1
/* build-packet.c - assemble packets and write them
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
3
* 2003 Free Software Foundation, Inc.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
39
static int do_comment( iobuf_t out, int ctb, PKT_comment *rem );
40
static int do_user_id( iobuf_t out, int ctb, PKT_user_id *uid );
41
static int do_public_key( iobuf_t out, int ctb, PKT_public_key *pk );
42
static int do_secret_key( iobuf_t out, int ctb, PKT_secret_key *pk );
43
static int do_symkey_enc( iobuf_t out, int ctb, PKT_symkey_enc *enc );
44
static int do_pubkey_enc( iobuf_t out, int ctb, PKT_pubkey_enc *enc );
45
static u32 calc_plaintext( PKT_plaintext *pt );
46
static int do_plaintext( iobuf_t out, int ctb, PKT_plaintext *pt );
47
static int do_encrypted( iobuf_t out, int ctb, PKT_encrypted *ed );
48
static int do_encrypted_mdc( iobuf_t out, int ctb, PKT_encrypted *ed );
49
static int do_compressed( iobuf_t out, int ctb, PKT_compressed *cd );
50
static int do_signature( iobuf_t out, int ctb, PKT_signature *sig );
51
static int do_onepass_sig( iobuf_t out, int ctb, PKT_onepass_sig *ops );
53
static int calc_header_length( u32 len, int new_ctb );
54
static int write_16(iobuf_t inp, u16 a);
55
static int write_32(iobuf_t inp, u32 a);
56
static int write_header( iobuf_t out, int ctb, u32 len );
57
static int write_sign_packet_header( iobuf_t out, int ctb, u32 len );
58
static int write_header2( iobuf_t out, int ctb, u32 len, int hdrlen, int blkmode );
59
static int write_new_header( iobuf_t out, int ctb, u32 len, int hdrlen );
60
static int write_version( iobuf_t out, int ctb );
63
* Build a packet and write it to INP
66
* Note: Caller must free the packet
69
build_packet( iobuf_t out, PACKET *pkt )
71
int new_ctb=0, rc=0, ctb;
75
log_debug("build_packet() type=%d\n", pkt->pkttype );
76
assert( pkt->pkt.generic );
78
switch( (pkttype = pkt->pkttype) ) {
79
case PKT_OLD_COMMENT: pkttype = pkt->pkttype = PKT_COMMENT; break;
80
case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break;
82
case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break;
83
case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break;
85
if( pkt->pkt.user_id->attrib_data )
86
pkttype = PKT_ATTRIBUTE;
91
if( new_ctb || pkttype > 15 ) /* new format */
92
ctb = 0xc0 | (pkttype & 0x3f);
94
ctb = 0x80 | ((pkttype & 15)<<2);
98
rc = do_user_id( out, ctb, pkt->pkt.user_id );
101
rc = do_comment( out, ctb, pkt->pkt.comment );
103
case PKT_PUBLIC_SUBKEY:
105
rc = do_public_key( out, ctb, pkt->pkt.public_key );
107
case PKT_SECRET_SUBKEY:
109
rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
112
rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
115
rc = do_pubkey_enc( out, ctb, pkt->pkt.pubkey_enc );
118
rc = do_plaintext( out, ctb, pkt->pkt.plaintext );
121
rc = do_encrypted( out, ctb, pkt->pkt.encrypted );
123
case PKT_ENCRYPTED_MDC:
124
rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
127
rc = do_compressed( out, ctb, pkt->pkt.compressed );
130
rc = do_signature( out, ctb, pkt->pkt.signature );
132
case PKT_ONEPASS_SIG:
133
rc = do_onepass_sig( out, ctb, pkt->pkt.onepass_sig );
136
break; /* ignore it (keyring.c does write it directly)*/
137
case PKT_MDC: /* we write it directly, so we should never see it here. */
139
log_bug("invalid packet type in build_packet()\n");
147
* calculate the length of a packet described by PKT
150
calc_packet_length( PACKET *pkt )
155
assert( pkt->pkt.generic );
156
switch( pkt->pkttype ) {
158
n = calc_plaintext( pkt->pkt.plaintext );
