2 * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21 #include <linux/kernel.h>
22 #include <linux/slab.h>
23 #include <asm/errno.h>
26 static inline uint32_t buffer_to_u32(const uint8_t *buffer)
36 static inline uint16_t read_16(const uint8_t **datap)
44 static inline uint32_t read_32(const uint8_t **datap)
47 a = *(*datap)++ << 24;
48 a |= *(*datap)++ << 16;
49 a |= *(*datap)++ << 8;
54 void ksign_free_signature(struct ksign_signature *sig)
59 for (i = 0; i < DSA_NSIG; i++)
60 mpi_free(sig->data[i]);
61 kfree(sig->hashed_data);
62 kfree(sig->unhashed_data);
67 void ksign_free_public_key(struct ksign_public_key *pk)
72 for (i = 0; i < DSA_NPKEY; i++)
73 mpi_free(pk->pkey[i]);
78 void ksign_free_user_id(struct ksign_user_id *uid)
86 static void ksign_calc_pk_keyid(struct hash_desc *sha1,
87 struct ksign_public_key *pk)
90 unsigned nb[DSA_NPKEY];
91 unsigned nn[DSA_NPKEY];
92 uint8_t *pp[DSA_NPKEY];
95 int npkey = DSA_NPKEY;
97 crypto_hash_init(sha1);
99 n = pk->version < 4 ? 8 : 6;
100 for (i = 0; i < npkey; i++) {
101 nb[i] = mpi_get_nbits(pk->pkey[i]);
102 pp[i] = mpi_get_buffer( pk->pkey[i], nn + i, NULL);
106 SHA1_putc(sha1, 0x99); /* ctb */
107 SHA1_putc(sha1, n >> 8); /* 2 uint8_t length header */
116 SHA1_putc(sha1, a32 >> 24 );
117 SHA1_putc(sha1, a32 >> 16 );
118 SHA1_putc(sha1, a32 >> 8 );
119 SHA1_putc(sha1, a32 >> 0 );
121 if (pk->version < 4) {
126 ((pk->expiredate - pk->timestamp) / 86400L);
129 SHA1_putc(sha1, a16 >> 8);
130 SHA1_putc(sha1, a16 >> 0);
133 SHA1_putc(sha1, PUBKEY_ALGO_DSA);
135 for (i = 0; i < npkey; i++) {
136 SHA1_putc(sha1, nb[i] >> 8);
137 SHA1_putc(sha1, nb[i]);
138 SHA1_write(sha1, pp[i], nn[i]);
144 * parse a user ID embedded in a signature
146 static int ksign_parse_user_id(const uint8_t *datap, const uint8_t *endp,
147 ksign_user_id_actor_t uidfnx, void *fnxdata)
149 struct ksign_user_id *uid;
157 uid = kmalloc(sizeof(*uid) + n + 1, GFP_KERNEL);
162 memcpy(uid->name, datap, n);
165 rc = uidfnx(uid, fnxdata);
167 return rc; /* uidfnx keeps the record */
171 ksign_free_user_id(uid);
176 * extract a public key embedded in a signature
178 static int ksign_parse_key(const uint8_t *datap, const uint8_t *endp,
179 uint8_t *hdr, int hdrlen,
180 ksign_public_key_actor_t pkfnx, void *fnxdata)
182 struct ksign_public_key *pk;
183 struct hash_desc sha1;
184 unsigned long timestamp, expiredate;
185 uint8_t hash[SHA1_DIGEST_SIZE];
190 if (endp - datap < 12) {
191 printk("ksign: public key packet too short\n");
203 printk("ksign: public key packet with unknown version %d\n",
208 timestamp = read_32(&datap);
210 expiredate = 0; /* have to get it from the selfsignature */
212 unsigned short ndays;
213 ndays = read_16(&datap);
215 expiredate = timestamp + ndays * 86400L;
220 if (*datap++ != PUBKEY_ALGO_DSA) {
221 printk("ksign: public key packet with unknown version %d\n",
226 /* extract the stuff from the DSA public key */
227 pk = kzalloc(sizeof(struct ksign_public_key), GFP_KERNEL);
231 atomic_set(&pk->count, 1);
232 pk->timestamp = timestamp;
233 pk->expiredate = expiredate;
234 pk->hdrbytes = hdrlen;
235 pk->version = version;
237 for (i = 0; i < DSA_NPKEY; i++) {
238 unsigned int remaining = endp - datap;
239 pk->pkey[i] = mpi_read_from_buffer(datap, &remaining);
245 sha1.tfm = crypto_hash_cast(crypto_alloc_tfm2("sha1", 0, 1));
250 ksign_calc_pk_keyid(&sha1, pk);
251 crypto_hash_final(&sha1, hash);
252 crypto_free_hash(sha1.tfm);
254 pk->keyid[0] = hash[12] << 24 | hash[13] << 16 | hash[14] << 8 | hash[15];
255 pk->keyid[1] = hash[16] << 24 | hash[17] << 16 | hash[18] << 8 | hash[19];
259 rc = pkfnx(pk, fnxdata);
262 ksign_put_public_key(pk);
267 * find an element representing the issuer
269 static const uint8_t *ksign_find_sig_issuer(const uint8_t *buffer)
279 buflen = read_16(&buffer);
281 n = *buffer++; buflen--;
285 n = read_32(&buffer);
287 } else if (n >= 192) {
290 n = ((n - 192) << 8) + *buffer + 192;
298 type = *buffer & 0x7f;
301 } else if (type == SIGSUBPKT_ISSUER) {
305 if (n > buflen || n < 8)
315 return NULL; /* end of subpackets; not found */
319 * extract signature data embedded in a signature
321 static int ksign_parse_signature(const uint8_t *datap, const uint8_t *endp,
322 ksign_signature_actor_t sigfnx, void *fnxdata)
324 struct ksign_signature *sig;
326 int version, is_v4 = 0;
330 if (endp - datap < 16) {
