Line data Source code
1 : /*
2 : * pgp-info.c
3 : * Provide info about PGP data.
4 : *
5 : * Copyright (c) 2005 Marko Kreen
6 : * All rights reserved.
7 : *
8 : * Redistribution and use in source and binary forms, with or without
9 : * modification, are permitted provided that the following conditions
10 : * are met:
11 : * 1. Redistributions of source code must retain the above copyright
12 : * notice, this list of conditions and the following disclaimer.
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 : * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 : * SUCH DAMAGE.
28 : *
29 : * contrib/pgcrypto/pgp-info.c
30 : */
31 : #include "postgres.h"
32 :
33 : #include "mbuf.h"
34 : #include "pgp.h"
35 : #include "px.h"
36 :
37 : static int
38 0 : read_pubkey_keyid(PullFilter *pkt, uint8 *keyid_buf)
39 : {
40 0 : int res;
41 0 : PGP_PubKey *pk = NULL;
42 :
43 0 : res = _pgp_read_public_key(pkt, &pk);
44 0 : if (res < 0)
45 0 : goto err;
46 :
47 : /* skip secret key part, if it exists */
48 0 : res = pgp_skip_packet(pkt);
49 0 : if (res < 0)
50 0 : goto err;
51 :
52 : /* is it encryption key */
53 0 : switch (pk->algo)
54 : {
55 : case PGP_PUB_ELG_ENCRYPT:
56 : case PGP_PUB_RSA_ENCRYPT:
57 : case PGP_PUB_RSA_ENCRYPT_SIGN:
58 0 : memcpy(keyid_buf, pk->key_id, 8);
59 0 : res = 1;
60 0 : break;
61 : default:
62 0 : res = 0;
63 0 : }
64 :
65 : err:
66 0 : pgp_key_free(pk);
67 0 : return res;
68 0 : }
69 :
70 : static int
71 0 : read_pubenc_keyid(PullFilter *pkt, uint8 *keyid_buf)
72 : {
73 0 : uint8 ver;
74 0 : int res;
75 :
76 0 : GETBYTE(pkt, ver);
77 0 : if (ver != 3)
78 0 : return -1;
79 :
80 0 : res = pullf_read_fixed(pkt, 8, keyid_buf);
81 0 : if (res < 0)
82 0 : return res;
83 :
84 0 : return pgp_skip_packet(pkt);
85 0 : }
86 :
87 : static const char hextbl[] = "0123456789ABCDEF";
88 :
89 : static int
90 0 : print_key(uint8 *keyid, char *dst)
91 : {
92 0 : int i;
93 0 : unsigned c;
94 :
95 0 : for (i = 0; i < 8; i++)
96 : {
97 0 : c = keyid[i];
98 0 : *dst++ = hextbl[(c >> 4) & 0x0F];
99 0 : *dst++ = hextbl[c & 0x0F];
100 0 : }
101 0 : *dst = 0;
102 0 : return 8 * 2;
103 0 : }
104 :
105 : static const uint8 any_key[] =
106 : {0, 0, 0, 0, 0, 0, 0, 0};
107 :
108 : /*
109 : * dst should have room for 17 bytes
110 : */
111 : int
112 0 : pgp_get_keyid(MBuf *pgp_data, char *dst)
113 : {
114 0 : int res;
115 0 : PullFilter *src;
116 0 : PullFilter *pkt = NULL;
117 0 : int len;
118 0 : uint8 tag;
119 0 : int got_pub_key = 0,
120 0 : got_symenc_key = 0,
121 0 : got_pubenc_key = 0;
122 0 : int got_data = 0;
123 0 : uint8 keyid_buf[8];
124 0 : int got_main_key = 0;
125 :
126 :
127 0 : res = pullf_create_mbuf_reader(&src, pgp_data);
128 0 : if (res < 0)
129 0 : return res;
130 :
131 0 : while (1)
132 : {
133 0 : res = pgp_parse_pkt_hdr(src, &tag, &len, 0);
134 0 : if (res <= 0)
135 0 : break;
136 0 : res = pgp_create_pkt_reader(&pkt, src, len, res, NULL);
137 0 : if (res < 0)
138 0 : break;
139 :
140 0 : switch (tag)
141 : {
142 : case PGP_PKT_SECRET_KEY:
143 : case PGP_PKT_PUBLIC_KEY:
144 : /* main key is for signing, so ignore it */
145 0 : if (!got_main_key)
146 : {
147 0 : got_main_key = 1;
148 0 : res = pgp_skip_packet(pkt);
149 0 : }
150 : else
151 0 : res = PXE_PGP_MULTIPLE_KEYS;
152 0 : break;
153 : case PGP_PKT_SECRET_SUBKEY:
154 : case PGP_PKT_PUBLIC_SUBKEY:
155 0 : res = read_pubkey_keyid(pkt, keyid_buf);
156 0 : if (res < 0)
157 0 : break;
158 0 : if (res > 0)
159 0 : got_pub_key++;
160 0 : break;
161 : case PGP_PKT_PUBENCRYPTED_SESSKEY:
162 0 : got_pubenc_key++;
163 0 : res = read_pubenc_keyid(pkt, keyid_buf);
164 0 : break;
165 : case PGP_PKT_SYMENCRYPTED_DATA:
166 : case PGP_PKT_SYMENCRYPTED_DATA_MDC:
167 : /* don't skip it, just stop */
168 0 : got_data = 1;
169 0 : break;
170 : case PGP_PKT_SYMENCRYPTED_SESSKEY:
171 0 : got_symenc_key++;
172 : /* fall through */
173 : case PGP_PKT_SIGNATURE:
174 : case PGP_PKT_MARKER:
175 : case PGP_PKT_TRUST:
176 : case PGP_PKT_USER_ID:
177 : case PGP_PKT_USER_ATTR:
178 : case PGP_PKT_PRIV_61:
179 0 : res = pgp_skip_packet(pkt);
180 0 : break;
181 : default:
182 0 : res = PXE_PGP_CORRUPT_DATA;
183 0 : }
184 :
185 0 : if (pkt)
186 0 : pullf_free(pkt);
187 0 : pkt = NULL;
188 :
189 0 : if (res < 0 || got_data)
190 0 : break;
191 : }
192 :
193 0 : pullf_free(src);
194 0 : if (pkt)
195 0 : pullf_free(pkt);
196 :
197 0 : if (res < 0)
198 0 : return res;
199 :
200 : /* now check sanity */
201 0 : if (got_pub_key && got_pubenc_key)
202 0 : res = PXE_PGP_CORRUPT_DATA;
203 :
204 0 : if (got_pub_key > 1)
205 0 : res = PXE_PGP_MULTIPLE_KEYS;
206 :
207 0 : if (got_pubenc_key > 1)
208 0 : res = PXE_PGP_MULTIPLE_KEYS;
209 :
210 : /*
211 : * if still ok, look what we got
212 : */
213 0 : if (res >= 0)
214 : {
215 0 : if (got_pubenc_key || got_pub_key)
216 : {
217 0 : if (memcmp(keyid_buf, any_key, 8) == 0)
218 : {
219 0 : memcpy(dst, "ANYKEY", 7);
220 0 : res = 6;
221 0 : }
222 : else
223 0 : res = print_key(keyid_buf, dst);
224 0 : }
225 0 : else if (got_symenc_key)
226 : {
227 0 : memcpy(dst, "SYMKEY", 7);
228 0 : res = 6;
229 0 : }
230 : else
231 0 : res = PXE_PGP_NO_USABLE_KEY;
232 0 : }
233 :
234 0 : return res;
235 0 : }
|