159
new_ctb = pkt->pkt.plaintext->new_ctb;
170
case PKT_ONEPASS_SIG:
174
log_bug("invalid packet type in calc_packet_length()");
178
n += calc_header_length(n, new_ctb);
183
write_fake_data( iobuf_t out, gcry_mpi_t a )
189
assert( gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE));
190
p = gcry_mpi_get_opaque (a, &n);
191
iobuf_write (out, p, (n+7)/8);
197
do_comment (iobuf_t out, int ctb, PKT_comment *rem)
203
write_header(out, ctb, rem->len);
204
rc = iobuf_write( out, rem->data, rem->len );
210
do_user_id( iobuf_t out, int ctb, PKT_user_id *uid )
214
if (uid->attrib_data)
216
write_header (out, ctb, uid->attrib_len);
217
rc = iobuf_write (out, uid->attrib_data, uid->attrib_len );
221
write_header (out, ctb, uid->len);
222
rc = iobuf_write (out, uid->name, uid->len );
228
do_public_key( iobuf_t out, int ctb, PKT_public_key *pk )
232
iobuf_t a = iobuf_temp();
237
iobuf_put( a, pk->version );
238
write_32(a, pk->timestamp );
239
if( pk->version < 4 ) {
242
ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
247
iobuf_put(a, pk->pubkey_algo );
248
n = pubkey_get_npkey( pk->pubkey_algo );
250
write_fake_data( a, pk->pkey[0] );
251
for(i=0; i < n; i++ )
252
mpi_write(a, pk->pkey[i] );
254
write_header2(out, ctb, iobuf_get_temp_length(a), pk->hdrbytes, 1 );
255
rc = iobuf_write_temp (out, a);
263
* Make a hash value from the public key certificate
266
hash_public_key( MD_HANDLE md, PKT_public_key *pk )
273
iobuf_t a = iobuf_temp();
275
FILE *fp = fopen("dump.pk", "a");
278
fprintf(fp, "\nHashing PK (v%d):\n", pk->version);
281
/* build the packet */
283
pkt.pkttype = PKT_PUBLIC_KEY;
284
pkt.pkt.public_key = pk;
285
if( (rc = build_packet( a, &pkt )) )
286
log_fatal("build public_key for hashing failed: %s\n", gpg_strerror (rc));
288
if( !(pk->version == 3 && pk->pubkey_algo == 16) ) {
289
/* skip the constructed header but don't do this for our very old
291
ctb = iobuf_get_noeof(a);
294
c = iobuf_get_noeof(a);
298
pktlen = (c - 192) * 256;
299
c = iobuf_get_noeof(a);
302
else if( c == 255 ) {
303
pktlen = iobuf_get_noeof(a) << 24;
304
pktlen |= iobuf_get_noeof(a) << 16;
305
pktlen |= iobuf_get_noeof(a) << 8;
306
pktlen |= iobuf_get_noeof(a);
310
int lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
311
for( ; lenbytes; lenbytes-- ) {
313
pktlen |= iobuf_get_noeof(a);
317
gcry_md_putc ( md, 0x99 );
318
pktlen &= 0xffff; /* can't handle longer packets */
319
gcry_md_putc ( md, pktlen >> 8 );
320
gcry_md_putc ( md, pktlen & 0xff );
322
/* hash the packet body */
323
while( (c=iobuf_get(a)) != -1 ) {
325
fprintf( fp," %02x", c );
331
gcry_md_putc ( md, c );
342
do_secret_key( iobuf_t out, int ctb, PKT_secret_key *sk )
346
iobuf_t a = iobuf_temp(); /* build in a self-enlarging buffer */
348
/* Write the version number - if none is specified, use 3 */
352
iobuf_put( a, sk->version );
353
write_32(a, sk->timestamp );
355
/* v3 needs the expiration time */
356
if( sk->version < 4 ) {
359
ndays = (u16)((sk->expiredate - sk->timestamp) / 86400L);
365
iobuf_put(a, sk->pubkey_algo );
367
/* get number of secret and public parameters. They are held in
368
one array first the public ones, then the secret ones */
369
nskey = pubkey_get_nskey( sk->pubkey_algo );
370
npkey = pubkey_get_npkey( sk->pubkey_algo );
372
/* If we don't have any public parameters - which is the case if
373
we don't know the algorithm used - the parameters are stored as
374
one blob in a faked (opaque) gcry_mpi_t */
376
write_fake_data( a, sk->skey[0] );
379
assert( npkey < nskey );
