mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-09 21:28:51 +01:00
3a18378a92
* g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints. * g10/packet.h (PUBKEY_USAGE_RENC): Fix value. (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c. (SIGNHINT_ADSK): New. (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK. (make_keysig_packet): Ditto. (do_sign): No time warp check in ADSK mode. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/keygen.c (struct opaque_data_usage_and_pk): Remove. (write_keybinding): Do not use the removed struct. (do_add_key_flags): Support PUBKEY_USAGE_RENC and others. (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. -- This makes use of a new encryption flag: The "restricted encryption key" (2nd,0x04) does not take part in any automatic selection of encryption keys. It is only found on a subkey signature (type 0x18), one that refers to the key the flag applies to. Followup patches will add encryption support and a --quick command. GnuPG-bug-id: 6395
593 lines
12 KiB
C
593 lines
12 KiB
C
/* free-packet.c - cleanup stuff for packets
|
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
|
|
* 2005, 2010 Free Software Foundation, Inc.
|
|
*
|
|
* This file is part of GnuPG.
|
|
*
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include "gpg.h"
|
|
#include "../common/util.h"
|
|
#include "packet.h"
|
|
#include "../common/iobuf.h"
|
|
#include "options.h"
|
|
|
|
|
|
/* Run time check to see whether mpi_copy does not copy the flags
|
|
* properly. This was fixed in version 1.8.6. */
|
|
static int
|
|
is_mpi_copy_broken (void)
|
|
{
|
|
static char result;
|
|
|
|
if (!result)
|
|
{
|
|
result = !gcry_check_version ("1.8.6");
|
|
result |= 0x80;
|
|
}
|
|
return (result & 1);
|
|
}
|
|
|
|
|
|
/* This is mpi_copy with a fix for opaque MPIs which store a NULL
|
|
pointer. This will also be fixed in Libggcrypt 1.7.0. */
|
|
static gcry_mpi_t
|
|
my_mpi_copy (gcry_mpi_t a)
|
|
{
|
|
if (a
|
|
&& gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)
|
|
&& !gcry_mpi_get_opaque (a, NULL))
|
|
return NULL;
|
|
|
|
if (is_mpi_copy_broken ())
|
|
{
|
|
int flag_user2 = a? gcry_mpi_get_flag (a, GCRYMPI_FLAG_USER2) : 0;
|
|
gcry_mpi_t b;
|
|
|
|
b = gcry_mpi_copy (a);
|
|
if (b && flag_user2)
|
|
gcry_mpi_set_flag (b, GCRYMPI_FLAG_USER2);
|
|
return b;
|
|
}
|
|
|
|
return gcry_mpi_copy (a);
|
|
}
|
|
|
|
|
|
void
|
|
free_symkey_enc( PKT_symkey_enc *enc )
|
|
{
|
|
xfree(enc);
|
|
}
|
|
|
|
void
|
|
free_pubkey_enc( PKT_pubkey_enc *enc )
|
|
{
|
|
int n, i;
|
|
