diff --git a/cipher/kdf.c b/cipher/kdf.c index 27f57896..3d707bd0 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -1,307 +1,502 @@ /* kdf.c - Key Derivation Functions - * Copyright (C) 1998, 2011 Free Software Foundation, Inc. + * Copyright (C) 1998, 2008, 2011 Free Software Foundation, Inc. * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ #include #include #include #include #include #include "g10lib.h" #include "cipher.h" #include "kdf-internal.h" /* Transform a passphrase into a suitable key of length KEYSIZE and store this key in the caller provided buffer KEYBUFFER. The caller must provide an HASHALGO, a valid ALGO and depending on that algo a SALT of 8 bytes and the number of ITERATIONS. Code taken from gnupg/agent/protect.c:hash_passphrase. */ static gpg_err_code_t openpgp_s2k (const void *passphrase, size_t passphraselen, int algo, int hashalgo, const void *salt, size_t saltlen, unsigned long iterations, size_t keysize, void *keybuffer) { gpg_err_code_t ec; gcry_md_hd_t md; char *key = keybuffer; int pass, i; int used = 0; int secmode; if ((algo == GCRY_KDF_SALTED_S2K || algo == GCRY_KDF_ITERSALTED_S2K) && (!salt || saltlen != 8)) return GPG_ERR_INV_VALUE; secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); ec = _gcry_md_open (&md, hashalgo, secmode? GCRY_MD_FLAG_SECURE : 0); if (ec) return ec; for (pass=0; used < keysize; pass++) { if (pass) { _gcry_md_reset (md); for (i=0; i < pass; i++) /* Preset the hash context. */ _gcry_md_putc (md, 0); } if (algo == GCRY_KDF_SALTED_S2K || algo == GCRY_KDF_ITERSALTED_S2K) { int len2 = passphraselen + 8; unsigned long count = len2; if (algo == GCRY_KDF_ITERSALTED_S2K) { count = iterations; if (count < len2) count = len2; } while (count > len2) { _gcry_md_write (md, salt, saltlen); _gcry_md_write (md, passphrase, passphraselen); count -= len2; } if (count < saltlen) _gcry_md_write (md, salt, count); else { _gcry_md_write (md, salt, saltlen); count -= saltlen; _gcry_md_write (md, passphrase, count); } } else _gcry_md_write (md, passphrase, passphraselen); _gcry_md_final (md); i = _gcry_md_get_algo_dlen (hashalgo); if (i > keysize - used) i = keysize - used; memcpy (key+used, _gcry_md_read (md, hashalgo), i); used += i; } _gcry_md_close (md); return 0; } /* Transform a passphrase into a suitable key of length KEYSIZE and store this key in the caller provided buffer KEYBUFFER. The caller must provide PRFALGO which indicates the pseudorandom function to use: This shall be the algorithms id of a hash algorithm; it is used in HMAC mode. SALT is a salt of length SALTLEN and ITERATIONS gives the number of iterations. */ gpg_err_code_t _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, int hashalgo, const void *salt, size_t saltlen, unsigned long iterations, size_t keysize, void *keybuffer) { gpg_err_code_t ec; gcry_md_hd_t md; int secmode; unsigned long dklen = keysize; char *dk = keybuffer; unsigned int hlen; /* Output length of the digest function. */ unsigned int l; /* Rounded up number of blocks. */ unsigned int r; /* Number of octets in the last block. */ char *sbuf; /* Malloced buffer to concatenate salt and iter as well as space to hold TBUF and UBUF. */ char *tbuf; /* Buffer for T; ptr into SBUF, size is HLEN. */ char *ubuf; /* Buffer for U; ptr into SBUF, size is HLEN. */ unsigned int lidx; /* Current block number. */ unsigned long iter; /* Current iteration number. */ unsigned int i; /* We allow for a saltlen of 0 here to support scrypt. It is not clear whether rfc2898 allows for this this, thus we do a test on saltlen > 0 only in gcry_kdf_derive. */ if (!salt || !iterations || !dklen) return GPG_ERR_INV_VALUE; hlen = _gcry_md_get_algo_dlen (hashalgo); if (!hlen) return GPG_ERR_DIGEST_ALGO; secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); /* Step 1 */ /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and * stop. We use a stronger inequality but only if our type can hold * a larger value. */ #if SIZEOF_UNSIGNED_LONG > 4 if (dklen > 0xffffffffU) return GPG_ERR_INV_VALUE; #endif /* Step 2 */ l = ((dklen - 1)/ hlen) + 1; r = dklen - (l - 1) * hlen; /* Setup buffers and prepare a hash context. */ sbuf = (secmode ? xtrymalloc_secure (saltlen + 4 + hlen + hlen) : xtrymalloc (saltlen + 4 + hlen + hlen)); if (!sbuf) return gpg_err_code_from_syserror (); tbuf = sbuf + saltlen + 4; ubuf = tbuf + hlen; ec = _gcry_md_open (&md, hashalgo, (GCRY_MD_FLAG_HMAC | (secmode?GCRY_MD_FLAG_SECURE:0))); if (ec) { xfree (sbuf); return ec; } ec = _gcry_md_setkey (md, passphrase, passphraselen); if (ec) { _gcry_md_close (md); xfree (sbuf); return ec; } /* Step 3 and 4. */ memcpy (sbuf, salt, saltlen); for (lidx = 1; lidx <= l; lidx++) { for (iter = 0; iter < iterations; iter++) { _gcry_md_reset (md); if (!iter) /* Compute U_1: */ { sbuf[saltlen] = (lidx >> 24); sbuf[saltlen + 1] = (lidx >> 16); sbuf[saltlen + 2] = (lidx >> 8); sbuf[saltlen + 3] = lidx; _gcry_md_write (md, sbuf, saltlen + 4); memcpy (ubuf, _gcry_md_read (md, 0), hlen); memcpy (tbuf, ubuf, hlen); } else /* Compute U_(2..c): */ { _gcry_md_write (md, ubuf, hlen); memcpy (ubuf, _gcry_md_read (md, 0), hlen); for (i=0; i < hlen; i++) tbuf[i] ^= ubuf[i]; } } if (lidx == l) /* Last block. */ memcpy (dk, tbuf, r); else { memcpy (dk, tbuf, hlen); dk += hlen; } } _gcry_md_close (md); xfree (sbuf); return 0; } /* Derive a key from a passphrase. KEYSIZE gives the requested size of the keys in octets. KEYBUFFER is a caller provided buffer filled on success with the derived key. The input passphrase is taken from (PASSPHRASE,PASSPHRASELEN) which is an arbitrary memory buffer. ALGO specifies the KDF algorithm to use; these are the constants GCRY_KDF_*. SUBALGO specifies an algorithm used internally by the KDF algorithms; this is usually a hash algorithm but certain KDF algorithm may use it differently. {SALT,SALTLEN} is a salt as needed by most KDF algorithms. ITERATIONS is a positive integer parameter to most KDFs. 0 is returned on success, or an error code on failure. */ gpg_err_code_t _gcry_kdf_derive (const void *passphrase, size_t passphraselen, int algo, int subalgo, const void *salt, size_t saltlen, unsigned long iterations, size_t keysize, void *keybuffer) { gpg_err_code_t ec; if (!passphrase) { ec = GPG_ERR_INV_DATA; goto leave; } if (!keybuffer || !keysize) { ec = GPG_ERR_INV_VALUE; goto leave; } switch (algo) { case GCRY_KDF_SIMPLE_S2K: case GCRY_KDF_SALTED_S2K: case GCRY_KDF_ITERSALTED_S2K: if (!passphraselen) ec = GPG_ERR_INV_DATA; else ec = openpgp_s2k (passphrase, passphraselen, algo, subalgo, salt, saltlen, iterations, keysize, keybuffer); break; case GCRY_KDF_PBKDF1: ec = GPG_ERR_UNSUPPORTED_ALGORITHM; break; case GCRY_KDF_PBKDF2: if (!saltlen) ec = GPG_ERR_INV_VALUE; else ec = _gcry_kdf_pkdf2 (passphrase, passphraselen, subalgo, salt, saltlen, iterations, keysize, keybuffer); break; case 41: case GCRY_KDF_SCRYPT: #if USE_SCRYPT ec = _gcry_kdf_scrypt (passphrase, passphraselen, algo, subalgo, salt, saltlen, iterations, keysize, keybuffer); #else ec = GPG_ERR_UNSUPPORTED_ALGORITHM; #endif /*USE_SCRYPT*/ break; default: ec = GPG_ERR_UNKNOWN_ALGORITHM; break; } leave: return ec; } + + +/* Check one KDF call with ALGO and HASH_ALGO using the regular KDF + * API. (passphrase,passphraselen) is the password to be derived, + * (salt,saltlen) the salt for the key derivation, + * iterations is the number of the kdf iterations, + * and (expect,expectlen) the expected result. Returns NULL on + * success or a string describing the failure. */ + +static const char * +check_one (int algo, int hash_algo, + const void *passphrase, size_t passphraselen, + const void *salt, size_t saltlen, + unsigned long iterations, + const void *expect, size_t expectlen) +{ + unsigned char key[512]; /* hardcoded to avoid allocation */ + size_t keysize = expectlen; + + if (keysize > sizeof(key)) + return "invalid tests data"; + + if (_gcry_kdf_derive (passphrase, passphraselen, algo, + hash_algo, salt, saltlen, iterations, + keysize, key)) + return "gcry_kdf_derive failed"; + + if (memcmp (key, expect, expectlen)) + return "does not match"; + + return NULL; +} + + +static gpg_err_code_t +selftest_pbkdf2 (int extended, selftest_report_func_t report) +{ + static struct { + const char *desc; + const char *p; /* Passphrase. */ + size_t plen; /* Length of P. */ + const char *salt; + size_t saltlen; + int hashalgo; + unsigned long c; /* Iterations. */ + int dklen; /* Requested key length. */ + const char *dk; /* Derived key. */ + int disabled; + } tv[] = { +#if USE_SHA1 +#define NUM_TEST_VECTORS 9 + /* SHA1 test vectors are from RFC-6070. */ + { + "Basic PBKDF2 SHA1 #1", + "password", 8, + "salt", 4, + GCRY_MD_SHA1, + 1, + 20, + "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" + "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6" + }, + { + "Basic PBKDF2 SHA1 #2", + "password", 8, + "salt", 4, + GCRY_MD_SHA1, + 2, + 20, + "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e" + "\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57" + }, + { + "Basic PBKDF2 SHA1 #3", + "password", 8, + "salt", 4, + GCRY_MD_SHA1, + 4096, + 20, + "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad" + "\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1" + }, + { + "Basic PBKDF2 SHA1 #4", + "password", 8, + "salt", 4, + GCRY_MD_SHA1, + 16777216, + 20, + "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94" + "\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", + 1 /* This test takes too long. */ + }, + { + "Basic PBKDF2 SHA1 #5", + "passwordPASSWORDpassword", 24, + "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, + GCRY_MD_SHA1, + 4096, + 