381
/* Writing the public parameters is easy */
382
for(i=0; i < npkey; i++ )
383
mpi_write(a, sk->skey[i] );
385
/* build the header for protected (encrypted) secret parameters */
386
if( sk->is_protected ) {
387
if( is_RSA(sk->pubkey_algo) && sk->version < 4
388
&& !sk->protect.s2k.mode ) {
389
/* the simple rfc1991 (v3) way */
390
iobuf_put(a, sk->protect.algo );
391
iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
394
/* OpenPGP protection according to rfc2440 */
395
iobuf_put(a, sk->protect.sha1chk? 0xfe : 0xff );
396
iobuf_put(a, sk->protect.algo );
397
if( sk->protect.s2k.mode >= 1000 ) {
398
/* These modes are not possible in OpenPGP, we use them
399
to implement our extensions, 101 can be seen as a
400
private/experimental extension (this is not
401
specified in rfc2440 but the same scheme is used
402
for all other algorithm identifiers) */
404
iobuf_put(a, sk->protect.s2k.hash_algo );
405
iobuf_write(a, "GNU", 3 );
406
iobuf_put(a, sk->protect.s2k.mode - 1000 );
409
iobuf_put(a, sk->protect.s2k.mode );
410
iobuf_put(a, sk->protect.s2k.hash_algo );
412
if( sk->protect.s2k.mode == 1
413
|| sk->protect.s2k.mode == 3 )
414
iobuf_write(a, sk->protect.s2k.salt, 8 );
415
if( sk->protect.s2k.mode == 3 )
416
iobuf_put(a, sk->protect.s2k.count );
418
/* For our special modes 1001 and 1002 we do not need an IV */
419
if( sk->protect.s2k.mode != 1001
420
&& sk->protect.s2k.mode != 1002 )
421
iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
427
if( sk->protect.s2k.mode == 1001 )
428
; /* GnuPG extension - don't write a secret key at all */
429
else if( sk->protect.s2k.mode == 1002 )
430
{ /* GnuPG extension - divert to OpenPGP smartcard. */
431
iobuf_put(a, sk->protect.ivlen ); /* length of the serial
432
number or 0 for no serial
434
/* The serial number gets stored in the IV field. */
435
iobuf_write(a, sk->protect.iv, sk->protect.ivlen);
437
else if( sk->is_protected && sk->version >= 4 ) {
438
/* The secret key is protected - write it out as it is */
440
assert( gcry_mpi_get_flag( sk->skey[npkey], GCRYMPI_FLAG_OPAQUE ) );
441
p = gcry_mpi_get_opaque( sk->skey[npkey], &i );
442
iobuf_write(a, p, (i+7)/8 );
444
else if( sk->is_protected ) {
445
/* The secret key is protected the old v4 way. */
446
for( ; i < nskey; i++ ) {
450
assert( gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
451
p = gcry_mpi_get_opaque( sk->skey[i], &n );
452
iobuf_write (a, p, (n+7)/8);
454
write_16(a, sk->csum );
457
/* non-protected key */
458
for( ; i < nskey; i++ )
459
mpi_write(a, sk->skey[i] );
460
write_16(a, sk->csum );
464
/* Build the header of the packet - which we must do after writing all
465
the other stuff, so that we know the length of the packet */
466
write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 );
467
/* And finally write it out the real stream */
468
rc = iobuf_write_temp (out, a );
470
iobuf_close(a); /* close the remporary buffer */
475
do_symkey_enc( iobuf_t out, int ctb, PKT_symkey_enc *enc )
478
iobuf_t a = iobuf_temp();
480
assert( enc->version == 4 );
481
switch( enc->s2k.mode ) {
482
case 0: case 1: case 3: break;
483
default: log_bug("do_symkey_enc: s2k=%d\n", enc->s2k.mode );
485
iobuf_put( a, enc->version );
486
iobuf_put( a, enc->cipher_algo );
487
iobuf_put( a, enc->s2k.mode );
488
iobuf_put( a, enc->s2k.hash_algo );
489
if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
490
iobuf_write(a, enc->s2k.salt, 8 );
491
if( enc->s2k.mode == 3 )
492
iobuf_put(a, enc->s2k.count);
495
iobuf_write(a, enc->seskey, enc->seskeylen );