n = pubkey_get_nenc( enc->pubkey_algo );
|
|
if( !n )
|
|
mpi_release(enc->data[0]);
|
|
for(i=0; i < n; i++ )
|
|
mpi_release( enc->data[i] );
|
|
xfree(enc);
|
|
}
|
|
|
|
void
|
|
free_seckey_enc( PKT_signature *sig )
|
|
{
|
|
int n, i;
|
|
|
|
n = pubkey_get_nsig( sig->pubkey_algo );
|
|
if( !n )
|
|
mpi_release(sig->data[0]);
|
|
for(i=0; i < n; i++ )
|
|
mpi_release( sig->data[i] );
|
|
|
|
xfree(sig->revkey);
|
|
xfree(sig->hashed);
|
|
xfree(sig->unhashed);
|
|
|
|
xfree (sig->signers_uid);
|
|
|
|
xfree(sig);
|
|
}
|
|
|
|
|
|
void
|
|
release_public_key_parts (PKT_public_key *pk)
|
|
{
|
|
int n, i;
|
|
|
|
if (pk->seckey_info)
|
|
n = pubkey_get_nskey (pk->pubkey_algo);
|
|
else
|
|
n = pubkey_get_npkey (pk->pubkey_algo);
|
|
if (!n)
|
|
mpi_release (pk->pkey[0]);
|
|
for (i=0; i < n; i++ )
|
|
{
|
|
mpi_release (pk->pkey[i]);
|
|
pk->pkey[i] = NULL;
|
|
}
|
|
if (pk->seckey_info)
|
|
{
|
|
xfree (pk->seckey_info);
|
|
pk->seckey_info = NULL;
|
|
}
|
|
if (pk->prefs)
|
|
{
|
|
xfree (pk->prefs);
|
|
pk->prefs = NULL;
|
|
}
|
|
free_user_id (pk->user_id);
|
|
pk->user_id = NULL;
|
|
if (pk->revkey)
|
|
{
|
|
xfree(pk->revkey);
|
|
pk->revkey=NULL;
|
|
pk->numrevkeys=0;
|
|
}
|
|
if (pk->serialno)
|
|
{
|
|
xfree (pk->serialno);
|
|
pk->serialno = NULL;
|
|
}
|
|
if (pk->updateurl)
|
|
{
|
|
xfree (pk->updateurl);
|
|
pk->updateurl = NULL;
|
|
}
|
|
}
|
|
|
|
|
|
/* Free an allocated public key structure including all parts.
|
|
Passing NULL is allowed. */
|
|
void
|
|
free_public_key (PKT_public_key *pk)
|
|
{
|
|
if (pk)
|
|
{
|
|
release_public_key_parts (pk);
|
|
xfree(pk);
|
|
}
|
|
}
|
|
|
|
|
|
static subpktarea_t *
|
|
cp_subpktarea (subpktarea_t *s )
|
|
{
|
|
subpktarea_t *d;
|
|
|
|
if( !s )
|
|
return NULL;
|
|
d = xmalloc (sizeof (*d) + s->size - 1 );
|
|
d->size = s->size;
|
|
d->len = s->len;
|
|
memcpy (d->data, s->data, s->len);
|
|
return d;
|
|
}
|
|
|
|
/*
|
|
* Return a copy of the preferences
|
|
*/
|
|
prefitem_t *
|
|
copy_prefs (const prefitem_t *prefs)
|
|
{
|
|
size_t n;
|
|
prefitem_t *new;
|
|
|
|
if (!prefs)
|
|
return NULL;
|
|
|
|
for (n=0; prefs[n].type; n++)
|
|
;
|
|
new = xmalloc ( sizeof (*new) * (n+1));
|
|
for (n=0; prefs[n].type; n++) {
|
|
new[n].type = prefs[n].type;
|
|
new[n].value = prefs[n].value;
|
|
}
|
|
new[n].type = PREFTYPE_NONE;
|
|
new[n].value = 0;
|
|
|
|
return new;
|
|
}
|
|
|
|
|
|
/* Copy the public key S to D. If D is NULL allocate a new public key
|
|
* structure. Only the basic stuff is copied; not any ancillary
|
|
* data. */
|
|
PKT_public_key *
|
|
