1997-11-18 15:06:00 +01:00
|
|
|
/* encr-data.c - process an encrypted data packet
|
2006-04-19 13:26:11 +02:00
|
|
|
* Copyright (C) 1998, 1999, 2000, 2001, 2005,
|
|
|
|
* 2006 Free Software Foundation, Inc.
|
1997-11-18 15:06:00 +01:00
|
|
|
*
|
1998-12-23 13:41:40 +01:00
|
|
|
* This file is part of GnuPG.
|
1997-11-18 15:06:00 +01:00
|
|
|
*
|
1998-12-23 13:41:40 +01:00
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
1997-11-18 15:06:00 +01:00
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
1998-12-23 13:41:40 +01:00
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
1997-11-18 15:06:00 +01:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2006-04-19 13:26:11 +02:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
|
|
|
* USA.
|
1997-11-18 15:06:00 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <assert.h>
|
2003-06-18 21:56:13 +02:00
|
|
|
|
|
|
|
#include "gpg.h"
|
1997-11-18 15:06:00 +01:00
|
|
|
#include "util.h"
|
|
|
|
#include "packet.h"
|
2002-06-29 15:46:34 +02:00
|
|
|
#include "cipher.h"
|
1998-04-04 22:16:55 +02:00
|
|
|
#include "options.h"
|
1998-09-14 17:49:56 +02:00
|
|
|
#include "i18n.h"
|
1997-11-18 15:06:00 +01:00
|
|
|
|
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
static int mdc_decode_filter ( void *opaque, int control, IOBUF a,
|
|
|
|
byte *buf, size_t *ret_len);
|
|
|
|
static int decode_filter ( void *opaque, int control, IOBUF a,
|
1999-05-17 22:03:24 +02:00
|
|
|
byte *buf, size_t *ret_len);
|
1997-11-18 15:06:00 +01:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
typedef struct
|
|
|
|
{
|
|
|
|
gcry_cipher_hd_t cipher_hd;
|
|
|
|
gcry_md_hd_t mdc_hash;
|
2006-10-02 13:54:35 +02:00
|
|
|
char defer[22];
|
2006-04-19 13:26:11 +02:00
|
|
|
int defer_filled;
|
|
|
|
int eof_seen;
|
1997-11-18 15:06:00 +01:00
|
|
|
} decode_filter_ctx_t;
|
|
|
|
|
|
|
|
|
|
|
|
/****************
|
|
|
|
* Decrypt the data, specified by ED with the key DEK.
|
|
|
|
*/
|
|
|
|
int
|
1999-04-26 17:53:01 +02:00
|
|
|
decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
|
1997-11-18 15:06:00 +01:00
|
|
|
{
|
2006-10-02 13:54:35 +02:00
|
|
|
decode_filter_ctx_t dfx;
|
|
|
|
byte *p;
|
|
|
|
int rc=0, c, i;
|
|
|
|
byte temp[32];
|
|
|
|
unsigned blocksize;
|
|
|
|
unsigned nprefix;
|
|
|
|
|
|
|
|
memset( &dfx, 0, sizeof dfx );
|
|
|
|
if ( opt.verbose && !dek->algo_info_printed )
|
|
|
|
{
|
|
|
|
const char *s = gcry_cipher_algo_name (dek->algo);
|
|
|
|
if (s && *s)
|
|
|
|
log_info(_("%s encrypted data\n"), s );
|
|
|
|
else
|
|
|
|
log_info(_("encrypted with unknown algorithm %d\n"), dek->algo );
|
|
|
|
dek->algo_info_printed = 1;
|
|
|
|
}
|
|
|
|
rc = openpgp_cipher_test_algo (dek->algo);
|
|
|
|
if (rc)
|
|
|
|
goto leave;
|
|
|
|
blocksize = gcry_cipher_get_algo_blklen (dek->algo);
|
|
|
|
if ( !blocksize || blocksize > 16 )
|
|
|
|
log_fatal("unsupported blocksize %u\n", blocksize );
|
|
|
|
nprefix = blocksize;
|
|
|
|
if ( ed->len && ed->len < (nprefix+2) )
|
|
|
|
BUG();
|
1997-11-18 15:06:00 +01:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
if ( ed->mdc_method )
|
|
|
|
{
|
|
|
|
if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 ))
|
|
|
|
BUG ();
|
|
|
|
if ( DBG_HASHING )
|
|
|
|
gcry_md_start_debug (dfx.mdc_hash, "checkmdc");
|
1999-09-18 12:17:16 +02:00
|
|
|
}
|
1999-10-26 14:14:37 +02:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo,
|
|
|
|
GCRY_CIPHER_MODE_CFB,
|
|
|
|
(GCRY_CIPHER_SECURE
|
|
|
|
| ((ed->mdc_method || dek->algo >= 100)?
