ops_check_userattrcert_sig(const __ops_pubkey_t *, - const __ops_data_t *, - const __ops_sig_t *, - const __ops_pubkey_t *, - const uint8_t *); -unsigned __ops_check_subkey_sig(const __ops_pubkey_t *, - const __ops_pubkey_t *, - const __ops_sig_t *, - const __ops_pubkey_t *, - const uint8_t *); -unsigned __ops_check_direct_sig(const __ops_pubkey_t *, - const __ops_sig_t *, - const __ops_pubkey_t *, - const uint8_t *); -unsigned __ops_check_hash_sig(__ops_hash_t *, - const __ops_sig_t *, - const __ops_pubkey_t *); -void __ops_sig_start_key_sig(__ops_create_sig_t *, - const __ops_pubkey_t *, - const uint8_t *, - __ops_sig_type_t); -void __ops_start_sig(__ops_create_sig_t *, - const __ops_seckey_t *, - const __ops_hash_alg_t, - const __ops_sig_type_t); - -void __ops_sig_add_data(__ops_create_sig_t *, const void *, size_t); -__ops_hash_t *__ops_sig_get_hash(__ops_create_sig_t *); -unsigned __ops_end_hashed_subpkts(__ops_create_sig_t *); -unsigned __ops_write_sig(__ops_output_t *, __ops_create_sig_t *, - const __ops_pubkey_t *, const __ops_seckey_t *); -unsigned __ops_add_time(__ops_create_sig_t *, int64_t, const char *); -unsigned __ops_add_issuer_keyid(__ops_create_sig_t *, - const uint8_t *); -unsigned __ops_add_key_flags(__ops_create_sig_t *sig, uint8_t flags); -void __ops_add_primary_userid(__ops_create_sig_t *, unsigned); - -/* Standard Interface */ -unsigned __ops_sign_file(__ops_io_t *, - const char *, - const char *, - const __ops_seckey_t *, - const char *, - const int64_t, - const uint64_t, - const unsigned, - const unsigned, - const unsigned); - -int __ops_sign_detached(__ops_io_t *, - const char *, - char *, - __ops_seckey_t *, - const char *, - const int64_t, - const uint64_t, - const unsigned, - const unsigned); - -/* armoured stuff */ -unsigned __ops_crc24(unsigned, uint8_t); - -void __ops_reader_push_dearmour(__ops_stream_t *); - -void __ops_reader_pop_dearmour(__ops_stream_t *); -unsigned __ops_writer_push_clearsigned(__ops_output_t *, __ops_create_sig_t *); -void __ops_writer_push_armor_msg(__ops_output_t *); - -typedef enum { - OPS_PGP_MESSAGE = 1, - OPS_PGP_PUBLIC_KEY_BLOCK, - OPS_PGP_PRIVATE_KEY_BLOCK, - OPS_PGP_MULTIPART_MESSAGE_PART_X_OF_Y, - OPS_PGP_MULTIPART_MESSAGE_PART_X, - OPS_PGP_SIGNATURE -} __ops_armor_type_t; - -#define CRC24_INIT 0xb704ceL - -unsigned __ops_writer_use_armored_sig(__ops_output_t *); - -void __ops_writer_push_armoured(__ops_output_t *, __ops_armor_type_t); - -__ops_memory_t *__ops_sign_buf(__ops_io_t *, - const void *, - const size_t, - const __ops_seckey_t *, - const int64_t, - const uint64_t, - const char *, - const unsigned, - const unsigned); - -unsigned __ops_keyring_read_from_mem(__ops_io_t *, - __ops_keyring_t *, - const unsigned, - __ops_memory_t *); - -#endif /* SIGNATURE_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/ssh2pgp.c b/enzevalos_iphone/netpgp/lib/ssh2pgp.c deleted file mode 100644 index be226dca..00000000 --- a/enzevalos_iphone/netpgp/lib/ssh2pgp.c +++ /dev/null @@ -1,472 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> - -#include <arpa/inet.h> - -#include <inttypes.h> -#include <stdio.h> - -#include <stdlib.h> -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_LIMITS_H -#include <limits.h> -#endif - -#ifdef HAVE_OPENSSL_CAST_H -#include <openssl/cast.h> -#endif - -#include <openssl/pem.h> - -#include "bufgap.h" -#include "fastctype.h" - -#include "packet-parse.h" -#include "netpgpdefs.h" -#include "netpgpsdk.h" -#include "crypto.h" -#include "netpgpdigest.h" -#include "ops-ssh.h" - -/* structure for earching for constant strings */ -typedef struct str_t { - const char *s; /* string */ - size_t len; /* its length */ - int type; /* return type */ -} str_t; - -#ifndef USE_ARG -#define USE_ARG(x) /*LINTED*/(void)&x -#endif - -static const uint8_t base64s[] = -/* 000 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 016 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 032 */ "\0\0\0\0\0\0\0\0\0\0\0?\0\0\0@" -/* 048 */ "56789:;<=>\0\0\0\0\0\0" -/* 064 */ "\0\1\2\3\4\5\6\7\10\11\12\13\14\15\16\17" -/* 080 */ "\20\21\22\23\24\25\26\27\30\31\32\0\0\0\0\0" -/* 096 */ "\0\33\34\35\36\37 !\"#$%&'()" -/* 112 */ "*+,-./01234\0\0\0\0\0" -/* 128 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 144 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 160 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 176 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 192 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 208 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 224 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" -/* 240 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - - -/* short function to decode from base64 */ -/* inspired by an ancient copy of b64.c, then rewritten, the bugs are all mine */ -static int -frombase64(char *dst, const char *src, size_t size, int flag) -{ - uint8_t out[3]; - uint8_t in[4]; - uint8_t b; - size_t srcc; - int dstc; - int gotc; - int i; - - USE_ARG(flag); - for (dstc = 0, srcc = 0 ; srcc < size; ) { - for (gotc = 0, i = 0; i < 4 && srcc < size; i++) { - for (b = 0x0; srcc < size && b == 0x0 ; ) { - b = base64s[(unsigned)src[srcc++]]; - } - if (srcc < size) { - gotc += 1; - if (b) { - in[i] = (uint8_t)(b - 1); - } - } else { - in[i] = 0x0; - } - } - if (gotc) { - out[0] = (uint8_t)((unsigned)in[0] << 2 | - (unsigned)in[1] >> 4); - out[1] = (uint8_t)((unsigned)in[1] << 4 | - (unsigned)in[2] >> 2); - out[2] = (uint8_t)(((in[2] << 6) & 0xc0) | in[3]); - for (i = 0; i < gotc - 1; i++) { - *dst++ = out[i]; - } - dstc += gotc - 1; - } - } - return dstc; -} - -/* get a bignum from the buffer gap */ -static BIGNUM * -getbignum(bufgap_t *bg, char *buf, const char *header) -{ - uint32_t len; - BIGNUM *bignum; - - (void) bufgap_getbin(bg, &len, sizeof(len)); - len = ntohl(len); - (void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte); - (void) bufgap_getbin(bg, buf, len); - bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, header, (const uint8_t *)(void *)buf, len); - } - (void) bufgap_seek(bg, len, BGFromHere, BGByte); - return bignum; -} - -#if 0 -static int -putbignum(bufgap_t *bg, BIGNUM *bignum) -{ - uint32_t len; - - len = BN_num_bytes(bignum); - (void) bufgap_insert(bg, &len, sizeof(len)); - (void) bufgap_insert(bg, buf, len); - bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, header, buf, (int)len); - } - (void) bufgap_seek(bg, len, BGFromHere, BGByte); - return bignum; -} -#endif - -static str_t pkatypes[] = { - { "ssh-rsa", 7, OPS_PKA_RSA }, - { "ssh-dss", 7, OPS_PKA_DSA }, - { "ssh-dsa", 7, OPS_PKA_DSA }, - { NULL, 0, 0 } -}; - -/* look for a string in the given array */ -static int -findstr(str_t *array, const char *name) -{ - str_t *sp; - - for (sp = array ; sp->s ; sp++) { - if (strncmp(name, sp->s, sp->len) == 0) { - return sp->type; - } - } - return -1; -} - -/* convert an ssh (host) pubkey to a pgp pubkey */ -int -__ops_ssh2pubkey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_hash_alg_t hashtype) -{ - __ops_pubkey_t *pubkey; - struct stat st; - bufgap_t bg; - uint32_t len; - int64_t off; - uint8_t *userid; - char hostname[256]; - char owner[256]; - char *space; - char *buf; - char *bin; - int ok; - int cc; - - (void) memset(&bg, 0x0, sizeof(bg)); - if (!bufgap_open(&bg, f)) { - (void) fprintf(stderr, "__ops_ssh2pubkey: can't open '%s'\n", f); - return 0; - } - (void)stat(f, &st); - if ((buf = calloc(1, (size_t)st.st_size)) == NULL) { - (void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f); - bufgap_close(&bg); - return 0; - } - if ((bin = calloc(1, (size_t)st.st_size)) == NULL) { - (void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f); - (void) free(buf); - bufgap_close(&bg); - return 0; - } - - /* move past ascii type of key */ - while (bufgap_peek(&bg, 0) != ' ') { - bufgap_seek(&bg, 1, BGFromHere, BGByte); - } - bufgap_seek(&bg, 1, BGFromHere, BGByte); - off = bufgap_tell(&bg, BGFromBOF, BGByte); - - if (bufgap_size(&bg, BGByte) - off < 10) { - (void) fprintf(stderr, "bad key file '%s'\n", f); - (void) free(buf); - bufgap_close(&bg); - return 0; - } - - /* convert from base64 to binary */ - cc = bufgap_getbin(&bg, buf, (size_t)bg.bcc); - if ((space = strchr(buf, ' ')) != NULL) { - cc = (int)(space - buf); - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, NULL, (const uint8_t *)(const void *)buf, (size_t)cc); - } - cc = frombase64(bin, buf, (size_t)cc, 0); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "decoded base64:", (const uint8_t *)(const void *)bin, (size_t)cc); - } - bufgap_delete(&bg, (uint64_t)bufgap_tell(&bg, BGFromEOF, BGByte)); - bufgap_insert(&bg, bin, cc); - bufgap_seek(&bg, off, BGFromBOF, BGByte); - - /* get the type of key */ - (void) bufgap_getbin(&bg, &len, sizeof(len)); - len = ntohl(len); - (void) bufgap_seek(&bg, sizeof(len), BGFromHere, BGByte); - (void) bufgap_getbin(&bg, buf, len); - (void) bufgap_seek(&bg, len, BGFromHere, BGByte); - - (void) memset(key, 0x0, sizeof(*key)); - pubkey = &key->key.seckey.pubkey; - pubkey->version = OPS_V4; - pubkey->birthtime = st.st_mtime; - /* get key type */ - ok = 1; - switch (pubkey->alg = findstr(pkatypes, buf)) { - case OPS_PKA_RSA: - /* get the 'e' param of the key */ - pubkey->key.rsa.e = getbignum(&bg, buf, "RSA E"); - /* get the 'n' param of the key */ - pubkey->key.rsa.n = getbignum(&bg, buf, "RSA N"); - break; - case OPS_PKA_DSA: - /* get the 'p' param of the key */ - pubkey->key.dsa.p = getbignum(&bg, buf, "DSA P"); - /* get the 'q' param of the key */ - pubkey->key.dsa.q = getbignum(&bg, buf, "DSA Q"); - /* get the 'g' param of the key */ - pubkey->key.dsa.g = getbignum(&bg, buf, "DSA G"); - /* get the 'y' param of the key */ - pubkey->key.dsa.y = getbignum(&bg, buf, "DSA Y"); - break; - default: - (void) fprintf(stderr, "Unrecognised pubkey type %d for '%s'\n", - pubkey->alg, f); - ok = 0; - break; - } - - /* check for stragglers */ - if (ok && bufgap_tell(&bg, BGFromEOF, BGByte) > 0) { - printf("%"PRIi64" bytes left\n", bufgap_tell(&bg, BGFromEOF, BGByte)); - printf("[%s]\n", bufgap_getstr(&bg)); - ok = 0; - } - if (ok) { - (void) memset(&userid, 0x0, sizeof(userid)); - (void) gethostname(hostname, sizeof(hostname)); - if (strlen(space + 1) - 1 == 0) { - (void) snprintf(owner, sizeof(owner), "<root@%s>", - hostname); - } else { - (void) snprintf(owner, sizeof(owner), "<%.*s>", - (int)strlen(space + 1) - 1, - space + 1); - } - (void) __ops_asprintf((char **)(void *)&userid, - "%s (%s) %s", - hostname, - f, - owner); - __ops_keyid(key->sigid, sizeof(key->sigid), pubkey, hashtype); - __ops_add_userid(key, userid); - __ops_fingerprint(&key->sigfingerprint, pubkey, hashtype); - free(userid); - if (__ops_get_debug_level(__FILE__)) { - /*__ops_print_keydata(io, keyring, key, "pub", pubkey, 0);*/ - __OPS_USED(io); /* XXX */ - } - } - (void) free(bin); - (void) free(buf); - bufgap_close(&bg); - return ok; -} - -/* convert an ssh (host) seckey to a pgp seckey */ -int -__ops_ssh2seckey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_pubkey_t *pubkey, __ops_hash_alg_t hashtype) -{ - __ops_crypt_t crypted; - __ops_hash_t hash; - unsigned done = 0; - unsigned i = 0; - uint8_t sesskey[CAST_KEY_LENGTH]; - uint8_t hashed[OPS_SHA1_HASH_SIZE]; - BIGNUM *tmp; - - __OPS_USED(io); - /* XXX - check for rsa/dsa */ - if (!openssl_read_pem_seckey(f, key, "ssh-rsa", 0)) { - return 0; - } - if (__ops_get_debug_level(__FILE__)) { - /*__ops_print_keydata(io, key, "sec", &key->key.seckey.pubkey, 0);*/ - /* XXX */ - } - /* let's add some sane defaults */ - (void) memcpy(&key->key.seckey.pubkey, pubkey, sizeof(*pubkey)); - key->key.seckey.s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; - key->key.seckey.alg = OPS_SA_CAST5; - key->key.seckey.s2k_specifier = OPS_S2KS_SALTED; - key->key.seckey.hash_alg = OPS_HASH_SHA1; - if (key->key.seckey.pubkey.alg == OPS_PKA_RSA) { - /* openssh and openssl have p and q swapped */ - tmp = key->key.seckey.key.rsa.p; - key->key.seckey.key.rsa.p = key->key.seckey.key.rsa.q; - key->key.seckey.key.rsa.q = tmp; - } - for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) { - unsigned j; - uint8_t zero = 0; - int needed; - int size; - - needed = CAST_KEY_LENGTH - done; - size = MIN(needed, OPS_SHA1_HASH_SIZE); - - __ops_hash_any(&hash, key->key.seckey.hash_alg); - if (!hash.init(&hash)) { - (void) fprintf(stderr, "write_seckey_body: bad alloc\n"); - return 0; - } - - /* preload if iterating */ - for (j = 0; j < i; j++) { - /* - * Coverity shows a DEADCODE error on this - * line. This is expected since the hardcoded - * use of SHA1 and CAST5 means that it will - * not used. This will change however when - * other algorithms are supported. - */ - hash.add(&hash, &zero, 1); - } - - if (key->key.seckey.s2k_specifier == OPS_S2KS_SALTED) { - hash.add(&hash, key->key.seckey.salt, OPS_SALT_SIZE); - } - hash.finish(&hash, hashed); - - /* - * if more in hash than is needed by session key, use - * the leftmost octets - */ - (void) memcpy(&sesskey[i * OPS_SHA1_HASH_SIZE], - hashed, (unsigned)size); - done += (unsigned)size; - if (done > CAST_KEY_LENGTH) { - (void) fprintf(stderr, - "write_seckey_body: short add\n"); - return 0; - } - } - __ops_crypt_any(&crypted, key->key.seckey.alg); - crypted.set_iv(&crypted, key->key.seckey.iv); - crypted.set_crypt_key(&crypted, sesskey); - __ops_encrypt_init(&crypted); - key->key.seckey.pubkey.alg = OPS_PKA_RSA; - __ops_fingerprint(&key->sigfingerprint, pubkey, hashtype); - __ops_keyid(key->sigid, sizeof(key->sigid), pubkey, hashtype); - return 1; -} - -/* read a key from the ssh file, and add it to a keyring */ -int -__ops_ssh2_readkeys(__ops_io_t *io, __ops_keyring_t *pubring, - __ops_keyring_t *secring, const char *pubfile, - const char *secfile, unsigned hashtype) -{ - __ops_key_t *pubkey; - __ops_key_t *seckey; - __ops_key_t key; - - pubkey = NULL; - (void) memset(&key, 0x0, sizeof(key)); - if (pubfile) { - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->errs, "__ops_ssh2_readkeys: pubfile '%s'\n", pubfile); - } - if (!