497
write_header(out, ctb, iobuf_get_temp_length(a) );
498
rc = iobuf_write_temp (out, a);
508
do_pubkey_enc( iobuf_t out, int ctb, PKT_pubkey_enc *enc )
512
iobuf_t a = iobuf_temp();
514
write_version( a, ctb );
515
if( enc->throw_keyid ) {
516
write_32(a, 0 ); /* don't tell Eve who can decrypt the message */
520
write_32(a, enc->keyid[0] );
521
write_32(a, enc->keyid[1] );
523
iobuf_put(a,enc->pubkey_algo );
524
n = pubkey_get_nenc( enc->pubkey_algo );
526
write_fake_data( a, enc->data[0] );
527
for(i=0; i < n; i++ )
528
mpi_write(a, enc->data[i] );
530
write_header(out, ctb, iobuf_get_temp_length(a) );
531
rc = iobuf_write_temp (out, a);
541
calc_plaintext( PKT_plaintext *pt )
543
return pt->len? (1 + 1 + pt->namelen + 4 + pt->len) : 0;
547
do_plaintext( iobuf_t out, int ctb, PKT_plaintext *pt )
551
byte buf[1000]; /* this buffer has the plaintext! */
554
/* Truncate namelen to the maximum 255 characters. This does mean
555
that a function that calls build_packet with an illegal literal
556
packet will get it back legalized. */
560
write_header(out, ctb, calc_plaintext( pt ) );
561
iobuf_put(out, pt->mode );
562
iobuf_put(out, pt->namelen );
563
for(i=0; i < pt->namelen; i++ )
564
iobuf_put(out, pt->name[i] );
565
rc = write_32 (out, pt->timestamp);
568
while( (nbytes=iobuf_read(pt->buf, buf, 1000)) != -1 ) {
569
rc = iobuf_write(out, buf, nbytes);
574
wipememory(buf,1000); /* burn the buffer */
576
iobuf_set_block_mode(out, 0 ); /* write end marker */
577
else if( n != pt->len )
578
log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n",
579
(ulong)n, (ulong)pt->len );
587
do_encrypted( iobuf_t out, int ctb, PKT_encrypted *ed )
592
n = ed->len ? (ed->len + ed->extralen) : 0;
593
write_header(out, ctb, n );
595
/* This is all. The caller has to write the real data */
601
do_encrypted_mdc( iobuf_t out, int ctb, PKT_encrypted *ed )
606
assert( ed->mdc_method );
608
/* Take version number and the following MDC packet in account. */
609
n = ed->len ? (ed->len + ed->extralen + 1 + 22) : 0;
610
write_header(out, ctb, n );
611
iobuf_put(out, 1 ); /* version */
613
/* This is all. The caller has to write the real data */
620
do_compressed( iobuf_t out, int ctb, PKT_compressed *cd )
624
/* We must use the old convention and don't use blockmode for tyhe
625
sake of PGP 2 compatibility. However if the new_ctb flag was
626
set, CTB is already formatted as new style and write_header2
627
does create a partial length encoding using new the new
629
write_header2(out, ctb, 0, 0, 0 );
630
iobuf_put(out, cd->algorithm );
632
/* This is all. The caller has to write the real data */
639
* Delete all subpackets of type REQTYPE and return a bool whether a packet
643
delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
646
sigsubpkttype_t type;
647
byte *buffer, *bufstart;
662
n = *buffer++; buflen--;
666
n = (buffer[0] << 24) | (buffer[1] << 16)
667
| (buffer[2] << 8) | buffer[3];
671
else if( n >= 192 ) {
674
n = (( n - 192 ) << 8) + *buffer + 192;
681
type = *buffer & 0x7f;
682
if( type == reqtype ) {
688
buffer += n; /* point to next subpkt */
690
memmove (bufstart, buffer, buflen); /* shift */
691
unused += buffer - bufstart;
695
buffer += n; buflen -=n;
700
log_error ("delete_subpkt: buffer shorter than subpacket\n");
701
assert (unused <= area->len);
708
* Create or update a signature subpacket for SIG of TYPE. This
709
* functions knows where to put the data (hashed or unhashed). The
710
* function may move data from the unhashed part to the hashed one.
