X-Git-Url: https://git.sommitrealweird.co.uk/onak.git/blobdiff_plain/3b5b9db0bc2dbe93b3b79e722997606c71ecafb9..3eae5368f1c625257a93a18bec49a5a500b3f78e:/keyid.c?ds=inline diff --git a/keyid.c b/keyid.c index 0a61c1f..66713d1 100644 --- a/keyid.c +++ b/keyid.c @@ -8,11 +8,12 @@ #include +#include "assert.h" #include "keyid.h" #include "keystructs.h" #include "log.h" #include "md5.h" -#include "sha.h" +#include "sha1.h" /** @@ -38,10 +39,9 @@ unsigned char *get_fingerprint(struct openpgp_packet *packet, unsigned char *fingerprint, size_t *len) { - SHA1_CONTEXT sha_ctx; - MD5_CONTEXT md5_ctx; + SHA1_CTX sha_ctx; + struct md5_ctx md5_context; unsigned char c; - unsigned char *buff = NULL; size_t modlen, explen; assert(fingerprint != NULL); @@ -52,46 +52,42 @@ unsigned char *get_fingerprint(struct openpgp_packet *packet, switch (packet->data[0]) { case 2: case 3: - md5_init(&md5_ctx); + md5_init_ctx(&md5_context); /* * MD5 the modulus and exponent. */ modlen = ((packet->data[8] << 8) + packet->data[9] + 7) >> 3; - md5_write(&md5_ctx, &packet->data[10], modlen); + md5_process_bytes(&packet->data[10], modlen, &md5_context); explen = ((packet->data[10+modlen] << 8) + packet->data[11+modlen] + 7) >> 3; - md5_write(&md5_ctx, &packet->data[12 + modlen], explen); - - md5_final(&md5_ctx); - buff = md5_read(&md5_ctx); + md5_process_bytes(&packet->data[12 + modlen], explen, + &md5_context); + md5_finish_ctx(&md5_context, fingerprint); *len = 16; - memcpy(fingerprint, buff, *len); break; case 4: - sha1_init(&sha_ctx); + SHA1Init(&sha_ctx); /* * TODO: Can this be 0x99? Are all public key packets old * format with 2 bytes of length data? */ c = 0x99; - sha1_write(&sha_ctx, &c, sizeof(c)); + SHA1Update(&sha_ctx, &c, sizeof(c)); c = packet->length >> 8; - sha1_write(&sha_ctx, &c, sizeof(c)); + SHA1Update(&sha_ctx, &c, sizeof(c)); c = packet->length & 0xFF; - sha1_write(&sha_ctx, &c, sizeof(c)); - sha1_write(&sha_ctx, packet->data, + SHA1Update(&sha_ctx, &c, sizeof(c)); + SHA1Update(&sha_ctx, packet->data, packet->length); - sha1_final(&sha_ctx); - buff = sha1_read(&sha_ctx); - + SHA1Final(fingerprint, &sha_ctx); *len = 20; - memcpy(fingerprint, buff, *len); + break; default: logthing(LOGTHING_ERROR, "Unknown key type: %d", @@ -123,21 +119,26 @@ uint64_t get_packetid(struct openpgp_packet *packet) * For a type 2 or 3 key the keyid is the last 64 bits of the * public modulus n, which is stored as an MPI from offset 8 * onwards. - * - * We need to ensure it's an RSA key. */ - if (packet->data[7] == 1) { - offset = (packet->data[8] << 8) + - packet->data[9]; - offset = ((offset + 7) / 8) + 2; - - for (keyid = 0, i = 0; i < 8; i++) { - keyid <<= 8; - keyid += packet->data[offset++]; - } - } else { - logthing(LOGTHING_ERROR, - "Type 2 or 3 key, but not RSA."); + offset = (packet->data[8] << 8) + + packet->data[9]; + offset = ((offset + 7) / 8) + 2; + + for (keyid = 0, i = 0; i < 8; i++) { + keyid <<= 8; + keyid += packet->data[offset++]; + } + /* + * Check for an RSA key; if not then log but accept anyway. + * 1 == RSA + * 2 == RSA Encrypt-Only + * 3 == RSA Sign-Only + */ + if (packet->data[7] < 1 || packet->data[7] > 3) { + logthing(LOGTHING_NOTICE, + "Type 2 or 3 key, but not RSA: %llx (type %d)", + keyid, + packet->data[7]); } break; case 4: