mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-26 07:16:11 -05:00
updated to trunk of openpgp-sdk
git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-OpenPGP@5078 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
eb448cbaaf
commit
c27f695a37
@ -29,37 +29,116 @@ std::string PGPIdType::toStdString() const
|
||||
|
||||
return res ;
|
||||
}
|
||||
std::string PGPFingerprintType::toStdString() const
|
||||
{
|
||||
static const char out[16] = { '0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F' } ;
|
||||
|
||||
PGPIdType::PGPIdType(const std::string& s)
|
||||
std::string res ;
|
||||
|
||||
for(int j = 0; j < KEY_FINGERPRINT_SIZE; j++)
|
||||
{
|
||||
res += out[ (bytes[j]>>4) ] ;
|
||||
res += out[ bytes[j] & 0xf ] ;
|
||||
}
|
||||
|
||||
return res ;
|
||||
}
|
||||
|
||||
|
||||
PGPIdType PGPIdType::fromUserId_hex(const std::string& s)
|
||||
{
|
||||
int n=0;
|
||||
if(s.length() != KEY_ID_SIZE*2)
|
||||
throw std::runtime_error("PGPIdType::PGPIdType: can only init from 16 chars hexadecimal string") ;
|
||||
|
||||
PGPIdType res ;
|
||||
|
||||
for(int i = 0; i < KEY_ID_SIZE; ++i)
|
||||
{
|
||||
bytes[i] = 0 ;
|
||||
res.bytes[i] = 0 ;
|
||||
|
||||
for(int k=0;k<2;++k)
|
||||
{
|
||||
char b = s[n++] ;
|
||||
|
||||
if(b >= 'A' && b <= 'F')
|
||||
bytes[i] += (b-'A'+10) << 4*(1-k) ;
|
||||
res.bytes[i] += (b-'A'+10) << 4*(1-k) ;
|
||||
else if(b >= 'a' && b <= 'f')
|
||||
bytes[i] += (b-'a'+10) << 4*(1-k) ;
|
||||
res.bytes[i] += (b-'a'+10) << 4*(1-k) ;
|
||||
else if(b >= '0' && b <= '9')
|
||||
bytes[i] += (b-'0') << 4*(1-k) ;
|
||||
res.bytes[i] += (b-'0') << 4*(1-k) ;
|
||||
else
|
||||
throw std::runtime_error("PGPIdType::Sha1CheckSum: can't init from non pure hexadecimal string") ;
|
||||
}
|
||||
}
|
||||
return res ;
|
||||
}
|
||||
PGPIdType PGPIdType::fromFingerprint_hex(const std::string& s)
|
||||
{
|
||||
if(s.length() != PGPFingerprintType::KEY_FINGERPRINT_SIZE*2)
|
||||
throw std::runtime_error("PGPIdType::PGPIdType: can only init from 40 chars hexadecimal string") ;
|
||||
|
||||
PGPIdType res ;
|
||||
|
||||
int n=PGPFingerprintType::KEY_FINGERPRINT_SIZE - PGPIdType::KEY_ID_SIZE -1;
|
||||
|
||||
for(int i = 0; i < PGPIdType::KEY_ID_SIZE; ++i)
|
||||
{
|
||||
res.bytes[i] = 0 ;
|
||||
|
||||
for(int k=0;k<2;++k)
|
||||
{
|
||||
char b = s[n++] ;
|
||||
|
||||
if(b >= 'A' && b <= 'F')
|
||||
res.bytes[i] += (b-'A'+10) << 4*(1-k) ;
|
||||
else if(b >= 'a' && b <= 'f')
|
||||
res.bytes[i] += (b-'a'+10) << 4*(1-k) ;
|
||||
else if(b >= '0' && b <= '9')
|
||||
res.bytes[i] += (b-'0') << 4*(1-k) ;
|
||||
else
|
||||
throw std::runtime_error("PGPIdType::Sha1CheckSum: can't init from non pure hexadecimal string") ;
|
||||
}
|
||||
}
|
||||
return res ;
|
||||
}
|
||||
PGPFingerprintType PGPFingerprintType::fromFingerprint_hex(const std::string& s)
|
||||
{
|
||||
int n=0;
|
||||
if(s.length() != PGPFingerprintType::KEY_FINGERPRINT_SIZE*2)
|
||||
throw std::runtime_error("PGPIdType::PGPIdType: can only init from 40 chars hexadecimal string") ;
|
||||
|
||||
PGPFingerprintType res ;
|
||||
|
||||
for(int i = 0; i < PGPFingerprintType::KEY_FINGERPRINT_SIZE; ++i)
|
||||
{
|
||||
res.bytes[i] = 0 ;
|
||||
|
||||
for(int k=0;k<2;++k)
|
||||
{
|
||||
char b = s[n++] ;
|
||||
|
||||
if(b >= 'A' && b <= 'F')
|
||||
res.bytes[i] += (b-'A'+10) << 4*(1-k) ;
|
||||
else if(b >= 'a' && b <= 'f')
|
||||
res.bytes[i] += (b-'a'+10) << 4*(1-k) ;
|
||||
else if(b >= '0' && b <= '9')
|
||||
res.bytes[i] += (b-'0') << 4*(1-k) ;
|
||||
else
|
||||
throw std::runtime_error("PGPIdType::Sha1CheckSum: can't init from non pure hexadecimal string") ;
|
||||
}
|
||||
}
|
||||
return res ;
|
||||
}
|
||||
PGPIdType::PGPIdType(const unsigned char b[])
|
||||
{
|
||||
memcpy(bytes,b,8) ;
|
||||
memcpy(bytes,b,KEY_ID_SIZE) ;
|
||||
}
|
||||
PGPFingerprintType::PGPFingerprintType(const unsigned char b[])
|
||||
{
|
||||
memcpy(bytes,b,KEY_FINGERPRINT_SIZE) ;
|
||||
}
|
||||
|
||||
|
||||
uint64_t PGPIdType::toUInt64() const
|
||||
{
|
||||
@ -210,7 +289,6 @@ bool PGPHandler::GeneratePGPCertificate(const std::string& name, const std::stri
|
||||
ops_write_transferable_secret_key(key,(unsigned char *)passphrase.c_str(),passphrase.length(),ops_false,cinfo);
|
||||
|
||||
ops_keydata_free(key) ;
|
||||
free(key) ;
|
||||
|
||||
// 3 - read the file into a keyring
|
||||
|
||||
@ -388,18 +466,48 @@ bool PGPHandler::SignDataBin(const PGPIdType& id,const void *data, const uint32_
|
||||
return true ;
|
||||
}
|
||||
|
||||
bool PGPHandler::VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const std::string &withfingerprint)
|
||||
bool PGPHandler::getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const
|
||||
{
|
||||
ops_memory_t *mem = ops_memory_new() ;
|
||||
ops_memory_add(mem,(unsigned char *)sign,sign_len) ;
|
||||
const ops_keydata_t *key = getPublicKey(id) ;
|
||||
|
||||
ops_validate_result_t *result = (ops_validate_result_t*)ops_mallocz(sizeof(ops_validate_result_t)) ;
|
||||
ops_boolean_t res = ops_validate_mem(result, mem, ops_false, _pubring);
|
||||
if(key == NULL)
|
||||
return false ;
|
||||
|
||||
ops_validate_result_free(result) ;
|
||||
ops_fingerprint_t f ;
|
||||
ops_fingerprint(&f,&key->key.pkey) ;
|
||||
|
||||
// no need to clear mem. It's already deleted by ops_validate_mem (weird but true).
|
||||
fp = PGPFingerprintType(f.fingerprint) ;
|
||||
|
||||
return res ;
|
||||
return true ;
|
||||
}
|
||||
|
||||
bool PGPHandler::VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& key_fingerprint)
|
||||
{
|
||||
PGPIdType id = PGPIdType::fromFingerprint_hex(key_fingerprint.toStdString()) ;
|
||||
const ops_keydata_t *key = getPublicKey(id) ;
|
||||
|
||||
if(key == NULL)
|
||||
{
|
||||
std::cerr << "No key returned by fingerprint " << key_fingerprint.toStdString() << ", and ID " << id.toStdString() << ", signature verification failed!" << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
// Check that fingerprint is the same.
|
||||
const ops_public_key_t *pkey = &key->key.pkey ;
|
||||
ops_fingerprint_t fp ;
|
||||
ops_fingerprint(&fp,pkey) ;
|
||||
|
||||
if(key_fingerprint != PGPFingerprintType(fp.fingerprint))
|
||||
{
|
||||
std::cerr << "Key fingerprint does not match " << key_fingerprint.toStdString() << ", for ID " << id.toStdString() << ", signature verification failed!" << std::endl;
|
||||
return false ;
|
||||
}
|
||||
|
||||
ops_signature_t signature ;
|
||||
// ops_signature_add_data(&signature,sign,sign_len) ;
|
||||
|
||||
// ops_boolean_t valid=check_binary_signature(data_len,data,signature,pkey) ;
|
||||
|
||||
return false ;
|
||||
}
|
||||
|
||||
|
@ -18,10 +18,12 @@ class PGPIdType
|
||||
{
|
||||
public:
|
||||
static const int KEY_ID_SIZE = 8 ;
|
||||
|
||||
PGPIdType() {}
|
||||
PGPIdType(const std::string& hex_string) ;
|
||||
PGPIdType(const unsigned char bytes[]) ;
|
||||
|
||||
static PGPIdType fromUserId_hex(const std::string& hex_string) ;
|
||||
static PGPIdType fromFingerprint_hex(const std::string& hex_string) ;
|
||||
|
||||
explicit PGPIdType(const unsigned char bytes[]) ;
|
||||
|
||||
std::string toStdString() const ;
|
||||
uint64_t toUInt64() const ;
|
||||
@ -30,6 +32,33 @@ class PGPIdType
|
||||
private:
|
||||
unsigned char bytes[KEY_ID_SIZE] ;
|
||||
};
|
||||
class PGPFingerprintType
|
||||
{
|
||||
public:
|
||||
static const int KEY_FINGERPRINT_SIZE = 20 ;
|
||||
|
||||
static PGPFingerprintType fromFingerprint_hex(const std::string& hex_string) ;
|
||||
explicit PGPFingerprintType(const unsigned char bytes[]) ;
|
||||
|
||||
std::string toStdString() const ;
|
||||
const unsigned char *toByteArray() const { return &bytes[0] ; }
|
||||
|
||||
bool operator==(const PGPFingerprintType& fp) const
|
||||
{
|
||||
for(int i=0;i<KEY_FINGERPRINT_SIZE;++i)
|
||||
if(fp.bytes[i] != bytes[i])
|
||||
return false ;
|
||||
return true ;
|
||||
}
|
||||
bool operator!=(const PGPFingerprintType& fp) const
|
||||
{
|
||||
return !operator==(fp) ;
|
||||
}
|
||||
|
||||
PGPFingerprintType() {}
|
||||
private:
|
||||
unsigned char bytes[KEY_FINGERPRINT_SIZE] ;
|
||||
};
|
||||
|
||||
class PGPHandler
|
||||
{
|
||||
@ -51,7 +80,9 @@ class PGPHandler
|
||||
bool TrustCertificate(const PGPIdType& id, int trustlvl);
|
||||
|
||||
bool SignDataBin(const PGPIdType& id,const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) ;
|
||||
bool VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const std::string &withfingerprint) ;
|
||||
bool VerifySignBin(const void *data, uint32_t data_len, unsigned char *sign, unsigned int sign_len, const PGPFingerprintType& withfingerprint) ;
|
||||
|
||||
bool getKeyFingerprint(const PGPIdType& id,PGPFingerprintType& fp) const ;
|
||||
|
||||
// Debug stuff.
|
||||
virtual void printKeys() const ;
|
||||
|
@ -12,7 +12,7 @@ int main(int argc,char *argv[])
|
||||
{
|
||||
// test pgp ids.
|
||||
//
|
||||
PGPIdType id("3e5b22140ef56abb") ;
|
||||
PGPIdType id = PGPIdType::fromUserId_hex("3e5b22140ef56abb") ;
|
||||
|
||||
std::cerr << "Id is : " << std::hex << id.toUInt64() << std::endl;
|
||||
std::cerr << "Id st : " << id.toStdString() << std::endl;
|
||||
@ -55,7 +55,7 @@ int main(int argc,char *argv[])
|
||||
else
|
||||
std::cerr << "Certificate generation success. New id = " << newid.toStdString() << std::endl;
|
||||
|
||||
PGPIdType id2(std::string("618E54CF7670FF5E")) ;
|
||||
PGPIdType id2 = PGPIdType::fromUserId_hex("618E54CF7670FF5E") ;
|
||||
std::cerr << "Now extracting key " << id2.toStdString() << " from keyring:" << std::endl ;
|
||||
std::string cert = pgph.SaveCertificateToString(id2,false) ;
|
||||
|
||||
@ -87,7 +87,11 @@ int main(int argc,char *argv[])
|
||||
|
||||
std::cerr << "Now verifying signature..." << std::endl;
|
||||
|
||||
if(!pgph.VerifySignBin(test_bin,13,sign,signlen,""))
|
||||
PGPFingerprintType fingerprint ;
|
||||
if(!pgph.getKeyFingerprint(newid,fingerprint) )
|
||||
std::cerr << "Cannot find fingerprint of key id " << newid.toStdString() << std::endl;
|
||||
|
||||
if(!pgph.VerifySignBin(test_bin,13,sign,signlen,fingerprint))
|
||||
std::cerr << "Signature verification failed." << std::endl;
|
||||
else
|
||||
std::cerr << "Signature verification worked!" << std::endl;
|
||||
|
@ -1123,11 +1123,11 @@ bool AuthGPGimpl::VerifySignature(const void *data, int datalen, const void *sig
|
||||
fprintf(stderr, "AuthGPGimpl::VerifySignature() OK\n");
|
||||
#endif
|
||||
if (withfingerprint.empty() == false && withfingerprint == sg->fpr) {
|
||||
#ifdef GPG_DEBUG
|
||||
//#ifdef GPG_DEBUG
|
||||
fprintf(stderr, "AuthGPGimpl::VerifySignature() for the fingerprint key : ");
|
||||
std::cerr << withfingerprint;
|
||||
fprintf(stderr, "\n");
|
||||
#endif
|
||||
//#endif
|
||||
valid = true;
|
||||
break;
|
||||
}
|
||||
|
@ -30,3 +30,5 @@ int ops_decompress(ops_region_t *region,ops_parse_info_t *parse_info,
|
||||
ops_boolean_t ops_write_compressed(const unsigned char* data,
|
||||
const unsigned int len,
|
||||
ops_create_info_t *cinfo);
|
||||
|
||||
void ops_writer_push_compressed(ops_create_info_t *cinfo);
|
||||
|
@ -43,6 +43,8 @@ struct ops_create_info
|
||||
ops_error_t *errors; /*!< an error stack */
|
||||
};
|
||||
|
||||
void ops_prepare_parent_info(ops_create_info_t *parent_info,
|
||||
ops_writer_info_t *winfo);
|
||||
ops_create_info_t *ops_create_info_new(void);
|
||||
void ops_create_info_delete(ops_create_info_t *info);
|
||||
|
||||
|
@ -30,6 +30,12 @@
|
||||
#include "packet.h"
|
||||
#include "packet-parse.h"
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00908030L
|
||||
# define OPENSSL_NO_CAMELLIA
|
||||
#endif
|
||||
|
||||
#define OPS_MIN_HASH_SIZE 16
|
||||
|
||||
@ -166,6 +172,7 @@ void ops_writer_push_encrypt(ops_create_info_t *info,
|
||||
|
||||
ops_boolean_t ops_encrypt_file(const char* input_filename, const char* output_filename, const ops_keydata_t *pub_key, const ops_boolean_t use_armour, const ops_boolean_t allow_overwrite);
|
||||
ops_boolean_t ops_decrypt_file(const char* input_filename, const char* output_filename, ops_keyring_t *keyring, const ops_boolean_t use_armour, const ops_boolean_t allow_overwrite,ops_parse_cb_t* cb_get_passphrase);
|
||||
extern void ops_encrypt_stream(ops_create_info_t* cinfo, const ops_keydata_t* public_key, const ops_secret_key_t* secret_key, const ops_boolean_t compress, const ops_boolean_t use_armour);
|
||||
|
||||
// Keys
|
||||
ops_boolean_t ops_rsa_generate_keypair(const int numbits, const unsigned long e, ops_keydata_t* keydata);
|
||||
|
@ -113,6 +113,7 @@ void ops_print_error(ops_error_t *err);
|
||||
void ops_print_errors(ops_error_t *errstack);
|
||||
void ops_free_errors(ops_error_t *errstack);
|
||||
int ops_has_error(ops_error_t *errstack, ops_errcode_t errcode);
|
||||
void ops_move_errors(ops_create_info_t *source, ops_error_t **errstack);
|
||||
|
||||
#define OPS_SYSTEM_ERROR_1(err,code,syscall,fmt,arg) do { ops_push_error(err,OPS_E_SYSTEM_ERROR,errno,__FILE__,__LINE__,syscall); ops_push_error(err,code,0,__FILE__,__LINE__,fmt,arg); } while(0)
|
||||
#define OPS_MEMORY_ERROR(err) {fprintf(stderr, "Memory error\n");} // \todo placeholder for better error handling
|
||||
|
35
openpgpsdk/include/openpgpsdk/literal.h
Normal file
35
openpgpsdk/include/openpgpsdk/literal.h
Normal file
@ -0,0 +1,35 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
|
||||
* their moral rights under the UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License.
|
||||
*
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
*
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef __OPS_LITERAL_H__
|
||||
#define __OPS_LITERAL_H__
|
||||
|
||||
|
||||
ops_boolean_t write_literal_header(ops_create_info_t *info,
|
||||
void *header_data);
|
||||
|
||||
void ops_writer_push_literal(ops_create_info_t *info);
|
||||
void ops_writer_push_literal_with_opts(ops_create_info_t *info,
|
||||
unsigned int buf_size);
|
||||
|
||||
#endif /* __OPS_LITERAL_H__ */
|
||||
|
||||
// EOF
|
@ -132,7 +132,6 @@ int ops_parse_errs(ops_parse_info_t *parse_info,ops_ulong_list_t *errs);
|
||||
|
||||
void ops_parse_and_validate(ops_parse_info_t *parse_info);
|
||||
|
||||
|
||||
void ops_parse_options(ops_parse_info_t *pinfo,ops_content_tag_t tag,
|
||||
ops_parse_type_t type);
|
||||
|
||||
@ -140,7 +139,7 @@ ops_boolean_t ops_limited_read(unsigned char *dest,size_t length,
|
||||
ops_region_t *region,ops_error_t **errors,
|
||||
ops_reader_info_t *rinfo,
|
||||
ops_parse_cb_info_t *cbinfo);
|
||||
ops_boolean_t ops_stacked_limited_read(unsigned char *dest,unsigned length,
|
||||
ops_boolean_t ops_stacked_limited_read(void *dest,unsigned length,
|
||||
ops_region_t *region,
|
||||
ops_error_t **errors,
|
||||
ops_reader_info_t *rinfo,
|
||||
|
@ -127,7 +127,6 @@ typedef enum
|
||||
#define OPS_PTAG_NF_CONTENT_TAG_SHIFT 0
|
||||
|
||||
|
||||
|
||||
/** Structure to hold one parse error string. */
|
||||
typedef struct
|
||||
{
|
||||
@ -310,6 +309,9 @@ typedef enum
|
||||
OPS_SA_AES_192 =8, /*!< AES with 192-bit key */
|
||||
OPS_SA_AES_256 =9, /*!< AES with 256-bit key */
|
||||
OPS_SA_TWOFISH =10, /*!< Twofish with 256-bit key (TWOFISH) */
|
||||
OPS_SA_CAMELLIA_128 =11, /*!< Camellia with 128-bit key */
|
||||
OPS_SA_CAMELLIA_192 =12, /*!< Camellia with 192-bit key */
|
||||
OPS_SA_CAMELLIA_256 =13, /*!< Camellia with 256-bit key */
|
||||
} ops_symmetric_algorithm_t;
|
||||
|
||||
/** Hashing Algorithm Numbers.
|
||||
@ -358,7 +360,8 @@ typedef struct
|
||||
ops_public_key_t public_key;
|
||||
ops_s2k_usage_t s2k_usage;
|
||||
ops_s2k_specifier_t s2k_specifier;
|
||||
ops_symmetric_algorithm_t algorithm;
|
||||
ops_symmetric_algorithm_t algorithm; // the algorithm used to encrypt
|
||||
// the key
|
||||
ops_hash_algorithm_t hash_algorithm;
|
||||
unsigned char salt[OPS_SALT_SIZE];
|
||||
unsigned octet_count;
|
||||
@ -658,7 +661,7 @@ typedef struct
|
||||
/** Signature Subpacket : Revocation Key */
|
||||
typedef struct
|
||||
{
|
||||
unsigned char cclass;
|
||||
unsigned char clss; /* class - name changed for C++ */
|
||||
unsigned char algid;
|
||||
unsigned char fingerprint[20];
|
||||
} ops_ss_revocation_key_t;
|
||||
|
54
openpgpsdk/include/openpgpsdk/partial.h
Normal file
54
openpgpsdk/include/openpgpsdk/partial.h
Normal file
@ -0,0 +1,54 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer, Alasdair Mackintosh.
|
||||
* The Contributors have asserted their moral rights under the
|
||||
* UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License.
|
||||
*
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
*
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef __OPS_PARTIAL_H__
|
||||
#define __OPS_PARTIAL_H__
|
||||
|
||||
#include "types.h"
|
||||
#include "writer.h"
|
||||
|
||||
/**
|
||||
* Function that writes out a packet header. See
|
||||
* ops_writer_push_partial
|
||||
*/
|
||||
typedef ops_boolean_t ops_write_partial_header_t(ops_create_info_t *info,
|
||||
void *data);
|
||||
|
||||
typedef ops_boolean_t ops_write_partial_trailer_t(ops_create_info_t *info,
|
||||
void *data);
|
||||
|
||||
void ops_writer_push_partial(size_t packet_size,
|
||||
ops_create_info_t *info,
|
||||
ops_content_tag_t tag,
|
||||
ops_write_partial_header_t *header_writer,
|
||||
void *header_data);
|
||||
|
||||
void ops_writer_push_partial_with_trailer(
|
||||
size_t packet_size,
|
||||
ops_create_info_t *cinfo,
|
||||
ops_content_tag_t tag,
|
||||
ops_write_partial_header_t *header_writer,
|
||||
void *header_data,
|
||||
ops_write_partial_trailer_t *trailer_writer,
|
||||
void *trailer_data);
|
||||
|
||||
#endif /* __OPS_PARTIAL_H__ */
|
@ -91,5 +91,6 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
ops_boolean_t ops_sign_buf_as_cleartext(const char* input, const size_t len, ops_memory_t** output, const ops_secret_key_t *skey);
|
||||
ops_boolean_t ops_sign_file(const char* input_filename, const char* output_filename, const ops_secret_key_t *skey, const ops_boolean_t use_armour, const ops_boolean_t overwrite);
|
||||
ops_memory_t * ops_sign_buf(const void* input, const size_t input_len, const ops_sig_type_t sig_type, const ops_secret_key_t *skey, const ops_boolean_t use_armour);
|
||||
ops_boolean_t ops_writer_push_signed(ops_create_info_t *cinfo, const ops_sig_type_t sig_type, const ops_secret_key_t *skey);
|
||||
|
||||
#endif
|
||||
|
@ -25,6 +25,6 @@
|
||||
#include <openpgpsdk/readerwriter.h>
|
||||
|
||||
void ops_writer_push_stream_encrypt_se_ip(ops_create_info_t *cinfo,
|
||||
const ops_key_data_t *pub_key);
|
||||
const ops_keydata_t *pub_key);
|
||||
|
||||
#endif /*__OPS_STREAMWRITER_H__*/
|
||||
|
@ -189,6 +189,10 @@ typedef enum ops_content_tag_t ops_ss_type_t;
|
||||
typedef unsigned char ops_ss_rr_code_t;
|
||||
|
||||
/** ops_parse_type_t */
|
||||
|
||||
/** Used to specify whether subpackets should be returned raw, parsed or ignored.
|
||||
*/
|
||||
|
||||
typedef enum ops_parse_type_t ops_parse_type_t;
|
||||
|
||||
/** ops_parser_content_t */
|
||||
@ -208,8 +212,6 @@ typedef enum
|
||||
{
|
||||
OPS_WF_DUMMY,
|
||||
} ops_writer_flags_t;
|
||||
/** ops_writer_ret_t */
|
||||
/* typedef enum ops_writer_ret_t ops_writer_ret_t; */
|
||||
|
||||
/**
|
||||
* \ingroup Create
|
||||
|
@ -71,7 +71,7 @@ typedef struct
|
||||
} validate_key_cb_arg_t;
|
||||
|
||||
/** Struct use with the validate_data_cb callback */
|
||||
typedef struct
|
||||
typedef struct validate_data_cb_arg
|
||||
{
|
||||
enum
|
||||
{
|
||||
|
@ -92,12 +92,14 @@ accumulate_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)
|
||||
}
|
||||
// assert(cur);
|
||||
ops_add_userid_to_keydata(cur, &content->user_id);
|
||||
free(content->user_id.user_id);
|
||||
return OPS_KEEP_MEMORY;
|
||||
|
||||
case OPS_PARSER_PACKET_END:
|
||||
if(!cur)
|
||||
return OPS_RELEASE_MEMORY;
|
||||
ops_add_packet_to_keydata(cur, &content->packet);
|
||||
free(content->packet.raw);
|
||||
return OPS_KEEP_MEMORY;
|
||||
|
||||
case OPS_PARSER_ERROR:
|
||||
|
@ -1,8 +1,9 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
|
||||
* their moral rights under the UK Copyright Design and Patents Act 1988 to
|
||||
* Contributors: Ben Laurie, Rachel Willmer, Alasdair Mackintosh.
|
||||
* The Contributors have asserted their moral rights under the
|
||||
* UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
@ -33,8 +34,12 @@
|
||||
#include <openpgpsdk/errors.h>
|
||||
#include "parse_local.h"
|
||||
#include <openpgpsdk/final.h>
|
||||
#include <openpgpsdk/partial.h>
|
||||
|
||||
static const int debug = 0;
|
||||
|
||||
#define DECOMPRESS_BUFFER 1024
|
||||
#define COMPRESS_BUFFER 32768
|
||||
|
||||
typedef struct
|
||||
{
|
||||
@ -63,6 +68,8 @@ typedef struct
|
||||
z_stream stream;
|
||||
unsigned char *src;
|
||||
unsigned char *dst;
|
||||
size_t bytes_in;
|
||||
size_t bytes_out;
|
||||
} compress_arg_t;
|
||||
|
||||
// \todo remove code duplication between this and bzip2_compressed_data_reader
|
||||
@ -84,7 +91,8 @@ static int zlib_compressed_data_reader(void *dest,size_t length,
|
||||
if(arg->region->length_read == arg->region->length)
|
||||
{
|
||||
if(arg->inflate_ret != Z_STREAM_END)
|
||||
OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,"Compressed data didn't end when region ended.");
|
||||
OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Compressed data didn't end when region ended.");
|
||||
/*
|
||||
else
|
||||
return 0;
|
||||
@ -130,7 +138,8 @@ static int zlib_compressed_data_reader(void *dest,size_t length,
|
||||
{
|
||||
if(!arg->region->indeterminate
|
||||
&& arg->region->length_read != arg->region->length)
|
||||
OPS_ERROR(cbinfo->errors,OPS_E_P_DECOMPRESSION_ERROR,"Compressed stream ended before packet end.");
|
||||
OPS_ERROR(cbinfo->errors,OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Compressed stream ended before packet end.");
|
||||
}
|
||||
else if(ret != Z_OK)
|
||||
{
|
||||
@ -170,7 +179,8 @@ static int bzip2_compressed_data_reader(void *dest,size_t length,
|
||||
if(arg->region->length_read == arg->region->length)
|
||||
{
|
||||
if(arg->inflate_ret != BZ_STREAM_END)
|
||||
OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,"Compressed data didn't end when region ended.");
|
||||
OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Compressed data didn't end when region ended.");
|
||||
}
|
||||
|
||||
while(length > 0)
|
||||
@ -197,8 +207,8 @@ static int bzip2_compressed_data_reader(void *dest,size_t length,
|
||||
else
|
||||
n=sizeof arg->in;
|
||||
|
||||
if(!ops_stacked_limited_read((unsigned char *)arg->in,n,arg->region,
|
||||
errors,rinfo,cbinfo))
|
||||
if(!ops_stacked_limited_read(arg->in, n, arg->region, errors,
|
||||
rinfo, cbinfo))
|
||||
return -1;
|
||||
|
||||
arg->bzstream.next_in=arg->in;
|
||||
@ -211,11 +221,13 @@ static int bzip2_compressed_data_reader(void *dest,size_t length,
|
||||
{
|
||||
if(!arg->region->indeterminate
|
||||
&& arg->region->length_read != arg->region->length)
|
||||
OPS_ERROR(cbinfo->errors,OPS_E_P_DECOMPRESSION_ERROR,"Compressed stream ended before packet end.");
|
||||
OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Compressed stream ended before packet end.");
|
||||
}
|
||||
else if(ret != BZ_OK)
|
||||
{
|
||||
OPS_ERROR_1(cbinfo->errors,OPS_E_P_DECOMPRESSION_ERROR,"Invalid return %d from BZ2_bzDecompress", ret);
|
||||
OPS_ERROR_1(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Invalid return %d from BZ2_bzDecompress", ret);
|
||||
}
|
||||
arg->inflate_ret=ret;
|
||||
}
|
||||
@ -280,7 +292,8 @@ int ops_decompress(ops_region_t *region,ops_parse_info_t *parse_info,
|
||||
break;
|
||||
|
||||
default:
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, "Compression algorithm %d is not yet supported", type);
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG,
|
||||
"Compression algorithm %d is not yet supported", type);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -303,7 +316,8 @@ int ops_decompress(ops_region_t *region,ops_parse_info_t *parse_info,
|
||||
break;
|
||||
|
||||
default:
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, "Compression algorithm %d is not yet supported", type);
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG,
|
||||
"Compression algorithm %d is not yet supported", type);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -313,7 +327,9 @@ int ops_decompress(ops_region_t *region,ops_parse_info_t *parse_info,
|
||||
case OPS_C_ZLIB:
|
||||
if(ret != Z_OK)
|
||||
{
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_P_DECOMPRESSION_ERROR, "Cannot initialise ZIP or ZLIB stream for decompression: error=%d", ret);
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Cannot initialise ZIP or ZLIB stream "
|
||||
"for decompression: error=%d", ret);
|
||||
return 0;
|
||||
}
|
||||
ops_reader_push(parse_info,zlib_compressed_data_reader,NULL,&z_arg);
|
||||
@ -322,14 +338,17 @@ int ops_decompress(ops_region_t *region,ops_parse_info_t *parse_info,
|
||||
case OPS_C_BZIP2:
|
||||
if (ret != BZ_OK)
|
||||
{
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_P_DECOMPRESSION_ERROR, "Cannot initialise BZIP2 stream for decompression: error=%d", ret);
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_P_DECOMPRESSION_ERROR,
|
||||
"Cannot initialise BZIP2 stream "
|
||||
"for decompression: error=%d", ret);
|
||||
return 0;
|
||||
}
|
||||
ops_reader_push(parse_info,bzip2_compressed_data_reader,NULL,&bz_arg);
|
||||
break;
|
||||
|
||||
default:
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, "Compression algorithm %d is not yet supported", type);
|
||||
OPS_ERROR_1(&parse_info->errors, OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG,
|
||||
"Compression algorithm %d is not yet supported", type);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -402,4 +421,158 @@ ops_boolean_t ops_write_compressed(const unsigned char *data,
|
||||
&& ops_write(compress->dst, compress->stream.total_out,cinfo));
|
||||
}
|
||||
|
||||
|
||||
// Writes out the header for the compressed packet. Invoked by the
|
||||
// partial stream writer. Note that writing the packet tag and the
|
||||
// packet length is handled by the partial stream writer.
|
||||
static ops_boolean_t write_compressed_header(ops_create_info_t *info,
|
||||
void *header_data)
|
||||
{
|
||||
OPS_USED(header_data);
|
||||
// Write the compression type. Currently we just use ZLIB
|
||||
ops_write_scalar(OPS_C_ZLIB, 1, info);
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
static void zlib_error(ops_error_t **errors, z_stream *stream, int error)
|
||||
{
|
||||
OPS_ERROR_2(errors,OPS_E_FAIL,
|
||||
"Error from compression stream %d (%s)", error,
|
||||
stream->msg == NULL ? "Unknown" : stream->msg);
|
||||
}
|
||||
|
||||
static ops_boolean_t stream_compress_writer(const unsigned char *src,
|
||||
unsigned length,
|
||||
ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
// ZLib doesn't like being asked to compress nothing, so return if
|
||||
// we are given no input.
|
||||
if (length == 0)
|
||||
return ops_true;
|
||||
if (debug)
|
||||
fprintf(stderr, "Compressing %u bytes\n", length);
|
||||
compress_arg_t* compress = ops_writer_get_arg(winfo);
|
||||
compress->bytes_in += length;
|
||||
compress->stream.next_in = (void*) src;
|
||||
compress->stream.avail_in = length;
|
||||
ops_boolean_t result = ops_true;
|
||||
do
|
||||
{
|
||||
compress->stream.next_out = compress->dst;
|
||||
compress->stream.avail_out = COMPRESS_BUFFER;
|
||||
int retcode = deflate(&compress->stream, Z_NO_FLUSH);
|
||||
if (retcode != Z_OK)
|
||||
{
|
||||
zlib_error(errors, &compress->stream, retcode);
|
||||
deflateEnd(&compress->stream);
|
||||
return ops_false;
|
||||
}
|
||||
unsigned bytes_to_write = COMPRESS_BUFFER - compress->stream.avail_out;
|
||||
if (debug)
|
||||
fprintf(stderr, "bytes_to_write = %u\n", bytes_to_write);
|
||||
compress->bytes_out += bytes_to_write;
|
||||
result = ops_stacked_write(compress->dst, bytes_to_write, errors,
|
||||
winfo);
|
||||
}
|
||||
while (result && compress->stream.avail_out == 0);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
static ops_boolean_t stream_compress_finaliser(ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
compress_arg_t* compress = ops_writer_get_arg(winfo);
|
||||
compress->stream.next_in = NULL;
|
||||
compress->stream.avail_in = 0;
|
||||
int retcode = Z_OK;
|
||||
int output_size = COMPRESS_BUFFER;
|
||||
ops_boolean_t result = ops_true;
|
||||
do
|
||||
{
|
||||
compress->stream.next_out = compress->dst;
|
||||
compress->stream.avail_out = output_size;
|
||||
retcode = deflate(&compress->stream, Z_FINISH);
|
||||
if (retcode != Z_STREAM_END && retcode != Z_OK)
|
||||
{
|
||||
zlib_error(errors, &compress->stream, retcode);
|
||||
deflateEnd(&compress->stream);
|
||||
return ops_false;
|
||||
}
|
||||
int bytes_to_write = output_size - compress->stream.avail_out;
|
||||
if (debug)
|
||||
fprintf(stderr, "At end, bytes_to_write = %u\n", bytes_to_write);
|
||||
compress->bytes_out += bytes_to_write;
|
||||
result = ops_stacked_write(compress->dst, bytes_to_write, errors,
|
||||
winfo);
|
||||
|
||||
// If deflate returns Z_OK after we have asked to flush, it means
|
||||
// that there was not enough space in the output buffer. Increase
|
||||
// the buffer size and try again.
|
||||
if (retcode != Z_STREAM_END)
|
||||
{
|
||||
if (debug)
|
||||
fprintf(stderr, "Reallocating %u\n", output_size * 2);
|
||||
output_size *= 2;
|
||||
compress->dst = realloc(compress->dst, output_size);
|
||||
}
|
||||
}
|
||||
while (result && retcode != Z_STREAM_END);
|
||||
|
||||
int error = deflateEnd(&compress->stream);
|
||||
if (error != Z_OK)
|
||||
{
|
||||
zlib_error(errors, &compress->stream, error);
|
||||
return ops_false;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
static void stream_compress_destroyer(ops_writer_info_t *winfo)
|
||||
{
|
||||
compress_arg_t* compress = ops_writer_get_arg(winfo);
|
||||
if (debug)
|
||||
fprintf(stderr, "Compressed %zu to %zu\n", compress->bytes_in,
|
||||
compress->bytes_out);
|
||||
free(compress->dst);
|
||||
free(compress);
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup Core_WritePackets
|
||||
\brief Pushes a compressed writer onto the stack. Data written
|
||||
will be encoded as a compressed packet.
|
||||
\param cinfo Write settings
|
||||
*/
|
||||
void ops_writer_push_compressed(ops_create_info_t *cinfo)
|
||||
{
|
||||
// This is a streaming writer, so we don't know the length in
|
||||
// advance. Use a partial writer to handle the partial body
|
||||
// packet lengths.
|
||||
ops_writer_push_partial(COMPRESS_BUFFER,
|
||||
cinfo, OPS_PTAG_CT_COMPRESSED,
|
||||
write_compressed_header, NULL);
|
||||
|
||||
// Create arg to be used with this writer
|
||||
// Remember to free this in the destroyer
|
||||
compress_arg_t *compress = ops_mallocz(sizeof *compress);
|
||||
|
||||
compress->dst = malloc(COMPRESS_BUFFER);
|
||||
const int level=Z_DEFAULT_COMPRESSION; // \todo allow varying levels
|
||||
compress->stream.zalloc=Z_NULL;
|
||||
compress->stream.zfree=Z_NULL;
|
||||
compress->stream.opaque=NULL;
|
||||
compress->stream.avail_out = COMPRESS_BUFFER;
|
||||
// all other fields set to zero by use of ops_mallocz
|
||||
|
||||
if (deflateInit(&compress->stream, level) != Z_OK)
|
||||
// can't initialise. Is there a better way to handle this?
|
||||
assert(0);
|
||||
|
||||
// And push writer on stack
|
||||
ops_writer_push(cinfo, stream_compress_writer, stream_compress_finaliser,
|
||||
stream_compress_destroyer, compress);
|
||||
}
|
||||
|
||||
// EOF
|
||||
|
@ -103,7 +103,8 @@ ops_boolean_t ops_write_struct_user_id(ops_user_id_t *id,
|
||||
*
|
||||
* \return return value from ops_write_struct_user_id()
|
||||
*/
|
||||
ops_boolean_t ops_write_user_id(const unsigned char *user_id,ops_create_info_t *info)
|
||||
ops_boolean_t ops_write_user_id(const unsigned char *user_id,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
ops_user_id_t id;
|
||||
|
||||
@ -204,6 +205,7 @@ static ops_boolean_t write_public_key_body(const ops_public_key_t *key,
|
||||
&& ops_write_mpi(key->key.elgamal.y,info);
|
||||
|
||||
default:
|
||||
fprintf(stderr, "Unknown algorithm %d\n", key->algorithm);
|
||||
assert(0);
|
||||
break;
|
||||
}
|
||||
@ -239,7 +241,8 @@ static ops_boolean_t write_secret_key_body(const ops_secret_key_t *key,
|
||||
if (!ops_write_scalar(key->algorithm,1,info))
|
||||
return ops_false;
|
||||
|
||||
assert(key->s2k_specifier==OPS_S2KS_SIMPLE || key->s2k_specifier==OPS_S2KS_SALTED); // = 1 \todo could also be iterated-and-salted
|
||||
assert(key->s2k_specifier==OPS_S2KS_SIMPLE
|
||||
|| key->s2k_specifier==OPS_S2KS_SALTED); // = 1 \todo could also be iterated-and-salted
|
||||
if (!ops_write_scalar(key->s2k_specifier,1,info))
|
||||
return ops_false;
|
||||
|
||||
@ -268,7 +271,8 @@ static ops_boolean_t write_secret_key_body(const ops_secret_key_t *key,
|
||||
*/
|
||||
|
||||
default:
|
||||
fprintf(stderr,"invalid/unsupported s2k specifier %d\n", key->s2k_specifier);
|
||||
fprintf(stderr,"invalid/unsupported s2k specifier %d\n",
|
||||
key->s2k_specifier);
|
||||
assert(0);
|
||||
}
|
||||
|
||||
@ -313,7 +317,8 @@ static ops_boolean_t write_secret_key_body(const ops_secret_key_t *key,
|
||||
hash.add(&hash, passphrase, pplen);
|
||||
hash.finish(&hash, hashed);
|
||||
|
||||
// if more in hash than is needed by session key, use the leftmost octets
|
||||
// if more in hash than is needed by session key, use the
|
||||
// leftmost octets
|
||||
memcpy(session_key+(i*SHA_DIGEST_LENGTH), hashed, use);
|
||||
done += use;
|
||||
assert(done<=CAST_KEY_LENGTH);
|
||||
@ -329,7 +334,8 @@ static ops_boolean_t write_secret_key_body(const ops_secret_key_t *key,
|
||||
*/
|
||||
|
||||
default:
|
||||
fprintf(stderr,"invalid/unsupported s2k specifier %d\n", key->s2k_specifier);
|
||||
fprintf(stderr,"invalid/unsupported s2k specifier %d\n",
|
||||
key->s2k_specifier);
|
||||
assert(0);
|
||||
}
|
||||
|
||||
@ -432,7 +438,9 @@ static ops_boolean_t write_secret_key_body(const ops_secret_key_t *key,
|
||||
\endcode
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_write_transferable_public_key(const ops_keydata_t *keydata, ops_boolean_t armoured, ops_create_info_t *info)
|
||||
ops_boolean_t ops_write_transferable_public_key(const ops_keydata_t *keydata,
|
||||
ops_boolean_t armoured,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
ops_boolean_t rtn;
|
||||
unsigned int i=0,j=0;
|
||||
@ -757,6 +765,47 @@ ops_boolean_t ops_write_struct_secret_key(const ops_secret_key_t *key,
|
||||
&& write_secret_key_body(key,passphrase,pplen,info);
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup InternalAPI
|
||||
*
|
||||
* \brief Initialise a temporary info structure that can be used for
|
||||
* writing to a writer's parent.
|
||||
*
|
||||
* This is used by writers who want to use the various ops_write functions
|
||||
* in order to write to the parent writer.
|
||||
* Example code:
|
||||
* \code
|
||||
* ops_boolean_t writer(const unsigned char *src,
|
||||
* unsigned length,
|
||||
* ops_error_t **errors,
|
||||
* ops_writer_info_t *winfo) {
|
||||
* ops_create_info_t parent;
|
||||
* ops_prepare_parent_info(&parent, winfo, errors);
|
||||
*
|
||||
* // The ptag will be written to the parent writer
|
||||
* ops_write_ptag(OPS_PTAG_CT_LITERAL_DATA, &parent);
|
||||
*
|
||||
* // The data is written to the parent. This line is
|
||||
// equivalent to:
|
||||
* // ops_stacked_write(src, length, errors, winfo);
|
||||
* ops_boolean_t result = ops_write(src, length, info);
|
||||
* ops_move_errors(&parent_info, errors);
|
||||
* return result;
|
||||
* \endcode
|
||||
*
|
||||
* \note It is the responsiblity of the caller to assign space for the parent
|
||||
* structure, typically on the stack. IOn order to report errors correctly,
|
||||
* use ops_move_errors() after the write operation.
|
||||
*
|
||||
* \see ops_move_errors
|
||||
*/
|
||||
void ops_prepare_parent_info(ops_create_info_t *parent_info,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
parent_info->winfo = *winfo->next;
|
||||
parent_info->errors = NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup Core_Create
|
||||
*
|
||||
@ -791,7 +840,8 @@ void ops_create_info_delete(ops_create_info_t *info)
|
||||
\param cs Checksum to be written
|
||||
\return ops_true if OK; else ops_false
|
||||
*/
|
||||
ops_boolean_t ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char cs[2])
|
||||
ops_boolean_t ops_calc_session_key_checksum(ops_pk_session_key_t *session_key,
|
||||
unsigned char cs[2])
|
||||
{
|
||||
unsigned int i=0;
|
||||
unsigned long checksum=0;
|
||||
@ -814,7 +864,8 @@ ops_boolean_t ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, u
|
||||
// fprintf(stderr," %2x\n",cs[1]);
|
||||
}
|
||||
|
||||
static ops_boolean_t create_unencoded_m_buf(ops_pk_session_key_t *session_key, unsigned char *m_buf)
|
||||
static ops_boolean_t create_unencoded_m_buf(ops_pk_session_key_t *session_key,
|
||||
unsigned char *m_buf)
|
||||
{
|
||||
int i=0;
|
||||
// unsigned long checksum=0;
|
||||
@ -898,7 +949,8 @@ ops_boolean_t encode_m_buf(const unsigned char *M, size_t mLen,
|
||||
\brief Creates an ops_pk_session_key_t struct from keydata
|
||||
\param key Keydata to use
|
||||
\return ops_pk_session_key_t struct
|
||||
\note It is the caller's responsiblity to free the returned pointer
|
||||
\note It is the caller's responsiblity to free the returned pointer. Before freeing,
|
||||
the key must be cleared by calling ops_pk_session_key_free()
|
||||
\note Currently hard-coded to use CAST5
|
||||
\note Currently hard-coded to use RSA
|
||||
*/
|
||||
@ -946,7 +998,8 @@ ops_pk_session_key_t *ops_create_pk_session_key(const ops_keydata_t *key)
|
||||
if (debug)
|
||||
{
|
||||
unsigned int i=0;
|
||||
fprintf(stderr,"CAST5 session key created (len=%d):\n ", CAST_KEY_LENGTH);
|
||||
fprintf(stderr,"CAST5 session key created (len=%d):\n ",
|
||||
CAST_KEY_LENGTH);
|
||||
for (i=0; i<CAST_KEY_LENGTH; i++)
|
||||
fprintf(stderr,"%2x ", session_key->key[i]);
|
||||
fprintf(stderr,"\n");
|
||||
@ -966,10 +1019,12 @@ ops_pk_session_key_t *ops_create_pk_session_key(const ops_keydata_t *key)
|
||||
printf("%2x ", unencoded_m_buf[i]);
|
||||
printf("\n");
|
||||
}
|
||||
encode_m_buf(&unencoded_m_buf[0], SZ_UNENCODED_M_BUF, pub_key, &encoded_m_buf[0]);
|
||||
encode_m_buf(&unencoded_m_buf[0], SZ_UNENCODED_M_BUF, pub_key,
|
||||
&encoded_m_buf[0]);
|
||||
|
||||
// and encrypt it
|
||||
if(!ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pub_key, &session_key->parameters))
|
||||
if(!ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pub_key,
|
||||
&session_key->parameters))
|
||||
{
|
||||
free (encoded_m_buf);
|
||||
return NULL;
|
||||
@ -993,7 +1048,9 @@ ops_boolean_t ops_write_pk_session_key(ops_create_info_t *info,
|
||||
assert(pksk->algorithm == OPS_PKA_RSA);
|
||||
|
||||
return ops_write_ptag(OPS_PTAG_CT_PK_SESSION_KEY, info)
|
||||
&& ops_write_length(1 + 8 + 1 + BN_num_bytes(pksk->parameters.rsa.encrypted_m) + 2, info)
|
||||
&& ops_write_length(1 + 8 + 1
|
||||
+ BN_num_bytes(pksk->parameters.rsa.encrypted_m)
|
||||
+ 2, info)
|
||||
&& ops_write_scalar(pksk->version, 1, info)
|
||||
&& ops_write(pksk->key_id, 8, info)
|
||||
&& ops_write_scalar(pksk->algorithm, 1, info)
|
||||
@ -1056,7 +1113,8 @@ ops_boolean_t ops_write_literal_data_from_buf(const unsigned char *data,
|
||||
\return ops_true if OK; else ops_false
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_write_literal_data_from_file(const char *filename,
|
||||
ops_boolean_t
|
||||
ops_write_literal_data_from_file(const char *filename,
|
||||
const ops_literal_data_type_t type,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
@ -1066,8 +1124,7 @@ ops_boolean_t ops_write_literal_data_from_file(const char *filename,
|
||||
unsigned char buf[1024];
|
||||
ops_memory_t* mem=NULL;
|
||||
size_t len=0;
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd=open(filename,O_RDONLY | O_BINARY);
|
||||
#else
|
||||
fd=open(filename,O_RDONLY);
|
||||
@ -1109,7 +1166,8 @@ ops_boolean_t ops_write_literal_data_from_file(const char *filename,
|
||||
\param errnum Pointer to error
|
||||
\return new ops_memory_t pointer containing the contents of the file
|
||||
|
||||
\note If there was an error opening the file or reading from it, errnum is set to the cause
|
||||
\note If there was an error opening the file or reading from it,
|
||||
errnum is set to the cause
|
||||
|
||||
\note It is the caller's responsibility to call ops_memory_free(mem)
|
||||
*/
|
||||
@ -1122,8 +1180,7 @@ ops_memory_t* ops_write_mem_from_file(const char *filename, int* errnum)
|
||||
ops_memory_t* mem=NULL;
|
||||
|
||||
*errnum=0;
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd=open(filename,O_RDONLY | O_BINARY);
|
||||
#else
|
||||
fd=open(filename,O_RDONLY);
|
||||
@ -1165,7 +1222,8 @@ ops_memory_t* ops_write_mem_from_file(const char *filename, int* errnum)
|
||||
\return 1 if OK; 0 if error
|
||||
*/
|
||||
|
||||
int ops_write_file_from_buf(const char *filename, const char* buf, const size_t len, const ops_boolean_t overwrite)
|
||||
int ops_write_file_from_buf(const char *filename, const char* buf,
|
||||
const size_t len, const ops_boolean_t overwrite)
|
||||
{
|
||||
int fd=0;
|
||||
size_t n=0;
|
||||
@ -1176,9 +1234,10 @@ int ops_write_file_from_buf(const char *filename, const char* buf, const size_t
|
||||
flags |= O_TRUNC;
|
||||
else
|
||||
flags |= O_EXCL;
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
flags |= O_BINARY;
|
||||
#endif
|
||||
|
||||
fd=open(filename,flags, 0600);
|
||||
if (fd < 0)
|
||||
{
|
||||
@ -1212,7 +1271,7 @@ ops_boolean_t ops_write_symmetrically_encrypted_data(const unsigned char *data,
|
||||
int done=0;
|
||||
ops_crypt_t crypt_info;
|
||||
int encrypted_sz=0;// size of encrypted data
|
||||
unsigned char *encrypted=(unsigned char *)NULL; // buffer to write encrypted data to
|
||||
unsigned char *encrypted=NULL; // buffer to write encrypted data to
|
||||
|
||||
// \todo assume AES256 for now
|
||||
ops_crypt_any(&crypt_info, OPS_SA_AES_256);
|
||||
@ -1246,7 +1305,8 @@ ops_boolean_t ops_write_one_pass_sig(const ops_secret_key_t* skey,
|
||||
{
|
||||
unsigned char keyid[OPS_KEY_ID_SIZE];
|
||||
if (debug)
|
||||
{ fprintf(stderr,"calling ops_keyid in write_one_pass_sig: this calls sha1_init\n"); }
|
||||
fprintf(stderr, "calling ops_keyid in write_one_pass_sig: "
|
||||
"this calls sha1_init\n");
|
||||
ops_keyid(keyid,&skey->public_key);
|
||||
|
||||
return ops_write_ptag(OPS_PTAG_CT_ONE_PASS_SIGNATURE, info)
|
||||
|
@ -19,9 +19,12 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <openpgpsdk/compress.h>
|
||||
#include <openpgpsdk/crypto.h>
|
||||
#include <openpgpsdk/literal.h>
|
||||
#include <openpgpsdk/random.h>
|
||||
#include <openpgpsdk/readerwriter.h>
|
||||
#include <openpgpsdk/streamwriter.h>
|
||||
#include <openpgpsdk/writer_armoured.h>
|
||||
#include "parse_local.h"
|
||||
|
||||
@ -41,7 +44,8 @@
|
||||
\return length of MPI
|
||||
\note only RSA at present
|
||||
*/
|
||||
int ops_decrypt_and_unencode_mpi(unsigned char *buf,unsigned buflen,const BIGNUM *encmpi,
|
||||
int ops_decrypt_and_unencode_mpi(unsigned char *buf, unsigned buflen,
|
||||
const BIGNUM *encmpi,
|
||||
const ops_secret_key_t *skey)
|
||||
{
|
||||
unsigned char encmpibuf[8192];
|
||||
@ -129,7 +133,8 @@ ops_boolean_t ops_rsa_encrypt_mpi(const unsigned char *encoded_m_buf,
|
||||
unsigned char encmpibuf[8192];
|
||||
int n=0;
|
||||
|
||||
n=ops_rsa_public_encrypt(encmpibuf, encoded_m_buf, sz_encoded_m_buf, &pkey->key.rsa);
|
||||
n=ops_rsa_public_encrypt(encmpibuf, encoded_m_buf, sz_encoded_m_buf,
|
||||
&pkey->key.rsa);
|
||||
assert(n!=-1);
|
||||
|
||||
if(n <= 0)
|
||||
@ -151,7 +156,8 @@ ops_boolean_t ops_rsa_encrypt_mpi(const unsigned char *encoded_m_buf,
|
||||
#define MAXBUF 1024
|
||||
|
||||
static ops_parse_cb_return_t
|
||||
callback_write_parsed(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo);
|
||||
callback_write_parsed(const ops_parser_content_t *content_,
|
||||
ops_parse_cb_info_t *cbinfo);
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Crypto
|
||||
@ -163,14 +169,17 @@ Encrypt a file
|
||||
\param allow_overwrite Allow output file to be overwrwritten if it exists
|
||||
\return ops_true if OK; else ops_false
|
||||
*/
|
||||
ops_boolean_t ops_encrypt_file(const char* input_filename, const char* output_filename, const ops_keydata_t *pub_key, const ops_boolean_t use_armour, const ops_boolean_t allow_overwrite)
|
||||
ops_boolean_t ops_encrypt_file(const char* input_filename,
|
||||
const char* output_filename,
|
||||
const ops_keydata_t *pub_key,
|
||||
const ops_boolean_t use_armour,
|
||||
const ops_boolean_t allow_overwrite)
|
||||
{
|
||||
int fd_in=0;
|
||||
int fd_out=0;
|
||||
|
||||
ops_create_info_t *cinfo;
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd_in=open(input_filename, O_RDONLY | O_BINARY);
|
||||
#else
|
||||
fd_in=open(input_filename, O_RDONLY );
|
||||
@ -190,37 +199,76 @@ ops_boolean_t ops_encrypt_file(const char* input_filename, const char* output_fi
|
||||
ops_writer_push_armoured_message(cinfo);
|
||||
|
||||
// Push the encrypted writer
|
||||
ops_writer_push_encrypt_se_ip(cinfo,pub_key);
|
||||
ops_writer_push_stream_encrypt_se_ip(cinfo, pub_key);
|
||||
ops_writer_push_literal(cinfo);
|
||||
|
||||
// Do the writing
|
||||
|
||||
unsigned char* buf=NULL;
|
||||
size_t bufsz=16;
|
||||
int done=0;
|
||||
unsigned buffer[10240];
|
||||
for (;;)
|
||||
{
|
||||
buf=realloc(buf,done+bufsz);
|
||||
|
||||
int n=0;
|
||||
|
||||
n=read(fd_in,buf+done,bufsz);
|
||||
n=read(fd_in, buffer, sizeof buffer);
|
||||
if (!n)
|
||||
break;
|
||||
assert(n >= 0);
|
||||
done+=n;
|
||||
|
||||
// FIXME: apparently writing can't fail.
|
||||
ops_write(buffer, n, cinfo);
|
||||
}
|
||||
|
||||
// This does the writing
|
||||
ops_write(buf,done,cinfo);
|
||||
|
||||
// tidy up
|
||||
close(fd_in);
|
||||
free(buf);
|
||||
ops_teardown_file_write(cinfo, fd_out);
|
||||
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Crypto
|
||||
Encrypt a compressed, signed stream.
|
||||
\param cinfo the structure describing where the output will be written.
|
||||
\param public_key the key used to encrypt the data
|
||||
\param secret_key the key used to sign the data. If NULL, the data
|
||||
will not be signed
|
||||
\param compress If true, compress the stream before encrypting
|
||||
\param use_armour Write armoured text, if set
|
||||
\see ops_setup_file_write
|
||||
|
||||
Example Code:
|
||||
\code
|
||||
const char* filename = "armour_nocompress_sign.asc";
|
||||
ops_create_info_t *info;
|
||||
int fd = ops_setup_file_write(&info, filename, ops_true);
|
||||
if (fd < 0) {
|
||||
fprintf(stderr, "Cannot write to %s\n", filename);
|
||||
return -1;
|
||||
}
|
||||
ops_encrypt_stream(info, public_key, secret_key, ops_false, ops_true);
|
||||
ops_write(cleartext, strlen(cleartext), info);
|
||||
ops_writer_close(info);
|
||||
ops_create_info_delete(info);
|
||||
\endcode
|
||||
*/
|
||||
extern void ops_encrypt_stream(ops_create_info_t* cinfo,
|
||||
const ops_keydata_t* public_key,
|
||||
const ops_secret_key_t* secret_key,
|
||||
const ops_boolean_t compress,
|
||||
const ops_boolean_t use_armour)
|
||||
{
|
||||
if (use_armour)
|
||||
ops_writer_push_armoured_message(cinfo);
|
||||
ops_writer_push_stream_encrypt_se_ip(cinfo, public_key);
|
||||
if (compress)
|
||||
ops_writer_push_compressed(cinfo);
|
||||
if (secret_key != NULL)
|
||||
ops_writer_push_signed(cinfo, OPS_SIG_BINARY, secret_key);
|
||||
else
|
||||
ops_writer_push_literal(cinfo);
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Crypto
|
||||
\brief Decrypt a file.
|
||||
@ -232,7 +280,12 @@ ops_boolean_t ops_encrypt_file(const char* input_filename, const char* output_fi
|
||||
\param cb_get_passphrase Callback to use to get passphrase
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_decrypt_file(const char* input_filename, const char* output_filename, ops_keyring_t* keyring, const ops_boolean_t use_armour, const ops_boolean_t allow_overwrite, ops_parse_cb_t* cb_get_passphrase)
|
||||
ops_boolean_t ops_decrypt_file(const char* input_filename,
|
||||
const char* output_filename,
|
||||
ops_keyring_t* keyring,
|
||||
const ops_boolean_t use_armour,
|
||||
const ops_boolean_t allow_overwrite,
|
||||
ops_parse_cb_t* cb_get_passphrase)
|
||||
{
|
||||
int fd_in=0;
|
||||
int fd_out=0;
|
||||
@ -256,7 +309,8 @@ ops_boolean_t ops_decrypt_file(const char* input_filename, const char* output_fi
|
||||
|
||||
if (output_filename)
|
||||
{
|
||||
fd_out=ops_setup_file_write(&pinfo->cbinfo.cinfo, output_filename, allow_overwrite);
|
||||
fd_out=ops_setup_file_write(&pinfo->cbinfo.cinfo, output_filename,
|
||||
allow_overwrite);
|
||||
|
||||
if (fd_out < 0)
|
||||
{
|
||||
@ -269,20 +323,23 @@ ops_boolean_t ops_decrypt_file(const char* input_filename, const char* output_fi
|
||||
{
|
||||
int suffixlen=4;
|
||||
char *defaultsuffix=".decrypted";
|
||||
const char *suffix=input_filename+strlen((char *)input_filename)-suffixlen;
|
||||
const char *suffix=input_filename+strlen(input_filename)-suffixlen;
|
||||
if (!strcmp(suffix, ".gpg") || !strcmp(suffix, ".asc"))
|
||||
{
|
||||
myfilename=ops_mallocz(strlen(input_filename)-suffixlen+1);
|
||||
strncpy(myfilename,input_filename,strlen(input_filename)-suffixlen);
|
||||
strncpy(myfilename, input_filename,
|
||||
strlen(input_filename)-suffixlen);
|
||||
}
|
||||
else
|
||||
{
|
||||
unsigned filenamelen=strlen(input_filename)+strlen(defaultsuffix)+1;
|
||||
myfilename=ops_mallocz(filenamelen);
|
||||
snprintf(myfilename,filenamelen,"%s%s",input_filename,defaultsuffix);
|
||||
snprintf(myfilename, filenamelen, "%s%s", input_filename,
|
||||
defaultsuffix);
|
||||
}
|
||||
|
||||
fd_out=ops_setup_file_write(&pinfo->cbinfo.cinfo, myfilename, allow_overwrite);
|
||||
fd_out=ops_setup_file_write(&pinfo->cbinfo.cinfo, myfilename,
|
||||
allow_overwrite);
|
||||
|
||||
if (fd_out < 0)
|
||||
{
|
||||
@ -325,9 +382,11 @@ ops_boolean_t ops_decrypt_file(const char* input_filename, const char* output_fi
|
||||
}
|
||||
|
||||
static ops_parse_cb_return_t
|
||||
callback_write_parsed(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)
|
||||
callback_write_parsed(const ops_parser_content_t *content_,
|
||||
ops_parse_cb_info_t *cbinfo)
|
||||
{
|
||||
ops_parser_content_union_t* content=(ops_parser_content_union_t *)&content_->content;
|
||||
ops_parser_content_union_t* content
|
||||
=(ops_parser_content_union_t *)&content_->content;
|
||||
static ops_boolean_t skipping;
|
||||
// ops_boolean_t write=ops_true;
|
||||
|
||||
|
@ -208,4 +208,26 @@ void ops_free_errors(ops_error_t *errstack)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup InternalAPI
|
||||
\brief Moves errors from a create info structure to another error stack.
|
||||
|
||||
The error stack wil be moved from the source structure to the destination
|
||||
stack. If the destination already has errors defined, the errors will
|
||||
be appended.
|
||||
*/
|
||||
void ops_move_errors(ops_create_info_t *source, ops_error_t **dest)
|
||||
{
|
||||
if (*dest == NULL)
|
||||
*dest = source->errors;
|
||||
else
|
||||
{
|
||||
ops_error_t *last = *dest;
|
||||
while(last->next != NULL)
|
||||
last = last->next;
|
||||
last->next = source->errors;
|
||||
}
|
||||
source->errors = NULL;
|
||||
}
|
||||
|
||||
// EOF
|
||||
|
@ -61,16 +61,8 @@ ops_keydata_t *ops_keydata_new(void)
|
||||
{ return ops_mallocz(sizeof(ops_keydata_t)); }
|
||||
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Keyring
|
||||
|
||||
\brief Frees keydata and its memory
|
||||
|
||||
\param keydata Key to be freed.