25, + "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8" + "\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96" + "\x4c\xf2\xf0\x70\x38" + }, + { + "Basic PBKDF2 SHA1 #6", + "pass\0word", 9, + "sa\0lt", 5, + GCRY_MD_SHA1, + 4096, + 16, + "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" + "\xd7\xf0\x34\x25\xe0\xc3" + }, + { /* empty password test, not in RFC-6070 */ + "Basic PBKDF2 SHA1 #7", + "", 0, + "salt", 4, + GCRY_MD_SHA1, + 2, + 20, + "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" + "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97" + }, +#else +#define NUM_TEST_VECTORS 2 +#endif + { + "Basic PBKDF2 SHA256", + "password", 8, + "salt", 4, + GCRY_MD_SHA256, + 2, + 32, + "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0" + "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43" + }, + { + "Extended PBKDF2 SHA256", + "passwordPASSWORDpassword", 24, + "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, + GCRY_MD_SHA256, + 4096, + 40, + "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf" + "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1" + "\xc6\x35\x51\x8c\x7d\xac\x47\xe9" + } + }; + const char *what; + const char *errtxt; + int tvidx; + + for (tvidx=0; tv[tvidx].desc; tvidx++) + { + what = tv[tvidx].desc; + if (tv[tvidx].disabled) + continue; + errtxt = check_one (GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, + tv[tvidx].p, tv[tvidx].plen, + tv[tvidx].salt, tv[tvidx].saltlen, + tv[tvidx].c, + tv[tvidx].dk, tv[tvidx].dklen); + if (errtxt) + goto failed; + if (tvidx >= NUM_TEST_VECTORS - 1 && !extended) + break; + } + + return 0; /* Succeeded. */ + + failed: + if (report) + report ("kdf", GCRY_KDF_PBKDF2, what, errtxt); + return GPG_ERR_SELFTEST_FAILED; +} + + +/* Run the selftests for KDF with KDF algorithm ALGO with optional + reporting function REPORT. */ +gpg_error_t +_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report) +{ + gcry_err_code_t ec = 0; + + if (algo == GCRY_KDF_PBKDF2) + ec = selftest_pbkdf2 (extended, report); + else + { + ec = GPG_ERR_UNSUPPORTED_ALGORITHM; + if (report) + report ("kdf", algo, "module", "algorithm not available"); + } + return gpg_error (ec); +} diff --git a/cipher/mac-cmac.c b/cipher/mac-cmac.c index f4d0ce59..d4760bc2 100644 --- a/cipher/mac-cmac.c +++ b/cipher/mac-cmac.c @@ -1,236 +1,524 @@ /* mac-cmac.c - CMAC glue for MAC API * Copyright (C) 2013 Jussi Kivilinna + * Copyright (C) 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ #include #include #include #include #include #include "g10lib.h" #include "cipher.h" #include "./mac-internal.h" static int map_mac_algo_to_cipher (int mac_algo) { switch (mac_algo) { default: return GCRY_CIPHER_NONE; case GCRY_MAC_CMAC_AES: return GCRY_CIPHER_AES; case GCRY_MAC_CMAC_3DES: return GCRY_CIPHER_3DES; case GCRY_MAC_CMAC_CAMELLIA: return GCRY_CIPHER_CAMELLIA128; case GCRY_MAC_CMAC_IDEA: return GCRY_CIPHER_IDEA; case GCRY_MAC_CMAC_CAST5: return GCRY_CIPHER_CAST5; case GCRY_MAC_CMAC_BLOWFISH: return GCRY_CIPHER_BLOWFISH; case GCRY_MAC_CMAC_TWOFISH: return GCRY_CIPHER_TWOFISH; case GCRY_MAC_CMAC_SERPENT: return GCRY_CIPHER_SERPENT128; case GCRY_MAC_CMAC_SEED: return GCRY_CIPHER_SEED; case GCRY_MAC_CMAC_RFC2268: return GCRY_CIPHER_RFC2268_128; case GCRY_MAC_CMAC_GOST28147: return GCRY_CIPHER_GOST28147; case GCRY_MAC_CMAC_SM4: return GCRY_CIPHER_SM4; } } static gcry_err_code_t cmac_open (gcry_mac_hd_t h) { gcry_err_code_t err; gcry_cipher_hd_t hd; int secure = (h->magic == CTX_MAGIC_SECURE); int cipher_algo; unsigned int flags; cipher_algo = map_mac_algo_to_cipher (h->spec->algo); flags = (secure ? GCRY_CIPHER_SECURE : 0); err = _gcry_cipher_open_internal (&hd, cipher_algo, GCRY_CIPHER_MODE_CMAC, flags); if (err) return err; h->u.cmac.cipher_algo = cipher_algo; h->u.cmac.ctx = hd; h->u.cmac.blklen = _gcry_cipher_get_algo_blklen (cipher_algo); return 0; } static void cmac_close (gcry_mac_hd_t h) { _gcry_cipher_close (h->u.cmac.ctx); h->u.cmac.ctx = NULL; } static gcry_err_code_t cmac_setkey (gcry_mac_hd_t h, const unsigned char *key, size_t keylen) { return _gcry_cipher_setkey (h->u.cmac.ctx, key, keylen); } static gcry_err_code_t cmac_reset (gcry_mac_hd_t h) { return _gcry_cipher_reset (h->u.cmac.ctx); } static gcry_err_code_t cmac_write (gcry_mac_hd_t h, const unsigned char *buf, size_t buflen) { return _gcry_cipher_cmac_authenticate (h->u.cmac.ctx, buf, buflen); } static gcry_err_code_t cmac_read (gcry_mac_hd_t h, unsigned char *outbuf, size_t * outlen) { if (*outlen > h->u.cmac.blklen) *outlen = h->u.cmac.blklen; return _gcry_cipher_cmac_get_tag (h->u.cmac.ctx, outbuf, *outlen); } static gcry_err_code_t cmac_verify (gcry_mac_hd_t h, const unsigned char *buf, size_t buflen) { return _gcry_cipher_cmac_check_tag (h->u.cmac.ctx, buf, buflen); } static unsigned int cmac_get_maclen (int algo) { return _gcry_cipher_get_algo_blklen (map_mac_algo_to_cipher (algo)); } static unsigned int cmac_get_keylen (int algo) { return _gcry_cipher_get_algo_keylen (map_mac_algo_to_cipher (algo)); } +/* Check one CMAC with MAC ALGO using the regular MAC + * API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key + * and (EXPECT,EXPECTLEN) the expected result. Returns NULL on + * success or a string describing the failure. */ +static const char * +check_one (int algo, const char *data, size_t datalen, + const char *key, size_t keylen, + const char *expect, size_t expectlen) +{ + gcry_mac_hd_t hd; + unsigned char mac[512]; /* hardcoded to avoid allocation */ + unsigned int maclen; + size_t macoutlen; + int i; + gcry_error_t err = 0; + + err = _gcry_mac_open (&hd, algo, 0, NULL); + if (err) + return "gcry_mac_open failed"; + + i = _gcry_mac_get_algo (hd); + if (i != algo) + return "gcry_mac_get_algo failed"; + + maclen = _gcry_mac_get_algo_maclen (algo); + if (maclen < 1 || maclen > 500) + return "gcry_mac_get_algo_maclen failed"; + + if (maclen != expectlen) + return "invalid tests data"; + + err = _gcry_mac_setkey (hd, key, keylen); + if (err) + { + _gcry_mac_close (hd); + return "gcry_mac_setkey failed"; + } + + err = _gcry_mac_write (hd, data, datalen); + if (err) + { + _gcry_mac_close (hd); + return "gcry_mac_write failed"; + } + + err = _gcry_mac_verify (hd, expect, maclen); + if (err) + { + _gcry_mac_close (hd); + return "gcry_mac_verify failed"; + } + + macoutlen = maclen; + err = _gcry_mac_read (hd, mac, &macoutlen); + _gcry_mac_close (hd); + if (err) + return "gcry_mac_read failed"; + + if (memcmp (mac, expect, maclen)) + return "does not match"; + + return NULL; +} + + +/* + * CMAC AES and DES test vectors are from + * http://web.archive.org/web/20130930212819/http://csrc.nist.gov/publica \ + * tions/nistpubs/800-38B/Updated_CMAC_Examples.pdf + */ + +static gpg_err_code_t +selftests_cmac_3des (int extended, selftest_report_func_t report) +{ + static const struct + { + const char *desc; + const char *data; + const char *key; + const char *expect; + } tv[] = + { + { "Basic 3DES", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57", + "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + "\x74\x3d\xdb\xe0\xce\x2d\xc2\xed" }, + { "Extended 3DES #1", + "", + "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + "\xb7\xa6\x88\xe1\x22\xff\xaf\x95" }, + { "Extended 3DES #2", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96", + "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + "\x8e\x8f\x29\x31\x36\x28\x37\x97" }, + { "Extended 3DES #3", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", + "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58" + "\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5", + "\x33\xe6\xb1\x09\x24\x00\xea\xe5" }, + { "Extended 3DES #4", + "", + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5\x8a\x3d\x10\xba\x80\x57\x0d\x38" + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5", + "\xbd\x2e\xbf\x9a\x3b\xa0\x03\x61" }, + { "Extended 3DES #5", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96", + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5\x8a\x3d\x10\xba\x80\x57\x0d\x38" + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5", + "\x4f\xf2\xab\x81\x3c\x53\xce\x83" }, + { "Extended 3DES #6", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57", + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5\x8a\x3d\x10\xba\x80\x57\x0d\x38" + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5", + "\x62\xdd\x1b\x47\x19\x02\xbd\x4e" }, + { "Extended 3DES #7", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5\x8a\x3d\x10\xba\x80\x57\x0d\x38" + "\x4c\xf1\x51\x34\xa2\x85\x0d\xd5", + "\x31\xb1\xe4\x31\xda\xbc\x4e\xb8" }, + { NULL } + }; + const char *what; + const char *errtxt; + int tvidx; + + for (tvidx=0; tv[tvidx].desc; tvidx++) + { + what = tv[tvidx].desc; + errtxt = check_one (GCRY_MAC_CMAC_3DES, + tv[tvidx].data, strlen (tv[tvidx].data), + tv[tvidx].key, strlen (tv[tvidx].key), + tv[tvidx].expect, 8); + if (errtxt) + goto failed; + if (!extended) + break; + } + + return 0; /* Succeeded. */ + + failed: + if (report) + report ("cmac", GCRY_MAC_CMAC_3DES, what, errtxt); + return GPG_ERR_SELFTEST_FAILED; +} + + + +static gpg_err_code_t +selftests_cmac_aes (int extended, selftest_report_func_t report) +{ + static const struct + { + const char *desc; + const char *data; + const char *key; + const char *expect; + } tv[] = + { + { "Basic AES128", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27" }, + { "Basic AES192", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5" + "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", + "\x8a\x1d\xe5\xbe\x2e\xb3\x1a\xad\x08\x9a\x82\xe6\xee\x90\x8b\x0e" }, + { "Basic AES256", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", + "\xaa\xf3\xd8\xf1\xde\x56\x40\xc2\x32\xf5\xb1\x69\xb9\xc9\x11\xe6" }, + { "Extended AES #1", + "", + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46" }, + { "Extended AES #2", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5" + "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", + "\x9e\x99\xa7\xbf\x31\xe7\x10\x90\x06\x62\xf6\x5e\x61\x7c\x51\x84" }, + { "Extended AES #3", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", + "\xe1\x99\x21\x90\x54\x9f\x6e\xd5\x69\x6a\x2c\x05\x6c\x31\x54\x10" }, + { "Extended AES #4", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c" }, + { "Extended AES #5", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17\x79\x36\x3c\xfe" }, + { "Extended AES #6", + "", + "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5" + "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", + "\xd1\x7d\xdf\x46\xad\xaa\xcd\xe5\x31\xca\xc4\x83\xde\x7a\x93\x67" }, + { "Extended AES #7", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5" + "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", + "\xa1\xd5\xdf\x0e\xed\x79\x0f\x79\x4d\x77\x58\x96\x59\xf3\x9a\x11" }, + { "Extended AES #8", + "", + "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", + "\x02\x89\x62\xf6\x1b\x7b\xf8\x9e\xfc\x6b\x55\x1f\x46\x67\xd9\x83" }, + { "Extended AES #9", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", + "\x28\xa7\x02\x3f\x45\x2e\x8f\x82\xbd\x4b\xf2\x8d\x8c\x37\xc3\x5c" }, + { NULL } + }; + const char *what; + const char *errtxt; + int tvidx; + + for (tvidx=0; tv[tvidx].desc; tvidx++) + { + what = tv[tvidx].desc; + errtxt = check_one (GCRY_MAC_CMAC_AES, + tv[tvidx].data, strlen (tv[tvidx].data), + tv[tvidx].key, strlen (tv[tvidx].key), + tv[tvidx].expect, strlen (tv[tvidx].expect)); + if (errtxt) + goto failed; + if (tvidx >= 2 && !extended) + break; + } + + return 0; /* Succeeded. */ + + failed: + if (report) + report ("cmac", GCRY_MAC_CMAC_AES, what, errtxt); + return GPG_ERR_SELFTEST_FAILED; +} + +static gpg_err_code_t +cmac_selftest (int algo, int extended, selftest_report_func_t report) +{ + gpg_err_code_t ec; + + switch (algo) + { + case GCRY_MAC_CMAC_3DES: + ec = selftests_cmac_3des (extended, report); + break; + case GCRY_MAC_CMAC_AES: + ec = selftests_cmac_aes (extended, report); + break; + + default: + ec = GPG_ERR_MAC_ALGO; + break; + } + + return ec; +} + + static gcry_mac_spec_ops_t cmac_ops = { cmac_open, cmac_close, cmac_setkey, NULL, cmac_reset, cmac_write, cmac_read, cmac_verify, cmac_get_maclen, cmac_get_keylen, NULL, - NULL + cmac_selftest }; #if USE_BLOWFISH gcry_mac_spec_t _gcry_mac_type_spec_cmac_blowfish = { GCRY_MAC_CMAC_BLOWFISH, {0, 0}, "CMAC_BLOWFISH", &cmac_ops }; #endif #if USE_DES gcry_mac_spec_t _gcry_mac_type_spec_cmac_tripledes = { GCRY_MAC_CMAC_3DES, {0, 1}, "CMAC_3DES", &cmac_ops }; #endif #if USE_CAST5 gcry_mac_spec_t _gcry_mac_type_spec_cmac_cast5 = { GCRY_MAC_CMAC_CAST5, {0, 0}, "CMAC_CAST5", &cmac_ops }; #endif #if USE_AES gcry_mac_spec_t _gcry_mac_type_spec_cmac_aes = { GCRY_MAC_CMAC_AES, {0, 1}, "CMAC_AES", &cmac_ops }; #endif #if USE_TWOFISH gcry_mac_spec_t _gcry_mac_type_spec_cmac_twofish = { GCRY_MAC_CMAC_TWOFISH, {0, 0}, "CMAC_TWOFISH", &cmac_ops }; #endif #if USE_SERPENT gcry_mac_spec_t _gcry_mac_type_spec_cmac_serpent = { GCRY_MAC_CMAC_SERPENT, {0, 0}, "CMAC_SERPENT", &cmac_ops }; #endif #if USE_RFC2268 gcry_mac_spec_t _gcry_mac_type_spec_cmac_rfc2268 = { GCRY_MAC_CMAC_RFC2268, {0, 0}, "CMAC_RFC2268", &cmac_ops }; #endif #if USE_SEED gcry_mac_spec_t _gcry_mac_type_spec_cmac_seed = { GCRY_MAC_CMAC_SEED, {0, 0}, "CMAC_SEED", &cmac_ops }; #endif #if USE_CAMELLIA gcry_mac_spec_t _gcry_mac_type_spec_cmac_camellia = { GCRY_MAC_CMAC_CAMELLIA, {0, 0}, "CMAC_CAMELLIA", &cmac_ops }; #endif #ifdef USE_IDEA gcry_mac_spec_t _gcry_mac_type_spec_cmac_idea = { GCRY_MAC_CMAC_IDEA, {0, 0}, "CMAC_IDEA", &cmac_ops }; #endif #if USE_GOST28147 gcry_mac_spec_t _gcry_mac_type_spec_cmac_gost28147 = { GCRY_MAC_CMAC_GOST28147, {0, 0}, "CMAC_GOST28147", &cmac_ops }; #endif #if USE_SM4 gcry_mac_spec_t _gcry_mac_type_spec_cmac_sm4 = { GCRY_MAC_CMAC_SM4, {0, 0}, "CMAC_SM4", &cmac_ops }; #endif diff --git a/src/cipher-proto.h b/src/cipher-proto.h index ece5322d..bb16d48d 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -1,278 +1,280 @@ /* cipher-proto.h - Internal declarations * Copyright (C) 2008, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ /* This file has been factored out from cipher.h so that it can be used standalone in visibility.c . */ #ifndef G10_CIPHER_PROTO_H #define G10_CIPHER_PROTO_H enum pk_encoding; /* Definition of a function used to report selftest failures. DOMAIN is a string describing the function block: "cipher", "digest", "pubkey or "random", ALGO is the algorithm under test, WHAT is a string describing what has been tested, DESC is a string describing the error. */ typedef void (*selftest_report_func_t)(const char *domain, int algo, const char *what, const char *errdesc); /* Definition of the selftest functions. */ typedef gpg_err_code_t (*selftest_func_t) (int algo, int extended, selftest_report_func_t report); /* * * Public key related definitions. * */ /* Type for the pk_generate function. */ typedef gcry_err_code_t (*gcry_pk_generate_t) (gcry_sexp_t genparms, gcry_sexp_t *r_skey); /* Type for the pk_check_secret_key function. */ typedef gcry_err_code_t (*gcry_pk_check_secret_key_t) (gcry_sexp_t keyparms); /* Type for the pk_encrypt function. */ typedef gcry_err_code_t (*gcry_pk_encrypt_t) (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms); /* Type for the pk_decrypt function. */ typedef gcry_err_code_t (*gcry_pk_decrypt_t) (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms); /* Type for the pk_sign function. */ typedef gcry_err_code_t (*gcry_pk_sign_t) (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms); /* Type for the pk_verify function. */ typedef gcry_err_code_t (*gcry_pk_verify_t) (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms); /* Type for the pk_get_nbits function. */ typedef unsigned (*gcry_pk_get_nbits_t) (gcry_sexp_t keyparms); /* The type used to compute the keygrip. */ typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md, gcry_sexp_t keyparm); /* The type used to query an ECC curve name. */ typedef const char *(*pk_get_curve_t)(gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits); /* The type used to query ECC curve parameters by name. */ typedef gcry_sexp_t (*pk_get_curve_param_t)(const char *name); /* Module specification structure for public key algorithms. */ typedef struct gcry_pk_spec { int algo; struct { unsigned int disabled:1; unsigned int fips:1; } flags; int use; const char *name; const char **aliases; const char *elements_pkey; const char *elements_skey; const char *elements_enc; const char *elements_sig; const char *elements_grip; gcry_pk_generate_t generate; gcry_pk_check_secret_key_t check_secret_key; gcry_pk_encrypt_t encrypt; gcry_pk_decrypt_t decrypt; gcry_pk_sign_t sign; gcry_pk_verify_t verify; gcry_pk_get_nbits_t get_nbits; selftest_func_t selftest; pk_comp_keygrip_t comp_keygrip; pk_get_curve_t get_curve; pk_get_curve_param_t get_curve_param; } gcry_pk_spec_t; /* * * Symmetric cipher related definitions. * */ typedef struct cipher_bulk_ops cipher_bulk_ops_t; /* Type for the cipher_setkey function. */ typedef gcry_err_code_t (*gcry_cipher_setkey_t) (void *c, const unsigned char *key, unsigned keylen, cipher_bulk_ops_t *bulk_ops); /* Type for the cipher_encrypt function. */ typedef unsigned int (*gcry_cipher_encrypt_t) (void *c, unsigned char *outbuf, const unsigned char *inbuf); /* Type for the cipher_decrypt function. */ typedef unsigned int (*gcry_cipher_decrypt_t) (void *c, unsigned char *outbuf, const unsigned char *inbuf); /* Type for the cipher_stencrypt function. */ typedef void (*gcry_cipher_stencrypt_t) (void *c, unsigned char *outbuf, const unsigned char *inbuf, size_t n); /* Type for the cipher_stdecrypt function. */ typedef void (*gcry_cipher_stdecrypt_t) (void *c, unsigned char *outbuf, const unsigned char *inbuf, size_t n); /* The type used to convey additional information to a cipher. */ typedef gpg_err_code_t (*cipher_set_extra_info_t) (void *c, int what, const void *buffer, size_t buflen); /* The type used to set an IV directly in the algorithm module. */ typedef void (*cipher_setiv_func_t)(void *c, const byte *iv, size_t ivlen); /* A structure to map OIDs to encryption modes. */ typedef struct gcry_cipher_oid_spec { const char *oid; int mode; } gcry_cipher_oid_spec_t; /* Module specification structure for ciphers. */ typedef struct gcry_cipher_spec { int algo; struct { unsigned int disabled:1; unsigned int fips:1; } flags; const char *name; const char **aliases; gcry_cipher_oid_spec_t *oids; size_t blocksize; size_t keylen; size_t contextsize; gcry_cipher_setkey_t setkey; gcry_cipher_encrypt_t encrypt; gcry_cipher_decrypt_t decrypt; gcry_cipher_stencrypt_t stencrypt; gcry_cipher_stdecrypt_t stdecrypt; selftest_func_t selftest; cipher_set_extra_info_t set_extra_info; cipher_setiv_func_t setiv; } gcry_cipher_spec_t; /* * * Message digest related definitions. * */ /* Type for the md_init function. */ typedef void (*gcry_md_init_t) (void *c, unsigned int flags); /* Type for the md_write function. */ typedef void (*gcry_md_write_t) (void *c, const void *buf, size_t nbytes); /* Type for the md_final function. */ typedef void (*gcry_md_final_t) (void *c); /* Type for the md_read function. */ typedef unsigned char *(*gcry_md_read_t) (void *c); /* Type for the md_extract function. */ typedef void (*gcry_md_extract_t) (void *c, void *outbuf, size_t nbytes); /* Type for the md_hash_buffer function. */ typedef void (*gcry_md_hash_buffer_t) (void *outbuf, const void *buffer, size_t length); /* Type for the md_hash_buffers