decodekey.c

   1 /*
   2  * decodekey.c - Routines to further decode an OpenPGP key.
   3  *
   4  * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
   5  *
   6  * This program is free software: you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; version 2 of the License.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  13  * more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along with
  16  * this program; if not, write to the Free Software Foundation, Inc., 51
  17  * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  */
  19
  20 #include <stdbool.h>
  21 #include <stdio.h>
  22 #include <stdlib.h>
  23 #include <string.h>
  24 #include <time.h>
  25
  26 #include "decodekey.h"
  27 #include "hash.h"
  28 #include "keyid.h"
  29 #include "keystructs.h"
  30 #include "ll.h"
  31 #include "log.h"
  32 #include "openpgp.h"
  33
  34 /*
  35  *      parse_subpackets - Parse the subpackets of a Type 4 signature.
  36  *      @data: The subpacket data.
  37  *      @keyid: A pointer to where we should return the keyid.
  38  *      @creationtime: A pointer to where we should return the creation time.
  39  *
  40  *      This function parses the subkey data of a Type 4 signature and fills
  41  *      in the supplied variables. It also returns the length of the data
  42  *      processed. If the value of any piece of data is not desired a NULL
  43  *      can be passed instead of a pointer to a storage area for that value.
  44  */
  45 int parse_subpackets(unsigned char *data, uint64_t *keyid, time_t *creation)
  46 {
  47         int offset = 0;
  48         int length = 0;
  49         int packetlen = 0;
  50
  51         log_assert(data != NULL);
  52
  53         length = (data[0] << 8) + data[1] + 2;
  54
  55         offset = 2;
  56         while (offset < length) {
  57                 packetlen = data[offset++];
  58                 if (packetlen > 191 && packetlen < 255) {
  59                         packetlen = ((packetlen - 192) << 8) +
  60                                         data[offset++] + 192;
  61                 } else if (packetlen == 255) {
  62                         packetlen = data[offset++];
  63                         packetlen <<= 8;
  64                         packetlen = data[offset++];
  65                         packetlen <<= 8;
  66                         packetlen = data[offset++];
  67                         packetlen <<= 8;
  68                         packetlen = data[offset++];
  69                 }
  70                 switch (data[offset] & 0x7F) {
  71                 case OPENPGP_SIGSUB_CREATION:
  72                         /*
  73                          * Signature creation time.
  74                          */
  75                         if (creation != NULL) {
  76                                 *creation = data[offset + packetlen - 4];
  77                                 *creation <<= 8;
  78                                 *creation = data[offset + packetlen - 3];
  79                                 *creation <<= 8;
  80                                 *creation = data[offset + packetlen - 2];
  81                                 *creation <<= 8;
  82                                 *creation = data[offset + packetlen - 1];
  83                         }
  84                         break;
  85                         /*
  86                          * Signature expiration time. Might want to output this?
  87                          */
  88                         break;
  89                 case OPENPGP_SIGSUB_ISSUER:
  90                         if (keyid != NULL) {
  91                                 *keyid = data[offset+packetlen - 8];
  92                                 *keyid <<= 8;
  93                                 *keyid += data[offset+packetlen - 7];
  94                                 *keyid <<= 8;
  95                                 *keyid += data[offset+packetlen - 6];
  96                                 *keyid <<= 8;
  97                                 *keyid += data[offset+packetlen - 5];
  98                                 *keyid <<= 8;
  99                                 *keyid += data[offset+packetlen - 4];
 100                                 *keyid <<= 8;
 101                                 *keyid += data[offset+packetlen - 3];
 102                                 *keyid <<= 8;
 103                                 *keyid += data[offset+packetlen - 2];
 104                                 *keyid <<= 8;
 105                                 *keyid += data[offset+packetlen - 1];
 106                         }
 107                         break;
 108                 case OPENPGP_SIGSUB_EXPIRY:
 109                 case OPENPGP_SIGSUB_EXPORTABLE:
 110                 case OPENPGP_SIGSUB_TRUSTSIG:
 111                 case OPENPGP_SIGSUB_REGEX:
 112                 case OPENPGP_SIGSUB_KEYEXPIRY:
 113                 case OPENPGP_SIGSUB_PREFSYM:
 114                 case OPENPGP_SIGSUB_NOTATION:
 115                 case OPENPGP_SIGSUB_PREFHASH:
 116                 case OPENPGP_SIGSUB_PREFCOMPRESS:
 117                 case OPENPGP_SIGSUB_KEYSERVER:
 118                 case OPENPGP_SIGSUB_PRIMARYUID:
 119                 case OPENPGP_SIGSUB_POLICYURI:
 120                 case OPENPGP_SIGSUB_KEYFLAGS:
 121                         /*
 122                          * Various subpacket types we know about, but don't
 123                          * currently handle. Some are candidates for being
 124                          * supported if we add signature checking support.