|
||||
|
||||
\note This frees the keydata itself, as well as any other memory alloc-ed by it.
|
||||
*/
|
||||
void ops_keydata_free(ops_keydata_t *keydata)
|
||||
// Frees the content of a keydata structure, but not the keydata itself.
|
||||
static void keydata_internal_free(ops_keydata_t *keydata)
|
||||
{
|
||||
unsigned n;
|
||||
|
||||
@ -98,7 +90,22 @@ void ops_keydata_free(ops_keydata_t *keydata)
|
||||
else
|
||||
ops_secret_key_free(&keydata->key.skey);
|
||||
|
||||
/* free(keydata); */
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Keyring
|
||||
|
||||
\brief Frees keydata and its memory
|
||||
|
||||
\param keydata Key to be freed.
|
||||
|
||||
\note This frees the keydata itself, as well as any other memory
|
||||
alloc-ed by it.
|
||||
*/
|
||||
void ops_keydata_free(ops_keydata_t *keydata)
|
||||
{
|
||||
keydata_internal_free(keydata);
|
||||
free(keydata);
|
||||
}
|
||||
|
||||
// \todo check where userid pointers are copied
|
||||
@ -420,15 +427,11 @@ const unsigned char* ops_get_user_id(const ops_keydata_t *key, unsigned index)
|
||||
|
||||
ops_boolean_t ops_is_key_supported(const ops_keydata_t *keydata)
|
||||
{
|
||||
if ( keydata->type == OPS_PTAG_CT_PUBLIC_KEY ) {
|
||||
if ( keydata->key.pkey.algorithm == OPS_PKA_RSA ) {
|
||||
if(keydata->type == OPS_PTAG_CT_PUBLIC_KEY)
|
||||
{
|
||||
if(keydata->key.pkey.algorithm == OPS_PKA_RSA)
|
||||
return ops_true;
|
||||
}
|
||||
} else if ( keydata->type == OPS_PTAG_CT_PUBLIC_KEY ) {
|
||||
if ( keydata->key.skey.algorithm == (ops_symmetric_algorithm_t)OPS_PKA_RSA ) {
|
||||
return ops_true;
|
||||
}
|
||||
}
|
||||
return ops_false;
|
||||
}
|
||||
|
||||
@ -688,8 +691,7 @@ ops_boolean_t ops_keyring_read_from_file(ops_keyring_t *keyring, const ops_boole
|
||||
|
||||
// ops_parse_options(pinfo,OPS_PTAG_SS_ALL,OPS_PARSE_RAW);
|
||||
ops_parse_options(pinfo,OPS_PTAG_SS_ALL,OPS_PARSE_PARSED);
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd=open(filename,O_RDONLY | O_BINARY);
|
||||
#else
|
||||
fd=open(filename,O_RDONLY);
|
||||
@ -766,11 +768,10 @@ ops_boolean_t ops_keyring_read_from_mem(ops_keyring_t *keyring, const ops_boolea
|
||||
ops_parse_info_t *pinfo=NULL;
|
||||
ops_boolean_t res = ops_true;
|
||||
|
||||
pinfo=ops_parse_info_new();
|
||||
ops_setup_memory_read(&pinfo, mem, NULL, cb_keyring_read,
|
||||
OPS_ACCUMULATE_NO);
|
||||
ops_parse_options(pinfo,OPS_PTAG_SS_ALL,OPS_PARSE_PARSED);
|
||||
|
||||
ops_setup_memory_read(&pinfo, mem, NULL, cb_keyring_read, OPS_ACCUMULATE_NO);
|
||||
|
||||
if (armour)
|
||||
{ ops_reader_push_dearmour(pinfo); }
|
||||
|
||||
@ -787,7 +788,9 @@ ops_boolean_t ops_keyring_read_from_mem(ops_keyring_t *keyring, const ops_boolea
|
||||
if (armour)
|
||||
ops_reader_pop_dearmour(pinfo);
|
||||
|
||||
// don't call teardown_memory_read because memory was passed in
|
||||
// don't call teardown_memory_read because memory was passed
|
||||
// in. But we need to free the parse_info object allocated by
|
||||
// ops_setup_memory_read().
|
||||
ops_parse_info_delete(pinfo);
|
||||
|
||||
return res;
|
||||
@ -804,9 +807,10 @@ ops_boolean_t ops_keyring_read_from_mem(ops_keyring_t *keyring, const ops_boolea
|
||||
*/
|
||||
void ops_keyring_free(ops_keyring_t *keyring)
|
||||
{
|
||||
int n;
|
||||
for(n=0;n<keyring->nkeys;++n)
|
||||
ops_keydata_free(&keyring->keys[n]) ;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < keyring->nkeys; i++)
|
||||
keydata_internal_free(&keyring->keys[i]);
|
||||
|
||||
free(keyring->keys);
|
||||
keyring->keys=NULL;
|
||||
|
63
openpgpsdk/src/keyring_local.h
Normal file
63
openpgpsdk/src/keyring_local.h
Normal file
@ -0,0 +1,63 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
|
||||
* their moral rights under the UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License.
|
||||
*
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
*
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/** \file
|
||||
*/
|
||||
|
||||
#include <openpgpsdk/packet.h>
|
||||
|
||||
#define DECLARE_ARRAY(type,arr) unsigned n##arr; unsigned n##arr##_allocated; type *arr
|
||||
#define EXPAND_ARRAY(str,arr) do if(str->n##arr == str->n##arr##_allocated) \
|
||||
{ \
|
||||
str->n##arr##_allocated=str->n##arr##_allocated*2+10; \
|
||||
str->arr=realloc(str->arr,str->n##arr##_allocated*sizeof *str->arr); \
|
||||
} while(0)
|
||||
|
||||
/** ops_keydata_key_t
|
||||
*/
|
||||
typedef union
|
||||
{
|
||||
ops_public_key_t pkey;
|
||||
ops_secret_key_t skey;
|
||||
} ops_keydata_key_t;
|
||||
|
||||
|
||||
/** sigpacket_t */
|
||||
typedef struct
|
||||
{
|
||||
ops_user_id_t* userid;
|
||||
ops_packet_t* packet;
|
||||
} sigpacket_t;
|
||||
|
||||
// XXX: gonna have to expand this to hold onto subkeys, too...
|
||||
/** \struct ops_keydata
|
||||
* \todo expand to hold onto subkeys
|
||||
*/
|
||||
struct ops_keydata
|
||||
{
|
||||
DECLARE_ARRAY(ops_user_id_t,uids);
|
||||
DECLARE_ARRAY(ops_packet_t,packets);
|
||||
DECLARE_ARRAY(sigpacket_t, sigs);
|
||||
unsigned char key_id[8];
|
||||
ops_fingerprint_t fingerprint;
|
||||
ops_content_tag_t type;
|
||||
ops_keydata_key_t key;
|
||||
};
|
@ -608,7 +608,8 @@ void ops_crypto_init()
|
||||
void ops_crypto_finish()
|
||||
{
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
ERR_remove_state(0);
|
||||
// FIXME: what should we do instead (function is deprecated)?
|
||||
// ERR_remove_state(0);
|
||||
#ifdef DMALLOC
|
||||
CRYPTO_mem_leaks_fp(stderr);
|
||||
#endif
|
||||
@ -632,18 +633,21 @@ const char *ops_text_from_hash(ops_hash_t *hash)
|
||||
\return ops_true if key generated successfully; otherwise ops_false
|
||||
\note It is the caller's responsibility to call ops_keydata_free(keydata)
|
||||
*/
|
||||
ops_boolean_t ops_rsa_generate_keypair(const int numbits, const unsigned long e, ops_keydata_t* keydata)
|
||||
ops_boolean_t ops_rsa_generate_keypair(const int numbits, const unsigned long e,
|
||||
ops_keydata_t* keydata)
|
||||
{
|
||||
ops_secret_key_t *skey=NULL;
|
||||
RSA *rsa=NULL;
|
||||
RSA *rsa=RSA_new();
|
||||
BN_CTX *ctx=BN_CTX_new();
|
||||
BIGNUM *ebn=BN_new();
|
||||
|
||||
ops_keydata_init(keydata,OPS_PTAG_CT_SECRET_KEY);
|
||||
skey=ops_get_writable_secret_key_from_data(keydata);
|
||||
|
||||
// generate the key pair
|
||||
|
||||
rsa=RSA_generate_key(numbits,e,NULL,NULL);
|
||||
BN_set_word(ebn,e);
|
||||
RSA_generate_key_ex(rsa,numbits,ebn,NULL);
|
||||
|
||||
// populate ops key from ssl key
|
||||
|
||||
|
@ -371,12 +371,14 @@ ops_boolean_t ops_limited_read(unsigned char *dest,size_t length,
|
||||
\ingroup Core_ReadPackets
|
||||
\brief Call ops_limited_read on next in stack
|
||||
*/
|
||||
ops_boolean_t ops_stacked_limited_read(unsigned char *dest,unsigned length,
|
||||
ops_boolean_t ops_stacked_limited_read(void *dest, unsigned length,
|
||||
ops_region_t *region,
|
||||
ops_error_t **errors,
|
||||
ops_reader_info_t *rinfo,
|
||||
ops_parse_cb_info_t *cbinfo)
|
||||
{ return ops_limited_read(dest,length,region,errors,rinfo->next,cbinfo); }
|
||||
{
|
||||
return ops_limited_read(dest, length, region, errors, rinfo->next, cbinfo);
|
||||
}
|
||||
|
||||
static ops_boolean_t limited_read(unsigned char *dest,unsigned length,
|
||||
ops_region_t *region,ops_parse_info_t *info)
|
||||
@ -990,10 +992,6 @@ void ops_public_key_free(ops_public_key_t *p)
|
||||
free_BN(&p->key.elgamal.y);
|
||||
break;
|
||||
|
||||
//case 0:
|
||||
// nothing to free
|
||||
// break;
|
||||
|
||||
default:
|
||||
assert(0);
|
||||
}
|
||||
@ -1251,8 +1249,6 @@ static int parse_user_id(ops_region_t *region,ops_parse_info_t *pinfo)
|
||||
|
||||
CBP(pinfo,OPS_PTAG_CT_USER_ID,&content);
|
||||
|
||||
free(C.user_id.user_id) ;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1307,6 +1303,7 @@ void ops_signature_free(ops_signature_t *sig)
|
||||
default:
|
||||
assert(0);
|
||||
}
|
||||
free(sig->info.v4_hashed_data);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1609,10 +1606,10 @@ static int parse_one_signature_subpacket(ops_signature_t *sig,
|
||||
break;
|
||||
|
||||
case OPS_PTAG_SS_REVOCATION_KEY:
|
||||
/* octet 0 = class. Bit 0x80 must be set */
|
||||
if(!limited_read (&C.ss_revocation_key.cclass,1,&subregion,pinfo))
|
||||
/* octet 0 = clss. Bit 0x80 must be set */
|
||||
if(!limited_read (&C.ss_revocation_key.clss,1,&subregion,pinfo))
|
||||
return 0;
|
||||
if(!(C.ss_revocation_key.cclass&0x80))
|
||||
if(!(C.ss_revocation_key.clss&0x80))
|
||||
{
|
||||
printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: "
|
||||
"Bit 0x80 should be set\n");
|
||||
@ -1906,8 +1903,6 @@ static int parse_v4_signature(ops_region_t *region,ops_parse_info_t *pinfo)
|
||||
|
||||
CBP(pinfo,OPS_PTAG_CT_SIGNATURE_FOOTER,&content);
|
||||
|
||||
free(C.signature.info.v4_hashed_data) ;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -2227,7 +2222,6 @@ static int parse_secret_key(ops_region_t *region,ops_parse_info_t *pinfo)
|
||||
int ret=1;
|
||||
ops_region_t encregion;
|
||||
ops_region_t *saved_region=NULL;
|
||||
size_t checksum_length=2;
|
||||
ops_hash_t checkhash;
|
||||
int blocksize;
|
||||
ops_boolean_t crypted;
|
||||
@ -2252,8 +2246,6 @@ static int parse_secret_key(ops_region_t *region,ops_parse_info_t *pinfo)
|
||||
if(!limited_read(c,1,region,pinfo))
|
||||
return 0;
|
||||
C.secret_key.s2k_usage=c[0];
|
||||
if(C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
|
||||
checksum_length=20;
|
||||
|
||||
if(C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED
|
||||
|| C.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED)
|
||||
@ -2891,6 +2883,7 @@ static int ops_parse_one_packet(ops_parse_info_t *pinfo,
|
||||
{
|
||||
C.error.error="Format error (ptag bit not set)";
|
||||
CBP(pinfo,OPS_PARSER_ERROR,&content);
|
||||
OPS_ERROR(&pinfo->errors, OPS_E_P_UNKNOWN_TAG, C.error.error);
|
||||
return 0;
|
||||
}
|
||||
C.ptag.new_format=!!(*ptag&OPS_PTAG_NEW_FORMAT);
|
||||
@ -2904,7 +2897,7 @@ static int ops_parse_one_packet(ops_parse_info_t *pinfo,
|
||||
}
|
||||
else
|
||||
{
|
||||
ops_boolean_t rb;
|
||||
ops_boolean_t rb = ops_false;
|
||||
|
||||
C.ptag.content_tag=(*ptag&OPS_PTAG_OF_CONTENT_TAG_MASK)
|
||||
>> OPS_PTAG_OF_CONTENT_TAG_SHIFT;
|
||||
@ -2930,8 +2923,11 @@ static int ops_parse_one_packet(ops_parse_info_t *pinfo,
|
||||
break;
|
||||
}
|
||||
if(!rb)
|
||||
{
|
||||
OPS_ERROR(&pinfo->errors, OPS_E_P, "Cannot read tag length");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
CBP(pinfo,OPS_PARSER_PTAG,&content);
|
||||
|
||||
@ -3028,17 +3024,17 @@ static int ops_parse_one_packet(ops_parse_info_t *pinfo,
|
||||
{
|
||||
C.packet.length=pinfo->rinfo.alength;
|
||||
C.packet.raw=pinfo->rinfo.accumulated;
|
||||
|
||||
CBP(pinfo,OPS_PARSER_PACKET_END,&content);
|
||||
//free(pinfo->rinfo.accumulated);
|
||||
pinfo->rinfo.accumulated=NULL;
|
||||
pinfo->rinfo.asize=0;
|
||||
CBP(pinfo,OPS_PARSER_PACKET_END,&content);
|
||||
}
|
||||
else
|
||||
C.packet.raw = NULL ;
|
||||
|
||||
pinfo->rinfo.alength=0;
|
||||
|
||||
free(C.packet.raw) ;
|
||||
|
||||
if(r < 0)
|
||||
return -1;
|
||||
|
||||
@ -3099,11 +3095,13 @@ int ops_parse(ops_parse_info_t *pinfo)
|
||||
unsigned long pktlen;
|
||||
|
||||
do
|
||||
// Parse until we get a return code of 0 (error) or -1 (EOF)
|
||||
{
|
||||
r=ops_parse_one_packet(pinfo,&pktlen);
|
||||
} while (r != -1);
|
||||
} while (r > 0);
|
||||
|
||||
return pinfo->errors ? 0 : 1;
|
||||
return r == -1 ? 0 : 1;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -3117,8 +3115,7 @@ int ops_parse(ops_parse_info_t *pinfo)
|
||||
|
||||
int ops_parse_and_print_errors(ops_parse_info_t *pinfo)
|
||||
{
|
||||
int r;
|
||||
r=ops_parse(pinfo);
|
||||
ops_parse(pinfo);
|
||||
ops_print_errors(pinfo->errors);
|
||||
return pinfo->errors ? 0 : 1;
|
||||
}
|
||||
|
@ -496,7 +496,7 @@ static void print_text_breakdown( ops_text_t *text)
|
||||
for(i=0 ; i<text->known.used ; i++)
|
||||
{
|
||||
print_indent();
|
||||
printf("%s",prefix);
|
||||
fputs(prefix,stdout);
|
||||
printf("%s\n",text->known.strings[i]);
|
||||
}
|
||||
|
||||
@ -513,7 +513,7 @@ static void print_text_breakdown( ops_text_t *text)
|
||||
for( i=0; i < text->unknown.used; i++)
|
||||
{
|
||||
print_indent();
|
||||
printf("%s",prefix);
|
||||
fputs(prefix,stdout);
|
||||
printf("%s\n",text->unknown.strings[i]);
|
||||
}
|
||||
|
||||
@ -849,11 +849,10 @@ int ops_print_packet(const ops_parser_content_t *content_)
|
||||
start_subpacket(content_->tag);
|
||||
/* not yet tested */
|
||||
printf (" revocation key: class=0x%x",
|
||||
content->ss_revocation_key.cclass);
|
||||
if (content->ss_revocation_key.cclass&0x40)
|
||||
content->ss_revocation_key.clss);
|
||||
if (content->ss_revocation_key.clss&0x40)
|
||||
printf (" (sensitive)");
|
||||
printf (", algid=0x%x",
|
||||
content->ss_revocation_key.algid);
|
||||
printf (", algid=0x%x", content->ss_revocation_key.algid);
|
||||
printf(", fingerprint=");
|
||||
hexdump(content->ss_revocation_key.fingerprint,20);
|
||||
printf("\n");
|
||||
@ -862,8 +861,7 @@ int ops_print_packet(const ops_parser_content_t *content_)
|
||||
|
||||
case OPS_PTAG_SS_ISSUER_KEY_ID:
|
||||
start_subpacket(content_->tag);
|
||||
print_hexdump("Issuer Key Id",
|
||||
&content->ss_issuer_key_id.key_id[0],
|
||||
print_hexdump("Issuer Key Id", &content->ss_issuer_key_id.key_id[0],
|
||||
sizeof content->ss_issuer_key_id.key_id);
|
||||
end_subpacket();
|
||||
break;
|
||||
@ -1434,11 +1432,10 @@ static ops_parse_cb_return_t cb_list_packets(const ops_parser_content_t * conten
|
||||
start_subpacket(content_->tag);
|
||||
/* not yet tested */
|
||||
printf (" revocation key: class=0x%x",
|
||||
content->ss_revocation_key.class);
|
||||
if (content->ss_revocation_key.class&0x40)
|
||||
content->ss_revocation_key.clss);
|
||||
if (content->ss_revocation_key.clss&0x40)
|
||||
printf (" (sensitive)");
|
||||
printf (", algid=0x%x",
|
||||
content->ss_revocation_key.algid);
|
||||
printf (", algid=0x%x", content->ss_revocation_key.algid);
|
||||
printf(", fingerprint=");
|
||||
hexdump(content->ss_revocation_key.fingerprint,20);
|
||||
printf("\n");
|
||||
|
@ -212,6 +212,9 @@ static ops_map_t symmetric_algorithm_map[] =
|
||||
{ OPS_SA_AES_192, "AES (192-bit key)" },
|
||||
{ OPS_SA_AES_256, "AES (256-bit key)" },
|
||||
{ OPS_SA_TWOFISH, "Twofish(256-bit key)" },
|
||||
{ OPS_SA_CAMELLIA_128, "Camellia (128-bit key)" },
|
||||
{ OPS_SA_CAMELLIA_192, "Camellia (192-bit key)" },
|
||||
{ OPS_SA_CAMELLIA_256, "Camellia (256-bit key)" },
|
||||
{ 0x00, NULL }, /* this is the end-of-array marker */
|
||||
};
|
||||
|
||||
|
@ -81,7 +81,9 @@ void ops_reader_push(ops_parse_info_t *pinfo,ops_reader_t *reader,ops_reader_des
|
||||
void ops_reader_pop(ops_parse_info_t *pinfo)
|
||||
{
|
||||
ops_reader_info_t *next=pinfo->rinfo.next;
|
||||
|
||||
// We are about to overwrite pinfo->rinfo, so free any data in the
|
||||
// old rinfo structure first.
|
||||
free(pinfo->rinfo.accumulated);
|
||||
pinfo->rinfo=*next;
|
||||
free(next);
|
||||
}
|
||||
|
@ -139,8 +139,7 @@ int ops_setup_file_write(ops_create_info_t **cinfo, const char* filename, ops_bo
|
||||
flags |= O_TRUNC;
|
||||
else
|
||||
flags |= O_EXCL;
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
flags |= O_BINARY;
|
||||
#endif
|
||||
|
||||
@ -182,7 +181,7 @@ int ops_setup_file_append(ops_create_info_t **cinfo, const char* filename)
|
||||
* initialise needed structures for writing to file
|
||||
*/
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd=open(filename,O_WRONLY | O_APPEND | O_BINARY, 0600);
|
||||
#else
|
||||
fd=open(filename,O_WRONLY | O_APPEND , 0600);
|
||||
@ -231,7 +230,7 @@ int ops_setup_file_read(ops_parse_info_t **pinfo, const char *filename,
|
||||
* initialise needed structures for reading
|
||||
*/
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd=open(filename,O_RDONLY | O_BINARY);
|
||||
#else
|
||||
fd=open(filename,O_RDONLY );
|
||||
|
@ -1,8 +1,9 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
|
||||
* their moral rights under the UK Copyright Design and Patents Act 1988 to
|
||||
* Contributors: Ben Laurie, Rachel Willmer, Alasdair Mackintosh.