function. */ typedef void (*gcry_md_hash_buffers_t) (void *outbuf, const gcry_buffer_t *iov, int iovcnt); typedef struct gcry_md_oid_spec { const char *oidstring; } gcry_md_oid_spec_t; /* Module specification structure for message digests. */ typedef struct gcry_md_spec { int algo; struct { unsigned int disabled:1; unsigned int fips:1; } flags; const char *name; unsigned char *asnoid; int asnlen; gcry_md_oid_spec_t *oids; int mdlen; gcry_md_init_t init; gcry_md_write_t write; gcry_md_final_t final; gcry_md_read_t read; gcry_md_extract_t extract; gcry_md_hash_buffer_t hash_buffer; gcry_md_hash_buffers_t hash_buffers; size_t contextsize; /* allocate this amount of context */ selftest_func_t selftest; } gcry_md_spec_t; /* The selftest functions. */ gcry_error_t _gcry_cipher_selftest (int algo, int extended, selftest_report_func_t report); gcry_error_t _gcry_md_selftest (int algo, int extended, selftest_report_func_t report); gcry_error_t _gcry_pk_selftest (int algo, int extended, selftest_report_func_t report); gcry_error_t _gcry_mac_selftest (int algo, int extended, selftest_report_func_t report); +gcry_error_t _gcry_kdf_selftest (int algo, int extended, + selftest_report_func_t report); gcry_error_t _gcry_random_selftest (selftest_report_func_t report); #endif /*G10_CIPHER_PROTO_H*/ diff --git a/src/fips.c b/src/fips.c index 94ffbd20..2facc450 100644 --- a/src/fips.c +++ b/src/fips.c @@ -1,856 +1,884 @@ /* fips.c - FIPS mode management * Copyright (C) 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ #include #include #include #include #include #include #ifdef ENABLE_HMAC_BINARY_CHECK # include #endif #ifdef HAVE_SYSLOG # include #endif /*HAVE_SYSLOG*/ #include "g10lib.h" #include "cipher-proto.h" #include "hmac256.h" /* The name of the file used to force libgcrypt into fips mode. */ #define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled" /* The states of the finite state machine used in fips mode. */ enum module_states { /* POWEROFF cannot be represented. */ STATE_POWERON = 0, STATE_INIT, STATE_SELFTEST, STATE_OPERATIONAL, STATE_ERROR, STATE_FATALERROR, STATE_SHUTDOWN }; /* Flag telling whether we are in fips mode. It uses inverse logic so that fips mode is the default unless changed by the initialization code. To check whether fips mode is enabled, use the function fips_mode()! */ int _gcry_no_fips_mode_required; /* Flag to indicate that we are in the enforced FIPS mode. */ static int enforced_fips_mode; /* If this flag is set, the application may no longer assume that the process is running in FIPS mode. This flag is protected by the FSM_LOCK. */ static int inactive_fips_mode; /* This is the lock we use to protect the FSM. */ GPGRT_LOCK_DEFINE (fsm_lock); /* The current state of the FSM. The whole state machinery is only used while in fips mode. Change this only while holding fsm_lock. */ static enum module_states current_state; static void fips_new_state (enum module_states new_state); /* Convert lowercase hex digits; assumes valid hex digits. */ #define loxtoi_1(p) (*(p) <= '9'? (*(p)- '0'): (*(p)-'a'+10)) #define loxtoi_2(p) ((loxtoi_1(p) * 16) + loxtoi_1((p)+1)) /* Returns true if P points to a lowercase hex digit. */ #define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p)) /* Check whether the OS is in FIPS mode and record that in a module local variable. If FORCE is passed as true, fips mode will be enabled anyway. Note: This function is not thread-safe and should be called before any threads are created. This function may only be called once. */ void _gcry_initialize_fips_mode (int force) { static int done; gpg_error_t err; /* Make sure we are not accidentally called twice. */ if (done) { if ( fips_mode () ) { fips_new_state (STATE_FATALERROR); fips_noreturn (); } /* If not in fips mode an assert is sufficient. */ gcry_assert (!done); } done = 1; /* If the calling application explicitly requested fipsmode, do so. */ if (force) { gcry_assert (!_gcry_no_fips_mode_required); goto leave; } /* For testing the system it is useful to override the system provided detection of the FIPS mode and force FIPS mode using a file. The filename is hardwired so that there won't be any confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is actually used. The file itself may be empty. */ if ( !access (FIPS_FORCE_FILE, F_OK) ) { gcry_assert (!_gcry_no_fips_mode_required); goto leave; } /* Checking based on /proc file properties. */ { static const char procfname[] = "/proc/sys/crypto/fips_enabled"; FILE *fp; int saved_errno; fp = fopen (procfname, "r"); if (fp) { char line[256]; if (fgets (line, sizeof line, fp) && atoi (line)) { /* System is in fips mode. */ fclose (fp); gcry_assert (!_gcry_no_fips_mode_required); goto leave; } fclose (fp); } else if ((saved_errno = errno) != ENOENT && saved_errno != EACCES && !access ("/proc/version", F_OK) ) { /* Problem reading the fips file despite that we have the proc file system. We better stop right away. */ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n", procfname, strerror (saved_errno)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "reading `%s' failed: %s - abort", procfname, strerror (saved_errno)); #endif /*HAVE_SYSLOG*/ abort (); } } /* Fips not not requested, set flag. */ _gcry_no_fips_mode_required = 1; leave: if (!_gcry_no_fips_mode_required) { /* Yes, we are in FIPS mode. */ FILE *fp; /* Intitialize the lock to protect the FSM. */ err = gpgrt_lock_init (&fsm_lock); if (err) { /* If that fails we can't do anything but abort the process. We need to use log_info so that the FSM won't get involved. */ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n", gpg_strerror (err)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "creating FSM lock failed: %s - abort", gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ abort (); } /* If the FIPS force files exists, is readable and has a number != 0 on its first line, we enable the enforced fips mode. */ fp = fopen (FIPS_FORCE_FILE, "r"); if (fp) { char line[256]; if (fgets (line, sizeof line, fp) && atoi (line)) enforced_fips_mode = 1; fclose (fp); } /* Now get us into the INIT state. */ fips_new_state (STATE_INIT); } return; } static void lock_fsm (void) { gpg_error_t err; err = gpgrt_lock_lock (&fsm_lock); if (err) { log_info ("FATAL: failed to acquire the FSM lock in libgrypt: %s\n", gpg_strerror (err)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "acquiring FSM lock failed: %s - abort", gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ abort (); } } static void unlock_fsm (void) { gpg_error_t err; err = gpgrt_lock_unlock (&fsm_lock); if (err) { log_info ("FATAL: failed to release the FSM lock in libgrypt: %s\n", gpg_strerror (err)); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "releasing FSM lock failed: %s - abort", gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ abort (); } } /* Return a flag telling whether we are in the enforced fips mode. */ int _gcry_enforced_fips_mode (void) { if (!fips_mode ()) return 0; return enforced_fips_mode; } /* Set a flag telling whether we are in the enforced fips mode. */ void _gcry_set_enforced_fips_mode (void) { enforced_fips_mode = 1; } /* If we do not want to enforce the fips mode, we can set a flag so that the application may check whether it is still in fips mode. TEXT will be printed as part of a syslog message. This function may only be be called if in fips mode. */ void _gcry_inactivate_fips_mode (const char *text) { gcry_assert (fips_mode ()); if (_gcry_enforced_fips_mode () ) { /* Get us into the error state. */ fips_signal_error (text); return; } lock_fsm (); if (!inactive_fips_mode) { inactive_fips_mode = 1; unlock_fsm (); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: " "%s - FIPS mode inactivated", text); #endif /*HAVE_SYSLOG*/ } else unlock_fsm (); } /* Return the FIPS mode inactive flag. If it is true the FIPS mode is not anymore active. */ int _gcry_is_fips_mode_inactive (void) { int flag; if (!fips_mode ()) return 0; lock_fsm (); flag = inactive_fips_mode; unlock_fsm (); return flag; } static const char * state2str (enum module_states state) { const char *s; switch (state) { case STATE_POWERON: s = "Power-On"; break; case STATE_INIT: s = "Init"; break; case STATE_SELFTEST: s = "Self-Test"; break; case STATE_OPERATIONAL: s = "Operational"; break; case STATE_ERROR: s = "Error"; break; case STATE_FATALERROR: s = "Fatal-Error"; break; case STATE_SHUTDOWN: s = "Shutdown"; break; default: s = "?"; break; } return s; } /* Return true if the library is in the operational state. */ int _gcry_fips_is_operational (void) { int result; if (!fips_mode ()) result = 1; else { lock_fsm (); if (current_state == STATE_INIT) { /* If we are still in the INIT state, we need to run the selftests so that the FSM can eventually get into operational state. Given that we would need a 2-phase initialization of libgcrypt, but that has traditionally not been enforced, we use this on demand self-test checking. Note that Proper applications would do the application specific libgcrypt initialization between a gcry_check_version() and gcry_control (GCRYCTL_INITIALIZATION_FINISHED) where the latter will run the selftests. The drawback of these on-demand self-tests are a small chance that self-tests are performed by several threads; that is no problem because our FSM make sure that we won't oversee any error. */ unlock_fsm (); _gcry_fips_run_selftests (0); lock_fsm (); } result = (current_state == STATE_OPERATIONAL); unlock_fsm (); } return result; } /* This is test on whether the library is in the operational state. In contrast to _gcry_fips_is_operational this function won't do a state transition on the fly. */ int _gcry_fips_test_operational (void) { int result; if (!fips_mode ()) result = 1; else { lock_fsm (); result = (current_state == STATE_OPERATIONAL); unlock_fsm (); } return result; } /* This is a test on whether the library is in the error or operational state. */ int _gcry_fips_test_error_or_operational (void) { int result; if (!fips_mode ()) result = 1; else { lock_fsm (); result = (current_state == STATE_OPERATIONAL || current_state == STATE_ERROR); unlock_fsm (); } return result; } static void reporter (const char *domain, int algo, const char *what, const char *errtxt) { if (!errtxt && !