|
|
|
|
0 : GCRY_CIPHER_ENABLE_SYNC)));
|
|
|
|
if (rc)
|
|
|
|
{
|
|
|
|
/* We should never get an error here cause we already checked
|
|
|
|
* that the algorithm is available. */
|
|
|
|
BUG();
|
1999-10-26 14:14:37 +02:00
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
/* log_hexdump( "thekey", dek->key, dek->keylen );*/
|
|
|
|
rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen);
|
|
|
|
if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )
|
|
|
|
{
|
|
|
|
log_info(_("WARNING: message was encrypted with"
|
|
|
|
" a weak key in the symmetric cipher.\n"));
|
|
|
|
rc=0;
|
|
|
|
}
|
|
|
|
else if( rc )
|
|
|
|
{
|
|
|
|
log_error("key setup failed: %s\n", g10_errstr(rc) );
|
|
|
|
goto leave;
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
if (!ed->buf)
|
|
|
|
{
|
|
|
|
log_error(_("problem handling encrypted packet\n"));
|
|
|
|
goto leave;
|
2002-06-29 15:46:34 +02:00
|
|
|
}
|
1998-09-14 17:49:56 +02:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
gcry_cipher_setiv (dfx.cipher_hd, NULL, 0);
|
1997-11-18 15:06:00 +01:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
if ( ed->len )
|
|
|
|
{
|
|
|
|
for (i=0; i < (nprefix+2) && ed->len; i++, ed->len-- )
|
|
|
|
{
|
|
|
|
if ( (c=iobuf_get(ed->buf)) == -1 )
|
|
|
|
break;
|
|
|
|
else
|
|
|
|
temp[i] = c;
|
|
|
|
}
|
1997-11-18 15:06:00 +01:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else
|
|
|
|
{
|
|
|
|
for (i=0; i < (nprefix+2); i++ )
|
|
|
|
if ( (c=iobuf_get(ed->buf)) == -1 )
|
|
|
|
break;
|
|
|
|
else
|
|
|
|
temp[i] = c;
|
1997-11-18 15:06:00 +01:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
|
|
|
|
gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0);
|
|
|
|
gcry_cipher_sync (dfx.cipher_hd);
|
|
|
|
p = temp;
|
|
|
|
/* log_hexdump( "prefix", temp, nprefix+2 ); */
|
|
|
|
if (dek->symmetric
|
|
|
|
&& (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) )
|
|
|
|
{
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_KEY);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( dfx.mdc_hash )
|
|
|
|
gcry_md_write (dfx.mdc_hash, temp, nprefix+2);
|
|
|
|
|
|
|
|
if ( ed->mdc_method )
|
|
|
|
iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
|
|
|
|
else
|
|
|
|
iobuf_push_filter( ed->buf, decode_filter, &dfx );
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
proc_packets ( procctx, ed->buf );
|
|
|
|
ed->buf = NULL;
|
|
|
|
if ( ed->mdc_method && dfx.eof_seen == 2 )
|
|
|
|
rc = gpg_error (GPG_ERR_INV_PACKET);
|
|
|
|
else if ( ed->mdc_method )
|
|
|
|
{
|
|
|
|
/* We used to let parse-packet.c handle the MDC packet but this
|
|
|
|
turned out to be a problem with compressed packets: With old
|
|
|
|
style packets there is no length information available and
|
|
|
|
the decompressor uses an implicit end. However we can't know
|
|
|
|
this implicit end beforehand (:-) and thus may feed the
|
|
|
|
decompressor with more bytes than actually needed. It would
|
|
|
|
be possible to unread the extra bytes but due to our weird
|
|
|
|
iobuf system any unread is non reliable due to filters
|
|
|
|
already popped off. The easy and sane solution is to care
|
|
|
|
about the MDC packet only here and never pass it to the
|
|
|
|
packet parser. Fortunatley the OpenPGP spec requires a
|
|
|
|
strict format for the MDC packet so that we know that 22
|
|
|
|
bytes are appended. */
|
|
|
|
int datalen = gcry_md_get_algo_dlen (ed->mdc_method);
|
2000-07-14 19:34:53 +02:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0);
|
|
|
|
gcry_md_write (dfx.mdc_hash, dfx.defer, 2);
|
|
|
|
gcry_md_final (dfx.mdc_hash);
|
2000-07-14 19:34:53 +02:00
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' )
|
|
|
|
{
|
|
|
|
log_error("mdc_packet with invalid encoding\n");
|
|
|
|
rc = gpg_error (GPG_ERR_INV_PACKET);
|
|
|
|
}
|
|
|
|
else if (datalen != 20
|
|
|
|
|| memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen))
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
|
|
|
|
/* log_printhex("MDC message:", dfx.defer, 22); */
|
|
|
|
/* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
gcry_cipher_close (dfx.cipher_hd);
|
|
|
|
gcry_md_close (dfx.mdc_hash);