|
||||
* The Contributors have asserted their moral rights under the
|
||||
* UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
@ -26,6 +27,8 @@
|
||||
#include <openpgpsdk/readerwriter.h>
|
||||
#include <openpgpsdk/crypto.h>
|
||||
#include <openpgpsdk/create.h>
|
||||
#include <openpgpsdk/literal.h>
|
||||
#include <openpgpsdk/partial.h>
|
||||
#include <openpgpsdk/writer_armoured.h>
|
||||
|
||||
#include <assert.h>
|
||||
@ -99,17 +102,15 @@ static unsigned char prefix_sha256[]={ 0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
|
||||
*/
|
||||
ops_boolean_t encode_hash_buf(const unsigned char *M, size_t mLen,
|
||||
const ops_hash_algorithm_t hash_alg,
|
||||
unsigned char* EM
|
||||
)
|
||||
unsigned char* EM)
|
||||
{
|
||||
// implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC
|
||||
|
||||
unsigned i;
|
||||
|
||||
int n=0;
|
||||
int n;
|
||||
ops_hash_t hash;
|
||||
int hash_sz=0;
|
||||
int encoded_hash_sz=0;
|
||||
// int encoded_hash_sz=0;
|
||||
int prefix_sz=0;
|
||||
unsigned padding_sz=0;
|
||||
unsigned encoded_msg_sz=0;
|
||||
@ -133,7 +134,7 @@ ops_boolean_t encode_hash_buf(const unsigned char *M, size_t mLen,
|
||||
prefix=prefix_sha1;
|
||||
prefix_sz=sizeof prefix_sha1;
|
||||
hash_sz=OPS_SHA1_HASH_SIZE;
|
||||
encoded_hash_sz=hash_sz+prefix_sz;
|
||||
// encoded_hash_sz=hash_sz+prefix_sz;
|
||||
// \todo why is Ben using a PS size of 90 in rsa_sign?
|
||||
// (keysize-hashsize-1-2)
|
||||
padding_sz=90;
|
||||
@ -163,6 +164,7 @@ ops_boolean_t encode_hash_buf(const unsigned char *M, size_t mLen,
|
||||
// finally, write out hashed result
|
||||
|
||||
n=hash.finish(&hash, &EM[i]);
|
||||
assert(n == hash_sz);
|
||||
|
||||
encoded_msg_sz=i+hash_sz-1;
|
||||
|
||||
@ -182,8 +184,7 @@ ops_boolean_t encode_hash_buf(const unsigned char *M, size_t mLen,
|
||||
// XXX: both this and verify would be clearer if the signature were
|
||||
// treated as an MPI.
|
||||
static void rsa_sign(ops_hash_t *hash, const ops_rsa_public_key_t *rsa,
|
||||
const ops_rsa_secret_key_t *srsa,
|
||||
ops_create_info_t *opt)
|
||||
const ops_rsa_secret_key_t *srsa, ops_create_info_t *opt)
|
||||
{
|
||||
unsigned char hashbuf[8192];
|
||||
unsigned char sigbuf[8192];
|
||||
@ -196,14 +197,14 @@ static void rsa_sign(ops_hash_t *hash,const ops_rsa_public_key_t *rsa,
|
||||
// XXX: we assume hash is sha-1 for now
|
||||
hashsize=20+sizeof prefix_sha1;
|
||||
|
||||
keysize=(BN_num_bits(rsa->n)+7)/8;
|
||||
keysize=BN_num_bytes(rsa->n);
|
||||
assert(keysize <= sizeof hashbuf);
|
||||
assert(10+hashsize <= keysize);
|
||||
|
||||
hashbuf[0]=0;
|
||||
hashbuf[1]=1;
|
||||
if (debug)
|
||||
{ printf("rsa_sign: PS is %d\n", keysize-hashsize-1-2); }
|
||||
printf("rsa_sign: PS is %d\n", keysize-hashsize-1-2);
|
||||
for(n=2 ; n < keysize-hashsize-1 ; ++n)
|
||||
hashbuf[n]=0xff;
|
||||
hashbuf[n++]=0;
|
||||
@ -225,10 +226,8 @@ static void rsa_sign(ops_hash_t *hash,const ops_rsa_public_key_t *rsa,
|
||||
BN_free(bn);
|
||||
}
|
||||
|
||||
static void dsa_sign(ops_hash_t *hash,
|
||||
const ops_dsa_public_key_t *dsa,
|
||||
const ops_dsa_secret_key_t *sdsa,
|
||||
ops_create_info_t *cinfo)
|
||||
static void dsa_sign(ops_hash_t *hash, const ops_dsa_public_key_t *dsa,
|
||||
const ops_dsa_secret_key_t *sdsa, ops_create_info_t *cinfo)
|
||||
{
|
||||
unsigned char hashbuf[8192];
|
||||
unsigned hashsize;
|
||||
@ -274,7 +273,8 @@ static ops_boolean_t rsa_verify(ops_hash_algorithm_t type,
|
||||
assert((unsigned)BN_num_bits(sig->sig) <= 8*sizeof sigbuf);
|
||||
BN_bn2bin(sig->sig, sigbuf);
|
||||
|
||||
n=ops_rsa_public_decrypt(hashbuf_from_sig,sigbuf,(BN_num_bits(sig->sig)+7)/8,rsa);
|
||||
n=ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf, BN_num_bytes(sig->sig),
|
||||
rsa);
|
||||
int debug_len_decrypted=n;
|
||||
|
||||
if(n != keysize) // obviously, this includes error returns
|
||||
@ -310,22 +310,22 @@ static ops_boolean_t rsa_verify(ops_hash_algorithm_t type,
|
||||
printf("\n");
|
||||
printf("hashbuf_from_sig\n");
|
||||
for (zz=0; zz<debug_len_decrypted; zz++)
|
||||
{ printf("%02x ", hashbuf_from_sig[n+zz]); }
|
||||
printf("%02x ", hashbuf_from_sig[n+zz]);
|
||||
printf("\n");
|
||||
printf("prefix\n");
|
||||
for (zz=0; zz<plen; zz++)
|
||||
{ printf("%02x ", prefix[zz]); }
|
||||
printf("%02x ", prefix[zz]);
|
||||
printf("\n");
|
||||
|
||||
printf("\n");
|
||||
printf("hash from sig\n");
|
||||
unsigned uu;
|
||||
for (uu=0; uu<hash_length; uu++)
|
||||
{ printf("%02x ", hashbuf_from_sig[n+plen+uu]); }
|
||||
printf("%02x ", hashbuf_from_sig[n+plen+uu]);
|
||||
printf("\n");
|
||||
printf("hash passed in (should match hash from sig)\n");
|
||||
for (uu=0; uu<hash_length; uu++)
|
||||
{ printf("%02x ", hash[uu]); }
|
||||
printf("%02x ", hash[uu]);
|
||||
printf("\n");
|
||||
}
|
||||
if(memcmp(&hashbuf_from_sig[n], prefix, plen)
|
||||
@ -406,12 +406,13 @@ ops_boolean_t ops_check_signature(const unsigned char *hash,unsigned length,
|
||||
switch(sig->info.key_algorithm)
|
||||
{
|
||||
case OPS_PKA_DSA:
|
||||
ret=ops_dsa_verify(hash,length,&sig->info.signature.dsa,&signer->key.dsa);
|
||||
ret=ops_dsa_verify(hash, length, &sig->info.signature.dsa,
|
||||
&signer->key.dsa);
|
||||
break;
|
||||
|
||||
case OPS_PKA_RSA:
|
||||
ret=rsa_verify(sig->info.hash_algorithm,hash,length,&sig->info.signature.rsa,
|
||||
&signer->key.rsa);
|
||||
ret=rsa_verify(sig->info.hash_algorithm, hash, length,
|
||||
&sig->info.signature.rsa, &signer->key.rsa);
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -572,8 +573,7 @@ ops_check_direct_signature(const ops_public_key_t *key,
|
||||
* \return ops_true if OK; else ops_false
|
||||
*/
|
||||
ops_boolean_t
|
||||
ops_check_hash_signature(ops_hash_t *hash,
|
||||
const ops_signature_t *sig,
|
||||
ops_check_hash_signature(ops_hash_t *hash, const ops_signature_t *sig,
|
||||
const ops_public_key_t *signer)
|
||||
{
|
||||
if(sig->info.hash_algorithm != hash->algorithm)
|
||||
@ -743,8 +743,10 @@ ops_boolean_t ops_signature_hashed_subpackets_end(ops_create_signature_t *sig)
|
||||
*
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_key_t *key,
|
||||
const ops_secret_key_t *skey, ops_create_info_t *info)
|
||||
ops_boolean_t ops_write_signature(ops_create_signature_t *sig,
|
||||
const ops_public_key_t *key,
|
||||
const ops_secret_key_t *skey,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
ops_boolean_t rtn=ops_false;
|
||||
size_t l=ops_memory_get_length(sig->mem);
|
||||
@ -763,7 +765,8 @@ ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_
|
||||
break;
|
||||
|
||||
default:
|
||||
fprintf(stderr,"Unsupported algorithm %d\n", skey->public_key.algorithm);
|
||||
fprintf(stderr, "Unsupported algorithm %d\n",
|
||||
skey->public_key.algorithm);
|
||||
assert(0);
|
||||
}
|
||||
|
||||
@ -775,7 +778,8 @@ ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_
|
||||
// add the packet from version number to end of hashed subpackets
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr, "--- Adding packet to hash from version number to hashed subpkts\n"); }
|
||||
{ fprintf(stderr, "--- Adding packet to hash from version number to"
|
||||
" hashed subpkts\n"); }
|
||||
|
||||
sig->hash.add(&sig->hash, ops_memory_get_data(sig->mem),
|
||||
sig->unhashed_count_offset);
|
||||
@ -787,7 +791,8 @@ ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_
|
||||
ops_hash_add_int(&sig->hash, sig->hashed_data_length+6, 4);
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr, "--- Finished adding packet to hash from version number to hashed subpkts\n"); }
|
||||
{ fprintf(stderr, "--- Finished adding packet to hash from version"
|
||||
" number to hashed subpkts\n"); }
|
||||
|
||||
// XXX: technically, we could figure out how big the signature is
|
||||
// and write it directly to the output instead of via memory.
|
||||
@ -804,14 +809,13 @@ ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_
|
||||
break;
|
||||
|
||||
default:
|
||||
fprintf(stderr,"Unsupported algorithm %d\n", skey->public_key.algorithm);
|
||||
fprintf(stderr, "Unsupported algorithm %d\n",
|
||||
skey->public_key.algorithm);
|
||||
assert(0);
|
||||
}
|
||||
|
||||
|
||||
|
||||
rtn=ops_write_ptag(OPS_PTAG_CT_SIGNATURE, info);
|
||||
if (rtn!=ops_false)
|
||||
if (rtn)
|
||||
{
|
||||
l=ops_memory_get_length(sig->mem);
|
||||
rtn = ops_write_length(l, info)
|
||||
@ -820,10 +824,8 @@ ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_
|
||||
|
||||
ops_memory_free(sig->mem);
|
||||
|
||||
if (rtn==ops_false)
|
||||
{
|
||||
if (!rtn)
|
||||
OPS_ERROR(&info->errors, OPS_E_W, "Cannot write signature");
|
||||
}
|
||||
return rtn;
|
||||
}
|
||||
|
||||
@ -835,7 +837,8 @@ ops_boolean_t ops_write_signature(ops_create_signature_t *sig, const ops_public_
|
||||
* \param sig
|
||||
* \param when
|
||||
*/
|
||||
ops_boolean_t ops_signature_add_creation_time(ops_create_signature_t *sig,time_t when)
|
||||
ops_boolean_t ops_signature_add_creation_time(ops_create_signature_t *sig,
|
||||
time_t when)
|
||||
{
|
||||
return ops_write_ss_header(5, OPS_PTAG_SS_CREATION_TIME, sig->info)
|
||||
&& ops_write_scalar(when, 4, sig->info);
|
||||
@ -850,10 +853,12 @@ ops_boolean_t ops_signature_add_creation_time(ops_create_signature_t *sig,time_t
|
||||
* \param keyid
|
||||
*/
|
||||
|
||||
ops_boolean_t ops_signature_add_issuer_key_id(ops_create_signature_t *sig,
|
||||
ops_boolean_t
|
||||
ops_signature_add_issuer_key_id(ops_create_signature_t *sig,
|
||||
const unsigned char keyid[OPS_KEY_ID_SIZE])
|
||||
{
|
||||
return ops_write_ss_header(OPS_KEY_ID_SIZE+1,OPS_PTAG_SS_ISSUER_KEY_ID,sig->info)
|
||||
return ops_write_ss_header(OPS_KEY_ID_SIZE+1, OPS_PTAG_SS_ISSUER_KEY_ID,
|
||||
sig->info)
|
||||
&& ops_write(keyid, OPS_KEY_ID_SIZE, sig->info);
|
||||
}
|
||||
|
||||
@ -883,16 +888,18 @@ void ops_signature_add_primary_user_id(ops_create_signature_t *sig,
|
||||
ops_hash_t *ops_signature_get_hash(ops_create_signature_t *sig)
|
||||
{ return &sig->hash; }
|
||||
|
||||
static int open_output_file(ops_create_info_t **cinfo, const char* input_filename, const char* output_filename, const ops_boolean_t use_armour, const ops_boolean_t overwrite)
|
||||
static int open_output_file(ops_create_info_t **cinfo,
|
||||
const char* input_filename,
|
||||
const char* output_filename,
|
||||
const ops_boolean_t use_armour,
|
||||
const ops_boolean_t overwrite)
|
||||
{
|
||||
int fd_out;
|
||||
|
||||
// setup output file
|
||||
|
||||
if (output_filename)
|
||||
{
|
||||
fd_out=ops_setup_file_write(cinfo, output_filename, overwrite);
|
||||
}
|
||||
else
|
||||
{
|
||||
char *myfilename=NULL;
|
||||
@ -929,7 +936,10 @@ static int open_output_file(ops_create_info_t **cinfo, const char* input_filenam
|
||||
}
|
||||
\endcode
|
||||
*/
|
||||
ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char* output_filename, const ops_secret_key_t *skey, const ops_boolean_t overwrite)
|
||||
ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename,
|
||||
const char* output_filename,
|
||||
const ops_secret_key_t *skey,
|
||||
const ops_boolean_t overwrite)
|
||||
{
|
||||
// \todo allow choice of hash algorithams
|
||||
// enforce use of SHA1 for now
|
||||
@ -946,7 +956,7 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
ops_boolean_t use_armour=ops_true;
|
||||
|
||||
// open file to sign
|
||||
#ifdef WIN32
|
||||
#ifdef WINDOWS_SYS
|
||||
fd_in=open(input_filename, O_RDONLY | O_BINARY);
|
||||
#else
|
||||
fd_in=open(input_filename, O_RDONLY );
|
||||
@ -958,7 +968,8 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
|
||||
// set up output file
|
||||
|
||||
fd_out=open_output_file(&cinfo, input_filename, output_filename, use_armour, overwrite);
|
||||
fd_out=open_output_file(&cinfo, input_filename, output_filename, use_armour,
|
||||
overwrite);
|
||||
|
||||
if (fd_out < 0)
|
||||
{
|
||||
@ -976,9 +987,10 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
}
|
||||
|
||||
// \todo could add more error detection here
|
||||
ops_signature_start_cleartext_signature(sig,skey,OPS_HASH_SHA1,OPS_SIG_BINARY);
|
||||
if (ops_writer_push_clearsigned(cinfo,sig)!=ops_true)
|
||||
{ return ops_false; }
|
||||
ops_signature_start_cleartext_signature(sig, skey,
|
||||
OPS_HASH_SHA1, OPS_SIG_BINARY);
|
||||
if (!ops_writer_push_clearsigned(cinfo, sig))
|
||||
return ops_false;
|
||||
|
||||
// Do the signing
|
||||
|
||||
@ -999,7 +1011,7 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
// - key id
|
||||
rtn = ops_writer_switch_to_armoured_signature(cinfo)
|
||||
&& ops_signature_add_creation_time(sig, time(NULL));
|
||||
if (rtn==ops_false)
|
||||
if (!rtn)
|
||||
{
|
||||
ops_teardown_file_write(cinfo, fd_out);
|
||||
return ops_false;
|
||||
@ -1013,10 +1025,8 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
|
||||
ops_teardown_file_write(cinfo, fd_out);
|
||||
|
||||
if (rtn==ops_false)
|
||||
{
|
||||
if (!rtn)
|
||||
OPS_ERROR(&cinfo->errors, OPS_E_W, "Cannot sign file as cleartext");
|
||||
}
|
||||
return rtn;
|
||||
}
|
||||
|
||||
@ -1049,7 +1059,9 @@ ops_boolean_t ops_sign_file_as_cleartext(const char* input_filename, const char*
|
||||
}
|
||||
\endcode
|
||||
*/
|
||||
ops_boolean_t ops_sign_buf_as_cleartext(const char* cleartext, const size_t len, ops_memory_t** signed_cleartext, const ops_secret_key_t *skey)
|
||||
ops_boolean_t ops_sign_buf_as_cleartext(const char* cleartext, const size_t len,
|
||||
ops_memory_t** signed_cleartext,
|
||||
const ops_secret_key_t *skey)
|
||||
{
|
||||
ops_boolean_t rtn=ops_false;
|
||||
|
||||
@ -1066,12 +1078,11 @@ ops_boolean_t ops_sign_buf_as_cleartext(const char* cleartext, const size_t len,
|
||||
// set up signature
|
||||
sig=ops_create_signature_new();
|
||||
if (!sig)
|
||||
{
|
||||
return ops_false;
|
||||
}
|
||||
|
||||
// \todo could add more error detection here
|
||||
ops_signature_start_cleartext_signature(sig,skey,OPS_HASH_SHA1,OPS_SIG_BINARY);
|
||||
ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1,
|
||||
OPS_SIG_BINARY);
|
||||
|
||||
// set up output file
|
||||
ops_setup_memory_write(&cinfo, signed_cleartext, len);
|
||||
@ -1085,10 +1096,8 @@ ops_boolean_t ops_sign_buf_as_cleartext(const char* cleartext, const size_t len,
|
||||
&& ops_writer_switch_to_armoured_signature(cinfo)
|
||||
&& ops_signature_add_creation_time(sig, time(NULL));
|
||||
|
||||
if (rtn==ops_false)
|
||||
{
|
||||
if (!rtn)
|
||||
return ops_false;
|
||||
}
|
||||
|
||||
ops_keyid(keyid, &skey->public_key);
|
||||
|
||||
@ -1127,7 +1136,11 @@ void example(const ops_secret_key_t *skey)
|
||||
}
|
||||
\endcode
|
||||
*/
|
||||
ops_boolean_t ops_sign_file(const char* input_filename, const char* output_filename, const ops_secret_key_t *skey, const ops_boolean_t use_armour, const ops_boolean_t overwrite)
|
||||
ops_boolean_t ops_sign_file(const char* input_filename,
|
||||
const char* output_filename,
|
||||
const ops_secret_key_t *skey,
|
||||
const ops_boolean_t use_armour,
|
||||
const ops_boolean_t overwrite)
|
||||
{
|
||||
// \todo allow choice of hash algorithams
|
||||
// enforce use of SHA1 for now
|
||||
@ -1153,7 +1166,8 @@ ops_boolean_t ops_sign_file(const char* input_filename, const char* output_filen
|
||||
|
||||
// setup output file
|
||||
|
||||
fd_out=open_output_file(&cinfo, input_filename, output_filename, use_armour, overwrite);
|
||||
fd_out=open_output_file(&cinfo, input_filename, output_filename, use_armour,
|
||||
overwrite);
|
||||
|
||||
if (fd_out < 0)
|
||||
{
|
||||
@ -1177,17 +1191,20 @@ ops_boolean_t ops_sign_file(const char* input_filename, const char* output_filen
|
||||
|
||||
// hash file contents
|
||||
hash=ops_signature_get_hash(sig);
|
||||
hash->add(hash, ops_memory_get_data(mem_buf), ops_memory_get_length(mem_buf));
|
||||
hash->add(hash, ops_memory_get_data(mem_buf),
|
||||
ops_memory_get_length(mem_buf));
|
||||
|
||||
// output file contents as Literal Data packet
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr,"** Writing out data now\n"); }
|
||||
fprintf(stderr,"** Writing out data now\n");
|
||||
|
||||
ops_write_literal_data_from_buf(ops_memory_get_data(mem_buf), ops_memory_get_length(mem_buf), OPS_LDT_BINARY, cinfo);
|
||||
ops_write_literal_data_from_buf(ops_memory_get_data(mem_buf),
|
||||
ops_memory_get_length(mem_buf),
|
||||
OPS_LDT_BINARY, cinfo);
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr,"** After Writing out data now\n");}
|
||||
fprintf(stderr, "** After Writing out data now\n");
|
||||
|
||||
// add subpackets to signature
|
||||
// - creation time
|
||||
@ -1246,7 +1263,10 @@ void example(const ops_secret_key_t *skey)
|
||||
}
|
||||
\endcode
|
||||
*/
|
||||
ops_memory_t* ops_sign_buf(const void* input, const size_t input_len, const ops_sig_type_t sig_type, const ops_secret_key_t *skey, const ops_boolean_t use_armour)
|
||||
ops_memory_t* ops_sign_buf(const void* input, const size_t input_len,
|
||||
const ops_sig_type_t sig_type,
|
||||
const ops_secret_key_t *skey,
|
||||
const ops_boolean_t use_armour)
|
||||
{
|
||||
// \todo allow choice of hash algorithams
|
||||
// enforce use of SHA1 for now
|
||||
@ -1279,7 +1299,7 @@ ops_memory_t* ops_sign_buf(const void* input, const size_t input_len, const ops_
|
||||
ops_writer_push_armoured_message(cinfo);
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr, "** Writing out one pass sig\n"); }
|
||||
fprintf(stderr, "** Writing out one pass sig\n");
|
||||
|
||||
// write one_pass_sig
|
||||
ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo);
|
||||
@ -1291,12 +1311,12 @@ ops_memory_t* ops_sign_buf(const void* input, const size_t input_len, const ops_
|
||||
// output file contents as Literal Data packet
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr,"** Writing out data now\n"); }
|
||||
fprintf(stderr,"** Writing out data now\n");
|
||||
|
||||
ops_write_literal_data_from_buf(input, input_len, ld_type, cinfo);
|
||||
|
||||
if (debug)
|
||||
{ fprintf(stderr,"** After Writing out data now\n");}
|
||||
fprintf(stderr,"** After Writing out data now\n");
|
||||
|
||||
// add subpackets to signature
|
||||
// - creation time
|
||||
@ -1320,4 +1340,100 @@ ops_memory_t* ops_sign_buf(const void* input, const size_t input_len, const ops_
|
||||
return mem;
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
ops_create_signature_t *signature;
|
||||
const ops_secret_key_t *skey;
|
||||
ops_hash_algorithm_t hash_alg;
|
||||
ops_sig_type_t sig_type;
|
||||
} signature_arg_t;
|
||||
|
||||
static ops_boolean_t stream_signature_writer(const unsigned char *src,
|
||||
unsigned length,
|
||||
ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
signature_arg_t* arg = ops_writer_get_arg(winfo);
|
||||
// Add the input data to the hash. At the end, we will use the hash
|
||||
// to generate a signature packet.