_gcry_log_verbosity (2)) return; log_info ("libgcrypt selftest: %s %s%s (%d): %s%s%s%s\n", !strcmp (domain, "hmac")? "digest":domain, !strcmp (domain, "hmac")? "HMAC-":"", !strcmp (domain, "cipher")? _gcry_cipher_algo_name (algo) : !strcmp (domain, "digest")? _gcry_md_algo_name (algo) : !strcmp (domain, "hmac")? _gcry_md_algo_name (algo) : !strcmp (domain, "pubkey")? _gcry_pk_algo_name (algo) : "", algo, errtxt? errtxt:"Okay", what?" (":"", what? what:"", what?")":""); } /* Run self-tests for all required cipher algorithms. Return 0 on success. */ static int run_cipher_selftests (int extended) { static int algos[] = { GCRY_CIPHER_3DES, GCRY_CIPHER_AES128, GCRY_CIPHER_AES192, GCRY_CIPHER_AES256, 0 }; int idx; gpg_error_t err; int anyerr = 0; for (idx=0; algos[idx]; idx++) { err = _gcry_cipher_selftest (algos[idx], extended, reporter); reporter ("cipher", algos[idx], NULL, err? gpg_strerror (err):NULL); if (err) anyerr = 1; } return anyerr; } /* Run self-tests for all required hash algorithms. Return 0 on success. */ static int run_digest_selftests (int extended) { static int algos[] = { GCRY_MD_SHA1, GCRY_MD_SHA224, GCRY_MD_SHA256, GCRY_MD_SHA384, GCRY_MD_SHA512, 0 }; int idx; gpg_error_t err; int anyerr = 0; for (idx=0; algos[idx]; idx++) { err = _gcry_md_selftest (algos[idx], extended, reporter); reporter ("digest", algos[idx], NULL, err? gpg_strerror (err):NULL); if (err) anyerr = 1; } return anyerr; } /* Run self-tests for MAC algorithms. Return 0 on success. */ static int run_mac_selftests (int extended) { static int algos[] = { GCRY_MAC_HMAC_SHA1, GCRY_MAC_HMAC_SHA224, GCRY_MAC_HMAC_SHA256, GCRY_MAC_HMAC_SHA384, GCRY_MAC_HMAC_SHA512, GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256, GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512, + GCRY_MAC_CMAC_3DES, + GCRY_MAC_CMAC_AES, 0 }; int idx; gpg_error_t err; int anyerr = 0; for (idx=0; algos[idx]; idx++) { err = _gcry_mac_selftest (algos[idx], extended, reporter); reporter ("mac", algos[idx], NULL, err? gpg_strerror (err):NULL); if (err) anyerr = 1; } return anyerr; } +/* Run self-tests for all KDF algorithms. Return 0 on success. */ +static int +run_kdf_selftests (int extended) +{ + static int algos[] = + { + GCRY_KDF_PBKDF2, + 0 + }; + int idx; + gpg_error_t err; + int anyerr = 0; + + for (idx=0; algos[idx]; idx++) + { + err = _gcry_kdf_selftest (algos[idx], extended, reporter); + reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL); + if (err) + anyerr = 1; + } + return anyerr; +} + /* Run self-tests for all required public key algorithms. Return 0 on success. */ static int run_pubkey_selftests (int extended) { static int algos[] = { GCRY_PK_RSA, GCRY_PK_DSA, GCRY_PK_ECC, 0 }; int idx; gpg_error_t err; int anyerr = 0; for (idx=0; algos[idx]; idx++) { err = _gcry_pk_selftest (algos[idx], extended, reporter); reporter ("pubkey", algos[idx], NULL, err? gpg_strerror (err):NULL); if (err) anyerr = 1; } return anyerr; } /* Run self-tests for the random number generator. Returns 0 on success. */ static int run_random_selftests (void) { gpg_error_t err; err = _gcry_random_selftest (reporter); reporter ("random", 0, NULL, err? gpg_strerror (err):NULL); return !!err; } /* Run an integrity check on the binary. Returns 0 on success. */ static int check_binary_integrity (void) { #ifdef ENABLE_HMAC_BINARY_CHECK gpg_error_t err; Dl_info info; unsigned char digest[32]; int dlen; char *fname = NULL; const char key[] = "What am I, a doctor or a moonshuttle conductor?"; if (!dladdr ("gcry_check_version", &info)) err = gpg_error_from_syserror (); else { dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname, key, strlen (key)); if (dlen < 0) err = gpg_error_from_syserror (); else if (dlen != 32) err = gpg_error (GPG_ERR_INTERNAL); else { fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 ); if (!fname) err = gpg_error_from_syserror (); else { FILE *fp; char *p; /* Prefix the basename with a dot. */ strcpy (fname, info.dli_fname); p = strrchr (fname, '/'); if (p) p++; else p = fname; memmove (p+1, p, strlen (p)+1); *p = '.'; strcat (fname, ".hmac"); /* Open the file. */ fp = fopen (fname, "r"); if (!fp) err = gpg_error_from_syserror (); else { /* A buffer of 64 bytes plus one for a LF and one to detect garbage. */ unsigned char buffer[64+1+1]; const unsigned char *s; int n; /* The HMAC files consists of lowercase hex digits with an optional trailing linefeed or optional with two trailing spaces. The latter format allows the use of the usual sha1sum format. Fail if there is any garbage. */ err = gpg_error (GPG_ERR_SELFTEST_FAILED); n = fread (buffer, 1, sizeof buffer, fp); if (n == 64 || (n == 65 && buffer[64] == '\n') || (n == 66 && buffer[64] == ' ' && buffer[65] == ' ')) { buffer[64] = 0; for (n=0, s= buffer; n < 32 && loxdigit_p (s) && loxdigit_p (s+1); n++, s += 2) buffer[n] = loxtoi_2 (s); if ( n == 32 && !memcmp (digest, buffer, 32) ) err = 0; } fclose (fp); } } } } reporter ("binary", 0, fname, err? gpg_strerror (err):NULL); #ifdef HAVE_SYSLOG if (err) syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "integrity check using `%s' failed: %s", fname? fname:"[?]", gpg_strerror (err)); #endif /*HAVE_SYSLOG*/ xfree (fname); return !!err; #else return 0; #endif } /* Run the self-tests. If EXTENDED is true, extended versions of the selftest are run, that is more tests than required by FIPS. */ gpg_err_code_t _gcry_fips_run_selftests (int extended) { enum module_states result = STATE_ERROR; gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED; if (fips_mode ()) fips_new_state (STATE_SELFTEST); if (run_cipher_selftests (extended)) goto leave; if (run_digest_selftests (extended)) goto leave; if (run_mac_selftests (extended)) goto leave; + if (run_kdf_selftests (extended)) + goto leave; + /* Run random tests before the pubkey tests because the latter require random. */ if (run_random_selftests ()) goto leave; if (run_pubkey_selftests (extended)) goto leave; if (fips_mode ()) { /* Now check the integrity of the binary. We do this this after having checked the HMAC code. */ if (check_binary_integrity ()) goto leave; } /* All selftests passed. */ result = STATE_OPERATIONAL; ec = 0; leave: if (fips_mode ()) fips_new_state (result); return ec; } /* This function is used to tell the FSM about errors in the library. The FSM will be put into an error state. This function should not be called directly but by one of the macros fips_signal_error (description) fips_signal_fatal_error (description) where DESCRIPTION is a string describing the error. */ void _gcry_fips_signal_error (const char *srcfile, int srcline, const char *srcfunc, int is_fatal, const char *description) { if (!fips_mode ()) return; /* Not required. */ /* Set new state before printing an error. */ fips_new_state (is_fatal? STATE_FATALERROR : STATE_ERROR); /* Print error. */ log_info ("%serror in libgcrypt, file %s, line %d%s%s: %s\n", is_fatal? "fatal ":"", srcfile, srcline, srcfunc? ", function ":"", srcfunc? srcfunc:"", description? description : "no description available"); #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: " "%serror in file %s, line %d%s%s: %s", is_fatal? "fatal ":"", srcfile, srcline, srcfunc? ", function ":"", srcfunc? srcfunc:"", description? description : "no description available"); #endif /*HAVE_SYSLOG*/ } /* Perform a state transition to NEW_STATE. If this is an invalid transition, the module will go into a fatal error state. */ static void fips_new_state (enum module_states new_state) { int ok = 0; enum module_states last_state; lock_fsm (); last_state = current_state; switch (current_state) { case STATE_POWERON: if (new_state == STATE_INIT || new_state == STATE_ERROR || new_state == STATE_FATALERROR) ok = 1; break; case STATE_INIT: if (new_state == STATE_SELFTEST || new_state == STATE_ERROR || new_state == STATE_FATALERROR) ok = 1; break; case STATE_SELFTEST: if (new_state == STATE_OPERATIONAL || new_state == STATE_ERROR || new_state == STATE_FATALERROR) ok = 1; break; case STATE_OPERATIONAL: if (new_state == STATE_SHUTDOWN || new_state == STATE_SELFTEST || new_state == STATE_ERROR || new_state == STATE_FATALERROR) ok = 1; break; case STATE_ERROR: if (new_state == STATE_SHUTDOWN || new_state == STATE_ERROR || new_state == STATE_FATALERROR || new_state == STATE_SELFTEST) ok = 1; break; case STATE_FATALERROR: if (new_state == STATE_SHUTDOWN ) ok = 1; break; case STATE_SHUTDOWN: /* We won't see any transition *from* Shutdown because the only allowed new state is Power-Off and that one can't be represented. */ break; } if (ok) { current_state = new_state; } unlock_fsm (); if (!ok || _gcry_log_verbosity (2)) log_info ("libgcrypt state transition %s => %s %s\n", state2str (last_state), state2str (new_state), ok? "granted":"denied"); if (!ok) { /* Invalid state transition. Halting library. */ #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt error: invalid state transition %s => %s", state2str (last_state), state2str (new_state)); #endif /*HAVE_SYSLOG*/ fips_noreturn (); } else if (new_state == STATE_ERROR || new_state == STATE_FATALERROR) { #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_WARNING, "Libgcrypt