__ops_ssh2pubkey(io, pubfile, &key, (__ops_hash_alg_t)hashtype)) { - (void) fprintf(io->errs, "__ops_ssh2_readkeys: can't read pubkeys '%s'\n", pubfile); - return 0; - } - EXPAND_ARRAY(pubring, key); - pubkey = &pubring->keys[pubring->keyc++]; - (void) memcpy(pubkey, &key, sizeof(key)); - pubkey->type = OPS_PTAG_CT_PUBLIC_KEY; - } - if (secfile) { - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->errs, "__ops_ssh2_readkeys: secfile '%s'\n", secfile); - } - if (pubkey == NULL) { - pubkey = &pubring->keys[0]; - } - if (!__ops_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey, (__ops_hash_alg_t)hashtype)) { - (void) fprintf(io->errs, "__ops_ssh2_readkeys: can't read seckeys '%s'\n", secfile); - return 0; - } - EXPAND_ARRAY(secring, key); - seckey = &secring->keys[secring->keyc++]; - (void) memcpy(seckey, &key, sizeof(key)); - seckey->type = OPS_PTAG_CT_SECRET_KEY; - } - return 1; -} diff --git a/enzevalos_iphone/netpgp/lib/symmetric.c b/enzevalos_iphone/netpgp/lib/symmetric.c deleted file mode 100644 index f6f0fdbe..00000000 --- a/enzevalos_iphone/netpgp/lib/symmetric.c +++ /dev/null @@ -1,802 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: symmetric.c,v 1.17 2010/11/05 03:37:18 agc Exp $"); -#endif - -#include "crypto.h" -#include "packet-show.h" - -#include <string.h> - -#ifdef HAVE_OPENSSL_CAST_H -#include <openssl/cast.h> -#endif - -#ifdef HAVE_OPENSSL_IDEA_H -#include <openssl/idea.h> -#endif - -#ifdef HAVE_OPENSSL_AES_H -#include <openssl/aes.h> -#endif - -#ifdef HAVE_OPENSSL_DES_H -#include <openssl/des.h> -#endif - -#ifdef HAVE_OPENSSL_CAMELLIA_H -#include <openssl/camellia.h> -#endif - -#include "crypto.h" -#include "netpgpdefs.h" - - -static void -std_set_iv(__ops_crypt_t *crypt, const uint8_t *iv) -{ - (void) memcpy(crypt->iv, iv, crypt->blocksize); - crypt->num = 0; -} - -static void -std_set_key(__ops_crypt_t *crypt, const uint8_t *key) -{ - (void) memcpy(crypt->key, key, crypt->keysize); -} - -static void -std_resync(__ops_crypt_t *decrypt) -{ - if ((size_t) decrypt->num == decrypt->blocksize) { - return; - } - - memmove(decrypt->civ + decrypt->blocksize - decrypt->num, decrypt->civ, - (unsigned)decrypt->num); - (void) memcpy(decrypt->civ, decrypt->siv + decrypt->num, - decrypt->blocksize - decrypt->num); - decrypt->num = 0; -} - -static void -std_finish(__ops_crypt_t *crypt) -{ - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - crypt->encrypt_key = NULL; - } - if (crypt->decrypt_key) { - free(crypt->decrypt_key); - crypt->decrypt_key = NULL; - } -} - -static int -cast5_init(__ops_crypt_t *crypt) -{ - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((crypt->encrypt_key = calloc(1, sizeof(CAST_KEY))) == NULL) { - (void) fprintf(stderr, "cast5_init: alloc failure\n"); - return 0; - } - CAST_set_key(crypt->encrypt_key, (int)crypt->keysize, crypt->key); - if ((crypt->decrypt_key = calloc(1, sizeof(CAST_KEY))) == NULL) { - (void) fprintf(stderr, "cast5_init: alloc failure\n"); - return 0; - } - CAST_set_key(crypt->decrypt_key, (int)crypt->keysize, crypt->key); - return 1; -} - -static void -cast5_block_encrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - CAST_ecb_encrypt(in, out, crypt->encrypt_key, CAST_ENCRYPT); -} - -static void -cast5_block_decrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - CAST_ecb_encrypt(in, out, crypt->encrypt_key, CAST_DECRYPT); -} - -static void -cast5_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - CAST_cfb64_encrypt(in, out, (long)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - CAST_ENCRYPT); -} - -static void -cast5_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - CAST_cfb64_encrypt(in, out, (long)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - CAST_DECRYPT); -} - -#define TRAILER "","","","",0,NULL,NULL - -static __ops_crypt_t cast5 = -{ - OPS_SA_CAST5, - CAST_BLOCK, - CAST_KEY_LENGTH, - std_set_iv, - std_set_key, - cast5_init, - std_resync, - cast5_block_encrypt, - cast5_block_decrypt, - cast5_cfb_encrypt, - cast5_cfb_decrypt, - std_finish, - TRAILER -}; - -#ifndef OPENSSL_NO_IDEA -static int -idea_init(__ops_crypt_t *crypt) -{ - if (crypt->keysize != IDEA_KEY_LENGTH) { - (void) fprintf(stderr, "idea_init: keysize wrong\n"); - return 0; - } - - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((crypt->encrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE))) == NULL) { - (void) fprintf(stderr, "idea_init: alloc failure\n"); - return 0; - } - - /* note that we don't invert the key when decrypting for CFB mode */ - idea_set_encrypt_key(crypt->key, crypt->encrypt_key); - - if (crypt->decrypt_key) { - free(crypt->decrypt_key); - } - if ((crypt->decrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE))) == NULL) { - (void) fprintf(stderr, "idea_init: alloc failure\n"); - return 0; - } - - idea_set_decrypt_key(crypt->encrypt_key, crypt->decrypt_key); - return 1; -} - -static void -idea_block_encrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - idea_ecb_encrypt(in, out, crypt->encrypt_key); -} - -static void -idea_block_decrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - idea_ecb_encrypt(in, out, crypt->decrypt_key); -} - -static void -idea_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - idea_cfb64_encrypt(in, out, (long)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - CAST_ENCRYPT); -} - -static void -idea_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - idea_cfb64_encrypt(in, out, (long)count, - crypt->decrypt_key, crypt->iv, &crypt->num, - CAST_DECRYPT); -} - -static const __ops_crypt_t idea = -{ - OPS_SA_IDEA, - IDEA_BLOCK, - IDEA_KEY_LENGTH, - std_set_iv, - std_set_key, - idea_init, - std_resync, - idea_block_encrypt, - idea_block_decrypt, - idea_cfb_encrypt, - idea_cfb_decrypt, - std_finish, - TRAILER -}; -#endif /* OPENSSL_NO_IDEA */ - -/* AES with 128-bit key (AES) */ - -#define KEYBITS_AES128 128 - -static int -aes128_init(__ops_crypt_t *crypt) -{ - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((crypt->encrypt_key = calloc(1, sizeof(AES_KEY))) == NULL) { - (void) fprintf(stderr, "aes128_init: alloc failure\n"); - return 0; - } - if (AES_set_encrypt_key(crypt->key, KEYBITS_AES128, - crypt->encrypt_key)) { - fprintf(stderr, "aes128_init: Error setting encrypt_key\n"); - } - - if (crypt->decrypt_key) { - free(crypt->decrypt_key); - } - if ((crypt->decrypt_key = calloc(1, sizeof(AES_KEY))) == NULL) { - (void) fprintf(stderr, "aes128_init: alloc failure\n"); - return 0; - } - if (AES_set_decrypt_key(crypt->key, KEYBITS_AES128, - crypt->decrypt_key)) { - fprintf(stderr, "aes128_init: Error setting decrypt_key\n"); - } - return 1; -} - -static void -aes_block_encrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - AES_encrypt(in, out, crypt->encrypt_key); -} - -static void -aes_block_decrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - AES_decrypt(in, out, crypt->decrypt_key); -} - -static void -aes_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - AES_cfb128_encrypt(in, out, (unsigned)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - AES_ENCRYPT); -} - -static void -aes_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - AES_cfb128_encrypt(in, out, (unsigned)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - AES_DECRYPT); -} - -static const __ops_crypt_t aes128 = -{ - OPS_SA_AES_128, - AES_BLOCK_SIZE, - KEYBITS_AES128 / 8, - std_set_iv, - std_set_key, - aes128_init, - std_resync, - aes_block_encrypt, - aes_block_decrypt, - aes_cfb_encrypt, - aes_cfb_decrypt, - std_finish, - TRAILER -}; - -/* AES with 256-bit key */ - -#define KEYBITS_AES256 256 - -static int -aes256_init(__ops_crypt_t *crypt) -{ - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((crypt->encrypt_key = calloc(1, sizeof(AES_KEY))) == NULL) { - (void) fprintf(stderr, "aes256_init: alloc failure\n"); - return 0; - } - if (AES_set_encrypt_key(crypt->key, KEYBITS_AES256, - crypt->encrypt_key)) { - fprintf(stderr, "aes256_init: Error setting encrypt_key\n"); - free(crypt->encrypt_key); - crypt->encrypt_key = NULL; - return 0; - } - if (crypt->decrypt_key) { - free(crypt->decrypt_key); - } - if ((crypt->decrypt_key = calloc(1, sizeof(AES_KEY))) == NULL) { - (void) fprintf(stderr, "aes256_init: alloc failure\n"); - free(crypt->encrypt_key); - crypt->encrypt_key = NULL; - return 0; - } - if (AES_set_decrypt_key(crypt->key, KEYBITS_AES256, - crypt->decrypt_key)) { - fprintf(stderr, "aes256_init: Error setting decrypt_key\n"); - free(crypt->encrypt_key); - crypt->encrypt_key = NULL; - free(crypt->decrypt_key); - crypt->decrypt_key = NULL; - return 0; - } - return 1; -} - -static const __ops_crypt_t aes256 = -{ - OPS_SA_AES_256, - AES_BLOCK_SIZE, - KEYBITS_AES256 / 8, - std_set_iv, - std_set_key, - aes256_init, - std_resync, - aes_block_encrypt, - aes_block_decrypt, - aes_cfb_encrypt, - aes_cfb_decrypt, - std_finish, - TRAILER -}; - -/* Triple DES */ - -static int -tripledes_init(__ops_crypt_t *crypt) -{ - DES_key_schedule *keys; - int n; - - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((keys = crypt->encrypt_key = calloc(1, 3 * sizeof(DES_key_schedule))) == NULL) { - (void) fprintf(stderr, "tripledes_init: alloc failure\n"); - return 0; - } - for (n = 0; n < 3; ++n) { - DES_set_key((DES_cblock *)(void *)(crypt->key + n * 8), - &keys[n]); - } - return 1; -} - -static void -tripledes_block_encrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - DES_key_schedule *keys = crypt->encrypt_key; - - DES_ecb3_encrypt(__UNCONST(in), out, &keys[0], &keys[1], &keys[2], - DES_ENCRYPT); -} - -static void -tripledes_block_decrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - DES_key_schedule *keys = crypt->encrypt_key; - - DES_ecb3_encrypt(__UNCONST(in), out, &keys[0], &keys[1], &keys[2], - DES_DECRYPT); -} - -static void -tripledes_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, - size_t count) -{ - DES_key_schedule *keys = crypt->encrypt_key; - - DES_ede3_cfb64_encrypt(in, out, (long)count, - &keys[0], &keys[1], &keys[2], (DES_cblock *)(void *)crypt->iv, - &crypt->num, DES_ENCRYPT); -} - -static void -tripledes_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, - size_t count) -{ - DES_key_schedule *keys = crypt->encrypt_key; - - DES_ede3_cfb64_encrypt(in, out, (long)count, - &keys[0], &keys[1], &keys[2], (DES_cblock *)(void *)crypt->iv, - &crypt->num, DES_DECRYPT); -} - -static const __ops_crypt_t tripledes = -{ - OPS_SA_TRIPLEDES, - 8, - 24, - std_set_iv, - std_set_key, - tripledes_init, - std_resync, - tripledes_block_encrypt, - tripledes_block_decrypt, - tripledes_cfb_encrypt, - tripledes_cfb_decrypt, - std_finish, - TRAILER -}; - -#if defined(HAVE_OPENSSL_CAMELLIA_H) && !defined(OPENSSL_NO_CAMELLIA) -/* Camellia with 128-bit key (CAMELLIA) */ - -#define KEYBITS_CAMELLIA128 128 - -static int -camellia128_init(__ops_crypt_t *crypt) -{ - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((crypt->encrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { - (void) fprintf(stderr, "camellia128_init: alloc failure\n"); - return 0; - } - if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA128, crypt->encrypt_key)) { - fprintf(stderr, "camellia128_init: Error setting encrypt_key\n"); - } - if (crypt->decrypt_key) { - free(crypt->decrypt_key); - } - if ((crypt->decrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { - (void) fprintf(stderr, "camellia128_init: alloc failure\n"); - return 0; - } - if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA128, crypt->decrypt_key)) { - fprintf(stderr, "camellia128_init: Error setting decrypt_key\n"); - } - return 1; -} - -static void -camellia_block_encrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - Camellia_encrypt(in, out, crypt->encrypt_key); -} - -static void -camellia_block_decrypt(__ops_crypt_t *crypt, void *out, const void *in) -{ - Camellia_decrypt(in, out, crypt->decrypt_key); -} - -static void -camellia_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - Camellia_cfb128_encrypt(in, out, (unsigned)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - CAMELLIA_ENCRYPT); -} - -static void -camellia_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) -{ - Camellia_cfb128_encrypt(in, out, (unsigned)count, - crypt->encrypt_key, crypt->iv, &crypt->num, - CAMELLIA_DECRYPT); -} - -static const __ops_crypt_t camellia128 = -{ - OPS_SA_CAMELLIA_128, - CAMELLIA_BLOCK_SIZE, - KEYBITS_CAMELLIA128 / 8, - std_set_iv, - std_set_key, - camellia128_init, - std_resync, - camellia_block_encrypt, - camellia_block_decrypt, - camellia_cfb_encrypt, - camellia_cfb_decrypt, - std_finish, - TRAILER -}; - -/* Camellia with 256-bit key (CAMELLIA) */ - -#define KEYBITS_CAMELLIA256 256 - -static int -camellia256_init(__ops_crypt_t *crypt) -{ - if (crypt->encrypt_key) { - free(crypt->encrypt_key); - } - if ((crypt->encrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { - (void) fprintf(stderr, "camellia256_init: alloc failure\n"); - return 0; - } - if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA256, crypt->encrypt_key)) { - fprintf(stderr, "camellia256_init: Error setting encrypt_key\n"); - } - if (crypt->decrypt_key) { - free(crypt->decrypt_key); - } - if ((crypt->decrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { - (void) fprintf(stderr, "camellia256_init: alloc failure\n"); - return 0; - } - if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA256, crypt->decrypt_key)) { - fprintf(stderr, "camellia256_init: Error setting decrypt_key\n"); - } - return 1; -} - -static const __ops_crypt_t camellia256 = -{ - OPS_SA_CAMELLIA_256, - CAMELLIA_BLOCK_SIZE, - KEYBITS_CAMELLIA256 / 8, - std_set_iv, - std_set_key, - camellia256_init, - std_resync, - camellia_block_encrypt, - camellia_block_decrypt, - camellia_cfb_encrypt, - camellia_cfb_decrypt, - std_finish, - TRAILER -}; -#endif - - -static const __ops_crypt_t * -get_proto(__ops_symm_alg_t alg) -{ - switch (alg) { - case OPS_SA_CAST5: - return &cast5; -#ifndef OPENSSL_NO_IDEA - case OPS_SA_IDEA: - return &idea; -#endif /* OPENSSL_NO_IDEA */ - case OPS_SA_AES_128: - return &aes128; - case OPS_SA_AES_256: - return &aes256; -#if defined(HAVE_OPENSSL_CAMELLIA_H) && !defined(OPENSSL_NO_CAMELLIA) - case OPS_SA_CAMELLIA_128: - return &camellia128; - case OPS_SA_CAMELLIA_256: - return &camellia256; -#endif - case OPS_SA_TRIPLEDES: - return &tripledes; - default: - (void) fprintf(stderr, "Unknown algorithm: %d (%s)\n", - alg, __ops_show_symm_alg(alg)); - } - return NULL; -} - -int -__ops_crypt_any(__ops_crypt_t *crypt, __ops_symm_alg_t alg) -{ - const __ops_crypt_t *ptr = get_proto(alg); - - if (ptr) { - *crypt = *ptr; - return 1; - } else { - (void) memset(crypt, 0x0, sizeof(*crypt)); - return 0; - } -} - -unsigned -__ops_block_size(__ops_symm_alg_t alg) -{ - const __ops_crypt_t *p = get_proto(alg); - - return (p == NULL) ? 0 : (unsigned)p->blocksize; -} - -unsigned -__ops_key_size(__ops_symm_alg_t alg) -{ - const __ops_crypt_t *p = get_proto(alg); - - return (p == NULL) ? 0 : (unsigned)p->keysize; -} - -void -__ops_encrypt_init(__ops_crypt_t *encrypt) -{ - /* \todo should there be a separate __ops_encrypt_init? */ - __ops_decrypt_init(encrypt); -} - -void -__ops_decrypt_init(__ops_crypt_t *decrypt) -{ - decrypt->base_init(decrypt); - decrypt->block_encrypt(decrypt, decrypt->siv, decrypt->iv); - (void) memcpy(decrypt->civ, decrypt->siv, decrypt->blocksize); - decrypt->num = 0; -} - -size_t -__ops_decrypt_se(__ops_crypt_t *decrypt, void *outvoid, const void *invoid, - size_t count) -{ - const uint8_t *in = invoid; - uint8_t *out = outvoid; - int saved = (int)count; - - /* - * in order to support v3's weird resyncing we have to implement CFB - * mode ourselves - */ - while (count-- > 0) { - uint8_t t; - - if ((size_t) decrypt->num == decrypt->blocksize) { - (void) memcpy(decrypt->siv, decrypt->civ, - decrypt->blocksize); - decrypt->block_decrypt(decrypt, decrypt->civ, - decrypt->civ); - decrypt->num = 0; - } - t = decrypt->civ[decrypt->num]; - *out++ = t ^ (decrypt->civ[decrypt->num++] = *in++); - } - - return (size_t)saved; -} - -size_t -__ops_encrypt_se(__ops_crypt_t *encrypt, void *outvoid, const void *invoid, - size_t count) -{ - const uint8_t *in = invoid; - uint8_t *out = outvoid; - int saved = (int)count; - - /* - * in order to support v3's weird resyncing we have to implement CFB - * mode ourselves - */ - while (count-- > 0) { - if ((size_t) encrypt->num == encrypt->blocksize) { - (void) memcpy(encrypt->siv, encrypt->civ, - encrypt->blocksize); - encrypt->block_encrypt(encrypt, encrypt->civ, - encrypt->civ); - encrypt->num = 0; - } - encrypt->civ[encrypt->num] = *out++ = - encrypt->civ[encrypt->num] ^ *in++; - ++encrypt->num; - } - - return (size_t)saved; -} - -/** -\ingroup HighLevel_Supported -\brief Is this Symmetric Algorithm supported? -\param alg Symmetric Algorithm to check -\return 1 if supported; else 0 -*/ -unsigned -__ops_is_sa_supported(__ops_symm_alg_t alg) -{ - switch (alg) { - case OPS_SA_AES_128: - case OPS_SA_AES_256: - case OPS_SA_CAST5: - case OPS_SA_TRIPLEDES: -#if defined(HAVE_OPENSSL_CAMELLIA_H) && !defined(OPENSSL_NO_CAMELLIA) - case OPS_SA_CAMELLIA_128: - case OPS_SA_CAMELLIA_256: -#endif -#ifndef OPENSSL_NO_IDEA - case OPS_SA_IDEA: -#endif - return 1; - - default: - fprintf(stderr, "\nWarning: %s not supported\n", - __ops_show_symm_alg(alg)); - return 0; - } -} - -size_t -__ops_encrypt_se_ip(__ops_crypt_t *crypt, void *out, const void *in, - size_t count) -{ - if (!__ops_is_sa_supported(crypt->alg)) { - return 0; - } - - crypt->cfb_encrypt(crypt, out, in, count); - - /* \todo test this number was encrypted */ - return count; -} - -size_t -__ops_decrypt_se_ip(__ops_crypt_t *crypt, void *out, const void *in, - size_t count) -{ - if (!__ops_is_sa_supported(crypt->alg)) { - return 0; - } - - crypt->cfb_decrypt(crypt, out, in, count); - - /* \todo check this number was in fact decrypted */ - return count; -} diff --git a/enzevalos_iphone/netpgp/lib/types.h b/enzevalos_iphone/netpgp/lib/types.h deleted file mode 100644 index c04ec57d..00000000 --- a/enzevalos_iphone/netpgp/lib/types.h +++ /dev/null @@ -1,94 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef TYPES_H_ -#define TYPES_H_ - -#ifdef HAVE_INTTYPES_H -#include <inttypes.h> -#endif - -typedef struct __ops_io_t { - void *outs; /* output file stream */ - void *errs; /* file stream to put error messages */ - void *res; /* file stream to put results */ -} __ops_io_t; - -/** __ops_map_t - */ -typedef struct { - int type; - const char *string; -} __ops_map_t; - -/** __ops_errcode_name_map_t */ -typedef __ops_map_t __ops_errcode_name_map_t; - -typedef struct _ops_crypt_t __ops_crypt_t; - -/** __ops_hash_t */ -typedef struct _ops_hash_t __ops_hash_t; - -/** Revocation Reason type */ -typedef uint8_t __ops_ss_rr_code_t; - -/** __ops_packet_t */ -typedef struct __ops_packet_t __ops_packet_t; - -/** Writer flags */ -typedef enum { - OPS_WF_DUMMY -} __ops_writer_flags_t; - -/** - * \ingroup Create - * Contains the required information about how to write - */ -typedef struct __ops_output_t __ops_output_t; - -#endif /* TYPES_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/validate.c b/enzevalos_iphone/netpgp/lib/validate.c deleted file mode 100644 index 5786079c..00000000 --- a/enzevalos_iphone/netpgp/lib/validate.c +++ /dev/null @@ -1,969 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: validate.c,v 1.41 2010/11/04 16:24:22 agc Exp $"); -#endif - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> - -#include <string.h> -#include <stdio.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - -#include "packet-parse.h" -#include "packet-show.h" -#include "keyring.h" -#include "signature.h" -#include "netpgpsdk.h" -#include "readerwriter.h" -#include "netpgpdefs.h" -#include "memory.h" -#include "packet.h" -#include "crypto.h" -#include "validate.h" - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - - -static int -keydata_reader(void *dest, size_t length, __ops_error_t **errors, - __ops_reader_t *readinfo, - __ops_cbdata_t *cbinfo) -{ - validate_reader_t *reader = __ops_reader_get_arg(readinfo); - - __OPS_USED(errors); - __OPS_USED(cbinfo); - if (reader->offset == reader->key->packets[reader->packet].length) { - reader->packet += 1; - reader->offset = 0; - } - if (reader->packet == reader->key->packetc) { - return 0; - } - - /* - * we should never be asked to cross a packet boundary in a single - * read - */ - if (reader->key->packets[reader->packet].length < - reader->offset + length) { - (void) fprintf(stderr, "keydata_reader: weird length\n"); - return 0; - } - - (void) memcpy(dest, - &reader->key->packets[reader->packet].raw[reader->offset], - length); - reader->offset += (unsigned)length; - - return (int)length; -} - -static void -free_sig_info(__ops_sig_info_t *sig) -{ - free(sig->v4_hashed); - free(sig); -} - -static void -copy_sig_info(__ops_sig_info_t *dst, const __ops_sig_info_t *src) -{ - (void) memcpy(dst, src, sizeof(*src)); - if ((dst->v4_hashed = calloc(1, src->v4_hashlen)) == NULL) { - (void) fprintf(stderr, "copy_sig_info: bad alloc\n"); - } else { - (void) memcpy(dst->v4_hashed, src->v4_hashed, src->v4_hashlen); - } -} - -static int -add_sig_to_list(const __ops_sig_info_t *sig, __ops_sig_info_t **sigs, - unsigned *count) -{ - __ops_sig_info_t *newsigs; - - if (*count == 0) { - newsigs = calloc(*count + 1, sizeof(__ops_sig_info_t)); - } else { - newsigs = realloc(*sigs, - (*count + 1) * sizeof(__ops_sig_info_t)); - } - if (newsigs == NULL) { - (void) fprintf(stderr, "add_sig_to_list: alloc failure\n"); - return 0; - } - *sigs = newsigs; - copy_sig_info(&(*sigs)[*count], sig); - *count += 1; - return 1; -} - -/* -The hash value is calculated by the following method: -+ hash the data using the given digest algorithm -+ hash the hash value onto the end -+ hash the trailer - 6 bytes - [OPS_V4][0xff][len >> 24][len >> 16][len >> 8][len & 0xff] -to give the final hash value that is checked against the one in the signature -*/ - -/* Does the signed hash match the given hash? */ -unsigned -check_binary_sig(const uint8_t *data, - const unsigned len, - const __ops_sig_t *sig, - const __ops_pubkey_t *signer) -{ - unsigned hashedlen; - __ops_hash_t hash; - unsigned n; - uint8_t hashout[OPS_MAX_HASH_SIZE]; - uint8_t trailer[6]; - - __ops_hash_any(&hash, sig->info.hash_alg); - if (!hash.init(&hash)) { - (void) fprintf(stderr, "check_binary_sig: bad hash init\n"); - return 0; - } - hash.add(&hash, data, len); - switch (sig->info.version) { - case OPS_V3: - trailer[0] = sig->info.type; - trailer[1] = (unsigned)(sig->info.birthtime) >> 24; - trailer[2] = (unsigned)(sig->info.birthtime) >> 16; - trailer[3] = (unsigned)(sig->info.birthtime) >> 8; - trailer[4] = (uint8_t)(sig->info.birthtime); - hash.add(&hash, trailer, 5); - break; - - case OPS_V4: - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "v4 hash", sig->info.v4_hashed, - sig->info.v4_hashlen); - } - hash.add(&hash, sig->info.v4_hashed, (unsigned)sig->info.v4_hashlen); - trailer[0] = 0x04; /* version */ - trailer[1] = 0xFF; - hashedlen = (unsigned)sig->info.v4_hashlen; - trailer[2] = (uint8_t)(hashedlen >> 24); - trailer[3] = (uint8_t)(hashedlen >> 16); - trailer[4] = (uint8_t)(hashedlen >> 8); - trailer[5] = (uint8_t)(hashedlen); - hash.add(&hash, trailer, 6); - break; - - default: - (void) fprintf(stderr, "Invalid signature version %d\n", - sig->info.version); - return 0; - } - - n = hash.finish(&hash, hashout); - if (__ops_get_debug_level(__FILE__)) { - hexdump(stdout, "hash out", hashout, n); - } - return __ops_check_sig(hashout, n, sig, signer); -} - -__ops_cb_ret_t -__ops_validate_key_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - const __ops_key_t *signer; - validate_key_cb_t *key; - __ops_pubkey_t *sigkey; - __ops_error_t **errors; - __ops_io_t *io; - unsigned from; - unsigned valid = 0; - - io = cbinfo->io; - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->errs, "%s\n", - __ops_show_packet_tag(pkt->tag)); - } - key = __ops_callback_arg(cbinfo); - errors = __ops_callback_errors(cbinfo); - switch (pkt->tag) { - case OPS_PTAG_CT_PUBLIC_KEY: - if (key->pubkey.version != 0) { - (void) fprintf(io->errs, - "__ops_validate_key_cb: version bad\n"); - return OPS_FINISHED; - } - key->pubkey = content->pubkey; - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_PUBLIC_SUBKEY: - if (key->subkey.version) { - __ops_pubkey_free(&key->subkey); - } - key->subkey = content->pubkey; - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_SECRET_KEY: - key->seckey = content->seckey; - key->pubkey = key->seckey.pubkey; - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_USER_ID: - if (key->userid) { - __ops_userid_free(&key->userid); - } - key->userid = content->userid; - key->last_seen = ID; - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_USER_ATTR: - if (content->userattr.len == 0) { - (void) fprintf(io->errs, - "__ops_validate_key_cb: user attribute length 0"); - return OPS_FINISHED; - } - (void) fprintf(io->outs, "user attribute, length=%d\n", - (int) content->userattr.len); - if (key->userattr.len) { - __ops_data_free(&key->userattr); - } - key->userattr = content->userattr; - key->last_seen = ATTRIBUTE; - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_SIGNATURE: /* V3 sigs */ - case OPS_PTAG_CT_SIGNATURE_FOOTER: /* V4 sigs */ - from = 0; - signer = __ops_getkeybyid(io, key->keyring, - content->sig.info.signer_id, - &from, &sigkey); - if (!signer) { - if (!add_sig_to_list(&content->sig.info, - &key->result->unknown_sigs, - &key->result->unknownc)) { - (void) fprintf(io->errs, - "__ops_validate_key_cb: user attribute length 0"); - return OPS_FINISHED; - } - break; - } - if (sigkey == &signer->enckey) { - (void) fprintf(io->errs, - "WARNING: signature made with encryption key\n"); - } - switch (content->sig.info.type) { - case OPS_CERT_GENERIC: - case OPS_CERT_PERSONA: - case OPS_CERT_CASUAL: - case OPS_CERT_POSITIVE: - case OPS_SIG_REV_CERT: - valid = (key->last_seen == ID) ? - __ops_check_useridcert_sig(&key->pubkey, - key->userid, - &content->sig, - __ops_get_pubkey(signer), - key->reader->key->packets[ - key->reader->packet].raw) : - __ops_check_userattrcert_sig(&key->pubkey, - &key->userattr, - &content->sig, - __ops_get_pubkey(signer), - key->reader->key->packets[ - key->reader->packet].raw); - break; - - case OPS_SIG_SUBKEY: - /* - * XXX: we should also check that the signer is the - * key we are validating, I think. - */ - valid = __ops_check_subkey_sig(&key->pubkey, - &key->subkey, - &content->sig, - __ops_get_pubkey(signer), - key->reader->key->packets[ - key->reader->packet].raw); - break; - - case OPS_SIG_DIRECT: - valid = __ops_check_direct_sig(&key->pubkey, - &content->sig, - __ops_get_pubkey(signer), - key->reader->key->packets[ - key->reader->packet].raw); - break; - - case OPS_SIG_STANDALONE: - case OPS_SIG_PRIMARY: - case OPS_SIG_REV_KEY: - case OPS_SIG_REV_SUBKEY: - case OPS_SIG_TIMESTAMP: - case OPS_SIG_3RD_PARTY: - OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, - "Sig Verification type 0x%02x not done yet\n", - content->sig.info.type); - break; - - default: - OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, - "Unexpected signature type 0x%02x\n", - content->sig.info.type); - } - - if (valid) { - if (!add_sig_to_list(&content->sig.info, - &key->result->valid_sigs, - &key->result->validc)) { - OPS_ERROR(errors, OPS_E_UNIMPLEMENTED, - "Can't add good sig to list\n"); - } - } else { - OPS_ERROR(errors, OPS_E_V_BAD_SIGNATURE, "Bad Sig"); - if (!add_sig_to_list(&content->sig.info, - &key->result->invalid_sigs, - &key->result->invalidc)) { - OPS_ERROR(errors, OPS_E_UNIMPLEMENTED, - "Can't add good sig to list\n"); - } - } - break; - - /* ignore these */ - case OPS_PARSER_PTAG: - case OPS_PTAG_CT_SIGNATURE_HEADER: - case OPS_PARSER_PACKET_END: - break; - - case OPS_GET_PASSPHRASE: - if (key->getpassphrase) { - return key->getpassphrase(pkt, cbinfo); - } - break; - - case OPS_PTAG_CT_TRUST: - /* 1 byte for level (depth), 1 byte for trust amount */ - printf("trust dump\n"); - printf("Got trust\n"); - //hexdump(stdout, (const uint8_t *)content->trust.data, 10, " "); - //hexdump(stdout, (const uint8_t *)&content->ss_trust, 2, " "); - //printf("Trust level %d, amount %d\n", key->trust.level, key->trust.amount); - break; - - default: - (void) fprintf(stderr, "unexpected tag=0x%x\n", pkt->tag); - return OPS_FINISHED; - } - return OPS_RELEASE_MEMORY; -} - -__ops_cb_ret_t -validate_data_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) -{ - const __ops_contents_t *content = &pkt->u; - const __ops_key_t *signer; - validate_data_cb_t *data; - __ops_pubkey_t *sigkey; - __ops_error_t **errors; - __ops_io_t *io; - unsigned from; - unsigned valid = 0; - - io = cbinfo->io; - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(io->errs, "validate_data_cb: %s\n", - __ops_show_packet_tag(pkt->tag)); - } - data = __ops_callback_arg(cbinfo); - errors = __ops_callback_errors(cbinfo); - switch (pkt->tag) { - case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER: - /* - * ignore - this gives us the "Armor Header" line "Hash: - * SHA1" or similar - */ - break; - - case OPS_PTAG_CT_LITDATA_HEADER: - /* ignore */ - break; - - case OPS_PTAG_CT_LITDATA_BODY: - data->data.litdata_body = content->litdata_body; - data->type = LITDATA; - __ops_memory_add(data->mem, data->data.litdata_body.data, - data->data.litdata_body.length); - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY: - data->data.cleartext_body = content->cleartext_body; - data->type = SIGNED_CLEARTEXT; - __ops_memory_add(data->mem, data->data.cleartext_body.data, - data->data.cleartext_body.length); - return OPS_KEEP_MEMORY; - - case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER: - /* this gives us an __ops_hash_t struct */ - break; - - case OPS_PTAG_CT_SIGNATURE: /* V3 sigs */ - case OPS_PTAG_CT_SIGNATURE_FOOTER: /* V4 sigs */ - if (__ops_get_debug_level(__FILE__)) { - hexdump(io->outs, "hashed data", content->sig.info.v4_hashed, - content->sig.info.v4_hashlen); - hexdump(io->outs, "signer id", content->sig.info.signer_id, - sizeof(content->sig.info.signer_id)); - } - from = 0; - signer = __ops_getkeybyid(io, data->keyring, - content->sig.info.signer_id, &from, &sigkey); - if (!signer) { - OPS_ERROR(errors, OPS_E_V_UNKNOWN_SIGNER, - "Unknown Signer"); - if (!add_sig_to_list(&content->sig.info, - &data->result->unknown_sigs, - &data->result->unknownc)) { - OPS_ERROR(errors, OPS_E_V_UNKNOWN_SIGNER, - "Can't add unknown sig to list"); - } - break; - } - if (sigkey == &signer->enckey) { - (void) fprintf(io->errs, - "WARNING: signature made with encryption key\n"); - } - if (content->sig.info.birthtime_set) { - data->result->birthtime = content->sig.info.birthtime; - } - if (content->sig.info.duration_set) { - data->result->duration = content->sig.info.duration; - } - switch (content->sig.info.type) { - case OPS_SIG_BINARY: - case OPS_SIG_TEXT: - if (__ops_mem_len(data->mem) == 0 && - data->detachname) { - /* check we have seen some data */ - /* if not, need to read from detached name */ - (void) fprintf(io->errs, - "netpgp: assuming signed data in \"%s\"\n", - data->detachname); - data->mem = __ops_memory_new(); - __ops_mem_readfile(data->mem, data->detachname); - } - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "sig dump", (const uint8_t *)(const void *)&content->sig, - sizeof(content->sig)); - } - valid = check_binary_sig(__ops_mem_data(data->mem), - (const unsigned)__ops_mem_len(data->mem), - &content->sig, - __ops_get_pubkey(signer)); - break; - - default: - OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, - "No Sig Verification type 0x%02x yet\n", - content->sig.info.type); - break; - - } - - if (valid) { - if (!add_sig_to_list(&content->sig.info, - &data->result->valid_sigs, - &data->result->validc)) { - OPS_ERROR(errors, OPS_E_V_BAD_SIGNATURE, - "Can't add good sig to list"); - } - } else { - OPS_ERROR(errors, OPS_E_V_BAD_SIGNATURE, - "Bad Signature"); - if (!add_sig_to_list(&content->sig.info, - &data->result->invalid_sigs, - &data->result->invalidc)) { - OPS_ERROR(errors, OPS_E_V_BAD_SIGNATURE, - "Can't add good sig to list"); - } - } - break; - - /* ignore these */ - case OPS_PARSER_PTAG: - case OPS_PTAG_CT_SIGNATURE_HEADER: - case OPS_PTAG_CT_ARMOUR_HEADER: - case OPS_PTAG_CT_ARMOUR_TRAILER: - case OPS_PTAG_CT_1_PASS_SIG: - break; - - case OPS_PARSER_PACKET_END: - break; - - default: - OPS_ERROR(errors, OPS_E_V_NO_SIGNATURE, "No signature"); - break; - } - return OPS_RELEASE_MEMORY; -} - -static void -keydata_destroyer(__ops_reader_t *readinfo) -{ - free(__ops_reader_get_arg(readinfo)); -} - -void -__ops_keydata_reader_set(__ops_stream_t *stream, const __ops_key_t *key) -{ - validate_reader_t *data; - - if ((data = calloc(1, sizeof(*data))) == NULL) { - (void) fprintf(stderr, "__ops_keydata_reader_set: bad alloc\n"); - } else { - data->key = key; - data->packet = 0; - data->offset = 0; - __ops_reader_set(stream, keydata_reader, keydata_destroyer, data); - } -} - -static char * -fmtsecs(int64_t n, char *buf, size_t size) -{ - if (n > 365 * 24 * 60 * 60) { - n /= (365 * 24 * 60 * 60); - (void) snprintf(buf, size, "%" PRId64 " year%s", n, (n == 1) ? "" : "s"); - return buf; - } - if (n > 30 * 24 * 60 * 60) { - n /= (30 * 24 * 60 * 60); - (void) snprintf(buf, size, "%" PRId64 " month%s", n, (n == 1) ? "" : "s"); - return buf; - } - if (n > 24 * 60 * 60) { - n /= (24 * 60 * 60); - (void) snprintf(buf, size, "%" PRId64 " day%s", n, (n == 1) ? "" : "s"); - return buf; - } - if (n > 60 * 60) { - n /= (60 * 60); - (void) snprintf(buf, size, "%" PRId64 " hour%s", n, (n == 1) ? "" : "s"); - return buf; - } - if (n > 60) { - n /= 60; - (void) snprintf(buf, size, "%" PRId64 " minute%s", n, (n == 1) ? "" : "s"); - return buf; - } - (void) snprintf(buf, size, "%" PRId64 " second%s", n, (n == 1) ? "" : "s"); - return buf; -} - -/** - * \ingroup HighLevel_Verify - * \brief Indicicates whether any errors were found - * \param result Validation result to check - * \return 0 if any invalid signatures or unknown signers - or no valid signatures; else 1 - */ -static unsigned -validate_result_status(FILE *errs, const char *f, __ops_validation_t *val) -{ - time_t now; - time_t t; - char buf[128]; - - now = time(NULL); - if (now < val->birthtime) { - /* signature is not valid yet! */ - if (f) { - (void) fprintf(errs, "\"%s\": ", f); - } else { - (void) fprintf(errs, "memory "); - } - (void) fprintf(errs, - "signature not valid until %.24s (%s)\n", - ctime(&val->birthtime), - fmtsecs((int64_t)(val->birthtime - now), buf, sizeof(buf))); - return 0; - } - if (val->duration != 0 && now > val->birthtime + val->duration) { - /* signature has expired */ - t = val->duration + val->birthtime; - if (f) { - (void) fprintf(errs, "\"%s\": ", f); - } else { - (void) fprintf(errs, "memory "); - } - (void) fprintf(errs, - "signature not valid after %.24s (%s ago)\n", - ctime(&t), - fmtsecs((int64_t)(now - t), buf, sizeof(buf))); - return 0; - } - return val->validc && !val->invalidc && !val->unknownc; -} - -/** - * \ingroup HighLevel_Verify - * \brief Validate all signatures on a single key against the given keyring - * \param result Where to put the result - * \param key Key to validate - * \param keyring Keyring to use for validation - * \param cb_get_passphrase Callback to use to get passphrase - * \return 1 if all signatures OK; else 0 - * \note It is the caller's responsiblity to free result after use. - * \sa __ops_validate_result_free() - */ -unsigned -__ops_validate_key_sigs(__ops_validation_t *result, - const __ops_key_t *key, - const __ops_keyring_t *keyring, - __ops_cb_ret_t cb_get_passphrase(const __ops_packet_t *, - __ops_cbdata_t *)) -{ - __ops_stream_t *stream; - validate_key_cb_t keysigs; - const int printerrors = 1; - - (void) memset(&keysigs, 0x0, sizeof(keysigs)); - keysigs.result = result; - keysigs.getpassphrase = cb_get_passphrase; - - stream = __ops_new(sizeof(*stream)); - /* __ops_parse_options(&opt,OPS_PTAG_CT_SIGNATURE,OPS_PARSE_PARSED); */ - - keysigs.keyring = keyring; - - __ops_set_callback(stream, __ops_validate_key_cb, &keysigs); - stream->readinfo.accumulate = 1; - __ops_keydata_reader_set(stream, key); - - /* Note: Coverity incorrectly reports an error that keysigs.reader */ - /* is never used. */ - keysigs.reader = stream->readinfo.arg; - - __ops_parse(stream, !printerrors); - - __ops_pubkey_free(&keysigs.pubkey); - if (keysigs.subkey.version) { - __ops_pubkey_free(&keysigs.subkey); - } - __ops_userid_free(&keysigs.userid); - __ops_data_free(&keysigs.userattr); - - __ops_stream_delete(stream); - - return (!result->invalidc && !result->unknownc && result->validc); -} - -/** - \ingroup HighLevel_Verify - \param result Where to put the result - \param ring Keyring to use - \param cb_get_passphrase Callback to use to get passphrase - \note It is the caller's responsibility to free result after use. - \sa __ops_validate_result_free() -*/ -unsigned -__ops_validate_all_sigs(__ops_validation_t *result, - const __ops_keyring_t *ring, - __ops_cb_ret_t cb_get_passphrase(const __ops_packet_t *, - __ops_cbdata_t *)) -{ - unsigned n; - - (void) memset(result, 0x0, sizeof(*result)); - for (n = 0; n < ring->keyc; ++n) { - __ops_validate_key_sigs(result, &ring->keys[n], ring, - cb_get_passphrase); - } - return validate_result_status(stderr, "keyring", result); -} - -/** - \ingroup HighLevel_Verify - \brief Frees validation result and associated memory - \param result Struct to be freed - \note Must be called after validation functions -*/ -void -__ops_validate_result_free(__ops_validation_t *result) -{ - if (result != NULL) { - if (result->valid_sigs) { - free_sig_info(result->valid_sigs); - } - if (result->invalid_sigs) { - free_sig_info(result->invalid_sigs); - } - if (result->unknown_sigs) { - free_sig_info(result->unknown_sigs); - } - free(result); - /* result = NULL; - XXX unnecessary */ - } -} - -/** - \ingroup HighLevel_Verify - \brief Verifies the signatures in a signed file - \param result Where to put the result - \param filename Name of file to be validated - \param armoured Treat file as armoured, if set - \param keyring Keyring to use - \return 1 if signatures validate successfully; - 0 if signatures fail or there are no signatures - \note After verification, result holds the details of all keys which - have passed, failed and not been recognised. - \note It is the caller's responsiblity to call - __ops_validate_result_free(result) after use. -*/ -unsigned -__ops_validate_file(__ops_io_t *io, - __ops_validation_t *result, - const char *infile, - const char *outfile, - const int