331 printk("ksign: signature packet too short\n");
343 printk("ksign: signature packet with unknown version %d\n",
348 /* store information */
349 sig = kzalloc(sizeof(*sig), GFP_KERNEL);
353 sig->version = version;
356 datap++; /* ignore md5 length */
358 sig->sig_class = *datap++;
360 sig->timestamp = read_32(&datap);
361 sig->keyid[0] = read_32(&datap);
362 sig->keyid[1] = read_32(&datap);
366 if (*datap++ != PUBKEY_ALGO_DSA) {
367 printk("ksign: ignoring non-DSA signature\n");
370 if (*datap++ != DIGEST_ALGO_SHA1) {
371 printk("ksign: ignoring non-SHA1 signature\n");
377 /* read subpackets */
378 n = read_16(&datap); /* length of hashed data */
380 printk("ksign: signature packet:"
381 " hashed data too long\n");
385 if ((size_t)(endp - datap) < n) {
386 printk("ksign: signature packet:"
387 " available data too short\n");
390 sig->hashed_data = kmalloc(n + 2, GFP_KERNEL);
391 if (!sig->hashed_data) {
395 sig->hashed_data[0] = n >> 8;
396 sig->hashed_data[1] = n;
397 memcpy(sig->hashed_data + 2, datap, n);
401 n = read_16(&datap); /* length of unhashed data */
403 printk("ksign: signature packet:"
404 " unhashed data too long\n");
408 if ((size_t) (endp - datap) < n) {
409 printk("ksign: signature packet:"
410 " available data too short\n");
413 sig->unhashed_data = kmalloc(n + 2, GFP_KERNEL);
414 if (!sig->unhashed_data) {
418 sig->unhashed_data[0] = n >> 8;
419 sig->unhashed_data[1] = n;
420 memcpy(sig->unhashed_data + 2, datap, n);
425 if (endp - datap < 5) { /* sanity check */
426 printk("ksign: signature packet too short\n");
430 sig->digest_start[0] = *datap++;
431 sig->digest_start[1] = *datap++;
436 p = ksign_find_sig_issuer(sig->hashed_data);
438 p = ksign_find_sig_issuer(sig->unhashed_data);
440 printk("ksign: signature packet without issuer\n");
442 sig->keyid[0] = buffer_to_u32(p);
443 sig->keyid[1] = buffer_to_u32(p + 4);
447 for (i = 0; i < DSA_NSIG; i++) {
448 unsigned remaining = endp - datap;
449 sig->data[i] = mpi_read_from_buffer(datap, &remaining);
455 rc = sigfnx(sig, fnxdata);
457 return rc; /* sigfnx keeps the signature */
463 ksign_free_signature(sig);
468 * parse the next packet and call appropriate handler function for known types
471 * 1 if there might be more packets
472 * -EBADMSG if the packet is in an invalid format
475 static int ksign_parse_one_packet(const uint8_t **datap,
477 ksign_signature_actor_t sigfnx,
478 ksign_public_key_actor_t pkfnx,
479 ksign_user_id_actor_t uidfnx,
482 int rc, c, ctb, pkttype, lenuint8_ts;
483 unsigned long pktlen;
487 /* extract the next packet and dispatch it */
498 printk("ksign: invalid packet (ctb=%02x)\n", ctb);
504 pkttype = ctb & 0x3f;
505 if (*datap >= endp) {
506 printk("ksign: 1st length byte missing\n");
514 } else if (c < 224) {
515 pktlen = (c - 192) * 256;
516 if (*datap >= endp) {
517 printk("ksign: 2nd length uint8_t missing\n");
523 } else if (c == 255) {
524 if (*datap + 3 >= endp) {
525 printk("ksign: 4 uint8_t length invalid\n");
528 pktlen = (hdr[hdrlen++] = *(*datap)++ << 24);
529 pktlen |= (hdr[hdrlen++] = *(*datap)++ << 16);
530 pktlen |= (hdr[hdrlen++] = *(*datap)++ << 8);
531 pktlen |= (hdr[hdrlen++] = *(*datap)++ << 0);
533 pktlen = 0;/* to indicate partial length */
536 pkttype = (ctb >> 2) & 0xf;
537 lenuint8_ts = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
539 pktlen = 0; /* don't know the value */
541 if (*datap + lenuint8_ts > endp) {
542 printk("ksign: length uint8_ts missing\n");
545 for( ; lenuint8_ts; lenuint8_ts-- ) {
547 pktlen |= hdr[hdrlen++] = *(*datap)++;
552 if (*datap + pktlen > endp) {
553 printk("ksign: packet length longer than available data\n");
557 /* deal with the next packet appropriately */
560 rc = ksign_parse_key(*datap, *datap + pktlen, hdr, hdrlen,
564 rc = ksign_parse_signature(*datap, *datap + pktlen,
568 rc = ksign_parse_user_id(*datap, *datap + pktlen,
572 rc = 0; /* unknown packet */
582 * parse the contents of a packet buffer, passing the signature, public key and
583 * user ID to the caller's callback functions
585 int ksign_parse_packets(const uint8_t *buf,
587 ksign_signature_actor_t sigfnx,
588 ksign_public_key_actor_t pkfnx,
589 ksign_user_id_actor_t uidfnx,
592 const uint8_t *datap, *endp;
598 rc = ksign_parse_one_packet(&datap, endp,
599 sigfnx, pkfnx, uidfnx, data);
600 } while (rc == 0 && datap < endp);