notice: state transition %s => %s", state2str (last_state), state2str (new_state)); #endif /*HAVE_SYSLOG*/ } } /* This function should be called to ensure that the execution shall not continue. */ void _gcry_fips_noreturn (void) { #ifdef HAVE_SYSLOG syslog (LOG_USER|LOG_ERR, "Libgcrypt terminated the application"); #endif /*HAVE_SYSLOG*/ fflush (NULL); abort (); /*NOTREACHED*/ } diff --git a/src/sexp.c b/src/sexp.c index de28aedc..864916be 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -1,2693 +1,2699 @@ /* sexp.c - S-Expression handling * Copyright (C) 1999, 2000, 2001, 2002, 2003, * 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc. * Copyright (C) 2013, 2014, 2017 g10 Code GmbH * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . * SPDX-License-Identifier: LGPL-2.1+ */ #include #include #include #include #include #include #include #define GCRYPT_NO_MPI_MACROS 1 #include "g10lib.h" /* Notes on the internal memory layout. We store an S-expression as one memory buffer with tags, length and value. The simplest list would thus be: /----------+----------+---------+------+-----------+----------\ | open_tag | data_tag | datalen | data | close_tag | stop_tag | \----------+----------+---------+------+-----------+----------/ Expressed more compact and with an example: /----+----+----+---+----+----\ | OT | DT | DL | D | CT | ST | "(foo)" \----+----+----+---+----+----/ The open tag must always be the first tag of a list as requires by the S-expression specs. At least data element (data_tag, datalen, data) is required as well. The close_tag finishes the list and would actually be sufficient. For fail-safe reasons a final stop tag is always the last byte in a buffer; it has a value of 0 so that string function accidentally applied to an S-expression will never access unallocated data. We do not support display hints and thus don't need to represent them. A list may have more an arbitrary number of data elements but at least one is required. The length of each data must be greater than 0 and has a current limit to 65535 bytes (by means of the DATALEN type). A list with two data elements: /----+----+----+---+----+----+---+----+----\ | OT | DT | DL | D | DT | DL | D | CT | ST | "(foo bar)" \----+----+----+---+----+----+---+----+----/ In the above example both DL fields have a value of 3. A list of a list with one data element: /----+----+----+----+---+----+----+----\ | OT | OT | DT | DL | D | CT | CT | ST | "((foo))" \----+----+----+----+---+----+----+----/ A list with one element followed by another list: /----+----+----+---+----+----+----+---+----+----+----\ | OT | DT | DL | D | OT | DT | DL | D | CT | CT | ST | "(foo (bar))" \----+----+----+---+----+----+----+---+----+----+----/ */ typedef unsigned short DATALEN; struct gcry_sexp { byte d[1]; }; #define ST_STOP 0 #define ST_DATA 1 /* datalen follows */ /*#define ST_HINT 2 datalen follows (currently not used) */ #define ST_OPEN 3 #define ST_CLOSE 4 /* The atoi macros assume that the buffer has only valid digits. */ #define atoi_1(p) (*(p) - '0' ) #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) #define TOKEN_SPECIALS "-./_:*+=" static gcry_err_code_t do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length, int argflag, void **arg_list, va_list arg_ptr); static gcry_err_code_t do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length, int argflag, void **arg_list, ...); /* Return true if P points to a byte containing a whitespace according to the S-expressions definition. */ #undef whitespacep static GPG_ERR_INLINE int whitespacep (const char *p) { switch (*p) { case ' ': case '\t': case '\v': case '\f': case '\r': case '\n': return 1; default: return 0; } } #if 0 static void dump_mpi( gcry_mpi_t a ) { char buffer[1000]; size_t n = 1000; if( !a ) fputs("[no MPI]", stderr ); else if( gcry_mpi_print( GCRYMPI_FMT_HEX, buffer, &n, a ) ) fputs("[MPI too large to print]", stderr ); else fputs( buffer, stderr ); } #endif static void dump_string (const byte *p, size_t n, int delim ) { for (; n; n--, p++ ) { if ((*p & 0x80) || iscntrl( *p ) || *p == delim ) { if( *p == '\n' ) log_printf ("\\n"); else if( *p == '\r' ) log_printf ("\\r"); else if( *p == '\f' ) log_printf ("\\f"); else if( *p == '\v' ) log_printf ("\\v"); else if( *p == '\b' ) log_printf ("\\b"); else if( !*p ) log_printf ("\\0"); else log_printf ("\\x%02x", *p ); } else log_printf ("%c", *p); } } void _gcry_sexp_dump (const gcry_sexp_t a) { const byte *p; int indent = 0; int type; if (!a) { log_printf ( "[nil]\n"); return; } p = a->d; while ( (type = *p) != ST_STOP ) { p++; switch ( type ) { case ST_OPEN: log_printf ("%*s[open]\n", 2*indent, ""); indent++; break; case ST_CLOSE: if( indent ) indent--; log_printf ("%*s[close]\n", 2*indent, ""); break; case ST_DATA: { DATALEN n; memcpy ( &n, p, sizeof n ); p += sizeof n; log_printf ("%*s[data=\"", 2*indent, "" ); dump_string (p, n, '\"' ); log_printf ("\"]\n"); p += n; } break; default: log_printf ("%*s[unknown tag %d]\n", 2*indent, "", type); break; } } } /* Pass list through except when it is an empty list - in that case * return NULL and release the passed list. This is used to make sure * that no forbidden empty lists are created. */ static gcry_sexp_t normalize ( gcry_sexp_t list ) { unsigned char *p; if ( !list ) return NULL; p = list->d; if ( *p == ST_STOP ) { /* this is "" */ sexp_release ( list ); return NULL; } if ( *p == ST_OPEN && p[1] == ST_CLOSE ) { /* this is "()" */ sexp_release ( list ); return NULL; } return list; } /* Create a new S-expression object by reading LENGTH bytes from BUFFER, assuming it is canonical encoded or autodetected encoding when AUTODETECT is set to 1. With FREEFNC not NULL, ownership of the buffer is transferred to the newly created object. FREEFNC should be the freefnc used to release BUFFER; there is no guarantee at which point this function is called; most likey you want to use free() or gcry_free(). Passing LENGTH and AUTODETECT as 0 is allowed to indicate that BUFFER points to a valid canonical encoded S-expression. A LENGTH of 0 and AUTODETECT 1 indicates that buffer points to a null-terminated string. This function returns 0 and and the pointer to the new object in RETSEXP or an error code in which case RETSEXP is set to NULL. */ gcry_err_code_t _gcry_sexp_create (gcry_sexp_t *retsexp, void *buffer, size_t length, int autodetect, void (*freefnc)(void*) ) { gcry_err_code_t errcode; gcry_sexp_t se; if (!retsexp) return GPG_ERR_INV_ARG; *retsexp = NULL; if (autodetect < 0 || autodetect > 1 || !buffer) return GPG_ERR_INV_ARG; if (!length && !autodetect) { /* What a brave caller to assume that there is really a canonical encoded S-expression in buffer */ length = _gcry_sexp_canon_len (buffer, 0, NULL, &errcode); if (!length) return errcode; } else if (!length && autodetect) { /* buffer is a string */ length = strlen ((char *)buffer); } errcode = do_sexp_sscan (&se, NULL, buffer, length, 0, NULL); if (errcode) return errcode; *retsexp = se; if (freefnc) { /* For now we release the buffer immediately. As soon as we have changed the internal represenation of S-expression to the canoncial format - which has the advantage of faster parsing - we will use this function as a closure in our GCRYSEXP object and use the BUFFER directly. */ freefnc (buffer); } return 0; } /* Same as gcry_sexp_create but don't transfer ownership */ gcry_err_code_t _gcry_sexp_new (gcry_sexp_t *retsexp, const void *buffer, size_t length, int autodetect) { return _gcry_sexp_create (retsexp, (void *)buffer, length, autodetect, NULL); } /**************** * Release resource of the given SEXP object. */ void _gcry_sexp_release( gcry_sexp_t sexp ) { if (sexp) { if (_gcry_is_secure (sexp)) { /* Extra paranoid wiping. */ const byte *p = sexp->d; int type; while ( (type = *p) != ST_STOP ) { p++; switch ( type ) { case ST_OPEN: break; case ST_CLOSE: break; case ST_DATA: { DATALEN n; memcpy ( &n, p, sizeof n ); p += sizeof n; p += n; } break; default: break; } } wipememory (sexp->d, p - sexp->d); } xfree ( sexp ); } } /**************** * Make a pair from lists a and b, don't use a or b later on. * Special behaviour: If one is a single element list we put the * element straight into the new pair. */ gcry_sexp_t _gcry_sexp_cons( const gcry_sexp_t a, const gcry_sexp_t b ) { (void)a; (void)b; /* NYI: Implementation should be quite easy with our new data representation */ BUG (); return NULL; } /**************** * Make a list from all items in the array the end of the array is marked * with a NULL. */ gcry_sexp_t _gcry_sexp_alist( const gcry_sexp_t *array ) { (void)array; /* NYI: Implementation should be quite easy with our new data representation. */ BUG (); return NULL; } /**************** * Make a list from all items, the end of list is indicated by a NULL */ gcry_sexp_t _gcry_sexp_vlist( const gcry_sexp_t a, ... ) { (void)a; /* NYI: Implementation should be quite easy with our new data representation. */ BUG (); return NULL; } /**************** * Append n to the list a * Returns: a new list (which maybe a) */ gcry_sexp_t _gcry_sexp_append( const gcry_sexp_t a, const gcry_sexp_t n ) { (void)a; (void)n; /* NYI: Implementation should be quite easy with our new data representation. */ BUG (); return NULL; } gcry_sexp_t _gcry_sexp_prepend( const gcry_sexp_t a, const gcry_sexp_t n ) { (void)a; (void)n; /* NYI: Implementation should be quite easy with our new data representation. */ BUG (); return NULL; } /**************** * Locate token in a list. The token must be the car of a sublist. * Returns: A new list with this sublist or NULL if not found. */ gcry_sexp_t _gcry_sexp_find_token( const gcry_sexp_t list, const