711
* Note: All pointers into sig->[un]hashed (e.g. returned by
712
* parse_sig_subpkt) are not valid after a call to this function. The
713
* data to put into the subpaket should be in a buffer with a length
717
build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
718
const byte *buffer, size_t buflen )
721
int critical, hashed;
722
subpktarea_t *oldarea, *newarea;
725
critical = (type & SIGSUBPKT_FLAG_CRITICAL);
726
type &= ~SIGSUBPKT_FLAG_CRITICAL;
728
/* Sanity check buffer sizes */
729
if(parse_one_sig_subpkt(buffer,buflen,type)<0)
734
case SIGSUBPKT_NOTATION:
735
case SIGSUBPKT_POLICY:
736
case SIGSUBPKT_REV_KEY:
737
/* we do allow multiple subpackets */
741
/* we don't allow multiple subpackets */
742
delete_sig_subpkt(sig->hashed,type);
743
delete_sig_subpkt(sig->unhashed,type);
747
/* Any special magic that needs to be done for this type so the
748
packet doesn't need to be reparsed? */
751
case SIGSUBPKT_NOTATION:
752
sig->flags.notation=1;
755
case SIGSUBPKT_POLICY:
756
sig->flags.policy_url=1;
759
case SIGSUBPKT_PREF_KS:
760
sig->flags.pref_ks=1;
763
case SIGSUBPKT_EXPORTABLE:
765
sig->flags.exportable=1;
767
sig->flags.exportable=0;
770
case SIGSUBPKT_REVOCABLE:
772
sig->flags.revocable=1;
774
sig->flags.revocable=0;
777
case SIGSUBPKT_TRUST:
778
sig->trust_depth=buffer[0];
779
sig->trust_value=buffer[1];
782
case SIGSUBPKT_REGEXP:
783
sig->trust_regexp=buffer;
786
/* This should never happen since we don't currently allow
787
creating such a subpacket, but just in case... */
788
case SIGSUBPKT_SIG_EXPIRE:
789
if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp())
790
sig->flags.expired=1;
792
sig->flags.expired=0;
799
if( (buflen+1) >= 8384 )
800
nlen = 5; /* write 5 byte length header */
801
else if( (buflen+1) >= 192 )
802
nlen = 2; /* write 2 byte length header */
804
nlen = 1; /* just a 1 byte length header */
807
/* The issuer being unhashed is a historical oddity. It
808
should work equally as well hashed. Of course, if even an
809
unhashed issuer is tampered with, it makes it awfully hard
810
to verify the sig... */
811
case SIGSUBPKT_ISSUER:
820
type |= SIGSUBPKT_FLAG_CRITICAL;
822
oldarea = hashed? sig->hashed : sig->unhashed;
824
/* Calculate new size of the area and allocate */
825
n0 = oldarea? oldarea->len : 0;
826
n = n0 + nlen + 1 + buflen; /* length, type, buffer */
827
if (oldarea && n <= oldarea->size) { /* fits into the unused space */
829
/*log_debug ("updating area for type %d\n", type );*/
832
newarea = xrealloc (oldarea, sizeof (*newarea) + n - 1);
834
/*log_debug ("reallocating area for type %d\n", type );*/
837
newarea = xmalloc (sizeof (*newarea) + n - 1);
839
/*log_debug ("allocating area for type %d\n", type );*/
843
p = newarea->data + n0;
846
*p++ = (buflen+1) >> 24;
847
*p++ = (buflen+1) >> 16;
848
*p++ = (buflen+1) >> 8;
851
memcpy (p, buffer, buflen);
853
else if (nlen == 2) {
854
*p++ = (buflen+1-192) / 256 + 192;
855
*p++ = (buflen+1-192) % 256;
857
memcpy (p, buffer, buflen);
862
memcpy (p, buffer, buflen);
866
sig->hashed = newarea;
868
sig->unhashed = newarea;
872
* Put all the required stuff from SIG into subpackets of sig.