|
|
|
|
return rc;
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
|
|
|
|
1999-10-26 14:14:37 +02:00
|
|
|
|
2000-07-14 19:34:53 +02:00
|
|
|
|
1999-05-17 22:03:24 +02:00
|
|
|
/* I think we should merge this with cipher_filter */
|
|
|
|
static int
|
2006-10-02 13:54:35 +02:00
|
|
|
mdc_decode_filter (void *opaque, int control, IOBUF a,
|
|
|
|
byte *buf, size_t *ret_len)
|
1999-05-17 22:03:24 +02:00
|
|
|
{
|
2006-10-02 13:54:35 +02:00
|
|
|
decode_filter_ctx_t *dfx = opaque;
|
|
|
|
size_t n, size = *ret_len;
|
|
|
|
int rc = 0;
|
|
|
|
int c;
|
|
|
|
|
|
|
|
if ( control == IOBUFCTRL_UNDERFLOW && dfx->eof_seen )
|
|
|
|
{
|
|
|
|
*ret_len = 0;
|
|
|
|
rc = -1;
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else if( control == IOBUFCTRL_UNDERFLOW )
|
|
|
|
{
|
|
|
|
assert(a);
|
|
|
|
assert( size > 44 );
|
|
|
|
|
|
|
|
/* Get at least 22 bytes and put it somewhere ahead in the buffer. */
|
|
|
|
for(n=22; n < 44 ; n++ )
|
|
|
|
{
|
|
|
|
if( (c = iobuf_get(a)) == -1 )
|
|
|
|
break;
|
|
|
|
buf[n] = c;
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
if ( n == 44 )
|
|
|
|
{
|
|
|
|
/* We have enough stuff - flush the deferred stuff. */
|
|
|
|
/* (we asserted that the buffer is large enough) */
|
|
|
|
if ( !dfx->defer_filled ) /* First time. */
|
|
|
|
{
|
|
|
|
memcpy (buf, buf+22, 22 );
|
|
|
|
n = 22;
|
2000-07-14 19:34:53 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else
|
|
|
|
{
|
|
|
|
memcpy (buf, dfx->defer, 22 );
|
2000-07-14 19:34:53 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
/* Now fill up. */
|
|
|
|
for (; n < size; n++ )
|
|
|
|
{
|
|
|
|
if ( (c = iobuf_get(a)) == -1 )
|
|
|
|
break;
|
|
|
|
buf[n] = c;
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
/* Move the last 22 bytes back to the defer buffer. */
|
|
|
|
/* (right, we are wasting 22 bytes of the supplied buffer.) */
|
|
|
|
n -= 22;
|
|
|
|
memcpy (dfx->defer, buf+n, 22 );
|
|
|
|
dfx->defer_filled = 1;
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else if ( !dfx->defer_filled ) /* EOF seen but empty defer buffer. */
|
|
|
|
{
|
|
|
|
/* This is bad because it means an incomplete hash. */
|
|
|
|
n -= 22;
|
|
|
|
memcpy (buf, buf+22, n );
|
|
|
|
dfx->eof_seen = 2; /* EOF with incomplete hash. */
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else /* EOF seen (i.e. read less than 22 bytes). */
|
|
|
|
{
|
|
|
|
memcpy (buf, dfx->defer, 22 );
|
|
|
|
n -= 22;
|
|
|
|
memcpy (dfx->defer, buf+n, 22 );
|
|
|
|
dfx->eof_seen = 1; /* Normal EOF. */
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
if ( n )
|
|
|
|
{
|
|
|
|
gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);
|
|
|
|
gcry_md_write (dfx->mdc_hash, buf, n);
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else
|
|
|
|
{
|
|
|
|
assert ( dfx->eof_seen );
|
|
|
|
rc = -1; /* eof */
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
*ret_len = n;
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else if ( control == IOBUFCTRL_DESC )
|
|
|
|
{
|
|
|
|
*(char**)buf = "mdc_decode_filter";
|
1999-05-17 22:03:24 +02:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
return rc;
|
1997-11-18 15:06:00 +01:00
|
|
|
}
|
|
|
|
|
2006-10-02 13:54:35 +02:00
|
|
|
|
1997-11-18 15:06:00 +01:00
|
|
|
static int
|
2006-04-19 13:26:11 +02:00
|
|
|
decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
|
1997-11-18 15:06:00 +01:00
|
|
|
{
|
2006-10-02 13:54:35 +02:00
|
|
|
decode_filter_ctx_t *fc = opaque;
|
|
|
|
size_t n, size = *ret_len;
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
if ( control == IOBUFCTRL_UNDERFLOW )
|
|
|
|
{
|
|
|
|
assert(a);
|
|
|
|
n = iobuf_read ( a, buf, size );
|
|
|
|
if ( n == -1 )
|
|
|
|
n = 0;
|
|
|
|
if ( n )
|
|
|
|
gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);
|
|
|
|
else
|
|
|
|
rc = -1; /* EOF */
|
|
|
|
*ret_len = n;
|
1997-11-18 15:06:00 +01:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
else if ( control == IOBUFCTRL_DESC )
|
|
|
|
{
|
|
|
|
*(char**)buf = "decode_filter";
|
1997-11-18 15:06:00 +01:00
|
|
|
}
|
2006-10-02 13:54:35 +02:00
|
|
|
return rc;
|
1997-11-18 15:06:00 +01:00
|
|
|
}
|
|
|
|
|