copy_public_key_basics (PKT_public_key *d, PKT_public_key *s)
|
|
{
|
|
int n, i;
|
|
|
|
if (!d)
|
|
d = xmalloc (sizeof *d);
|
|
memcpy (d, s, sizeof *d);
|
|
d->seckey_info = NULL;
|
|
d->user_id = NULL;
|
|
d->prefs = NULL;
|
|
|
|
n = pubkey_get_npkey (s->pubkey_algo);
|
|
i = 0;
|
|
if (!n)
|
|
d->pkey[i++] = my_mpi_copy (s->pkey[0]);
|
|
else
|
|
{
|
|
for (; i < n; i++ )
|
|
d->pkey[i] = my_mpi_copy (s->pkey[i]);
|
|
}
|
|
for (; i < PUBKEY_MAX_NSKEY; i++)
|
|
d->pkey[i] = NULL;
|
|
|
|
d->revkey = NULL;
|
|
d->serialno = NULL;
|
|
d->updateurl = NULL;
|
|
|
|
return d;
|
|
}
|
|
|
|
|
|
/* Copy the public key S to D. If D is NULL allocate a new public key
|
|
structure. If S has seckret key infos, only the public stuff is
|
|
copied. */
|
|
PKT_public_key *
|
|
copy_public_key (PKT_public_key *d, PKT_public_key *s)
|
|
{
|
|
d = copy_public_key_basics (d, s);
|
|
d->user_id = scopy_user_id (s->user_id);
|
|
d->prefs = copy_prefs (s->prefs);
|
|
|
|
if (!s->revkey && s->numrevkeys)
|
|
BUG();
|
|
if (s->numrevkeys)
|
|
{
|
|
d->revkey = xmalloc(sizeof(struct revocation_key)*s->numrevkeys);
|
|
memcpy(d->revkey,s->revkey,sizeof(struct revocation_key)*s->numrevkeys);
|
|
}
|
|
|
|
if (s->serialno)
|
|
d->serialno = xstrdup (s->serialno);
|
|
if (s->updateurl)
|
|
d->updateurl = xstrdup (s->updateurl);
|
|
|
|
return d;
|
|
}
|
|
|
|
|
|
|
|
PKT_signature *
|
|
copy_signature( PKT_signature *d, PKT_signature *s )
|
|
{
|
|
int n, i;
|
|
|
|
if( !d )
|
|
d = xmalloc(sizeof *d);
|
|
memcpy( d, s, sizeof *d );
|
|
n = pubkey_get_nsig( s->pubkey_algo );
|
|
if( !n )
|
|
d->data[0] = my_mpi_copy(s->data[0]);
|
|
else {
|
|
for(i=0; i < n; i++ )
|
|
d->data[i] = my_mpi_copy( s->data[i] );
|
|
}
|
|
d->hashed = cp_subpktarea (s->hashed);
|
|
d->unhashed = cp_subpktarea (s->unhashed);
|
|
if (s->signers_uid)
|
|
d->signers_uid = xstrdup (s->signers_uid);
|
|
if(s->numrevkeys)
|
|
{
|
|
d->revkey=NULL;
|
|
d->numrevkeys=0;
|
|
parse_revkeys(d);
|
|
}
|
|
return d;
|
|
}
|
|
|
|
|
|
/*
|
|
* shallow copy of the user ID
|
|
*/
|
|
PKT_user_id *
|
|
scopy_user_id (PKT_user_id *s)
|
|
{
|
|
if (s)
|
|
s->ref++;
|
|
return s;
|
|
}
|
|
|
|
|
|
|
|
void
|
|
free_comment( PKT_comment *rem )
|
|
{
|
|
xfree(rem);
|
|
}
|
|
|
|
void
|
|
free_attributes(PKT_user_id *uid)
|
|
{
|
|
if (!uid)
|
|
return;
|
|
|
|
xfree(uid->attribs);
|
|
xfree(uid->attrib_data);
|
|
|
|
uid->attribs=NULL;
|
|
uid->attrib_data=NULL;
|
|
uid->attrib_len=0;
|
|
}
|
|
|
|
void
|
|
free_user_id (PKT_user_id *uid)
|
|
{
|
|
if (!uid)
|
|
return;
|
|
|
|