873
* Hmmm, should we delete those subpackets which are in a wrong area?
876
build_sig_subpkt_from_sig( PKT_signature *sig )
882
buf[0] = (u >> 24) & 0xff;
883
buf[1] = (u >> 16) & 0xff;
884
buf[2] = (u >> 8) & 0xff;
887
buf[4] = (u >> 24) & 0xff;
888
buf[5] = (u >> 16) & 0xff;
889
buf[6] = (u >> 8) & 0xff;
891
build_sig_subpkt( sig, SIGSUBPKT_ISSUER, buf, 8 );
894
buf[0] = (u >> 24) & 0xff;
895
buf[1] = (u >> 16) & 0xff;
896
buf[2] = (u >> 8) & 0xff;
898
build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 );
902
if(sig->expiredate>sig->timestamp)
903
u=sig->expiredate-sig->timestamp;
907
buf[0] = (u >> 24) & 0xff;
908
buf[1] = (u >> 16) & 0xff;
909
buf[2] = (u >> 8) & 0xff;
912
/* Mark this CRITICAL, so if any implementation doesn't
913
understand sigs that can expire, it'll just disregard this
916
build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
922
build_attribute_subpkt(PKT_user_id *uid,byte type,
923
const void *buf,u32 buflen,
924
const void *header,u32 headerlen)
929
if(1+headerlen+buflen>8383)
931
else if(1+headerlen+buflen>191)
936
/* realloc uid->attrib_data to the right size */
938
uid->attrib_data=xrealloc(uid->attrib_data,
939
uid->attrib_len+idx+1+headerlen+buflen);
941
attrib=&uid->attrib_data[uid->attrib_len];
946
attrib[1]=(1+headerlen+buflen) >> 24;
947
attrib[2]=(1+headerlen+buflen) >> 16;
948
attrib[3]=(1+headerlen+buflen) >> 8;
949
attrib[4]=1+headerlen+buflen;
953
attrib[0]=(1+headerlen+buflen-192) / 256 + 192;
954
attrib[1]=(1+headerlen+buflen-192) % 256;
957
attrib[0]=1+headerlen+buflen; /* Good luck finding a JPEG this small! */
961
/* Tack on our data at the end */
964
memcpy(&attrib[idx],header,headerlen);
965
memcpy(&attrib[idx+headerlen],buf,buflen);
966
uid->attrib_len+=idx+headerlen+buflen;
970
do_signature( iobuf_t out, int ctb, PKT_signature *sig )
974
iobuf_t a = iobuf_temp();
979
iobuf_put( a, sig->version );
980
if( sig->version < 4 )
981
iobuf_put(a, 5 ); /* constant */
982
iobuf_put(a, sig->sig_class );
983
if( sig->version < 4 ) {
984
write_32(a, sig->timestamp );
985
write_32(a, sig->keyid[0] );
986
write_32(a, sig->keyid[1] );
988
iobuf_put(a, sig->pubkey_algo );
989
iobuf_put(a, sig->digest_algo );
990
if( sig->version >= 4 ) {
992
/* timestamp and keyid must have been packed into the
993
* subpackets prior to the call of this function, because
994
* these subpackets are hashed */
995
nn = sig->hashed? sig->hashed->len : 0;
998
iobuf_write( a, sig->hashed->data, nn );
999
nn = sig->unhashed? sig->unhashed->len : 0;
1002
iobuf_write( a, sig->unhashed->data, nn );
1004
iobuf_put(a, sig->digest_start[0] );
1005
iobuf_put(a, sig->digest_start[1] );
1006
n = pubkey_get_nsig( sig->pubkey_algo );
1008
write_fake_data( a, sig->data[0] );
1009
for(i=0; i < n; i++ )