|
||||
ops_hash_t* hash = ops_signature_get_hash(arg->signature);
|
||||
hash->add(hash, src, length);
|
||||
|
||||
return ops_stacked_write(src, length, errors, winfo);
|
||||
}
|
||||
|
||||
static ops_boolean_t stream_signature_write_trailer(ops_create_info_t *cinfo,
|
||||
void *data)
|
||||
{
|
||||
signature_arg_t* arg = data;
|
||||
unsigned char keyid[OPS_KEY_ID_SIZE];
|
||||
|
||||
// add subpackets to signature
|
||||
// - creation time
|
||||
// - key id
|
||||
ops_signature_add_creation_time(arg->signature,time(NULL));
|
||||
ops_keyid(keyid, &arg->skey->public_key);
|
||||
ops_signature_add_issuer_key_id(arg->signature, keyid);
|
||||
ops_signature_hashed_subpackets_end(arg->signature);
|
||||
|
||||
// write out signature
|
||||
return ops_write_signature(arg->signature, &arg->skey->public_key,
|
||||
arg->skey, cinfo);
|
||||
}
|
||||
|
||||
static void stream_signature_destroyer(ops_writer_info_t *winfo)
|
||||
{
|
||||
signature_arg_t* arg = ops_writer_get_arg(winfo);
|
||||
ops_create_signature_delete(arg->signature);
|
||||
free(arg);
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup Core_WritePackets
|
||||
\brief Pushes a signed writer onto the stack.
|
||||
|
||||
Data written will be encoded as a onepass signature packet, followed
|
||||
by a literal packet, followed by a signature packet. Once this writer
|
||||
has been added to the stack, cleartext can be written straight to the
|
||||
output, and it will be encoded as a literal packet and signed.
|
||||
|
||||
\param cinfo Write settings
|
||||
\param sig_type the type of input to be signed (text or binary)
|
||||
\param skey the key used to sign the stream.
|
||||
\return false if the initial onepass packet could not be created.
|
||||
*/
|
||||
ops_boolean_t ops_writer_push_signed(ops_create_info_t *cinfo,
|
||||
const ops_sig_type_t sig_type,
|
||||
const ops_secret_key_t *skey)
|
||||
{
|
||||
// \todo allow choice of hash algorithams
|
||||
// enforce use of SHA1 for now
|
||||
|
||||
// Create arg to be used with this writer
|
||||
// Remember to free this in the destroyer
|
||||
signature_arg_t *signature_arg = ops_mallocz(sizeof *signature_arg);
|
||||
signature_arg->signature = ops_create_signature_new();
|
||||
signature_arg->hash_alg = OPS_HASH_SHA1;
|
||||
signature_arg->skey = skey;
|
||||
signature_arg->sig_type = sig_type;
|
||||
ops_signature_start_message_signature(signature_arg->signature,
|
||||
signature_arg->skey,
|
||||
signature_arg->hash_alg,
|
||||
signature_arg->sig_type);
|
||||
|
||||
if (!ops_write_one_pass_sig(signature_arg->skey,
|
||||
signature_arg->hash_alg,
|
||||
signature_arg->sig_type,
|
||||
cinfo))
|
||||
return ops_false;
|
||||
|
||||
ops_writer_push_partial_with_trailer(0, cinfo, OPS_PTAG_CT_LITERAL_DATA,
|
||||
write_literal_header, NULL,
|
||||
stream_signature_write_trailer,
|
||||
signature_arg);
|
||||
// And push writer on stack
|
||||
ops_writer_push(cinfo, stream_signature_writer, NULL,
|
||||
stream_signature_destroyer,signature_arg);
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
// EOF
|
||||
|
@ -41,6 +41,8 @@ SOURCES += accumulate.c \
|
||||
validate.c \
|
||||
writer.c \
|
||||
writer_armour.c \
|
||||
writer_partial.c \
|
||||
writer_literal.c \
|
||||
writer_encrypt.c \
|
||||
writer_encrypt_se_ip.c \
|
||||
writer_fd.c \
|
||||
|
@ -27,6 +27,9 @@
|
||||
# include <openssl/idea.h>
|
||||
#endif
|
||||
#include <openssl/aes.h>
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
# include <openssl/camellia.h>
|
||||
#endif
|
||||
#include <openssl/des.h>
|
||||
#include "parse_local.h"
|
||||
|
||||
@ -278,6 +281,138 @@ static const ops_crypt_t aes256=
|
||||
TRAILER
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
|
||||
// CAMELLIA with 128-bit key
|
||||
|
||||
#define KEYBITS_CAMELLIA128 128
|
||||
|
||||
static void camellia128_init(ops_crypt_t *crypt)
|
||||
{
|
||||
if (crypt->encrypt_key)
|
||||
free(crypt->encrypt_key);
|
||||
crypt->encrypt_key=malloc(sizeof(CAMELLIA_KEY));
|
||||
if (Camellia_set_key(crypt->key,KEYBITS_CAMELLIA128,crypt->encrypt_key))
|
||||
fprintf(stderr,"camellia128_init: Error setting encrypt_key\n");
|
||||
|
||||
if (crypt->decrypt_key)
|
||||
free(crypt->decrypt_key);
|
||||
crypt->decrypt_key=malloc(sizeof(CAMELLIA_KEY));
|
||||
if (Camellia_set_key(crypt->key,KEYBITS_CAMELLIA128,crypt->decrypt_key))
|
||||
fprintf(stderr,"camellia128_init: Error setting decrypt_key\n");
|
||||
}
|
||||
|
||||
static void camellia_block_encrypt(ops_crypt_t *crypt,void *out,const void *in)
|
||||
{ Camellia_encrypt(in,out,crypt->encrypt_key); }
|
||||
|
||||
static void camellia_block_decrypt(ops_crypt_t *crypt,void *out,const void *in)
|
||||
{ Camellia_decrypt(in,out,crypt->decrypt_key); }
|
||||
|
||||
static void camellia_cfb_encrypt(ops_crypt_t *crypt,void *out,const void *in, size_t count)
|
||||
{
|
||||
Camellia_cfb128_encrypt(in,out,count,
|
||||
crypt->encrypt_key, crypt->iv, (int *)&crypt->num,
|
||||
CAMELLIA_ENCRYPT);
|
||||
}
|
||||
|
||||
static void camellia_cfb_decrypt(ops_crypt_t *crypt,void *out,const void *in, size_t count)
|
||||
{
|
||||
Camellia_cfb128_encrypt(in,out,count,
|
||||
crypt->encrypt_key, crypt->iv, (int *)&crypt->num,
|
||||
CAMELLIA_DECRYPT);
|
||||
}
|
||||
|
||||
static const ops_crypt_t camellia128=
|
||||
{
|
||||
OPS_SA_CAMELLIA_128,
|
||||
CAMELLIA_BLOCK_SIZE,
|
||||
KEYBITS_CAMELLIA128/8,
|
||||
std_set_iv,
|
||||
std_set_key,
|
||||
camellia128_init,
|
||||
std_resync,
|
||||
camellia_block_encrypt,
|
||||
camellia_block_decrypt,
|
||||
camellia_cfb_encrypt,
|
||||
camellia_cfb_decrypt,
|
||||
std_finish,
|
||||
TRAILER
|
||||
};
|
||||
|
||||
// CAMELLIA with 192-bit key
|
||||
|
||||
#define KEYBITS_CAMELLIA192 192
|
||||
|
||||
static void camellia192_init(ops_crypt_t *crypt)
|
||||
{
|
||||
if (crypt->encrypt_key)
|
||||
free(crypt->encrypt_key);
|
||||
crypt->encrypt_key=malloc(sizeof(CAMELLIA_KEY));
|
||||
if (Camellia_set_key(crypt->key,KEYBITS_CAMELLIA192,crypt->encrypt_key))
|
||||
fprintf(stderr,"camellia192_init: Error setting encrypt_key\n");
|
||||
|
||||
if (crypt->decrypt_key)
|
||||
free(crypt->decrypt_key);
|
||||
crypt->decrypt_key=malloc(sizeof(CAMELLIA_KEY));
|
||||
if (Camellia_set_key(crypt->key,KEYBITS_CAMELLIA192,crypt->decrypt_key))
|
||||
fprintf(stderr,"camellia192_init: Error setting decrypt_key\n");
|
||||
}
|
||||
|
||||
static const ops_crypt_t camellia192=
|
||||
{
|
||||
OPS_SA_CAMELLIA_192,
|
||||
CAMELLIA_BLOCK_SIZE,
|
||||
KEYBITS_CAMELLIA192/8,
|
||||
std_set_iv,
|
||||
std_set_key,
|
||||
camellia192_init,
|
||||
std_resync,
|
||||
camellia_block_encrypt,
|
||||
camellia_block_decrypt,
|
||||
camellia_cfb_encrypt,
|
||||
camellia_cfb_decrypt,
|
||||
std_finish,
|
||||
TRAILER
|
||||
};
|
||||
|
||||
// CAMELLIA with 256-bit key
|
||||
|
||||
#define KEYBITS_CAMELLIA256 256
|
||||
|
||||
static void camellia256_init(ops_crypt_t *crypt)
|
||||
{
|
||||
if (crypt->encrypt_key)
|
||||
free(crypt->encrypt_key);
|
||||
crypt->encrypt_key=malloc(sizeof(CAMELLIA_KEY));
|
||||
if (Camellia_set_key(crypt->key,KEYBITS_CAMELLIA256,crypt->encrypt_key))
|
||||
fprintf(stderr,"camellia256_init: Error setting encrypt_key\n");
|
||||
|
||||
if (crypt->decrypt_key)
|
||||
free(crypt->decrypt_key);
|
||||
crypt->decrypt_key=malloc(sizeof(CAMELLIA_KEY));
|
||||
if (Camellia_set_key(crypt->key,KEYBITS_CAMELLIA256,crypt->decrypt_key))
|
||||
fprintf(stderr,"camellia256_init: Error setting decrypt_key\n");
|
||||
}
|
||||
|
||||
static const ops_crypt_t camellia256=
|
||||
{
|
||||
OPS_SA_CAMELLIA_256,
|
||||
CAMELLIA_BLOCK_SIZE,
|
||||
KEYBITS_CAMELLIA256/8,
|
||||
std_set_iv,
|
||||
std_set_key,
|
||||
camellia256_init,
|
||||
std_resync,
|
||||
camellia_block_encrypt,
|
||||
camellia_block_decrypt,
|
||||
camellia_cfb_encrypt,
|
||||
camellia_cfb_decrypt,
|
||||
std_finish,
|
||||
TRAILER
|
||||
};
|
||||
|
||||
#endif // ndef OPENSSL_NO_CAMELLIA
|
||||
|
||||
// Triple DES
|
||||
|
||||
static void tripledes_init(ops_crypt_t *crypt)
|
||||
@ -309,19 +444,27 @@ static void tripledes_block_decrypt(ops_crypt_t *crypt,void *out,
|
||||
DES_ecb3_encrypt((void *)in,out,&keys[0],&keys[1],&keys[2],DES_DECRYPT);
|
||||
}
|
||||
|
||||
static void tripledes_cfb_encrypt(ops_crypt_t *crypt ATTRIBUTE_UNUSED,void *out ATTRIBUTE_UNUSED,const void *in ATTRIBUTE_UNUSED, size_t count ATTRIBUTE_UNUSED)
|
||||
static void tripledes_cfb_encrypt(ops_crypt_t *crypt ATTRIBUTE_UNUSED,
|
||||
void *out ATTRIBUTE_UNUSED,
|
||||
const void *in ATTRIBUTE_UNUSED,
|
||||
size_t count ATTRIBUTE_UNUSED)
|
||||
{
|
||||
DES_key_schedule *keys=crypt->encrypt_key;
|
||||
DES_ede3_cfb64_encrypt(in,out,count,
|
||||
&keys[0],&keys[1],&keys[2], (DES_cblock *)crypt->iv, (int *)&crypt->num,
|
||||
&keys[0],&keys[1],&keys[2],
|
||||
(DES_cblock *)crypt->iv, (int *)&crypt->num,
|
||||
DES_ENCRYPT);
|
||||
}
|
||||
|
||||
static void tripledes_cfb_decrypt(ops_crypt_t *crypt ATTRIBUTE_UNUSED,void *out ATTRIBUTE_UNUSED,const void *in ATTRIBUTE_UNUSED, size_t count ATTRIBUTE_UNUSED)
|
||||
static void tripledes_cfb_decrypt(ops_crypt_t *crypt ATTRIBUTE_UNUSED,
|
||||
void *out ATTRIBUTE_UNUSED,
|
||||
const void *in ATTRIBUTE_UNUSED,
|
||||
size_t count ATTRIBUTE_UNUSED)
|
||||
{
|
||||
DES_key_schedule *keys=crypt->encrypt_key;
|
||||
DES_ede3_cfb64_encrypt(in,out,count,
|
||||
&keys[0],&keys[1],&keys[2], (DES_cblock *)crypt->iv, (int *)&crypt->num,
|
||||
&keys[0],&keys[1],&keys[2],
|
||||
(DES_cblock *)crypt->iv, (int *)&crypt->num,
|
||||
DES_DECRYPT);
|
||||
}
|
||||
|
||||
@ -360,11 +503,23 @@ static const ops_crypt_t *get_proto(ops_symmetric_algorithm_t alg)
|
||||
case OPS_SA_AES_256:
|
||||
return &aes256;
|
||||
|
||||
#ifndef OPENSSL_NO_CAMELLIA
|
||||
case OPS_SA_CAMELLIA_128:
|
||||
return &camellia128;
|
||||
|
||||
case OPS_SA_CAMELLIA_192:
|
||||
return &camellia192;
|
||||
|
||||
case OPS_SA_CAMELLIA_256:
|
||||
return &camellia256;
|
||||
#endif // ndef OPENSSL_NO_CAMELLIA
|
||||
|
||||
case OPS_SA_TRIPLEDES:
|
||||
return &tripledes;
|
||||
|
||||
default:
|
||||
fprintf(stderr,"Unknown algorithm: %d (%s)\n",alg,ops_show_symmetric_algorithm(alg));
|
||||
fprintf(stderr,"Unknown algorithm: %d (%s)\n",alg,
|
||||
ops_show_symmetric_algorithm(alg));
|
||||
// assert(0);
|
||||
}
|
||||
|
||||
@ -483,6 +638,9 @@ ops_boolean_t ops_is_sa_supported(ops_symmetric_algorithm_t alg)
|
||||
{
|
||||
case OPS_SA_AES_128:
|
||||
case OPS_SA_AES_256:
|
||||
case OPS_SA_CAMELLIA_128:
|
||||
case OPS_SA_CAMELLIA_192:
|
||||
case OPS_SA_CAMELLIA_256:
|
||||
case OPS_SA_CAST5:
|
||||
case OPS_SA_TRIPLEDES:
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
|
@ -106,52 +106,6 @@ void ops_finish(void)
|
||||
ops_crypto_finish();
|
||||
}
|
||||
|
||||
typedef struct
|
||||
{
|
||||
const unsigned char *buffer;
|
||||
size_t length;
|
||||
size_t offset;
|
||||
} reader_mem_arg_t;
|
||||
|
||||
static int mem_reader(void *dest,size_t length,ops_error_t **errors,
|
||||
ops_reader_info_t *rinfo,ops_parse_cb_info_t *cbinfo)
|
||||
{
|
||||
reader_mem_arg_t *arg=ops_reader_get_arg(rinfo);
|
||||
unsigned n;
|
||||
|
||||
OPS_USED(cbinfo);
|
||||
OPS_USED(errors);
|
||||
|
||||
if(arg->offset+length > arg->length)
|
||||
n=arg->length-arg->offset;
|
||||
else
|
||||
n=length;
|
||||
|
||||
if(n == 0)
|
||||
return 0;
|
||||
|
||||
memcpy(dest,arg->buffer+arg->offset,n);
|
||||
arg->offset+=n;
|
||||
|
||||
return n;
|
||||
}
|
||||
|
||||
static void mem_destroyer(ops_reader_info_t *rinfo)
|
||||
{ free(ops_reader_get_arg(rinfo)); }
|
||||
|
||||
// Note that its the caller's responsibility to ensure buffer continues to
|
||||
// exist
|
||||
void ops_reader_set_memory(ops_parse_info_t *pinfo,const void *buffer,
|
||||
size_t length)
|
||||
{
|
||||
reader_mem_arg_t *arg=malloc(sizeof *arg);
|
||||
|
||||
arg->buffer=buffer;
|
||||
arg->length=length;
|
||||
arg->offset=0;
|
||||
ops_reader_set(pinfo,mem_reader,mem_destroyer,arg);
|
||||
}
|
||||
|
||||
/**
|
||||
\ingroup HighLevel_Misc
|
||||
\brief mallocs and zeros memory
|
||||
|
@ -321,6 +321,7 @@ ops_validate_key_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cb
|
||||
case OPS_PARSER_PTAG:
|
||||
case OPS_PTAG_CT_SIGNATURE_HEADER:
|
||||
case OPS_PARSER_PACKET_END:
|
||||
case OPS_PTAG_CT_TRUST:
|
||||
break;
|
||||
|
||||
case OPS_PARSER_CMD_GET_SK_PASSPHRASE:
|
||||
|
@ -34,6 +34,10 @@
|
||||
|
||||
static int debug=0;
|
||||
|
||||
#define LINE_LENGTH 75
|
||||
|
||||
static const char newline[] = "\r\n";
|
||||
|
||||
/**
|
||||
* \struct dash_escaped_arg_t
|
||||
*/
|
||||
@ -164,6 +168,8 @@ ops_boolean_t ops_writer_push_clearsigned(ops_create_info_t *info,
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
size_t chars_written;
|
||||
ops_boolean_t writing_trailer;
|
||||
unsigned pos;
|
||||
unsigned char t;
|
||||
unsigned checksum;
|
||||
@ -172,6 +178,17 @@ typedef struct
|
||||
static char b64map[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||
"0123456789+/";
|
||||
|
||||
static ops_boolean_t check_newline(base64_arg_t* arg,
|
||||
ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
arg->chars_written++;
|
||||
if (!arg->writing_trailer && arg->chars_written % LINE_LENGTH == 0)
|
||||
if (!ops_stacked_write(newline, strlen(newline), errors, winfo))
|
||||
return ops_false;
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
static ops_boolean_t base64_writer(const unsigned char *src,
|
||||
unsigned length,ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
@ -209,6 +226,8 @@ static ops_boolean_t base64_writer(const unsigned char *src,
|
||||
arg->t+=src[n] >> 6;
|
||||
if(!ops_stacked_write(&b64map[arg->t],1,errors,winfo))
|
||||
return ops_false;
|
||||
if(!check_newline(arg, errors, winfo))
|
||||
return ops_false;
|
||||
|
||||
/* 00000000 00000000 00XXXXXX */
|
||||
if(!ops_stacked_write(&b64map[src[n++]&0x3f],1,errors,winfo))
|
||||
@ -216,8 +235,9 @@ static ops_boolean_t base64_writer(const unsigned char *src,
|
||||
|
||||
arg->pos=0;
|
||||
}
|
||||
if (!check_newline(arg, errors, winfo))
|
||||
return ops_false;
|
||||
}
|
||||
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
@ -246,7 +266,10 @@ static ops_boolean_t signature_finaliser(ops_error_t **errors,
|
||||
c[0]=arg->checksum >> 16;
|
||||
c[1]=arg->checksum >> 8;
|
||||
c[2]=arg->checksum;
|
||||
/* push the checksum through our own writer */
|
||||
/* push the checksum through our own writer. Turn off the
|
||||
writing_body flag so we don't put a newline in the trailer.