char *tok, size_t toklen ) { const byte *p; DATALEN n; if ( !list ) return NULL; if ( !toklen ) toklen = strlen(tok); p = list->d; while ( *p != ST_STOP ) { if ( *p == ST_OPEN && p[1] == ST_DATA ) { const byte *head = p; p += 2; memcpy ( &n, p, sizeof n ); p += sizeof n; if ( n == toklen && !memcmp( p, tok, toklen ) ) { /* found it */ gcry_sexp_t newlist; byte *d; int level = 1; /* Look for the end of the list. */ for ( p += n; level; p++ ) { if ( *p == ST_DATA ) { memcpy ( &n, ++p, sizeof n ); p += sizeof n + n; p--; /* Compensate for later increment. */ } else if ( *p == ST_OPEN ) { level++; } else if ( *p == ST_CLOSE ) { level--; } else if ( *p == ST_STOP ) { BUG (); } } n = p - head; newlist = xtrymalloc ( sizeof *newlist + n ); if (!newlist) { /* No way to return an error code, so we can only return Not Found. */ return NULL; } d = newlist->d; memcpy ( d, head, n ); d += n; *d++ = ST_STOP; return normalize ( newlist ); } p += n; } else if ( *p == ST_DATA ) { memcpy ( &n, ++p, sizeof n ); p += sizeof n; p += n; } else p++; } return NULL; } /**************** * Return the length of the given list */ int _gcry_sexp_length (const gcry_sexp_t list) { const byte *p; DATALEN n; int type; int length = 0; int level = 0; if (!list) return 0; p = list->d; while ((type=*p) != ST_STOP) { p++; if (type == ST_DATA) { memcpy (&n, p, sizeof n); p += sizeof n + n; if (level == 1) length++; } else if (type == ST_OPEN) { if (level == 1) length++; level++; } else if (type == ST_CLOSE) { level--; } } return length; } /* Return the internal lengths offset of LIST. That is the size of the buffer from the first ST_OPEN, which is returned at R_OFF, to the corresponding ST_CLOSE inclusive. */ static size_t get_internal_buffer (const gcry_sexp_t list, size_t *r_off) { const unsigned char *p; DATALEN n; int type; int level = 0; *r_off = 0; if (list) { p = list->d; while ( (type=*p) != ST_STOP ) { p++; if (type == ST_DATA) { memcpy (&n, p, sizeof n); p += sizeof n + n; } else if (type == ST_OPEN) { if (!level) *r_off = (p-1) - list->d; level++; } else if ( type == ST_CLOSE ) { level--; if (!level) return p - list->d; } } } return 0; /* Not a proper list. */ } /* Extract the n-th element of the given LIST. Returns NULL for no-such-element, a corrupt list, or memory failure. */ gcry_sexp_t _gcry_sexp_nth (const gcry_sexp_t list, int number) { const byte *p; DATALEN n; gcry_sexp_t newlist; byte *d; int level = 0; if (!list || list->d[0] != ST_OPEN) return NULL; p = list->d; while (number > 0) { p++; if (*p == ST_DATA) { memcpy (&n, ++p, sizeof n); p += sizeof n + n; p--; if (!level) number--; } else if (*p == ST_OPEN) { level++; } else if (*p == ST_CLOSE) { level--; if ( !level ) number--; } else if (*p == ST_STOP) { return NULL; } } p++; if (*p == ST_DATA) { memcpy (&n, p+1, sizeof n); newlist = xtrymalloc (sizeof *newlist + 1 + 1 + sizeof n + n + 1); if (!newlist) return NULL; d = newlist->d; *d++ = ST_OPEN; memcpy (d, p, 1 + sizeof n + n); d += 1 + sizeof n + n; *d++ = ST_CLOSE; *d = ST_STOP; } else if (*p == ST_OPEN) { const byte *head = p; level = 1; do { p++; if (*p == ST_DATA) { memcpy (&n, ++p, sizeof n); p += sizeof n + n; p--; } else if (*p == ST_OPEN) { level++; } else if (*p == ST_CLOSE) { level--; } else if (*p == ST_STOP) { BUG (); } } while (level); n = p + 1 - head; newlist = xtrymalloc (sizeof *newlist + n); if (!newlist) return NULL; d = newlist->d; memcpy (d, head, n); d += n; *d++ = ST_STOP; } else newlist = NULL; return normalize (newlist); } gcry_sexp_t _gcry_sexp_car (const gcry_sexp_t list) { return _gcry_sexp_nth (list, 0); } /* Helper to get data from the car. The returned value is valid as long as the list is not modified. */ static const char * do_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen) { const byte *p; DATALEN n; int level = 0; *datalen = 0; if ( !list ) return NULL; p = list->d; if ( *p == ST_OPEN ) p++; /* Yep, a list. */ else if (number) return NULL; /* Not a list but N > 0 requested. */ /* Skip over N elements. */ while (number > 0) { if (*p == ST_DATA) { memcpy ( &n, ++p, sizeof n ); p += sizeof n + n; p--; if ( !level ) number--; } else if (*p == ST_OPEN) { level++; } else if (*p == ST_CLOSE) { level--; if ( !level ) number--; } else if (*p == ST_STOP) { return NULL; } p++; } /* If this is data, return it. */ if (*p == ST_DATA) { memcpy ( &n, ++p, sizeof n ); *datalen = n; return (const char*)p + sizeof n; } return NULL; } /* Get data from the car. The returned value is valid as long as the list is not modified. */ const char * _gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen ) { return do_sexp_nth_data (list, number, datalen); } /* Get the nth element of a list which needs to be a simple object. The returned value is a malloced buffer and needs to be freed by the caller. This is basically the same as gcry_sexp_nth_data but with an allocated result. */ void * _gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength) { const char *s; size_t n; char *buf; *rlength = 0; s = do_sexp_nth_data (list, number, &n); if (!s || !n) return NULL; buf = xtrymalloc (n); if (!buf) return NULL; memcpy (buf, s, n); *rlength = n; return buf; } /* Get a string from the car. The returned value is a malloced string and needs to be freed by the caller. */ char * _gcry_sexp_nth_string (const gcry_sexp_t list, int number) { const char *s; size_t n; char *buf; s = do_sexp_nth_data (list, number, &n); if (!s || n < 1 || (n+1) < 1) return NULL; buf = xtrymalloc (n+1); if (!buf) return NULL; memcpy (buf, s, n); buf[n] = 0; return buf; } /* * Get a MPI from the car */ gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt) { size_t n; gcry_mpi_t a; if (mpifmt == GCRYMPI_FMT_OPAQUE) { char *p; p = _gcry_sexp_nth_buffer (list, number, &n); if (!p) return NULL; a = _gcry_is_secure (list)? _gcry_mpi_snew (0) : _gcry_mpi_new (0); if (a) mpi_set_opaque (a, p, n*8); else xfree (p); } else { const char *s; if (!mpifmt) mpifmt = GCRYMPI_FMT_STD; s = do_sexp_nth_data (list, number, &n); if (!s) return NULL; if (_gcry_mpi_scan (&a, mpifmt, s, n, NULL)) return NULL; } return a; } /**************** * Get the CDR */ gcry_sexp_t _gcry_sexp_cdr(const gcry_sexp_t list) { const byte *p; const byte *head; DATALEN n; gcry_sexp_t newlist; byte *d; int level = 0; int skip = 1; if (!list || list->d[0] != ST_OPEN) return NULL; p = list->d; while (skip > 0) { p++; if (*p == ST_DATA) { memcpy ( &n, ++p, sizeof n ); p += sizeof n + n; p--; if ( !level ) skip--; } else if (*p == ST_OPEN) { level++; } else if (*p == ST_CLOSE) { level--; if ( !level ) skip--; } else if (*p == ST_STOP) { return NULL; } } p++; head = p; level = 0; do { if (*p == ST_DATA) { memcpy ( &n, ++p, sizeof n ); p += sizeof n + n; p--; } else if (*p == ST_OPEN) { level++; } else if (*p == ST_CLOSE) { level--; } else if (*p == ST_STOP) { return NULL; } p++; } while (level); n = p - head; newlist = xtrymalloc (sizeof *newlist + n + 2); if (!newlist) return NULL; d = newlist->d; *d++ = ST_OPEN; memcpy (d, head, n); d += n; *d++ = ST_CLOSE; *d++ = ST_STOP; return normalize (newlist); } gcry_sexp_t _gcry_sexp_cadr ( const gcry_sexp_t list ) { gcry_sexp_t a, b; a = _gcry_sexp_cdr (list); b = _gcry_sexp_car (a); sexp_release (a); return b; } static GPG_ERR_INLINE int hextonibble (int s) { if (s >= '0' && s <= '9') return s - '0'; else if (s >= 'A' && s <= 'F') return 10 + s - 'A'; else if (s >= 'a' && s <= 'f') return 10 + s - 'a'; else return 0; } struct make_space_ctx { gcry_sexp_t sexp; size_t allocated; byte *pos; }; static gpg_err_code_t make_space ( struct make_space_ctx *c, size_t n ) { size_t used = c->pos - c->sexp->d; if ( used + n + sizeof(DATALEN) + 1 >= c->allocated ) { gcry_sexp_t newsexp; byte *newhead; size_t newsize; newsize = c->allocated + 2*(n+sizeof(DATALEN)+1); if (newsize <= c->allocated) return GPG_ERR_TOO_LARGE; newsexp = xtryrealloc ( c->sexp, sizeof *newsexp + newsize - 1); if (!newsexp) return gpg_err_code_from_errno (errno); c->allocated = newsize; newhead = newsexp->d; c->pos = newhead + used; c->sexp = newsexp; } return 0; } /* Unquote STRING of LENGTH and store it into BUF. The surrounding quotes are must already be removed from STRING. We assume that the quoted string is syntacillay correct. */ static size_t unquote_string (const char *string, size_t length, unsigned char *buf) { int esc = 0; const unsigned char *s = (const unsigned char*)string; unsigned char *d = buf; size_t n = length; for (; n; n--, s++) { if (esc) { switch (*s) { case 'b': *d++ = '\b'; break; case 't': *d++ = '\t'; break; case 'v': *d++ = '\v'; break; case 'n': *d++ = '\n'; break; case 'f': *d++ = '\f'; break; case 'r': *d++ = '\r'; break; case '"': *d++ = '\"'; break; case '\'': *d++ = '\''; break; case '\\': *d++ = '\\'; break; case '\r': /* ignore CR[,LF] */ if (n>1 && s[1] == '\n') { s++; n--; } break; case '\n': /* ignore LF[,CR] */ if (n>1 && s[1] == '\r') { s++; n--; } break; case 'x': /* hex value */ if (n>2 && hexdigitp (s+1) && hexdigitp (s+2)) { s++; n--; *d++ = xtoi_2 (s); s++; n--; } break; default: if (n>2 && octdigitp (s) && octdigitp (s+1) && octdigitp (s+2)) { *d++ = (atoi_1 (s)*64) + (atoi_1 (s+1)*8) + atoi_1 (s+2); s += 2; n -= 2; } break; } esc = 0; } else if( *s == '\\' ) esc = 1; else *d++ = *s; } return d - buf; } /**************** * Scan the provided buffer and return the S expression in our internal * format. Returns a newly allocated expression. If erroff is not NULL and * a parsing error has occurred, the offset into buffer will be returned. * If ARGFLAG is true, the function supports some printf like * expressions. * These are: * %m - MPI * %s - string (no autoswitch to secure allocation) * %d - integer stored as string (no