1010
mpi_write(a, sig->data[i] );
1012
if( is_RSA(sig->pubkey_algo) && sig->version < 4 )
1013
write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
1015
write_header(out, ctb, iobuf_get_temp_length(a) );
1016
rc = iobuf_write_temp (out, a);
1024
do_onepass_sig( iobuf_t out, int ctb, PKT_onepass_sig *ops )
1027
iobuf_t a = iobuf_temp();
1029
write_version( a, ctb );
1030
iobuf_put(a, ops->sig_class );
1031
iobuf_put(a, ops->digest_algo );
1032
iobuf_put(a, ops->pubkey_algo );
1033
write_32(a, ops->keyid[0] );
1034
write_32(a, ops->keyid[1] );
1035
iobuf_put(a, ops->last );
1037
write_header(out, ctb, iobuf_get_temp_length(a) );
1038
rc = iobuf_write_temp (out, a);
1046
write_16(iobuf_t out, u16 a)
1048
iobuf_put(out, a>>8);
1049
return iobuf_put(out,a);
1053
write_32(iobuf_t out, u32 a)
1055
iobuf_put(out, a>> 24);
1056
iobuf_put(out, a>> 16);
1057
iobuf_put(out, a>> 8);
1058
return iobuf_put (out, a);
1063
* calculate the length of a header
1066
calc_header_length( u32 len, int new_ctb )
1069
return 1; /* only the ctb */
1088
* Write the CTB and the packet length
1091
write_header( iobuf_t out, int ctb, u32 len )
1093
return write_header2( out, ctb, len, 0, 1 );
1098
write_sign_packet_header( iobuf_t out, int ctb, u32 len )
1100
/* work around a bug in the pgp read function for signature packets,
1101
* which are not correctly coded and silently assume at some
1102
* point 2 byte length headers.*/
1103
iobuf_put(out, 0x89 );
1104
iobuf_put(out, len >> 8 );
1105
return iobuf_put(out, len ) == -1 ? -1:0;
1109
* if HDRLEN is > 0, try to build a header of this length.
1110
* we need this, so that we can hash packets without reading them again.
1113
write_header2( iobuf_t out, int ctb, u32 len, int hdrlen, int blkmode )
1116
return write_new_header( out, ctb, len, hdrlen );
1121
else if( hdrlen == 2 && len < 256 )
1123
else if( hdrlen == 3 && len < 65536 )
1131
else if( len < 256 )
1133
else if( len < 65536 )
1138
if( iobuf_put(out, ctb ) )
1142
iobuf_set_block_mode(out, 8196 );
1146
iobuf_put(out, len >> 24 );
1147
iobuf_put(out, len >> 16 );
1150
iobuf_put(out, len >> 8 );
1151
if( iobuf_put(out, len ) )
1159
write_new_header( iobuf_t out, int ctb, u32 len, int hdrlen )
1162
log_bug("can't cope with hdrlen yet\n");
1164
if( iobuf_put(out, ctb ) )
1167
iobuf_set_partial_block_mode(out, 512 );
1171
if( iobuf_put(out, len ) )
1174
else if( len < 8384 ) {
1176
if( iobuf_put( out, (len / 256) + 192) )
1178
if( iobuf_put( out, (len % 256) ) )
1182
if( iobuf_put( out, 0xff ) )
1184
if( iobuf_put( out, (len >> 24)&0xff ) )
1186
if( iobuf_put( out, (len >> 16)&0xff ) )
1188
if( iobuf_put( out, (len >> 8)&0xff ) )
1190
if( iobuf_put( out, len & 0xff ) )
1198
write_version( iobuf_t out, int ctb )
1200
if( iobuf_put( out, 3 ) )