log_assert (uid->ref > 0);
|
|
if (--uid->ref)
|
|
return;
|
|
|
|
free_attributes(uid);
|
|
xfree (uid->prefs);
|
|
xfree (uid->namehash);
|
|
xfree (uid->updateurl);
|
|
xfree (uid->mbox);
|
|
xfree (uid);
|
|
}
|
|
|
|
void
|
|
free_compressed( PKT_compressed *zd )
|
|
{
|
|
if (!zd)
|
|
return;
|
|
|
|
if (zd->buf)
|
|
{
|
|
/* We need to skip some bytes. Because don't have any
|
|
* information about the length, so we assume this is the last
|
|
* packet */
|
|
while (iobuf_read( zd->buf, NULL, 1<<30 ) != -1)
|
|
;
|
|
}
|
|
xfree(zd);
|
|
}
|
|
|
|
void
|
|
free_encrypted( PKT_encrypted *ed )
|
|
{
|
|
if (!ed)
|
|
return;
|
|
|
|
if (ed->buf)
|
|
{
|
|
/* We need to skip some bytes. */
|
|
if (ed->is_partial)
|
|
{
|
|
while (iobuf_read( ed->buf, NULL, 1<<30 ) != -1)
|
|
;
|
|
}
|
|
else
|
|
{
|
|
while (ed->len)
|
|
{
|
|
/* Skip the packet. */
|
|
int n = iobuf_read( ed->buf, NULL, ed->len );
|
|
if (n == -1)
|
|
ed->len = 0;
|
|
else
|
|
ed->len -= n;
|
|
}
|
|
}
|
|
}
|
|
xfree (ed);
|
|
}
|
|
|
|
|
|
void
|
|
free_plaintext( PKT_plaintext *pt )
|
|
{
|
|
if (!pt)
|
|
return;
|
|
|
|
if (pt->buf)
|
|
{ /* We need to skip some bytes. */
|
|
if (pt->is_partial)
|
|
{
|
|
while (iobuf_read( pt->buf, NULL, 1<<30 ) != -1)
|
|
;
|
|
}
|
|
else
|
|
{
|
|
while( pt->len )
|
|
{ /* Skip the packet. */
|
|
int n = iobuf_read( pt->buf, NULL, pt->len );
|
|
if (n == -1)
|
|
pt->len = 0;
|
|
else
|
|
pt->len -= n;
|
|
}
|
|
}
|
|
}
|
|
xfree (pt);
|
|
}
|
|
|
|
|
|
/****************
|
|
* Free the packet in PKT.
|
|
*/
|
|
void
|
|
free_packet (PACKET *pkt, parse_packet_ctx_t parsectx)
|
|
{
|
|
if (!pkt || !pkt->pkt.generic)
|
|
{
|
|
if (parsectx && parsectx->last_pkt.pkt.generic)
|
|
{
|
|
if (parsectx->free_last_pkt)
|
|
{
|
|
free_packet (&parsectx->last_pkt, NULL);
|
|
parsectx->free_last_pkt = 0;
|
|
}
|
|
parsectx->last_pkt.pkttype = 0;
|
|
parsectx->last_pkt.pkt.generic = NULL;
|
|
}
|
|
return;
|
|
}
|
|
|
|
if (DBG_MEMORY)
|
|
log_debug ("free_packet() type=%d\n", pkt->pkttype);
|
|
|
|
/* If we have a parser context holding PKT then do not free the
|
|
* packet but set a flag that the packet in the parser context is
|
|
* now a deep copy. */
|
|
if (parsectx && !parsectx->free_last_pkt
|
|
&& parsectx->last_pkt.pkttype == pkt->pkttype
|
|
&& parsectx->last_pkt.pkt.generic == pkt->pkt.generic)
|
|
{
|
|
parsectx->last_pkt = *pkt;
|
|
parsectx->free_last_pkt = 1;
|
|
pkt->pkt.generic = NULL;
|
|
return;
|
|
}
|
|
|
|
switch (pkt->pkttype)
|
|
{
|
|
case PKT_SIGNATURE:
|
|
free_seckey_enc (pkt->pkt.signature);