 125                          */
 126                         break;
 127                 default:
 128                         /*
 129                          * We don't care about unrecognized packets unless bit
 130                          * 7 is set in which case we log a major error.
 131                          */
 132                         if (data[offset] & 0x80) {
 133                                 logthing(LOGTHING_CRITICAL,
 134                                 "Critical subpacket type not parsed: 0x%X",
 135                                         data[offset]);
 136                         }
 137
 138                 }
 139                 offset += packetlen;
 140         }
 141
 142         return length;
 143 }
 144
 145 /**
 146  *      keysigs - Return the sigs on a given OpenPGP signature list.
 147  *      @curll: The current linked list. Can be NULL to create a new list.
 148  *      @sigs: The signature list we want the sigs on.
 149  *
 150  *      Returns a linked list of stats_key elements containing the sigs on the
 151  *      supplied OpenPGP packet list.
 152  */
 153 struct ll *keysigs(struct ll *curll,
 154                 struct openpgp_packet_list *sigs)
 155 {
 156         uint64_t keyid = 0;
 157
 158         while (sigs != NULL) {
 159                 keyid = sig_keyid(sigs->packet);
 160                 sigs = sigs->next;
 161                 curll = lladd(curll, createandaddtohash(keyid));
 162         }
 163
 164         return curll;
 165 }
 166
 167 /**
 168  *      sig_info - Get info on a given OpenPGP signature packet
 169  *      @packet: The signature packet
 170  *      @keyid: A pointer for where to return the signature keyid
 171  *      @creation: A pointer for where to return the signature creation time
 172  *
 173  *      Gets any info about a signature packet; parses the subpackets for a v4
 174  *      key or pulls the data directly from v2/3. NULL can be passed for any
 175  *      values which aren't cared about.
 176  */
 177 void sig_info(struct openpgp_packet *packet, uint64_t *keyid, time_t *creation)
 178 {
 179         int length = 0;
 180
 181         if (packet != NULL) {
 182                 switch (packet->data[0]) {
 183                 case 2:
 184                 case 3:
 185                         if (keyid != NULL) {
 186                                 *keyid = packet->data[7];
 187                                 *keyid <<= 8;
 188                                 *keyid += packet->data[8];
 189                                 *keyid <<= 8;
 190                                 *keyid += packet->data[9];
 191                                 *keyid <<= 8;
 192                                 *keyid += packet->data[10];
 193                                 *keyid <<= 8;
 194                                 *keyid += packet->data[11];
 195                                 *keyid <<= 8;
 196                                 *keyid += packet->data[12];
 197                                 *keyid <<= 8;
 198                                 *keyid += packet->data[13];
 199                                 *keyid <<= 8;
 200                                 *keyid += packet->data[14];
 201                         }
 202                         if (creation != NULL) {
 203                                 *creation = packet->data[3];
 204                                 *creation <<= 8;
 205                                 *creation = packet->data[4];
 206                                 *creation <<= 8;
 207                                 *creation = packet->data[5];
 208                                 *creation <<= 8;
 209                                 *creation = packet->data[6];
 210                         }
 211                         break;
 212                 case 4:
 213                         length = parse_subpackets(&packet->data[4],
 214                                         keyid, creation);
 215                         parse_subpackets(&packet->data[length + 4],
 216                                         keyid, creation);
 217                         /*
 218                          * Don't bother to look at the unsigned packets.
 219                          */
 220                         break;
 221                 default:
 222                         break;
 223                 }
 224         }
 225
 226         return;
 227 }
 228
 229 /**
 230  *      sig_keyid - Return the keyid for a given OpenPGP signature packet.
 231  *      @packet: The signature packet.
 232  *
 233  *      Returns the keyid for the supplied signature packet.
 234  */
 235 uint64_t sig_keyid(struct openpgp_packet *packet)
 236 {
 237         uint64_t keyid = 0;
 238
 239         sig_info(packet, &keyid, NULL);
 240
 241         return keyid;
 242 }
 243
 244
 245 /*
 246  * TODO: Abstract out; all our linked lists should be generic and then we can
 247  * llsize them.
 248  */
 249 int spsize(struct openpgp_signedpacket_list *list)
 250 {
 251         int size = 0;
 252         struct openpgp_signedpacket_list *cur;
 253
 254         for (cur = list; cur != NULL; cur = cur->next, size++) ;
 255
 256         return size;
 257 }
 258
 259 /**
 260  *      keyuids - Takes a key and returns an array of its UIDs
 261  *      @key: The key to get the uids of.
 262  *      @primary: A pointer to store the primary UID in.
 263  *
 264  *      keyuids takes a public key structure and builds an array of the UIDs
 265  *      on the key. It also attempts to work out the primary UID and returns a
 266  *      separate pointer to that particular element of the array.
 267  */
 268 char **keyuids(struct openpgp_publickey *key, char **primary)
 269 {
 270         struct openpgp_signedpacket_list *curuid = NULL;
 271         char buf[1024];
 272         char **uids = NULL;
 273         int count = 0;
 274
 275         if (primary != NULL) {
 276                 *primary = NULL;
 277         }
 278
 279         if (key != NULL && key->uids != NULL) {
 280                 uids = malloc((spsize(key->uids) + 1) * sizeof (char *));
 281
 282                 curuid = key->uids;
 283                 while (curuid != NULL) {
 284                         buf[0] = 0;
 285                         if (curuid->packet->tag == OPENPGP_PACKET_UID) {
 286                                 snprintf(buf, 1023, "%.*s",
 287                                                 (int) curuid->packet->length,
 288                                                 curuid->packet->data);
 289                                 uids[count++] = strdup(buf);
 290                         }
 291                         curuid = curuid -> next;
 292                 }
 293                 uids[count] = NULL;
 294
 295                 /*
 296                  * TODO: Parse subpackets for real primary ID (v4 keys)
 297                  */
 298                 if (primary != NULL) {
 299                         *primary = uids[0];
 300                 }
 301         }
 302
 303         return uids;
 304 }
 305
 306 /**
 307  *      keysubkeys - Takes a key and returns an array of its subkey keyids.
 308  *      @key: The key to get the subkeys of.
 309  *
 310  *      keysubkeys takes a public key structure and returns an array of the
 311  *      subkey keyids for that key.
 312  */
 313 uint64_t *keysubkeys(struct openpgp_publickey *key)
 314 {
 315         struct openpgp_signedpacket_list *cursubkey = NULL;
 316         uint64_t                         *subkeys = NULL;
 317         int                               count = 0;
 318
 319         if (key != NULL && key->subkeys != NULL) {
 320                 subkeys = malloc((spsize(key->subkeys) + 1) *
 321                                 sizeof (uint64_t));
 322                 cursubkey = key->subkeys;
 323                 while (cursubkey != NULL) {
 324                         get_packetid(cursubkey->packet, &subkeys[count++]);
 325                         cursubkey = cursubkey -> next;
 326                 }
 327                 subkeys[count] = 0;
 328         }
 329
 330         return subkeys;
 331 }