user_says_armoured, - const __ops_keyring_t *keyring) -{ - validate_data_cb_t validation; - __ops_stream_t *parse = NULL; - struct stat st; - const char *signame; - const int printerrors = 1; - unsigned ret; - char f[MAXPATHLEN]; - char *dataname; - int realarmour; - int outfd = 0; - int infd; - int cc; - - if (stat(infile, &st) < 0) { - (void) fprintf(io->errs, - "__ops_validate_file: can't open '%s'\n", infile); - return 0; - } - realarmour = user_says_armoured; - dataname = NULL; - signame = NULL; - cc = snprintf(f, sizeof(f), "%s", infile); - if (strcmp(&f[cc - 4], ".sig") == 0) { - /* we've been given a sigfile as infile */ - f[cc - 4] = 0x0; - /* set dataname to name of file which was signed */ - dataname = f; - signame = infile; - } else if (strcmp(&f[cc - 4], ".asc") == 0) { - /* we've been given an armored sigfile as infile */ - f[cc - 4] = 0x0; - /* set dataname to name of file which was signed */ - dataname = f; - signame = infile; - realarmour = 1; - } else { - signame = infile; - } - (void) memset(&validation, 0x0, sizeof(validation)); - infd = __ops_setup_file_read(io, &parse, signame, &validation, - validate_data_cb, 1); - if (infd < 0) { - return 0; - } - - if (dataname) { - validation.detachname = netpgp_strdup(dataname); - } - - /* Set verification reader and handling options */ - validation.result = result; - validation.keyring = keyring; - validation.mem = __ops_memory_new(); - __ops_memory_init(validation.mem, 128); - /* Note: Coverity incorrectly reports an error that validation.reader */ - /* is never used. */ - validation.reader = parse->readinfo.arg; - - if (realarmour) { - __ops_reader_push_dearmour(parse); - } - - /* Do the verification */ - __ops_parse(parse, !printerrors); - - /* Tidy up */ - if (realarmour) { - __ops_reader_pop_dearmour(parse); - } - __ops_teardown_file_read(parse, infd); - - ret = validate_result_status(io->errs, infile, result); - - /* this is triggered only for --cat output */ - if (outfile) { - /* need to send validated output somewhere */ - if (strcmp(outfile, "-") == 0) { - outfd = STDOUT_FILENO; - } else { - outfd = open(outfile, O_WRONLY | O_CREAT, 0666); - } - if (outfd < 0) { - /* even if the signature was good, we can't - * write the file, so send back a bad return - * code */ - ret = 0; - } else if (validate_result_status(io->errs, infile, result)) { - unsigned len; - char *cp; - int i; - - len = (unsigned)__ops_mem_len(validation.mem); - cp = __ops_mem_data(validation.mem); - for (i = 0 ; i < (int)len ; i += cc) { - cc = (int)write(outfd, &cp[i], (unsigned)(len - i)); - if (cc < 0) { - (void) fprintf(io->errs, - "netpgp: short write\n"); - ret = 0; - break; - } - } - if (strcmp(outfile, "-") != 0) { - (void) close(outfd); - } - } - } - __ops_memory_free(validation.mem); - return ret; -} - -/** - \ingroup HighLevel_Verify - \brief Verifies the signatures in a __ops_memory_t struct - \param result Where to put the result - \param mem Memory to be validated - \param user_says_armoured Treat data as armoured, if set - \param keyring Keyring to use - \return 1 if signature validates successfully; 0 if not - \note After verification, result holds the details of all keys which - have passed, failed and not been recognised. - \note It is the caller's responsiblity to call - __ops_validate_result_free(result) after use. -*/ - -unsigned -__ops_validate_mem(__ops_io_t *io, - __ops_validation_t *result, - __ops_memory_t *mem, - __ops_memory_t **cat, - const int user_says_armoured, - const __ops_keyring_t *keyring) -{ - validate_data_cb_t validation; - __ops_stream_t *stream = NULL; - const int printerrors = 1; - int realarmour; - - __ops_setup_memory_read(io, &stream, mem, &validation, validate_data_cb, 1); - /* Set verification reader and handling options */ - (void) memset(&validation, 0x0, sizeof(validation)); - validation.result = result; - validation.keyring = keyring; - validation.mem = __ops_memory_new(); - __ops_memory_init(validation.mem, 128); - /* Note: Coverity incorrectly reports an error that validation.reader */ - /* is never used. */ - validation.reader = stream->readinfo.arg; - - if ((realarmour = user_says_armoured) != 0 || - strncmp(__ops_mem_data(mem), - "-----BEGIN PGP MESSAGE-----", 27) == 0) { - realarmour = 1; - } - if (realarmour) { - __ops_reader_push_dearmour(stream); - } - - /* Do the verification */ - __ops_parse(stream, !printerrors); - - /* Tidy up */ - if (realarmour) { - __ops_reader_pop_dearmour(stream); - } - __ops_teardown_memory_read(stream, mem); - - /* this is triggered only for --cat output */ - if (cat) { - /* need to send validated output somewhere */ - *cat = validation.mem; - } else { - __ops_memory_free(validation.mem); - } - - return validate_result_status(io->errs, NULL, result); -} diff --git a/enzevalos_iphone/netpgp/lib/validate.h b/enzevalos_iphone/netpgp/lib/validate.h deleted file mode 100644 index e12160eb..00000000 --- a/enzevalos_iphone/netpgp/lib/validate.h +++ /dev/null @@ -1,120 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef VALIDATE_H_ -#define VALIDATE_H_ 1 - -typedef struct { - const __ops_key_t *key; - unsigned packet; - unsigned offset; -} validate_reader_t; - -/** Struct used with the validate_key_cb callback */ -typedef struct { - __ops_pubkey_t pubkey; - __ops_pubkey_t subkey; - __ops_seckey_t seckey; - enum { - ATTRIBUTE = 1, - ID - } last_seen; - uint8_t *userid; - __ops_data_t userattr; - uint8_t hash[OPS_MAX_HASH_SIZE]; - const __ops_keyring_t *keyring; - validate_reader_t *reader; - __ops_validation_t *result; - __ops_cb_ret_t(*getpassphrase) (const __ops_packet_t *, - __ops_cbdata_t *); -} validate_key_cb_t; - -/** Struct use with the validate_data_cb callback */ -typedef struct { - enum { - LITDATA, - SIGNED_CLEARTEXT - } type; - union { - __ops_litdata_body_t litdata_body; - __ops_fixed_body_t cleartext_body; - } data; - uint8_t hash[OPS_MAX_HASH_SIZE]; - __ops_memory_t *mem; - const __ops_keyring_t *keyring; - validate_reader_t *reader;/* reader-specific arg */ - __ops_validation_t *result; - char *detachname; -} validate_data_cb_t; - -void __ops_keydata_reader_set(__ops_stream_t *, const __ops_key_t *); - -__ops_cb_ret_t __ops_validate_key_cb(const __ops_packet_t *, __ops_cbdata_t *); - -unsigned check_binary_sig(const uint8_t *, - const unsigned, - const __ops_sig_t *, - const __ops_pubkey_t *); - -unsigned __ops_validate_file(__ops_io_t *, - __ops_validation_t *, - const char *, - const char *, - const int, - const __ops_keyring_t *); - -unsigned __ops_validate_mem(__ops_io_t *, - __ops_validation_t *, - __ops_memory_t *, - __ops_memory_t **, - const int, - const __ops_keyring_t *); - -__ops_cb_ret_t validate_data_cb(const __ops_packet_t *, __ops_cbdata_t *); - -#endif /* !VALIDATE_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/version.h b/enzevalos_iphone/netpgp/lib/version.h deleted file mode 100644 index 3d2bf4d3..00000000 --- a/enzevalos_iphone/netpgp/lib/version.h +++ /dev/null @@ -1,67 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef VERSION_H_ -#define VERSION_H_ 1 - -#ifndef NETPGP_AUTOCONF_VERSION -#define NETPGP_AUTOCONF_VERSION PACKAGE_VERSION -#endif - -#ifndef NETPGP_MAINTAINER -#define NETPGP_MAINTAINER PACKAGE_BUGREPORT -#endif - -/* development versions have .99 suffix */ -#define NETPGP_BASE_VERSION "3.99.14" - -#define NETPGP_VERSION_CAT(a, b) "NetPGP portable " a "/[" b "]" -#define NETPGP_VERSION_STRING \ - NETPGP_VERSION_CAT(NETPGP_BASE_VERSION, NETPGP_AUTOCONF_VERSION) - -#endif /* !VERSION_H_ */ diff --git a/enzevalos_iphone/netpgp/lib/writer.c b/enzevalos_iphone/netpgp/lib/writer.c deleted file mode 100644 index 3852e236..00000000 --- a/enzevalos_iphone/netpgp/lib/writer.c +++ /dev/null @@ -1,1794 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - * This file contains the base functions used by the writers. - */ -#include "config.h" - -#ifdef HAVE_SYS_CDEFS_H -#include <sys/cdefs.h> -#endif - -#if defined(__NetBSD__) -__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: writer.c,v 1.29 2010/11/04 15:38:45 agc Exp $"); -#endif - -#include <sys/types.h> - -#include <stdlib.h> -#include <string.h> - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -#ifdef HAVE_OPENSSL_CAST_H -#include <openssl/cast.h> -#endif - -#include "create.h" -#include "writer.h" -#include "keyring.h" -#include "signature.h" -#include "packet.h" -#include "packet-parse.h" -#include "readerwriter.h" -#include "memory.h" -#include "netpgpdefs.h" -#include "version.h" -#include "netpgpdigest.h" - - -/* - * return 1 if OK, otherwise 0 - */ -static unsigned -base_write(__ops_output_t *out, const void *src, unsigned len) -{ - return out->writer.writer(src, len, &out->errors, &out->writer); -} - -/** - * \ingroup Core_WritePackets - * - * \param src - * \param len - * \param output - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write(__ops_output_t *output, const void *src, unsigned len) -{ - return base_write(output, src, len); -} - -/** - * \ingroup Core_WritePackets - * \param n - * \param len - * \param output - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write_scalar(__ops_output_t *output, unsigned n, unsigned len) -{ - uint8_t c; - - while (len-- > 0) { - c = n >> (len * 8); - if (!base_write(output, &c, 1)) { - return 0; - } - } - return 1; -} - -/** - * \ingroup Core_WritePackets - * \param bn - * \param output - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write_mpi(__ops_output_t *output, const BIGNUM *bn) -{ - unsigned bits; - uint8_t buf[NETPGP_BUFSIZ]; - - bits = (unsigned)BN_num_bits(bn); - if (bits > 65535) { - (void) fprintf(stderr, "__ops_write_mpi: too large %u\n", bits); - return 0; - } - BN_bn2bin(bn, buf); - return __ops_write_scalar(output, bits, 2) && - __ops_write(output, buf, (bits + 7) / 8); -} - -/** - * \ingroup Core_WritePackets - * \param tag - * \param output - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write_ptag(__ops_output_t *output, __ops_content_enum tag) -{ - uint8_t c; - - c = tag | OPS_PTAG_ALWAYS_SET | OPS_PTAG_NEW_FORMAT; - return base_write(output, &c, 1); -} - -/** - * \ingroup Core_WritePackets - * \param len - * \param output - * \return 1 if OK, otherwise 0 - */ - -unsigned -__ops_write_length(__ops_output_t *output, unsigned len) -{ - uint8_t c[2]; - - if (len < 192) { - c[0] = len; - return base_write(output, c, 1); - } - if (len < 8192 + 192) { - c[0] = ((len - 192) >> 8) + 192; - c[1] = (len - 192) % 256; - return base_write(output, c, 2); - } - return __ops_write_scalar(output, 0xff, 1) && - __ops_write_scalar(output, len, 4); -} - -/* - * Note that we finalise from the top down, so we don't use writers below - * that have already been finalised - */ -unsigned -__ops_writer_info_finalise(__ops_error_t **errors, __ops_writer_t *writer) -{ - unsigned ret = 1; - - if (writer->finaliser) { - ret = writer->finaliser(errors, writer); - writer->finaliser = NULL; - } - if (writer->next && !__ops_writer_info_finalise(errors, writer->next)) { - writer->finaliser = NULL; - return 0; - } - return ret; -} - -void -__ops_writer_info_delete(__ops_writer_t *writer) -{ - /* we should have finalised before deleting */ - if (writer->finaliser) { - (void) fprintf(stderr, "__ops_writer_info_delete: not done\n"); - return; - } - if (writer->next) { - __ops_writer_info_delete(writer->next); - free(writer->next); - writer->next = NULL; - } - if (writer->destroyer) { - writer->destroyer(writer); - writer->destroyer = NULL; - } - writer->writer = NULL; -} - -/** - * \ingroup Core_Writers - * - * Set a writer in output. There should not be another writer set. - * - * \param output The output structure - * \param writer - * \param finaliser - * \param destroyer - * \param arg The argument for the writer and destroyer - */ -void -__ops_writer_set(__ops_output_t *output, - __ops_writer_func_t *writer, - __ops_writer_finaliser_t *finaliser, - __ops_writer_destroyer_t *destroyer, - void *arg) -{ - if (output->writer.writer) { - (void) fprintf(stderr, "__ops_writer_set: already set\n"); - } else { - output->writer.writer = writer; - output->writer.finaliser = finaliser; - output->writer.destroyer = destroyer; - output->writer.arg = arg; - } -} - -/** - * \ingroup Core_Writers - * - * Push a writer in output. There must already be another writer set. - * - * \param output The output structure - * \param writer - * \param finaliser - * \param destroyer - * \param arg The argument for the writer and destroyer - */ -void -__ops_writer_push(__ops_output_t *output, - __ops_writer_func_t *writer, - __ops_writer_finaliser_t *finaliser, - __ops_writer_destroyer_t *destroyer, - void *arg) -{ - __ops_writer_t *copy; - - if ((copy = calloc(1, sizeof(*copy))) == NULL) { - (void) fprintf(stderr, "__ops_writer_push: bad alloc\n"); - } else if (output->writer.writer == NULL) { - (void) fprintf(stderr, "__ops_writer_push: no orig writer\n"); - } else { - *copy = output->writer; - output->writer.next = copy; - - output->writer.writer = writer; - output->writer.finaliser = finaliser; - output->writer.destroyer = destroyer; - output->writer.arg = arg; - } -} - -void -__ops_writer_pop(__ops_output_t *output) -{ - __ops_writer_t *next; - - /* Make sure the finaliser has been called. */ - if (output->writer.finaliser) { - (void) fprintf(stderr, - "__ops_writer_pop: finaliser not called\n"); - } else if (output->writer.next == NULL) { - (void) fprintf(stderr, - "__ops_writer_pop: not a stacked writer\n"); - } else { - if (output->writer.destroyer) { - output->writer.destroyer(&output->writer); - } - next = output->writer.next; - output->writer = *next; - free(next); - } -} - -/** - * \ingroup Core_Writers - * - * Close the writer currently set in output. - * - * \param output The output structure - */ -unsigned -__ops_writer_close(__ops_output_t *output) -{ - unsigned ret; - - ret = __ops_writer_info_finalise(&output->errors, &output->writer); - __ops_writer_info_delete(&output->writer); - return ret; -} - -/** - * \ingroup Core_Writers - * - * Get the arg supplied to __ops_createinfo_set_writer(). - * - * \param writer The writer_info structure - * \return The arg - */ -void * -__ops_writer_get_arg(__ops_writer_t *writer) -{ - return writer->arg; -} - -/** - * \ingroup Core_Writers - * - * Write to the next writer down in the stack. - * - * \param src The data to write. - * \param len The length of src. - * \param errors A place to store errors. - * \param writer The writer_info structure. - * \return Success - if 0, then errors should contain the error. - */ -static unsigned -stacked_write(__ops_writer_t *writer, const void *src, unsigned len, - __ops_error_t ** errors) -{ - return writer->next->writer(src, len, errors, writer->next); -} - -/** - * \ingroup Core_Writers - * - * Free the arg. Many writers just have a calloc()ed lump of storage, this - * function releases it. - * - * \param writer the info structure. - */ -static void -generic_destroyer(__ops_writer_t *writer) -{ - free(__ops_writer_get_arg(writer)); -} - -/** - * \ingroup Core_Writers - * - * A writer that just writes to the next one down. Useful for when you - * want to insert just a finaliser into the stack. - */ -unsigned -__ops_writer_passthrough(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - return stacked_write(writer, src, len, errors); -} - -/**************************************************************************/ - -/** - * \struct dashesc_t - */ -typedef struct { - unsigned seen_nl:1; - unsigned seen_cr:1; - __ops_create_sig_t *sig; - __ops_memory_t *trailing; -} dashesc_t; - -static unsigned -dash_esc_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - dashesc_t *dash = __ops_writer_get_arg(writer); - unsigned n; - - if (__ops_get_debug_level(__FILE__)) { - unsigned i = 0; - - (void) fprintf(stderr, "dash_esc_writer writing %u:\n", len); - for (i = 0; i < len; i++) { - fprintf(stderr, "0x%02x ", src[i]); - if (((i + 1) % 16) == 0) { - (void) fprintf(stderr, "\n"); - } else if (((i + 1) % 8) == 0) { - (void) fprintf(stderr, " "); - } - } - (void) fprintf(stderr, "\n"); - } - /* XXX: make this efficient */ - for (n = 0; n < len; ++n) { - unsigned l; - - if (dash->seen_nl) { - if (src[n] == '-' && - !stacked_write(writer, "- ", 2, errors)) { - return 0; - } - dash->seen_nl = 0; - } - dash->seen_nl = src[n] == '\n'; - - if (dash->seen_nl && !dash->seen_cr) { - if (!stacked_write(writer, "\r", 1, errors)) { - return 0; - } - __ops_sig_add_data(dash->sig, "\r", 1); - } - dash->seen_cr = src[n] == '\r'; - - if (!stacked_write(writer, &src[n], 1, errors)) { - return 0; - } - - /* trailing whitespace isn't included in the signature */ - if (src[n] == ' ' || src[n] == '\t') { - __ops_memory_add(dash->trailing, &src[n], 1); - } else { - if ((l = (unsigned)__ops_mem_len(dash->trailing)) != 0) { - if (!dash->seen_nl && !dash->seen_cr) { - __ops_sig_add_data(dash->sig, - __ops_mem_data(dash->trailing), l); - } - __ops_memory_clear(dash->trailing); - } - __ops_sig_add_data(dash->sig, &src[n], 1); - } - } - return 1; -} - -/** - * \param writer - */ -static void -dash_escaped_destroyer(__ops_writer_t *writer) -{ - dashesc_t *dash; - - dash = __ops_writer_get_arg(writer); - __ops_memory_free(dash->trailing); - free(dash); -} - -/** - * \ingroup Core_WritersNext - * \brief Push Clearsigned Writer onto stack - * \param output - * \param sig - */ -unsigned -__ops_writer_push_clearsigned(__ops_output_t *output, __ops_create_sig_t *sig) -{ - static const char header[] = - "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: "; - const char *hash; - dashesc_t *dash; - unsigned ret; - - hash = __ops_text_from_hash(__ops_sig_get_hash(sig)); - if ((dash = calloc(1, sizeof(*dash))) == NULL) { - OPS_ERROR(&output->errors, OPS_E_W, "Bad alloc"); - return 0; - } - ret = (__ops_write(output, header, (unsigned)(sizeof(header) - 1)) && - __ops_write(output, hash, (unsigned)strlen(hash)) && - __ops_write(output, "\r\n\r\n", 4)); - - if (ret == 0) { - OPS_ERROR(&output->errors, OPS_E_W, - "Error pushing clearsigned header"); - free(dash); - return ret; - } - dash->seen_nl = 1; - dash->sig = sig; - dash->trailing = __ops_memory_new(); - __ops_writer_push(output, dash_esc_writer, NULL, - dash_escaped_destroyer, dash); - return ret; -} - - -/** - * \struct base64_t - */ -typedef struct { - unsigned pos; - uint8_t t; - unsigned checksum; -} base64_t; - -static const char b64map[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -static unsigned -base64_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - base64_t *base64; - unsigned n; - - base64 = __ops_writer_get_arg(writer); - for (n = 0; n < len;) { - base64->checksum = __ops_crc24(base64->checksum, src[n]); - if (base64->pos == 0) { - /* XXXXXX00 00000000 00000000 */ - if (!stacked_write(writer, - &b64map[(unsigned)src[n] >> 2], - 1, errors)) { - return 0; - } - - /* 000000XX xxxx0000 00000000 */ - base64->t = (src[n++] & 3) << 4; - base64->pos = 1; - } else if (base64->pos == 1) { - /* 000000xx XXXX0000 00000000 */ - base64->t += (unsigned)src[n] >> 4; - if (!stacked_write(writer, &b64map[base64->t], 1, - errors)) { - return 0; - } - - /* 00000000 0000XXXX xx000000 */ - base64->t = (src[n++] & 0xf) << 2; - base64->pos = 2; - } else if (base64->pos == 2) { - /* 00000000 0000xxxx XX000000 */ - base64->t += (unsigned)src[n] >> 6; - if (!stacked_write(writer, &b64map[base64->t], 1, - errors)) { - return 0; - } - - /* 00000000 00000000 00XXXXXX */ - if (!stacked_write(writer, - &b64map[src[n++] & 0x3f], 1, errors)) { - return 0; - } - - base64->pos = 0; - } - } - - return 1; -} - -static unsigned -sig_finaliser(__ops_error_t **errors, __ops_writer_t *writer) -{ - static const char trail[] = "\r\n-----END PGP SIGNATURE-----\r\n"; - base64_t *base64; - uint8_t c[3]; - - base64 = __ops_writer_get_arg(writer); - if (base64->pos) { - if (!stacked_write(writer, &b64map[base64->t], 1, errors)) { - return 0; - } - if (base64->pos == 1 && - !stacked_write(writer, "==", 2, errors)) { - return 0; - } - if (base64->pos == 2 && - !stacked_write(writer, "=", 1, errors)) { - return 0; - } - } - /* Ready for the checksum */ - if (!stacked_write(writer, "\r\n=", 3, errors)) { - return 0; - } - - base64->pos = 0; /* get ready to write the checksum */ - - c[0] = base64->checksum >> 16; - c[1] = base64->checksum >> 8; - c[2] = base64->checksum; - /* push the checksum through our own writer */ - if (!base64_writer(c, 3, errors, writer)) { - return 0; - } - - return stacked_write(writer, trail, (unsigned)(sizeof(trail) - 1), errors); -} - -/** - * \struct linebreak_t - */ -typedef struct { - unsigned pos; -} linebreak_t; - -#define BREAKPOS 76 - -static unsigned -linebreak_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - linebreak_t *linebreak; - unsigned n; - - linebreak = __ops_writer_get_arg(writer); - for (n = 0; n < len; ++n, ++linebreak->pos) { - if (src[n] == '\r' || src[n] == '\n') { - linebreak->pos = 0; - } - if (linebreak->pos == BREAKPOS) { - if (!stacked_write(writer, "\r\n", 2, errors)) { - return 0; - } - linebreak->pos = 0; - } - if (!stacked_write(writer, &src[n], 1, errors)) { - return 0; - } - } - - return 1; -} - -/** - * \ingroup Core_WritersNext - * \brief Push armoured signature on stack - * \param output - */ -unsigned -__ops_writer_use_armored_sig(__ops_output_t *output) -{ - static const char header[] = - "\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: " - NETPGP_VERSION_STRING - "\r\n\r\n"; - linebreak_t *linebreak; - base64_t *base64; - - __ops_writer_pop(output); - if (__ops_write(output, header, (unsigned)(sizeof(header) - 1)) == 0) { - OPS_ERROR(&output->errors, OPS_E_W, - "Error switching to armoured signature"); - return 0; - } - if ((linebreak = calloc(1, sizeof(*linebreak))) == NULL) { - OPS_ERROR(&output->errors, OPS_E_W, - "__ops_writer_use_armored_sig: Bad alloc"); - return 0; - } - __ops_writer_push(output, linebreak_writer, NULL, - generic_destroyer, - linebreak); - base64 = calloc(1, sizeof(*base64)); - if (!base64) { - OPS_MEMORY_ERROR(&output->errors); - return 0; - } - base64->checksum = CRC24_INIT; - __ops_writer_push(output, base64_writer, sig_finaliser, - generic_destroyer, base64); - return 1; -} - -static unsigned -armoured_message_finaliser(__ops_error_t **errors, __ops_writer_t *writer) -{ - /* TODO: This is same as sig_finaliser apart from trailer. */ - static const char trailer[] = - "\r\n-----END PGP MESSAGE-----\r\n"; - base64_t *base64; - uint8_t c[3]; - - base64 = __ops_writer_get_arg(writer); - if (base64->pos) { - if (!stacked_write(writer, &b64map[base64->t], 1, errors)) { - return 0; - } - if (base64->pos == 1 && - !stacked_write(writer, "==", 2, errors)) { - return 0; - } - if (base64->pos == 2 && - !stacked_write(writer, "=", 1, errors)) { - return 0; - } - } - /* Ready for the checksum */ - if (!stacked_write(writer, "\r\n=", 3, errors)) { - return 0; - } - - base64->pos = 0; /* get ready to write the checksum */ - - c[0] = base64->checksum >> 16; - c[1] = base64->checksum >> 8; - c[2] = base64->checksum; - /* push the checksum through our own writer */ - if (!base64_writer(c, 3, errors, writer)) { - return 0; - } - - return stacked_write(writer, trailer, (unsigned)strlen(trailer), errors); -} - -/** - \ingroup Core_WritersNext - \brief Write a PGP MESSAGE - \todo replace with generic function -*/ -void -__ops_writer_push_armor_msg(__ops_output_t *output) -{ - static const char header[] = "-----BEGIN PGP MESSAGE-----\r\n"; - linebreak_t *linebreak; - base64_t *base64; - - __ops_write(output, header, (unsigned)(sizeof(header) - 1)); - __ops_write(output, "\r\n", 2); - if ((linebreak = calloc(1, sizeof(*linebreak))) == NULL) { - (void) fprintf(stderr, - "__ops_writer_push_armor_msg: bad lb alloc\n"); - return; - } - __ops_writer_push(output, linebreak_writer, NULL, - generic_destroyer, - linebreak); - if ((base64 = calloc(1, sizeof(*base64))) == NULL) { - (void) fprintf(stderr, - "__ops_writer_push_armor_msg: bad alloc\n"); - return; - } - base64->checksum = CRC24_INIT; - __ops_writer_push(output, base64_writer, - armoured_message_finaliser, generic_destroyer, - base64); -} - -static unsigned -armoured_finaliser(__ops_armor_type_t type, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - static const char tail_pubkey[] = - "\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n"; - static const char tail_private_key[] = - "\r\n-----END PGP PRIVATE KEY BLOCK-----\r\n"; - const char *tail = NULL; - unsigned tailsize = 0; - base64_t *base64; - uint8_t c[3]; - - switch (type) { - case OPS_PGP_PUBLIC_KEY_BLOCK: - tail = tail_pubkey; - tailsize = sizeof(tail_pubkey) - 1; - break; - - case OPS_PGP_PRIVATE_KEY_BLOCK: - tail = tail_private_key; - tailsize = sizeof(tail_private_key) - 1; - break; - - default: - (void) fprintf(stderr, "armoured_finaliser: unusual type\n"); - return 0; - } - base64 = __ops_writer_get_arg(writer); - if (base64->pos) { - if (!stacked_write(writer, &b64map[base64->t], 1, - errors)) { - return 0; - } - if (base64->pos == 1 && !stacked_write(writer, "==", 2, - errors)) { - return 0; - } - if (base64->pos == 2 && !stacked_write(writer, "=", 1, - errors)) { - return 0; - } - } - /* Ready for the checksum */ - if (!stacked_write(writer, "\r\n=", 3, errors)) { - return 0; - } - base64->pos = 0; /* get ready to write the checksum */ - c[0] = base64->checksum >> 16; - c[1] = base64->checksum >> 8; - c[2] = base64->checksum; - /* push the checksum through our own writer */ - if (!base64_writer(c, 3, errors, writer)) { - return 0; - } - return stacked_write(writer, tail, tailsize, errors); -} - -static unsigned -armored_pubkey_fini(__ops_error_t **errors, __ops_writer_t *writer) -{ - return armoured_finaliser(OPS_PGP_PUBLIC_KEY_BLOCK, errors, writer); -} - -static unsigned -armored_privkey_fini(__ops_error_t **errors, __ops_writer_t *writer) -{ - return armoured_finaliser(OPS_PGP_PRIVATE_KEY_BLOCK, errors, writer); -} - -/* \todo use this for other armoured types */ -/** - \ingroup Core_WritersNext - \brief Push Armoured Writer on stack (generic) -*/ -void -__ops_writer_push_armoured(__ops_output_t *output, __ops_armor_type_t type) -{ - static char hdr_pubkey[] = - "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: " - NETPGP_VERSION_STRING - "\r\n\r\n"; - static char hdr_private_key[] = - "-----BEGIN PGP PRIVATE KEY BLOCK-----\r\nVersion: " - NETPGP_VERSION_STRING - "\r\n\r\n"; - unsigned hdrsize = 0; - unsigned (*finaliser) (__ops_error_t **, __ops_writer_t *); - base64_t *base64; - linebreak_t *linebreak; - char *header = NULL; - - finaliser = NULL; - switch (type) { - case OPS_PGP_PUBLIC_KEY_BLOCK: - header = hdr_pubkey; - hdrsize = sizeof(hdr_pubkey) - 1; - finaliser = armored_pubkey_fini; - break; - - case OPS_PGP_PRIVATE_KEY_BLOCK: - header = hdr_private_key; - hdrsize = sizeof(hdr_private_key) - 1; - finaliser = armored_privkey_fini; - break; - - default: - (void) fprintf(stderr, - "__ops_writer_push_armoured: unusual type\n"); - return; - } - if ((linebreak = calloc(1, sizeof(*linebreak))) == NULL) { - (void) fprintf(stderr, - "__ops_writer_push_armoured: bad alloc\n"); - return; - } - __ops_write(output, header, hdrsize); - __ops_writer_push(output, linebreak_writer, NULL, - generic_destroyer, - linebreak); - if ((base64 = calloc(1, sizeof(*base64))) == NULL) { - (void) fprintf(stderr, - "__ops_writer_push_armoured: bad alloc\n"); - return; - } - base64->checksum = CRC24_INIT; - __ops_writer_push(output, base64_writer, finaliser, - generic_destroyer, base64); -} - -/**************************************************************************/ - -typedef struct { - __ops_crypt_t *crypt; - int free_crypt; -} crypt_t; - -/* - * This writer simply takes plaintext as input, - * encrypts it with the given key - * and outputs the resulting encrypted text - */ -static unsigned -encrypt_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ -#define BUFSZ 1024 /* arbitrary number */ - uint8_t encbuf[BUFSZ]; - unsigned remaining; - unsigned done = 0; - crypt_t *pgp_encrypt; - - remaining = len; - pgp_encrypt = (crypt_t *) __ops_writer_get_arg(writer); - if (!