|
|
break;
|
|
case PKT_PUBKEY_ENC:
|
|
free_pubkey_enc (pkt->pkt.pubkey_enc);
|
|
break;
|
|
case PKT_SYMKEY_ENC:
|
|
free_symkey_enc (pkt->pkt.symkey_enc);
|
|
break;
|
|
case PKT_PUBLIC_KEY:
|
|
case PKT_PUBLIC_SUBKEY:
|
|
case PKT_SECRET_KEY:
|
|
case PKT_SECRET_SUBKEY:
|
|
free_public_key (pkt->pkt.public_key);
|
|
break;
|
|
case PKT_COMMENT:
|
|
free_comment (pkt->pkt.comment);
|
|
break;
|
|
case PKT_USER_ID:
|
|
free_user_id (pkt->pkt.user_id);
|
|
break;
|
|
case PKT_COMPRESSED:
|
|
free_compressed (pkt->pkt.compressed);
|
|
break;
|
|
case PKT_ENCRYPTED:
|
|
case PKT_ENCRYPTED_MDC:
|
|
case PKT_ENCRYPTED_AEAD:
|
|
free_encrypted (pkt->pkt.encrypted);
|
|
break;
|
|
case PKT_PLAINTEXT:
|
|
free_plaintext (pkt->pkt.plaintext);
|
|
break;
|
|
default:
|
|
xfree (pkt->pkt.generic);
|
|
break;
|
|
}
|
|
|
|
pkt->pkt.generic = NULL;
|
|
}
|
|
|
|
|
|
/****************
|
|
* returns 0 if they match.
|
|
*/
|
|
int
|
|
cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
|
|
{
|
|
int n, i;
|
|
|
|
if( a->timestamp != b->timestamp )
|
|
return -1;
|
|
if( a->version < 4 && a->expiredate != b->expiredate )
|
|
return -1;
|
|
if( a->pubkey_algo != b->pubkey_algo )
|
|
return -1;
|
|
|
|
n = pubkey_get_npkey( b->pubkey_algo );
|
|
if( !n ) { /* unknown algorithm, rest is in opaque MPI */
|
|
if( mpi_cmp( a->pkey[0], b->pkey[0] ) )
|
|
return -1; /* can't compare due to unknown algorithm */
|
|
} else {
|
|
for(i=0; i < n; i++ ) {
|
|
if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
int
|
|
cmp_signatures( PKT_signature *a, PKT_signature *b )
|
|
{
|
|
int n, i;
|
|
|
|
if( a->keyid[0] != b->keyid[0] )
|
|
return -1;
|
|
if( a->keyid[1] != b->keyid[1] )
|
|
return -1;
|
|
if( a->pubkey_algo != b->pubkey_algo )
|
|
return -1;
|
|
|
|
n = pubkey_get_nsig( a->pubkey_algo );
|
|
if( !n )
|
|
return -1; /* can't compare due to unknown algorithm */
|
|
for(i=0; i < n; i++ ) {
|
|
if( mpi_cmp( a->data[i] , b->data[i] ) )
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
/****************
|
|
* Returns: true if the user ids do not match
|
|
*/
|
|
int
|
|
cmp_user_ids( PKT_user_id *a, PKT_user_id *b )
|
|
{
|
|
int res=1;
|
|
|
|
if( a == b )
|
|
return 0;
|
|
|
|
if( a->attrib_data && b->attrib_data )
|
|
{
|
|
res = a->attrib_len - b->attrib_len;
|
|
if( !res )
|
|
res = memcmp( a->attrib_data, b->attrib_data, a->attrib_len );
|
|
}
|
|
else if( !a->attrib_data && !b->attrib_data )
|
|
{
|
|
res = a->len - b->len;
|
|
if( !res )
|
|
res = memcmp( a->name, b->name, a->len );
|
|
}
|
|
|
|
return res;
|
|
}
|