|
||||
*/
|
||||
arg->writing_trailer = ops_true;
|
||||
if(!base64_writer(c,3,errors,winfo))
|
||||
return ops_false;
|
||||
|
||||
@ -278,7 +301,7 @@ static ops_boolean_t linebreak_writer(const unsigned char *src,
|
||||
|
||||
if(arg->pos == BREAKPOS)
|
||||
{
|
||||
if(!ops_stacked_write("\r\n",2,errors,winfo))
|
||||
if(!ops_stacked_write(newline,strlen(newline),errors,winfo))
|
||||
return ops_false;
|
||||
arg->pos=0;
|
||||
}
|
||||
@ -348,7 +371,10 @@ static ops_boolean_t armoured_message_finaliser(ops_error_t **errors,
|
||||
c[0]=arg->checksum >> 16;
|
||||
c[1]=arg->checksum >> 8;
|
||||
c[2]=arg->checksum;
|
||||
/* push the checksum through our own writer */
|
||||
/* push the checksum through our own writer. Turn off the
|
||||
writing_body flag so we don't put a newline in the trailer.
|
||||
*/
|
||||
arg->writing_trailer = ops_true;
|
||||
if(!base64_writer(c,3,errors,winfo))
|
||||
return ops_false;
|
||||
|
||||
@ -368,7 +394,7 @@ void ops_writer_push_armoured_message(ops_create_info_t *info)
|
||||
base64_arg_t *base64;
|
||||
|
||||
ops_write(header,sizeof header-1,info);
|
||||
ops_write("\r\n",2,info);
|
||||
ops_write(newline,strlen(newline),info);
|
||||
base64=ops_mallocz(sizeof *base64);
|
||||
base64->checksum=CRC24_INIT;
|
||||
ops_writer_push(info,base64_writer,armoured_message_finaliser,ops_writer_generic_destroyer,base64);
|
||||
@ -421,7 +447,10 @@ static ops_boolean_t armoured_finaliser(ops_armor_type_t type, ops_error_t **err
|
||||
c[0]=arg->checksum >> 16;
|
||||
c[1]=arg->checksum >> 8;
|
||||
c[2]=arg->checksum;
|
||||
/* push the checksum through our own writer */
|
||||
/* push the checksum through our own writer. Turn off the
|
||||
writing_body flag so we don't put a newline in the trailer.
|
||||
*/
|
||||
arg->writing_trailer = ops_true;
|
||||
if(!base64_writer(c,3,errors,winfo))
|
||||
return ops_false;
|
||||
|
||||
|
@ -84,8 +84,10 @@ void ops_writer_push_encrypt_se_ip(ops_create_info_t *cinfo,
|
||||
arg->crypt=encrypt;
|
||||
|
||||
// And push writer on stack
|
||||
ops_writer_push(cinfo,encrypt_se_ip_writer,NULL,encrypt_se_ip_destroyer,arg);
|
||||
ops_writer_push(cinfo, encrypt_se_ip_writer, NULL, encrypt_se_ip_destroyer,
|
||||
arg);
|
||||
// tidy up
|
||||
ops_pk_session_key_free(encrypted_pk_session_key);
|
||||
free(encrypted_pk_session_key);
|
||||
free(iv);
|
||||
}
|
||||
@ -126,7 +128,8 @@ static ops_boolean_t encrypt_se_ip_writer(const unsigned char *src,
|
||||
ops_write_se_ip_pktset(ops_memory_get_data(mem_compressed),
|
||||
ops_memory_get_length(mem_compressed),
|
||||
arg->crypt, my_cinfo);
|
||||
assert(ops_memory_get_length(my_mem)>ops_memory_get_length(mem_compressed));
|
||||
assert(ops_memory_get_length(my_mem)
|
||||
> ops_memory_get_length(mem_compressed));
|
||||
|
||||
// now write memory to next writer
|
||||
rtn=ops_stacked_write(ops_memory_get_data(my_mem),
|
||||
@ -220,13 +223,15 @@ ops_boolean_t ops_write_se_ip_pktset(const unsigned char *data,
|
||||
#ifdef DEBUG
|
||||
if (debug)
|
||||
{
|
||||
fprintf(stderr,"writing %ld + %d + %ld\n", sz_preamble, len, ops_memory_get_length(mem_mdc));
|
||||
fprintf(stderr,"writing %ld + %d + %ld\n", sz_preamble, len,
|
||||
ops_memory_get_length(mem_mdc));
|
||||
}
|
||||
#endif /*DEBUG*/
|
||||
|
||||
if (!ops_write(preamble, sz_preamble, cinfo)
|
||||
|| !ops_write(data, len, cinfo)
|
||||
|| !ops_write(ops_memory_get_data(mem_mdc), ops_memory_get_length(mem_mdc), cinfo))
|
||||
|| !ops_write(ops_memory_get_data(mem_mdc),
|
||||
ops_memory_get_length(mem_mdc), cinfo))
|
||||
// \todo fix cleanup here and in old code functions
|
||||
return 0;
|
||||
|
||||
|
85
openpgpsdk/src/writer_literal.c
Normal file
85
openpgpsdk/src/writer_literal.c
Normal file
@ -0,0 +1,85 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer, Alasdair Mackintosh.
|
||||
* The Contributors have asserted their moral rights under the
|
||||
* UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License.
|
||||
*
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
*
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/** Writes a literal data packet, using the partial data length encoding.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
|
||||
#ifndef WIN32
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#include <openpgpsdk/create.h>
|
||||
#include <openpgpsdk/literal.h>
|
||||
#include <openpgpsdk/partial.h>
|
||||
|
||||
#define MIN_PARTIAL_DATA_LENGTH 512
|
||||
#define MAX_PARTIAL_DATA_LENGTH 1073741824
|
||||
|
||||
|
||||
ops_boolean_t write_literal_header(ops_create_info_t *info,
|
||||
void *header_data)
|
||||
{
|
||||
OPS_USED(header_data);
|
||||
// \todo add the literal type as a header_data argument
|
||||
// \todo add filename
|
||||
// \todo add date
|
||||
// \todo do we need to check text data for <cr><lf> line endings ?
|
||||
|
||||
ops_write_scalar(OPS_LDT_BINARY, 1, info); // data type
|
||||
ops_write_scalar(0, 1, info); // Filename (length = 0)
|
||||
ops_write_scalar(0, 4, info); // Date (unspecified)
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup InternalAPI
|
||||
* \brief Pushes a literal writer onto the stack.
|
||||
* \param cinfo the writer info
|
||||
* \param buf_size the size of the internal buffer. For best
|
||||
* throughput, write data in multiples of buf_size
|
||||
*/
|
||||
void ops_writer_push_literal_with_opts(ops_create_info_t *cinfo,
|
||||
unsigned int buf_size)
|
||||
{
|
||||
// The literal writer doesn't need to transform the data, so we just
|
||||
// push a partial packet writer onto the stack. This will handle
|
||||
// the packet length encoding. All we need to provide is a function
|
||||
// to write the header.
|
||||
ops_writer_push_partial(buf_size, cinfo, OPS_PTAG_CT_LITERAL_DATA,
|
||||
write_literal_header, NULL);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup InternalAPI
|
||||
* \brief Pushes a literal writer onto the stack.
|
||||
* \param cinfo the writer info
|
||||
*/
|
||||
void ops_writer_push_literal(ops_create_info_t *cinfo)
|
||||
{
|
||||
ops_writer_push_literal_with_opts(cinfo, 0);
|
||||
}
|
||||
|
||||
// EOF
|
381
openpgpsdk/src/writer_partial.c
Normal file
381
openpgpsdk/src/writer_partial.c
Normal file
@ -0,0 +1,381 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer, Alasdair Mackintosh.
|
||||
* The Contributors have asserted their moral rights under the
|
||||
* UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License.
|
||||
*
|
||||
* You may obtain a copy of the License at
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
*
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/** Writes data using a series of partial body length headers.
|
||||
* (See RFC 4880 4.2.2.4). This is normally used in conjunction
|
||||
* with a streaming writer of some kind that needs to write out
|
||||
* data packets of unknown length.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
|
||||
#ifndef WIN32
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#include <openpgpsdk/create.h>
|
||||
#include <openpgpsdk/memory.h>
|
||||
#include <openpgpsdk/partial.h>
|
||||
#include <openpgpsdk/readerwriter.h>
|
||||
|
||||
static const int debug = 0;
|
||||
|
||||
#define PACKET_SIZE 2048
|
||||
#define MIN_PARTIAL_DATA_LENGTH 512
|
||||
#define MAX_PARTIAL_DATA_LENGTH 1073741824
|
||||
|
||||
typedef struct
|
||||
{
|
||||
size_t packet_size; // size of packets
|
||||
ops_memory_t *buffer; // Data is buffered here until written
|
||||
ops_content_tag_t tag; // Packet tag
|
||||
ops_memory_t *header; // Header is written here
|
||||
ops_boolean_t written_first; // Has the first packet been written?
|
||||
ops_write_partial_trailer_t *trailer_fn; // Custom end-of-packet fn
|
||||
void *trailer_data; // data for end-of-packet fn
|
||||
} stream_partial_arg_t;
|
||||
|
||||
|
||||
|
||||
static unsigned int ops_calc_partial_data_length(unsigned int len)
|
||||
{
|
||||
int i;
|
||||
unsigned int mask = MAX_PARTIAL_DATA_LENGTH;
|
||||
assert( len > 0 );
|
||||
|
||||
if (len > MAX_PARTIAL_DATA_LENGTH)
|
||||
return MAX_PARTIAL_DATA_LENGTH;
|
||||
|
||||
for (i = 0 ; i <= 30 ; i++)
|
||||
{
|
||||
if (mask & len)
|
||||
break;
|
||||
mask >>= 1;
|
||||
}
|
||||
|
||||
return mask;
|
||||
}
|
||||
|
||||
static ops_boolean_t ops_write_partial_data_length(unsigned int len,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
// len must be a power of 2 from 0 to 30
|
||||
unsigned i;
|
||||
unsigned char c[1];
|
||||
|
||||
for (i = 0 ; i <= 30 ; i++)
|
||||
if ((len >> i) & 1)
|
||||
break;
|
||||
|
||||
assert((1u << i) == len);
|
||||
|
||||
c[0] = 224 + i;
|
||||
|
||||
return ops_write(c, 1, info);
|
||||
}
|
||||
|
||||
static ops_boolean_t write_partial_data(const unsigned char *data,
|
||||
size_t len,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
if (debug)
|
||||
fprintf(stderr, "Writing %zu bytes\n", len);
|
||||
while (len > 0)
|
||||
{
|
||||
size_t pdlen = ops_calc_partial_data_length(len);
|
||||
ops_write_partial_data_length(pdlen, info);
|
||||
ops_write(data, pdlen, info);
|
||||
data += pdlen;
|
||||
len -= pdlen;
|
||||
}
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
static ops_boolean_t write_partial_data_first(stream_partial_arg_t *arg,
|
||||
const unsigned char *data,
|
||||
unsigned int len,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
size_t header_len = ops_memory_get_length(arg->header);
|
||||
|
||||
size_t sz_towrite = len + header_len;
|
||||
size_t sz_pd = ops_calc_partial_data_length(sz_towrite);
|
||||
size_t first_data_len = (sz_pd - header_len);
|
||||
assert(sz_pd >= MIN_PARTIAL_DATA_LENGTH);
|
||||
|
||||
if (debug)
|
||||
fprintf(stderr, "Writing first packet of len %zu (%zu + %u)\n",
|
||||
sz_towrite, header_len, len);
|
||||
|
||||
// Write the packet tag, the partial size and the header, followed
|
||||
// by the first chunk of data and then the remainder of the data.
|
||||
// (We have to do this in two chunks, as the partial length may not
|
||||
// match the number of bytes to write.)
|
||||
return ops_write_ptag(arg->tag, info) &&
|
||||
ops_write_partial_data_length(sz_pd, info) &&
|
||||
ops_write(ops_memory_get_data(arg->header), header_len, info) &&
|
||||
ops_write(data, first_data_len, info) &&
|
||||
write_partial_data(data + first_data_len, len - first_data_len, info);
|
||||
}
|
||||
|
||||
/*
|
||||
* Writes out the last packet. The length is encoded as a fixed-length
|
||||
* packet. Note that even if there is no data accumulated in the
|
||||
* buffer, we stil lneed to write out a packet, as the final packet in
|
||||
* a partially-encoded stream must be a fixed-lngth packet.
|
||||
*/
|
||||
static ops_boolean_t write_partial_data_last(stream_partial_arg_t *arg,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
size_t buffer_length = ops_memory_get_length(arg->buffer);
|
||||
if (debug)
|
||||
fprintf(stderr, "writing final packet of %zu bytes\n", buffer_length);
|
||||
return ops_write_length(buffer_length, info) &&
|
||||
ops_write(ops_memory_get_data(arg->buffer), buffer_length, info);
|
||||
}
|
||||
|
||||
/*
|
||||
* Writes out the data accumulated in the in-memory buffer.
|
||||
*/
|
||||
static ops_boolean_t flush_buffer(stream_partial_arg_t *arg,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
ops_boolean_t result = ops_true;
|
||||
size_t buffer_length = ops_memory_get_length(arg->buffer);
|
||||
if (buffer_length > 0)
|
||||
{
|
||||
if (debug)
|
||||
fprintf(stderr, "Flushing %zu bytes\n", buffer_length);
|
||||
|
||||
result = write_partial_data(ops_memory_get_data(arg->buffer),
|
||||
buffer_length,
|
||||
info);
|
||||
ops_memory_clear(arg->buffer);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
static ops_boolean_t stream_partial_writer(const unsigned char *src,
|
||||
unsigned length,
|
||||
ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
stream_partial_arg_t *arg = ops_writer_get_arg(winfo);
|
||||
|
||||
// For the first write operation, we need to write out the header
|
||||
// plus the data. The total size that we write out must be at least
|
||||
// MIN_PARTIAL_DATA_LENGTH bytes. (See RFC 4880, sec 4.2.2.4,
|
||||
// Partial Body Lengths.) If we are given less than this,
|
||||
// then we need to store the data in the buffer until we have the
|
||||
// minumum
|
||||
if (!arg->written_first)
|
||||
{
|
||||
ops_memory_add(arg->buffer, src, length);
|
||||
size_t buffer_length = ops_memory_get_length(arg->buffer);
|
||||
size_t header_length = ops_memory_get_length(arg->header);
|
||||
if (header_length + buffer_length < MIN_PARTIAL_DATA_LENGTH)
|
||||
{
|
||||
if (debug)
|
||||
fprintf(stderr, "Storing %zu (%zu + %zu) bytes\n",
|
||||
header_length + buffer_length, header_length,
|
||||
buffer_length);
|
||||
return ops_true; // will wait for more data or end of stream
|
||||
}
|
||||
arg->written_first = ops_true;
|
||||
|
||||
// Create a writer that will write to the parent stream. Allows
|
||||
// useage of ops_write_ptag, etc.
|
||||
ops_create_info_t parent_info;
|
||||
ops_prepare_parent_info(&parent_info, winfo);
|
||||
ops_boolean_t result =
|
||||
write_partial_data_first(arg, ops_memory_get_data(arg->buffer),
|
||||
buffer_length, &parent_info);
|
||||
ops_memory_clear(arg->buffer);
|
||||
ops_move_errors(&parent_info, errors);
|
||||
return result;
|
||||
}
|
||||
else
|
||||
{
|
||||
size_t buffer_length = ops_memory_get_length(arg->buffer);
|
||||
if (buffer_length + length < arg->packet_size)
|
||||
{
|
||||
ops_memory_add(arg->buffer, src, length);
|
||||
if (debug)
|
||||
fprintf(stderr, "Storing %u bytes (total %zu)\n",
|
||||
length, buffer_length);
|
||||
return ops_true;
|
||||
}
|
||||
else
|
||||
{
|
||||
ops_create_info_t parent_info;
|
||||
parent_info.winfo = *winfo->next;
|
||||
parent_info.errors = *errors;
|
||||
return flush_buffer(arg, &parent_info) &&
|
||||
write_partial_data(src, length, &parent_info);
|
||||
}
|
||||
}
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Invoked when the total packet size is less than
|
||||
* MIN_PARTIAL_DATA_LENGTH. In that case, we write out the whole
|
||||
* packet in a single operation, without using partial body length
|
||||
* packets.
|
||||
*/
|
||||
static ops_boolean_t write_complete_packet(stream_partial_arg_t *arg,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
size_t data_len = ops_memory_get_length(arg->buffer);
|
||||
size_t header_len = ops_memory_get_length(arg->header);
|
||||
|
||||
// Write the header tag, the length of the packet, and the
|
||||
// packet. Note that the packet includes the header
|
||||
// bytes.
|
||||
size_t total = data_len + header_len;
|
||||
if (debug)
|
||||
fprintf(stderr, "writing entire packet with length %zu (%zu + %zu)\n",
|
||||
total, data_len, header_len);
|
||||
return ops_write_ptag(arg->tag, info) &&
|
||||
ops_write_length(total, info) &&
|
||||
ops_write(ops_memory_get_data(arg->header), header_len, info) &&
|
||||
ops_write(ops_memory_get_data(arg->buffer), data_len, info);
|
||||
}
|
||||
|
||||
static ops_boolean_t stream_partial_finaliser(ops_error_t **errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
stream_partial_arg_t *arg = ops_writer_get_arg(winfo);
|
||||
// write last chunk of data
|
||||
|
||||
// Create a writer that will write to the parent stream. Allows
|
||||
// useage of ops_write_ptag, etc.
|
||||
ops_create_info_t parent_info;
|
||||
ops_prepare_parent_info(&parent_info, winfo);
|
||||
ops_boolean_t result;
|
||||
if (!arg->written_first)
|
||||
result = write_complete_packet(arg, &parent_info);
|
||||
else
|
||||
// finish writing
|
||||
result = write_partial_data_last(arg, &parent_info);
|
||||
if (result && arg->trailer_fn != NULL)
|
||||
result = arg->trailer_fn(&parent_info, arg->trailer_data);
|
||||
ops_move_errors(&parent_info, errors);
|
||||
return result;
|
||||
}
|
||||
|
||||
static void stream_partial_destroyer(ops_writer_info_t *winfo)
|
||||
{
|
||||
stream_partial_arg_t *arg = ops_writer_get_arg(winfo);
|
||||
ops_memory_free(arg->buffer);
|
||||
ops_memory_free(arg->header);
|
||||
free(arg);
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup InternalAPI
|
||||
* \brief Pushes a partial packet writer onto the stack.
|
||||
*
|
||||
* This writer is used in conjunction with another writer that
|
||||
* generates streaming data of unknown length. The partial writer
|
||||
* handles the various partial body length packets. When writing the
|
||||
* initial packet header, the partial writer will write out the given
|
||||
* tag, write out an initial length, and then invoke the 'header'
|
||||
* function to write the remainder of the header. Note that the header
|
||||
* function should not write a packet tag or a length.
|
||||
*
|
||||
* \param packet_size the expected size of the incoming packets. Must
|
||||
* be >= 512 bytes. Must be a power of 2. The partial writer
|
||||
* will buffer incoming writes into packets of this size. Note
|
||||
* that writes will be most efficient if done in chunks of
|
||||
* packet_size. If the packet size is unknown, specify 0, and
|
||||
* the default size will be used.
|
||||
* \param cinfo the writer info
|
||||
* \param tag the packet tag
|
||||
* \param header_writer a function that writes the packet header.