__ops_is_sa_supported(pgp_encrypt->crypt->alg)) { - (void) fprintf(stderr, "encrypt_writer: not supported\n"); - return 0; - } - while (remaining > 0) { - unsigned size = (remaining < BUFSZ) ? remaining : BUFSZ; - - /* memcpy(buf,src,size); // \todo copy needed here? */ - pgp_encrypt->crypt->cfb_encrypt(pgp_encrypt->crypt, encbuf, - src + done, size); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "unencrypted", &src[done], 16); - hexdump(stderr, "encrypted", encbuf, 16); - } - if (!stacked_write(writer, encbuf, size, errors)) { - if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, - "encrypted_writer: stacked write\n"); - } - return 0; - } - remaining -= size; - done += size; - } - - return 1; -} - -static void -encrypt_destroyer(__ops_writer_t *writer) -{ - crypt_t *pgp_encrypt; - - pgp_encrypt = (crypt_t *) __ops_writer_get_arg(writer); - if (pgp_encrypt->free_crypt) { - free(pgp_encrypt->crypt); - } - free(pgp_encrypt); -} - -/** -\ingroup Core_WritersNext -\brief Push Encrypted Writer onto stack (create SE packets) -*/ -void -__ops_push_enc_crypt(__ops_output_t *output, __ops_crypt_t *pgp_crypt) -{ - /* Create encrypt to be used with this writer */ - /* Remember to free this in the destroyer */ - crypt_t *pgp_encrypt; - - if ((pgp_encrypt = calloc(1, sizeof(*pgp_encrypt))) == NULL) { - (void) fprintf(stderr, "__ops_push_enc_crypt: bad alloc\n"); - } else { - /* Setup the encrypt */ - pgp_encrypt->crypt = pgp_crypt; - pgp_encrypt->free_crypt = 0; - /* And push writer on stack */ - __ops_writer_push(output, encrypt_writer, NULL, - encrypt_destroyer, pgp_encrypt); - } -} - -/**************************************************************************/ - -typedef struct { - __ops_crypt_t *crypt; -} encrypt_se_ip_t; - -static unsigned encrypt_se_ip_writer(const uint8_t *, - unsigned, - __ops_error_t **, - __ops_writer_t *); -static void encrypt_se_ip_destroyer(__ops_writer_t *); - -/* */ - -/** -\ingroup Core_WritersNext -\brief Push Encrypted SE IP Writer onto stack -*/ -int -__ops_push_enc_se_ip(__ops_output_t *output, const __ops_key_t *pubkey, const char *cipher, int dont_use_subkey_to_encrypt) -{ - __ops_pk_sesskey_t *encrypted_pk_sesskey; - encrypt_se_ip_t *se_ip; - __ops_crypt_t *encrypted; - uint8_t *iv; - - if ((se_ip = calloc(1, sizeof(*se_ip))) == NULL) { - (void) fprintf(stderr, "__ops_push_enc_se_ip: bad alloc\n"); - return 0; - } - - /* Create and write encrypted PK session key */ - if ((encrypted_pk_sesskey = __ops_create_pk_sesskey(pubkey, cipher, dont_use_subkey_to_encrypt)) == NULL) { - (void) fprintf(stderr, "__ops_push_enc_se_ip: null pk sesskey\n"); - return 0; - } - __ops_write_pk_sesskey(output, encrypted_pk_sesskey); - - /* Setup the se_ip */ - if ((encrypted = calloc(1, sizeof(*encrypted))) == NULL) { - free(se_ip); - (void) fprintf(stderr, "__ops_push_enc_se_ip: bad alloc\n"); - return 0; - } - __ops_crypt_any(encrypted, encrypted_pk_sesskey->symm_alg); - if ((iv = calloc(1, encrypted->blocksize)) == NULL) { - free(se_ip); - free(encrypted); - (void) fprintf(stderr, "__ops_push_enc_se_ip: bad alloc\n"); - return 0; - } - encrypted->set_iv(encrypted, iv); - encrypted->set_crypt_key(encrypted, &encrypted_pk_sesskey->key[0]); - __ops_encrypt_init(encrypted); - - se_ip->crypt = encrypted; - - /* And push writer on stack */ - __ops_writer_push(output, encrypt_se_ip_writer, NULL, - encrypt_se_ip_destroyer, se_ip); - /* tidy up */ - free(encrypted_pk_sesskey); - free(iv); - return 1; -} - -static unsigned -encrypt_se_ip_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - const unsigned bufsz = 128; - encrypt_se_ip_t *se_ip = __ops_writer_get_arg(writer); - __ops_output_t *litoutput; - __ops_output_t *zoutput; - __ops_output_t *output; - __ops_memory_t *litmem; - __ops_memory_t *zmem; - __ops_memory_t *localmem; - unsigned ret = 1; - - __ops_setup_memory_write(&litoutput, &litmem, bufsz); - __ops_setup_memory_write(&zoutput, &zmem, bufsz); - __ops_setup_memory_write(&output, &localmem, bufsz); - - /* create literal data packet from source data */ - __ops_write_litdata(litoutput, src, (const int)len, OPS_LDT_BINARY); - if (__ops_mem_len(litmem) <= len) { - (void) fprintf(stderr, "encrypt_se_ip_writer: bad len\n"); - return 0; - } - - /* create compressed packet from literal data packet */ - __ops_writez(zoutput, __ops_mem_data(litmem), (unsigned)__ops_mem_len(litmem)); - - /* create SE IP packet set from this compressed literal data */ - __ops_write_se_ip_pktset(output, __ops_mem_data(zmem), - (unsigned)__ops_mem_len(zmem), - se_ip->crypt); - if (__ops_mem_len(localmem) <= __ops_mem_len(zmem)) { - (void) fprintf(stderr, - "encrypt_se_ip_writer: bad comp len\n"); - return 0; - } - - /* now write memory to next writer */ - ret = stacked_write(writer, __ops_mem_data(localmem), - (unsigned)__ops_mem_len(localmem), errors); - - __ops_memory_free(localmem); - __ops_memory_free(zmem); - __ops_memory_free(litmem); - - return ret; -} - -static void -encrypt_se_ip_destroyer(__ops_writer_t *writer) -{ - encrypt_se_ip_t *se_ip; - - se_ip = __ops_writer_get_arg(writer); - free(se_ip->crypt); - free(se_ip); -} - -unsigned -__ops_write_se_ip_pktset(__ops_output_t *output, - const uint8_t *data, - const unsigned len, - __ops_crypt_t *crypted) -{ - __ops_output_t *mdcoutput; - __ops_memory_t *mdc; - uint8_t hashed[OPS_SHA1_HASH_SIZE]; - uint8_t *preamble; - const size_t mdcsize = 1 + 1 + OPS_SHA1_HASH_SIZE; - size_t preamblesize; - size_t bufsize; - - preamblesize = crypted->blocksize + 2; - if ((preamble = calloc(1, preamblesize)) == NULL) { - (void) fprintf(stderr, "__ops_write_se_ip_pktset: bad alloc\n"); - return 0; - } - bufsize = preamblesize + len + mdcsize; - - if (!__ops_write_ptag(output, OPS_PTAG_CT_SE_IP_DATA) || - !__ops_write_length(output, (unsigned)(1 + bufsize)) || - !__ops_write_scalar(output, OPS_SE_IP_DATA_VERSION, 1)) { - free(preamble); - return 0; - } - __ops_random(preamble, crypted->blocksize); - preamble[crypted->blocksize] = preamble[crypted->blocksize - 2]; - preamble[crypted->blocksize + 1] = preamble[crypted->blocksize - 1]; - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "preamble", preamble, preamblesize); - } - - /* now construct MDC packet and add to the end of the buffer */ - __ops_setup_memory_write(&mdcoutput, &mdc, mdcsize); - __ops_calc_mdc_hash(preamble, preamblesize, data, len, &hashed[0]); - __ops_write_mdc(mdcoutput, hashed); - - if (__ops_get_debug_level(__FILE__)) { - hexdump(stderr, "plaintext", data, len); - hexdump(stderr, "mdc", __ops_mem_data(mdc), OPS_SHA1_HASH_SIZE + 1 + 1); - } - - /* and write it out */ - __ops_push_enc_crypt(output, crypted); - if (__ops_get_debug_level(__FILE__)) { - (void) fprintf(stderr, - "writing %" PRIsize "u + %u + %" PRIsize "u\n", - preamblesize, len, __ops_mem_len(mdc)); - } - if (!__ops_write(output, preamble, (unsigned)preamblesize) || - !__ops_write(output, data, len) || - !__ops_write(output, __ops_mem_data(mdc), (unsigned)__ops_mem_len(mdc))) { - /* \todo fix cleanup here and in old code functions */ - return 0; - } - - __ops_writer_pop(output); - - /* cleanup */ - __ops_teardown_memory_write(mdcoutput, mdc); - free(preamble); - - return 1; -} - -typedef struct { - int fd; -} writer_fd_t; - -static unsigned -fd_writer(const uint8_t *src, unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - writer_fd_t *writerfd; - int n; - - writerfd = __ops_writer_get_arg(writer); - n = (int)write(writerfd->fd, src, len); - if (n == -1) { - OPS_SYSTEM_ERROR_1(errors, OPS_E_W_WRITE_FAILED, "write", - "file descriptor %d", writerfd->fd); - return 0; - } - if ((unsigned) n != len) { - OPS_ERROR_1(errors, OPS_E_W_WRITE_TOO_SHORT, - "file descriptor %d", writerfd->fd); - return 0; - } - return 1; -} - -static void -writer_fd_destroyer(__ops_writer_t *writer) -{ - free(__ops_writer_get_arg(writer)); -} - -/** - * \ingroup Core_WritersFirst - * \brief Write to a File - * - * Set the writer in output to be a stock writer that writes to a file - * descriptor. If another writer has already been set, then that is - * first destroyed. - * - * \param output The output structure - * \param fd The file descriptor - * - */ - -void -__ops_writer_set_fd(__ops_output_t *output, int fd) -{ - writer_fd_t *writer; - - if ((writer = calloc(1, sizeof(*writer))) == NULL) { - (void) fprintf(stderr, "__ops_writer_set_fd: bad alloc\n"); - } else { - writer->fd = fd; - __ops_writer_set(output, fd_writer, NULL, writer_fd_destroyer, writer); - } -} - -static unsigned -memory_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - __ops_memory_t *mem; - - __OPS_USED(errors); - mem = __ops_writer_get_arg(writer); - __ops_memory_add(mem, src, len); - return 1; -} - -/** - * \ingroup Core_WritersFirst - * \brief Write to memory - * - * Set a memory writer. - * - * \param output The output structure - * \param mem The memory structure - * \note It is the caller's responsiblity to call __ops_memory_free(mem) - * \sa __ops_memory_free() - */ - -void -__ops_writer_set_memory(__ops_output_t *output, __ops_memory_t *mem) -{ - __ops_writer_set(output, memory_writer, NULL, NULL, mem); -} - -/**************************************************************************/ - -typedef struct { - __ops_hash_alg_t hash_alg; - __ops_hash_t hash; - uint8_t *hashed; -} skey_checksum_t; - -static unsigned -skey_checksum_writer(const uint8_t *src, - const unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - skey_checksum_t *sum; - unsigned ret = 1; - - sum = __ops_writer_get_arg(writer); - /* add contents to hash */ - sum->hash.add(&sum->hash, src, len); - /* write to next stacked writer */ - ret = stacked_write(writer, src, len, errors); - /* tidy up and return */ - return ret; -} - -static unsigned -skey_checksum_finaliser(__ops_error_t **errors, __ops_writer_t *writer) -{ - skey_checksum_t *sum; - - sum = __ops_writer_get_arg(writer); - if (errors && *errors) { - printf("errors in skey_checksum_finaliser\n"); - } - (*sum->hash.finish)(&sum->hash, sum->hashed); - return 1; -} - -static void -skey_checksum_destroyer(__ops_writer_t *writer) -{ - skey_checksum_t *sum; - - sum = __ops_writer_get_arg(writer); - free(sum); -} - -/** -\ingroup Core_WritersNext -\param output -\param seckey -*/ -void -__ops_push_checksum_writer(__ops_output_t *output, __ops_seckey_t *seckey) -{ - /* XXX: push a SHA-1 checksum writer (and change s2k to 254). */ - skey_checksum_t *sum; - - if ((sum = calloc(1, sizeof(*sum))) == NULL) { - (void) fprintf(stderr, - "__ops_push_checksum_writer: bad alloc\n"); - } else { - /* configure the arg */ - sum->hash_alg = seckey->hash_alg; - if ((sum->hashed = seckey->checkhash) == NULL) { - sum->hashed = seckey->checkhash = calloc(1, OPS_CHECKHASH_SIZE); - } - /* init the hash */ - __ops_hash_any(&sum->hash, sum->hash_alg); - if (!sum->hash.init(&sum->hash)) { - (void) fprintf(stderr, - "__ops_push_checksum_writer: bad hash init\n"); - /* just continue and die */ - /* XXX - agc - no way to return failure */ - } - __ops_writer_push(output, skey_checksum_writer, - skey_checksum_finaliser, skey_checksum_destroyer, sum); - } -} - -/**************************************************************************/ - -#define MAX_PARTIAL_DATA_LENGTH 1073741824 - -typedef struct { - __ops_crypt_t *crypt; - __ops_memory_t *mem_data; - __ops_memory_t *litmem; - __ops_output_t *litoutput; - __ops_memory_t *se_ip_mem; - __ops_output_t *se_ip_out; - __ops_hash_t hash; -} str_enc_se_ip_t; - - -static unsigned -str_enc_se_ip_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer); - -static unsigned -str_enc_se_ip_finaliser(__ops_error_t **errors, - __ops_writer_t * writer); - -static void str_enc_se_ip_destroyer(__ops_writer_t *writer); - -/* */ - -/** -\ingroup Core_WritersNext -\param output -\param pubkey -*/ -void -__ops_push_stream_enc_se_ip(__ops_output_t *output, const __ops_key_t *pubkey, const char *cipher) -{ - __ops_pk_sesskey_t *encrypted_pk_sesskey; - str_enc_se_ip_t *se_ip; - const unsigned bufsz = 1024; - __ops_crypt_t *encrypted; - uint8_t *iv; - - if ((se_ip = calloc(1, sizeof(*se_ip))) == NULL) { - (void) fprintf(stderr, - "__ops_push_stream_enc_se_ip: bad alloc\n"); - return; - } - encrypted_pk_sesskey = __ops_create_pk_sesskey(pubkey, cipher, 1); - __ops_write_pk_sesskey(output, encrypted_pk_sesskey); - - /* Setup the se_ip */ - if ((encrypted = calloc(1, sizeof(*encrypted))) == NULL) { - free(se_ip); - (void) fprintf(stderr, - "__ops_push_stream_enc_se_ip: bad alloc\n"); - return; - } - __ops_crypt_any(encrypted, encrypted_pk_sesskey->symm_alg); - if ((iv = calloc(1, encrypted->blocksize)) == NULL) { - free(encrypted); - free(se_ip); - (void) fprintf(stderr, - "__ops_push_stream_enc_se_ip: bad alloc\n"); - return; - } - encrypted->set_iv(encrypted, iv); - encrypted->set_crypt_key(encrypted, &encrypted_pk_sesskey->key[0]); - __ops_encrypt_init(encrypted); - - se_ip->crypt = encrypted; - - se_ip->mem_data = __ops_memory_new(); - __ops_memory_init(se_ip->mem_data, bufsz); - - se_ip->litmem = NULL; - se_ip->litoutput = NULL; - - __ops_setup_memory_write(&se_ip->se_ip_out, &se_ip->se_ip_mem, bufsz); - - /* And push writer on stack */ - __ops_writer_push(output, - str_enc_se_ip_writer, - str_enc_se_ip_finaliser, - str_enc_se_ip_destroyer, se_ip); - /* tidy up */ - free(encrypted_pk_sesskey); - free(iv); -} - - -/* calculate the partial data length */ -static unsigned -__ops_partial_data_len(unsigned len) -{ - unsigned mask; - int i; - - if (len == 0) { - (void) fprintf(stderr, "__ops_partial_data_len: 0 len\n"); - return 0; - } - if (len > MAX_PARTIAL_DATA_LENGTH) { - return MAX_PARTIAL_DATA_LENGTH; - } - mask = MAX_PARTIAL_DATA_LENGTH; - for (i = 0; i <= 30; i++) { - if (mask & len) { - break; - } - mask >>= 1; - } - return mask; -} - -static unsigned -write_partial_len(__ops_output_t *output, unsigned len) -{ - /* len must be a power of 2 from 0 to 30 */ - uint8_t c; - int i; - - for (i = 0; i <= 30; i++) { - if ((len >> i) & 1) { - break; - } - } - c = 224 + i; - return __ops_write(output, &c, 1); -} - -static unsigned -stream_write_litdata(__ops_output_t *output, - const uint8_t *data, - unsigned len) -{ - size_t pdlen; - - while (len > 0) { - pdlen = __ops_partial_data_len(len); - write_partial_len(output, (unsigned)pdlen); - __ops_write(output, data, (unsigned)pdlen); - data += pdlen; - len -= (unsigned)pdlen; - } - return 1; -} - -static unsigned -stream_write_litdata_first(__ops_output_t *output, - const uint8_t *data, - unsigned len, - const __ops_litdata_enum type) -{ - /* \todo add filename */ - /* \todo add date */ - /* \todo do we need to check text data for <cr><lf> line endings ? */ - - unsigned sz_towrite; - size_t sz_pd; - - sz_towrite = 1 + 1 + 4 + len; - sz_pd = (size_t)__ops_partial_data_len(sz_towrite); - if (sz_pd < 512) { - (void) fprintf(stderr, - "stream_write_litdata_first: bad sz_pd\n"); - return 0; - } - __ops_write_ptag(output, OPS_PTAG_CT_LITDATA); - write_partial_len(output, (unsigned)sz_pd); - __ops_write_scalar(output, (unsigned)type, 1); - __ops_write_scalar(output, 0, 1); - __ops_write_scalar(output, 0, 4); - __ops_write(output, data, (unsigned)(sz_pd - 6)); - - data += (sz_pd - 6); - sz_towrite -= (unsigned)sz_pd; - - return stream_write_litdata(output, data, (unsigned)sz_towrite); -} - -static unsigned -stream_write_litdata_last(__ops_output_t *output, - const uint8_t *data, - unsigned len) -{ - __ops_write_length(output, len); - return __ops_write(output, data, len); -} - -static unsigned -stream_write_se_ip(__ops_output_t *output, - const uint8_t *data, - unsigned len, - str_enc_se_ip_t *se_ip) -{ - size_t pdlen; - - while (len > 0) { - pdlen = __ops_partial_data_len(len); - write_partial_len(output, (unsigned)pdlen); - - __ops_push_enc_crypt(output, se_ip->crypt); - __ops_write(output, data, (unsigned)pdlen); - __ops_writer_pop(output); - - se_ip->hash.add(&se_ip->hash, data, (unsigned)pdlen); - - data += pdlen; - len -= (unsigned)pdlen; - } - return 1; -} - -static unsigned -stream_write_se_ip_first(__ops_output_t *output, - const uint8_t *data, - unsigned len, - str_enc_se_ip_t *se_ip) -{ - uint8_t *preamble; - size_t blocksize; - size_t preamblesize; - size_t sz_towrite; - size_t sz_pd; - - blocksize = se_ip->crypt->blocksize; - preamblesize = blocksize + 2; - sz_towrite = preamblesize + 1 + len; - if ((preamble = calloc(1, preamblesize)) == NULL) { - (void) fprintf(stderr, - "stream_write_se_ip_first: bad alloc\n"); - return 0; - } - sz_pd = (size_t)__ops_partial_data_len((unsigned)sz_towrite); - if (sz_pd < 512) { - free(preamble); - (void) fprintf(stderr, - "stream_write_se_ip_first: bad sz_pd\n"); - return 0; - } - __ops_write_ptag(output, OPS_PTAG_CT_SE_IP_DATA); - write_partial_len(output, (unsigned)sz_pd); - __ops_write_scalar(output, OPS_SE_IP_DATA_VERSION, 1); - __ops_push_enc_crypt(output, se_ip->crypt); - - __ops_random(preamble, blocksize); - preamble[blocksize] = preamble[blocksize - 2]; - preamble[blocksize + 1] = preamble[blocksize - 1]; - __ops_hash_any(&se_ip->hash, OPS_HASH_SHA1); - if (!se_ip->hash.init(&se_ip->hash)) { - free(preamble); - (void) fprintf(stderr, - "stream_write_se_ip_first: bad hash init\n"); - return 0; - } - __ops_write(output, preamble, (unsigned)preamblesize); - se_ip->hash.add(&se_ip->hash, preamble, (unsigned)preamblesize); - __ops_write(output, data, (unsigned)(sz_pd - preamblesize - 1)); - se_ip->hash.add(&se_ip->hash, data, (unsigned)(sz_pd - preamblesize - 1)); - data += (sz_pd - preamblesize - 1); - sz_towrite -= sz_pd; - __ops_writer_pop(output); - stream_write_se_ip(output, data, (unsigned)sz_towrite, se_ip); - free(preamble); - return 1; -} - -static unsigned -stream_write_se_ip_last(__ops_output_t *output, - const uint8_t *data, - unsigned len, - str_enc_se_ip_t *se_ip) -{ - __ops_output_t *mdcoutput; - __ops_memory_t *mdcmem; - const size_t mdcsize = 1 + 1 + OPS_SHA1_HASH_SIZE; - uint8_t c; - uint8_t hashed[OPS_SHA1_HASH_SIZE]; - size_t bufsize = len + mdcsize; - - se_ip->hash.add(&se_ip->hash, data, len); - - /* MDC packet tag */ - c = MDC_PKT_TAG; - se_ip->hash.add(&se_ip->hash, &c, 1); - - /* MDC packet len */ - c = OPS_SHA1_HASH_SIZE; - se_ip->hash.add(&se_ip->hash, &c, 1); - - /* finish */ - se_ip->hash.finish(&se_ip->hash, hashed); - - __ops_setup_memory_write(&mdcoutput, &mdcmem, mdcsize); - __ops_write_mdc(mdcoutput, hashed); - - /* write length of last se_ip chunk */ - __ops_write_length(output, (unsigned)bufsize); - - /* encode everting */ - __ops_push_enc_crypt(output, se_ip->crypt); - - __ops_write(output, data, len); - __ops_write(output, __ops_mem_data(mdcmem), (unsigned)__ops_mem_len(mdcmem)); - - __ops_writer_pop(output); - - __ops_teardown_memory_write(mdcoutput, mdcmem); - - return 1; -} - -static unsigned -str_enc_se_ip_writer(const uint8_t *src, - unsigned len, - __ops_error_t **errors, - __ops_writer_t *writer) -{ - str_enc_se_ip_t *se_ip; - unsigned ret; - size_t datalength; - - se_ip = __ops_writer_get_arg(writer); - ret = 1; - if (se_ip->litoutput == NULL) { - /* first literal data chunk is not yet written */ - - __ops_memory_add(se_ip->mem_data, src, len); - datalength = __ops_mem_len(se_ip->mem_data); - - /* 4.2.2.4. Partial Body Lengths */ - /* The first partial length MUST be at least 512 octets long. */ - if (datalength < 512) { - return 1; /* will wait for more data or - * end of stream */ - } - __ops_setup_memory_write(&se_ip->litoutput, - &se_ip->litmem, datalength + 32); - stream_write_litdata_first(se_ip->litoutput, - __ops_mem_data(se_ip->mem_data), - (unsigned)datalength, - OPS_LDT_BINARY); - - stream_write_se_ip_first(se_ip->se_ip_out, - __ops_mem_data(se_ip->litmem), - (unsigned)__ops_mem_len(se_ip->litmem), se_ip); - } else { - stream_write_litdata(se_ip->litoutput, src, len); - stream_write_se_ip(se_ip->se_ip_out, - __ops_mem_data(se_ip->litmem), - (unsigned)__ops_mem_len(se_ip->litmem), se_ip); - } - - /* now write memory to next writer */ - ret = stacked_write(writer, __ops_mem_data(se_ip->se_ip_mem), - (unsigned)__ops_mem_len(se_ip->se_ip_mem), errors); - - __ops_memory_clear(se_ip->litmem); - __ops_memory_clear(se_ip->se_ip_mem); - - return ret; -} - -/* write last chunk of data */ -static unsigned -str_enc_se_ip_finaliser(__ops_error_t **errors, __ops_writer_t *writer) -{ - str_enc_se_ip_t *se_ip; - - se_ip = __ops_writer_get_arg(writer); - if (se_ip->litoutput == NULL) { - /* first literal data chunk was not written */ - /* so we know the total length of data, write a simple packet */ - - /* create literal data packet from buffered data */ - __ops_setup_memory_write(&se_ip->litoutput, &se_ip->litmem, - __ops_mem_len(se_ip->mem_data) + 32); - - __ops_write_litdata(se_ip->litoutput, - __ops_mem_data(se_ip->mem_data), - (const int)__ops_mem_len(se_ip->mem_data), - OPS_LDT_BINARY); - - /* create SE IP packet set from this literal data */ - __ops_write_se_ip_pktset(se_ip->se_ip_out, - __ops_mem_data(se_ip->litmem), - (unsigned)__ops_mem_len(se_ip->litmem), - se_ip->crypt); - - } else { - /* finish writing */ - stream_write_litdata_last(se_ip->litoutput, NULL, 0); - stream_write_se_ip_last(se_ip->se_ip_out, - __ops_mem_data(se_ip->litmem), - (unsigned)__ops_mem_len(se_ip->litmem), se_ip); - } - - /* now write memory to next writer */ - return stacked_write(writer, __ops_mem_data(se_ip->se_ip_mem), - (unsigned)__ops_mem_len(se_ip->se_ip_mem), errors); -} - -static void -str_enc_se_ip_destroyer(__ops_writer_t *writer) -{ - str_enc_se_ip_t *se_ip; - - se_ip = __ops_writer_get_arg(writer); - __ops_memory_free(se_ip->mem_data); - __ops_teardown_memory_write(se_ip->litoutput, se_ip->litmem); - __ops_teardown_memory_write(se_ip->se_ip_out, se_ip->se_ip_mem); - - se_ip->crypt->decrypt_finish(se_ip->crypt); - - free(se_ip->crypt); - free(se_ip); -} diff --git a/enzevalos_iphone/netpgp/lib/writer.h b/enzevalos_iphone/netpgp/lib/writer.h deleted file mode 100644 index b069f81c..00000000 --- a/enzevalos_iphone/netpgp/lib/writer.h +++ /dev/null @@ -1,119 +0,0 @@ -/*- - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Alistair Crooks (agc@NetBSD.org) - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) - * All rights reserved. - * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted - * their moral rights under the UK Copyright Design and Patents Act 1988 to - * be recorded as the authors of this copyright work. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. - * - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** \file - */ - -#ifndef WRITER_H_ -#define WRITER_H_ - -#include "types.h" -#include "packet.h" -#include "crypto.h" -#include "errors.h" -#include "keyring.h" - -/** - * \ingroup Writer - * the writer function prototype - */ - -typedef struct __ops_writer_t __ops_writer_t; -typedef unsigned __ops_writer_func_t(const uint8_t *, - unsigned, - __ops_error_t **, - __ops_writer_t *); -typedef unsigned -__ops_writer_finaliser_t(__ops_error_t **, __ops_writer_t *); -typedef void __ops_writer_destroyer_t(__ops_writer_t *); - -/** Writer settings */ -struct __ops_writer_t { - __ops_writer_func_t *writer; /* the writer itself */ - __ops_writer_finaliser_t *finaliser; /* the writer's finaliser */ - __ops_writer_destroyer_t *destroyer; /* the writer's destroyer */ - void *arg; /* writer-specific argument */ - __ops_writer_t *next; /* next writer in the stack */ - __ops_io_t *io; /* IO for errors and output */ -}; - - -void *__ops_writer_get_arg(__ops_writer_t *); - -void __ops_writer_set(__ops_output_t *, - __ops_writer_func_t *, - __ops_writer_finaliser_t *, - __ops_writer_destroyer_t *, - void *); -void __ops_writer_push(__ops_output_t *, - __ops_writer_func_t *, - __ops_writer_finaliser_t *, - __ops_writer_destroyer_t *, - void *); -void __ops_writer_pop(__ops_output_t *); -unsigned __ops_writer_passthrough(const uint8_t *, - unsigned, - __ops_error_t **, - __ops_writer_t *); - -void __ops_writer_set_fd(__ops_output_t *, int); -unsigned __ops_writer_close(__ops_output_t *); - -unsigned __ops_write(__ops_output_t *, const void *, unsigned); -unsigned __ops_write_length(__ops_output_t *, unsigned); -unsigned __ops_write_ptag(__ops_output_t *, __ops_content_enum); -unsigned __ops_write_scalar(__ops_output_t *, unsigned, unsigned); -unsigned __ops_write_mpi(__ops_output_t *, const BIGNUM *); - -void __ops_writer_info_delete(__ops_writer_t *); -unsigned __ops_writer_info_finalise(__ops_error_t **, __ops_writer_t *); - -void __ops_push_stream_enc_se_ip(__ops_output_t *, const __ops_key_t *, const char *); - -#endif /* WRITER_H_ */ -- GitLab