|
||||
* \param header_data passed into header_writer
|
||||
*/
|
||||
void ops_writer_push_partial(size_t packet_size,
|
||||
ops_create_info_t *cinfo,
|
||||
ops_content_tag_t tag,
|
||||
ops_write_partial_header_t *header_writer,
|
||||
void *header_data)
|
||||
{
|
||||
ops_writer_push_partial_with_trailer(packet_size, cinfo, tag, header_writer,
|
||||
header_data, NULL, NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* \ingroup InternalAPI
|
||||
* \brief Pushes a partial packet writer onto the stack. Adds a trailer
|
||||
* function that will be invoked after writing out the partial
|
||||
* packet.
|
||||
*
|
||||
* This writer is primarily used by the signature writer, which needs
|
||||
* to append a signature packet after the literal data packet.
|
||||
*
|
||||
* \param trailer_writer a function that writes the trailer
|
||||
* \param trailer_data passed into trailer_data
|
||||
* \see ops_writer_push_partial
|
||||
* \see ops_writer_push_signed
|
||||
*/
|
||||
void ops_writer_push_partial_with_trailer(
|
||||
size_t packet_size,
|
||||
ops_create_info_t *cinfo,
|
||||
ops_content_tag_t tag,
|
||||
ops_write_partial_header_t *header_writer,
|
||||
void *header_data,
|
||||
ops_write_partial_trailer_t *trailer_writer,
|
||||
void *trailer_data)
|
||||
{
|
||||
if (packet_size == 0)
|
||||
packet_size = PACKET_SIZE;
|
||||
assert(packet_size >= MIN_PARTIAL_DATA_LENGTH);
|
||||
// Verify that the packet size is a valid power of 2.
|
||||
assert(ops_calc_partial_data_length(packet_size) == packet_size);
|
||||
|
||||
// Create arg to be used with this writer
|
||||
// Remember to free this in the destroyer
|
||||
stream_partial_arg_t *arg = ops_mallocz(sizeof *arg);
|
||||
arg->tag = tag;
|
||||
arg->written_first = ops_false;
|
||||
arg->packet_size = packet_size;
|
||||
arg->buffer = ops_memory_new();
|
||||
ops_memory_init(arg->buffer, arg->packet_size);
|
||||
arg->trailer_fn = trailer_writer;
|
||||
arg->trailer_data = trailer_data;
|
||||
|
||||
// Write out the header into the memory buffer. Later we will write
|
||||
// this buffer to the underlying output stream.
|
||||
ops_create_info_t *header_info;
|
||||
ops_setup_memory_write(&header_info, &arg->header, 128);
|
||||
header_writer(header_info, header_data);
|
||||
ops_writer_close(header_info);
|
||||
ops_create_info_delete(header_info);
|
||||
|
||||
// And push writer on stack
|
||||
ops_writer_push(cinfo, stream_partial_writer, stream_partial_finaliser,
|
||||
stream_partial_destroyer, arg);
|
||||
}
|
||||
|
||||
// EOF
|
@ -1,8 +1,9 @@
|
||||
/*
|
||||
* Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
|
||||
* Copyright (c) 2005-2009 Nominet UK (www.nic.uk)
|
||||
* All rights reserved.
|
||||
* Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
|
||||
* their moral rights under the UK Copyright Design and Patents Act 1988 to
|
||||
* Contributors: Ben Laurie, Rachel Willmer, Alasdair Mackintosh.
|
||||
* The Contributors have asserted their moral rights under the
|
||||
* UK Copyright Design and Patents Act 1988 to
|
||||
* be recorded as the authors of this copyright work.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
@ -34,22 +35,21 @@
|
||||
#include "keyring_local.h"
|
||||
#include <openpgpsdk/create.h>
|
||||
#include <openpgpsdk/keyring.h>
|
||||
#include <openpgpsdk/partial.h>
|
||||
#include <openpgpsdk/random.h>
|
||||
#include <openpgpsdk/readerwriter.h>
|
||||
|
||||
#define MAX_PARTIAL_DATA_LENGTH 1073741824
|
||||
#include <openpgpsdk/streamwriter.h>
|
||||
|
||||
typedef struct
|
||||
{
|
||||
ops_crypt_t*crypt;
|
||||
ops_memory_t *mem_data;
|
||||
ops_memory_t *mem_literal;
|
||||
ops_create_info_t *cinfo_literal;
|
||||
ops_memory_t *mem_se_ip;
|
||||
ops_create_info_t *cinfo_se_ip;
|
||||
ops_hash_t hash;
|
||||
} stream_encrypt_se_ip_arg_t;
|
||||
|
||||
static ops_boolean_t write_encrypt_se_ip_header(ops_create_info_t *info,
|
||||
void *header_data);
|
||||
|
||||
|
||||
static ops_boolean_t stream_encrypt_se_ip_writer(const unsigned char *src,
|
||||
unsigned length,
|
||||
@ -61,19 +61,34 @@ static ops_boolean_t stream_encrypt_se_ip_finaliser(ops_error_t** errors,
|
||||
|
||||
static void stream_encrypt_se_ip_destroyer (ops_writer_info_t *winfo);
|
||||
|
||||
//
|
||||
|
||||
/**
|
||||
\ingroup Core_WritersNext
|
||||
\brief Pushes a streaming encryption writer onto the stack.
|
||||
|
||||
Data written to the stream will be encoded in a Symmetrically
|
||||
Encrypted Integrity Protected packet. Note that this writer must be
|
||||
used in conjunction with a literal writer or a signed writer.
|
||||
|
||||
\param cinfo
|
||||
\param pub_key
|
||||
Example Code:
|
||||
\code
|
||||
ops_writer_push_stream_encrypt_se_ip(cinfo, public_key);
|
||||
if (compress)
|
||||
ops_writer_push_compressed(cinfo);
|
||||
if (sign)
|
||||
ops_writer_push_signed(cinfo, OPS_SIG_BINARY, secret_key);
|
||||
else
|
||||
ops_writer_push_literal(cinfo);
|
||||
\endcode
|
||||
*/
|
||||
|
||||
void ops_writer_push_stream_encrypt_se_ip(ops_create_info_t *cinfo,
|
||||
const ops_keydata_t *pub_key)
|
||||
{
|
||||
ops_crypt_t *encrypt;
|
||||
unsigned char *iv=NULL;
|
||||
|
||||
const unsigned int bufsz=1024; // initial value; gets expanded as necessary
|
||||
|
||||
// Create arg to be used with this writer
|
||||
@ -95,144 +110,50 @@ void ops_writer_push_stream_encrypt_se_ip(ops_create_info_t *cinfo,
|
||||
|
||||
arg->crypt=encrypt;
|
||||
|
||||
arg->mem_data=ops_memory_new();
|
||||
ops_memory_init(arg->mem_data,bufsz);
|
||||
|
||||
arg->mem_literal = NULL;
|
||||
arg->cinfo_literal = NULL;
|
||||
|
||||
ops_setup_memory_write(&arg->cinfo_se_ip, &arg->mem_se_ip, bufsz);
|
||||
|
||||
// And push writer on stack
|
||||
ops_hash_any(&arg->hash, OPS_HASH_SHA1);
|
||||
arg->hash.init(&arg->hash);
|
||||
|
||||
// This is a streaming writer, so we don't know the length in
|
||||
// advance. Use a partial writer to handle the partial body
|
||||
// packet lengths.
|
||||
ops_writer_push_partial(2048, cinfo, OPS_PTAG_CT_SE_IP_DATA,
|
||||
write_encrypt_se_ip_header, arg);
|
||||
|
||||
// And push encryption writer on stack
|
||||
ops_writer_push(cinfo,
|
||||
stream_encrypt_se_ip_writer,
|
||||
stream_encrypt_se_ip_finaliser,
|
||||
stream_encrypt_se_ip_destroyer, arg);
|
||||
// tidy up
|
||||
ops_pk_session_key_free(encrypted_pk_session_key);
|
||||
free(encrypted_pk_session_key);
|
||||
free(iv);
|
||||
}
|
||||
|
||||
|
||||
|
||||
unsigned int ops_calc_partial_data_length(unsigned int len)
|
||||
{
|
||||
int i;
|
||||
unsigned int mask = MAX_PARTIAL_DATA_LENGTH;
|
||||
assert( len > 0 );
|
||||
|
||||
if ( len > MAX_PARTIAL_DATA_LENGTH ) {
|
||||
return MAX_PARTIAL_DATA_LENGTH;
|
||||
}
|
||||
|
||||
for ( i = 0; i <= 30; i++ ) {
|
||||
if ( mask & len) break;
|
||||
mask >>= 1;
|
||||
}
|
||||
|
||||
return mask;
|
||||
}
|
||||
|
||||
ops_boolean_t ops_write_partial_data_length(unsigned int len,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
// len must be a power of 2 from 0 to 30
|
||||
int i;
|
||||
unsigned char c[1];
|
||||
|
||||
for ( i = 0; i <= 30; i++ ) {
|
||||
if ( (len >> i) & 1) break;
|
||||
}
|
||||
|
||||
c[0] = 224 + i;
|
||||
return ops_write(c,1,info);
|
||||
}
|
||||
|
||||
ops_boolean_t ops_stream_write_literal_data(const unsigned char *data,
|
||||
unsigned int len,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
while (len > 0) {
|
||||
size_t pdlen = ops_calc_partial_data_length(len);
|
||||
ops_write_partial_data_length(pdlen, info);
|
||||
ops_write(data, pdlen, info);
|
||||
data += pdlen;
|
||||
len -= pdlen;
|
||||
}
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
ops_boolean_t ops_stream_write_literal_data_first(const unsigned char *data,
|
||||
unsigned int len,
|
||||
const ops_literal_data_type_t type,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
// \todo add filename
|
||||
// \todo add date
|
||||
// \todo do we need to check text data for <cr><lf> line endings ?
|
||||
|
||||
size_t sz_towrite = 1 + 1 + 4 + len;
|
||||
size_t sz_pd = ops_calc_partial_data_length(sz_towrite);
|
||||
assert(sz_pd >= 512);
|
||||
|
||||
ops_write_ptag(OPS_PTAG_CT_LITERAL_DATA, info);
|
||||
ops_write_partial_data_length(sz_pd, info);
|
||||
ops_write_scalar(type, 1, info);
|
||||
ops_write_scalar(0, 1, info);
|
||||
ops_write_scalar(0, 4, info);
|
||||
ops_write(data, sz_pd - 6, info);
|
||||
|
||||
data += (sz_pd - 6);
|
||||
sz_towrite -= sz_pd;
|
||||
|
||||
ops_stream_write_literal_data(data, sz_towrite, info);
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
ops_boolean_t ops_stream_write_literal_data_last(const unsigned char *data,
|
||||
unsigned int len,
|
||||
ops_create_info_t *info)
|
||||
{
|
||||
ops_write_length(len, info);
|
||||
ops_write(data, len, info);
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
ops_boolean_t ops_stream_write_se_ip(const unsigned char *data,
|
||||
static ops_boolean_t ops_stream_write_se_ip(const unsigned char *data,
|
||||
unsigned int len,
|
||||
stream_encrypt_se_ip_arg_t *arg,
|
||||
ops_create_info_t *cinfo)
|
||||
{
|
||||
while (len > 0) {
|
||||
size_t pdlen = ops_calc_partial_data_length(len);
|
||||
ops_write_partial_data_length(pdlen, cinfo);
|
||||
|
||||
ops_writer_push_encrypt_crypt(cinfo, arg->crypt);
|
||||
ops_write(data, pdlen, cinfo);
|
||||
ops_write(data, len, cinfo);
|
||||
ops_writer_pop(cinfo);
|
||||
|
||||
arg->hash.add(&arg->hash, data, pdlen);
|
||||
|
||||
data += pdlen;
|
||||
len -= pdlen;
|
||||
}
|
||||
arg->hash.add(&arg->hash, data, len);
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
ops_boolean_t ops_stream_write_se_ip_first(const unsigned char *data,
|
||||
unsigned int len,
|
||||
stream_encrypt_se_ip_arg_t *arg,
|
||||
ops_create_info_t *cinfo)
|
||||
// Writes out the header for the encrypted packet. Invoked by the
|
||||
// partial stream writer. Note that writing the packet tag and the
|
||||
// packet length is handled by the partial stream writer.
|
||||
static ops_boolean_t write_encrypt_se_ip_header(ops_create_info_t *cinfo,
|
||||
void *data)
|
||||
{
|
||||
stream_encrypt_se_ip_arg_t *arg = data;
|
||||
size_t sz_preamble = arg->crypt->blocksize + 2;
|
||||
size_t sz_towrite = sz_preamble + 1 + len;
|
||||
unsigned char* preamble = ops_mallocz(sz_preamble);
|
||||
|
||||
size_t sz_pd = ops_calc_partial_data_length(sz_towrite);
|
||||
assert(sz_pd >= 512);
|
||||
|
||||
ops_write_ptag(OPS_PTAG_CT_SE_IP_DATA, cinfo);
|
||||
ops_write_partial_data_length(sz_pd, cinfo);
|
||||
ops_write_scalar(SE_IP_DATA_VERSION, 1, cinfo);
|
||||
|
||||
ops_writer_push_encrypt_crypt(cinfo, arg->crypt);
|
||||
@ -241,42 +162,25 @@ ops_boolean_t ops_stream_write_se_ip_first(const unsigned char *data,
|
||||
preamble[arg->crypt->blocksize]=preamble[arg->crypt->blocksize-2];
|
||||
preamble[arg->crypt->blocksize+1]=preamble[arg->crypt->blocksize-1];
|
||||
|
||||
ops_hash_any(&arg->hash, OPS_HASH_SHA1);
|
||||
arg->hash.init(&arg->hash);
|
||||
|
||||
ops_write(preamble, sz_preamble, cinfo);
|
||||
arg->hash.add(&arg->hash, preamble, sz_preamble);
|
||||
|
||||
ops_write(data, sz_pd - sz_preamble - 1, cinfo);
|
||||
arg->hash.add(&arg->hash, data, sz_pd - sz_preamble - 1);
|
||||
|
||||
data += (sz_pd - sz_preamble -1);
|
||||
sz_towrite -= sz_pd;
|
||||
|
||||
ops_writer_pop(cinfo);
|
||||
|
||||
ops_stream_write_se_ip(data, sz_towrite, arg, cinfo);
|
||||
|
||||
free(preamble);
|
||||
|
||||
return ops_true;
|
||||
}
|
||||
|
||||
ops_boolean_t ops_stream_write_se_ip_last(const unsigned char *data,
|
||||
unsigned int len,
|
||||
stream_encrypt_se_ip_arg_t *arg,
|
||||
static ops_boolean_t
|
||||
ops_stream_write_se_ip_last(stream_encrypt_se_ip_arg_t *arg,
|
||||
ops_create_info_t *cinfo)
|
||||
{
|
||||
unsigned char c[1];
|
||||
unsigned char hashed[SHA_DIGEST_LENGTH];
|
||||
const size_t sz_mdc = 1 + 1 + SHA_DIGEST_LENGTH;
|
||||
size_t sz_buf = len + sz_mdc;
|
||||
|
||||
ops_memory_t *mem_mdc;
|
||||
ops_create_info_t *cinfo_mdc;
|
||||
|
||||
arg->hash.add(&arg->hash, data, len);
|
||||
|
||||
// MDC packet tag
|
||||
c[0]=0xD3;
|
||||
arg->hash.add(&arg->hash, &c[0], 1);
|
||||
@ -291,14 +195,11 @@ ops_boolean_t ops_stream_write_se_ip_last(const unsigned char *data,
|
||||
ops_setup_memory_write(&cinfo_mdc, &mem_mdc, sz_mdc);
|
||||
ops_write_mdc(hashed, cinfo_mdc);
|
||||
|
||||
// write length of last se_ip chunk
|
||||
ops_write_length(sz_buf, cinfo);
|
||||
|
||||
// encode everting
|
||||
// encode everthing
|
||||
ops_writer_push_encrypt_crypt(cinfo, arg->crypt);
|
||||
|
||||
ops_write(data, len, cinfo);
|
||||
ops_write(ops_memory_get_data(mem_mdc), ops_memory_get_length(mem_mdc), cinfo);
|
||||
ops_write(ops_memory_get_data(mem_mdc), ops_memory_get_length(mem_mdc),
|
||||
cinfo);
|
||||
|
||||
ops_writer_pop(cinfo);
|
||||
|
||||
@ -316,40 +217,13 @@ static ops_boolean_t stream_encrypt_se_ip_writer(const unsigned char *src,
|
||||
|
||||
ops_boolean_t rtn=ops_true;
|
||||
|
||||
if ( arg->cinfo_literal == NULL ) { // first literal data chunk is not yet written
|
||||
size_t datalength;
|
||||
|
||||
ops_memory_add(arg->mem_data,src,length);
|
||||
datalength = ops_memory_get_length(arg->mem_data);
|
||||
|
||||
// 4.2.2.4. Partial Body Lengths
|
||||
// The first partial length MUST be at least 512 octets long.
|
||||
if ( datalength < 512 ) {
|
||||
return ops_true; // will wait for more data or end of stream
|
||||
}
|
||||
|
||||
ops_setup_memory_write(&arg->cinfo_literal,&arg->mem_literal,datalength+32);
|
||||
ops_stream_write_literal_data_first(ops_memory_get_data(arg->mem_data),
|
||||
datalength,
|
||||
OPS_LDT_BINARY,
|
||||
arg->cinfo_literal);
|
||||
|
||||
ops_stream_write_se_ip_first(ops_memory_get_data(arg->mem_literal),
|
||||
ops_memory_get_length(arg->mem_literal),
|
||||
ops_stream_write_se_ip(src, length,
|
||||
arg, arg->cinfo_se_ip);
|
||||
} else {
|
||||
ops_stream_write_literal_data(src, length, arg->cinfo_literal);
|
||||
ops_stream_write_se_ip(ops_memory_get_data(arg->mem_literal),
|
||||
ops_memory_get_length(arg->mem_literal),
|
||||
arg, arg->cinfo_se_ip);
|
||||
}
|
||||
|
||||
// now write memory to next writer
|
||||
rtn=ops_stacked_write(ops_memory_get_data(arg->mem_se_ip),
|
||||
ops_memory_get_length(arg->mem_se_ip),
|
||||
errors, winfo);
|
||||
|
||||
ops_memory_clear(arg->mem_literal);
|
||||
ops_memory_clear(arg->mem_se_ip);
|
||||
|
||||
return rtn;
|
||||
@ -359,34 +233,8 @@ static ops_boolean_t stream_encrypt_se_ip_finaliser(ops_error_t** errors,
|
||||
ops_writer_info_t *winfo)
|
||||
{
|
||||
stream_encrypt_se_ip_arg_t *arg=ops_writer_get_arg(winfo);
|
||||
// write last chunk of data
|
||||
|
||||
if ( arg->cinfo_literal == NULL ) {
|
||||
// first literal data chunk was not written
|
||||
// so we know the total length of data, write a simple packet
|
||||
|
||||
// create literal data packet from buffered data
|
||||
ops_setup_memory_write(&arg->cinfo_literal,
|
||||
&arg->mem_literal,
|
||||
ops_memory_get_length(arg->mem_data)+32);
|
||||
|
||||
ops_write_literal_data_from_buf(ops_memory_get_data(arg->mem_data),
|
||||
ops_memory_get_length(arg->mem_data),
|
||||
OPS_LDT_BINARY, arg->cinfo_literal);
|
||||
|
||||
// create SE IP packet set from this literal data
|
||||
ops_write_se_ip_pktset(ops_memory_get_data(arg->mem_literal),
|
||||
ops_memory_get_length(arg->mem_literal),
|
||||
arg->crypt, arg->cinfo_se_ip);
|
||||
|
||||
} else {
|
||||
// finish writing
|
||||
ops_stream_write_literal_data_last(NULL, 0, arg->cinfo_literal);
|
||||
ops_stream_write_se_ip_last(ops_memory_get_data(arg->mem_literal),
|
||||
ops_memory_get_length(arg->mem_literal),
|
||||
arg, arg->cinfo_se_ip);
|
||||
}
|
||||
|
||||
// write trailer
|
||||
ops_stream_write_se_ip_last(arg, arg->cinfo_se_ip);
|
||||
// now write memory to next writer
|
||||
return ops_stacked_write(ops_memory_get_data(arg->mem_se_ip),
|
||||
ops_memory_get_length(arg->mem_se_ip),
|
||||
@ -398,15 +246,11 @@ static void stream_encrypt_se_ip_destroyer (ops_writer_info_t *winfo)
|
||||
{
|
||||
stream_encrypt_se_ip_arg_t *arg=ops_writer_get_arg(winfo);
|
||||
|
||||
ops_memory_free(arg->mem_data);
|
||||
ops_teardown_memory_write(arg->cinfo_literal, arg->mem_literal);
|
||||
ops_teardown_memory_write(arg->cinfo_se_ip, arg->mem_se_ip);
|
||||
|
||||
arg->crypt->decrypt_finish(arg->crypt);
|
||||
|
||||
free(arg->crypt);
|
||||
free(arg);
|
||||
}
|
||||
|
||||
|
||||
// EOF
|
||||
|
Loading…
x
Reference in New Issue
Block a user