autoswitch to secure allocation) * %b - memory buffer; this takes _two_ arguments: an integer with the * length of the buffer and a pointer to the buffer. * %S - Copy an gcry_sexp_t here. The S-expression needs to be a * regular one, starting with a parenthesis. * (no autoswitch to secure allocation) * all other format elements are currently not defined and return an error. * this includes the "%%" sequence becauce the percent sign is not an * allowed character. * FIXME: We should find a way to store the secure-MPIs not in the string * but as reference to somewhere - this can help us to save huge amounts * of secure memory. The problem is, that if only one element is secure, all * other elements are automagicaly copied to secure memory too, so the most * common operation gcry_sexp_cdr_mpi() will always return a secure MPI * regardless whether it is needed or not. */ static gpg_err_code_t do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length, int argflag, void **arg_list, va_list arg_ptr) { gcry_err_code_t err = 0; static const char tokenchars[] = "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "0123456789-./_:*+="; const char *p; size_t n; const char *digptr = NULL; const char *quoted = NULL; const char *tokenp = NULL; const char *hexfmt = NULL; const char *base64 = NULL; const char *disphint = NULL; const char *percent = NULL; int hexcount = 0; int b64count = 0; int quoted_esc = 0; size_t datalen = 0; size_t dummy_erroff; struct make_space_ctx c; int arg_counter = 0; int level = 0; if (!retsexp) return GPG_ERR_INV_ARG; *retsexp = NULL; if (!buffer) return GPG_ERR_INV_ARG; if (!erroff) erroff = &dummy_erroff; /* Depending on whether ARG_LIST is non-zero or not, this macro gives us the next argument, either from the variable argument list as specified by ARG_PTR or from the argument array ARG_LIST. */ #define ARG_NEXT(storage, type) \ do \ { \ if (!arg_list) \ storage = va_arg (arg_ptr, type); \ else \ storage = *((type *) (arg_list[arg_counter++])); \ } \ while (0) /* The MAKE_SPACE macro is used before each store operation to ensure that the buffer is large enough. It requires a global context named C and jumps out to the label LEAVE on error! It also sets ERROFF using the variables BUFFER and P. */ #define MAKE_SPACE(n) do { \ gpg_err_code_t _ms_err = make_space (&c, (n)); \ if (_ms_err) \ { \ err = _ms_err; \ *erroff = p - buffer; \ goto leave; \ } \ } while (0) /* The STORE_LEN macro is used to store the length N at buffer P. */ #define STORE_LEN(p,n) do { \ DATALEN ashort = (n); \ memcpy ( (p), &ashort, sizeof(ashort) ); \ (p) += sizeof (ashort); \ } while (0) /* We assume that the internal representation takes less memory than the provided one. However, we add space for one extra datalen so that the code which does the ST_CLOSE can use MAKE_SPACE */ c.allocated = length + sizeof(DATALEN); if (length && _gcry_is_secure (buffer)) c.sexp = xtrymalloc_secure (sizeof *c.sexp + c.allocated - 1); else c.sexp = xtrymalloc (sizeof *c.sexp + c.allocated - 1); if (!c.sexp) { err = gpg_err_code_from_errno (errno); *erroff = 0; goto leave; } c.pos = c.sexp->d; for (p = buffer, n = length; n; p++, n--) { if (tokenp && !hexfmt) { if (strchr (tokenchars, *p)) continue; else { datalen = p - tokenp; MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); memcpy (c.pos, tokenp, datalen); c.pos += datalen; tokenp = NULL; } } if (quoted) { if (quoted_esc) { switch (*p) { case 'b': case 't': case 'v': case 'n': case 'f': case 'r': case '"': case '\'': case '\\': quoted_esc = 0; break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': if (!((n > 2) && (p[1] >= '0') && (p[1] <= '7') && (p[2] >= '0') && (p[2] <= '7'))) { *erroff = p - buffer; /* Invalid octal value. */ err = GPG_ERR_SEXP_BAD_QUOTATION; goto leave; } p += 2; n -= 2; quoted_esc = 0; break; case 'x': if (!((n > 2) && hexdigitp (p+1) && hexdigitp (p+2))) { *erroff = p - buffer; /* Invalid hex value. */ err = GPG_ERR_SEXP_BAD_QUOTATION; goto leave; } p += 2; n -= 2; quoted_esc = 0; break; case '\r': /* ignore CR[,LF] */ if (n && (p[1] == '\n')) { p++; n--; } quoted_esc = 0; break; case '\n': /* ignore LF[,CR] */ if (n && (p[1] == '\r')) { p++; n--; } quoted_esc = 0; break; default: *erroff = p - buffer; /* Invalid quoted string escape. */ err = GPG_ERR_SEXP_BAD_QUOTATION; goto leave; } } else if (*p == '\\') quoted_esc = 1; else if (*p == '\"') { /* Keep it easy - we know that the unquoted string will never be larger. */ unsigned char *save; size_t len; quoted++; /* Skip leading quote. */ MAKE_SPACE (p - quoted); *c.pos++ = ST_DATA; save = c.pos; STORE_LEN (c.pos, 0); /* Will be fixed up later. */ len = unquote_string (quoted, p - quoted, c.pos); c.pos += len; STORE_LEN (save, len); quoted = NULL; } } else if (hexfmt) { if (isxdigit (*p)) hexcount++; else if (*p == '#') { if ((hexcount & 1)) { *erroff = p - buffer; err = GPG_ERR_SEXP_ODD_HEX_NUMBERS; goto leave; } datalen = hexcount / 2; MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); for (hexfmt++; hexfmt < p; hexfmt++) { int tmpc; if (whitespacep (hexfmt)) continue; tmpc = hextonibble (*(const unsigned char*)hexfmt); for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++) ; if (hexfmt < p) { tmpc *= 16; tmpc += hextonibble (*(const unsigned char*)hexfmt); } *c.pos++ = tmpc; } hexfmt = NULL; } else if (!whitespacep (p)) { *erroff = p - buffer; err = GPG_ERR_SEXP_BAD_HEX_CHAR; goto leave; } } else if (base64) { if (digitp (p) || alphap (p) || *p == '+' || *p == '/' || *p == '=') b64count++; else if (*p == '|') { gpgrt_b64state_t b64state; char *b64buf; int i; base64++; /* Skip beginning '|' */ b64buf = xtrymalloc (b64count); if (!b64buf) { err = gpg_err_code_from_syserror (); goto leave; } memcpy (b64buf, base64, b64count); b64state = gpgrt_b64dec_start (NULL); if (!b64state) { err = gpg_err_code_from_syserror (); xfree (b64buf); goto leave; } err = gpgrt_b64dec_proc (b64state, b64buf, b64count, &datalen); if (err && gpg_err_code (err) != GPG_ERR_EOF) { xfree (b64state); xfree (b64buf); goto leave; } err = gpgrt_b64dec_finish (b64state); if (err) { xfree (b64buf); goto leave; } MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); for (i = 0; i < datalen; i++) *c.pos++ = b64buf[i]; xfree (b64buf); base64 = NULL; } else { *erroff = p - buffer; err = GPG_ERR_SEXP_BAD_CHARACTER; goto leave; } } else if (digptr) { if (digitp (p)) ; else if (*p == ':') { datalen = atoi (digptr); /* FIXME: check for overflow. */ digptr = NULL; if (datalen > n - 1) { *erroff = p - buffer; /* Buffer too short. */ err = GPG_ERR_SEXP_STRING_TOO_LONG; goto leave; } /* Make a new list entry. */ MAKE_SPACE (datalen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, datalen); memcpy (c.pos, p + 1, datalen); c.pos += datalen; n -= datalen; p += datalen; } else if (*p == '\"') { digptr = NULL; /* We ignore the optional length. */ quoted = p; quoted_esc = 0; } else if (*p == '#') { digptr = NULL; /* We ignore the optional length. */ hexfmt = p; hexcount = 0; } else if (*p == '|') { digptr = NULL; /* We ignore the optional length. */ base64 = p; b64count = 0; } else { *erroff = p - buffer; err = GPG_ERR_SEXP_INV_LEN_SPEC; goto leave; } } else if (percent) { if (*p == 'm' || *p == 'M') { /* Insert an MPI. */ gcry_mpi_t m; size_t nm = 0; int mpifmt = *p == 'm'? GCRYMPI_FMT_STD: GCRYMPI_FMT_USG; ARG_NEXT (m, gcry_mpi_t); if (mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE)) { void *mp; unsigned int nbits; mp = mpi_get_opaque (m, &nbits); nm = (nbits+7)/8; if (mp && nm) { MAKE_SPACE (nm); if (!_gcry_is_secure (c.sexp->d) && mpi_get_flag (m, GCRYMPI_FLAG_SECURE)) { /* We have to switch to secure allocation. */ gcry_sexp_t newsexp; byte *newhead; newsexp = xtrymalloc_secure (sizeof *newsexp + c.allocated - 1); if (!newsexp) { err = gpg_err_code_from_errno (errno); goto leave; } newhead = newsexp->d; memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); c.pos = newhead + (c.pos - c.sexp->d); xfree (c.sexp); c.sexp = newsexp; } *c.pos++ = ST_DATA; STORE_LEN (c.pos, nm); memcpy (c.pos, mp, nm); c.pos += nm; } } else { + if (mpifmt == GCRYMPI_FMT_USG && mpi_cmp_ui (m, 0) < 0) + { + err = GPG_ERR_INV_ARG; + goto leave; + } + err = _gcry_mpi_print (mpifmt, NULL, 0, &nm, m); if (err) goto leave; MAKE_SPACE (nm); if (!_gcry_is_secure (c.sexp->d) && mpi_get_flag ( m, GCRYMPI_FLAG_SECURE)) { /* We have to switch to secure allocation. */ gcry_sexp_t newsexp; byte *newhead; newsexp = xtrymalloc_secure (sizeof *newsexp + c.allocated - 1); if (!newsexp) { err = gpg_err_code_from_errno (errno); goto leave; } newhead = newsexp->d; memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); c.pos = newhead + (c.pos - c.sexp->d); xfree (c.sexp); c.sexp = newsexp; } *c.pos++ = ST_DATA; STORE_LEN (c.pos, nm); err = _gcry_mpi_print (mpifmt, c.pos, nm, &nm, m); if (err) goto leave; c.pos += nm; } } else if (*p == 's') { /* Insert an string. */ const char *astr; size_t alen; ARG_NEXT (astr, const char *); alen = strlen (astr); MAKE_SPACE (alen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, astr, alen); c.pos += alen; } else if (*p == 'b') { /* Insert a memory buffer. */ const char *astr; int alen; ARG_NEXT (alen, int); ARG_NEXT (astr, const char *); if (alen < 0) { *erroff = p - buffer; err = GPG_ERR_INV_ARG; goto leave; } MAKE_SPACE (alen); if (alen && !_gcry_is_secure (c.sexp->d) && _gcry_is_secure (astr)) { /* We have to switch to secure allocation. */ gcry_sexp_t newsexp; byte *newhead; newsexp = xtrymalloc_secure (sizeof *newsexp + c.allocated - 1); if (!newsexp) { err = gpg_err_code_from_errno (errno); goto leave; } newhead = newsexp->d; memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); c.pos = newhead + (c.pos - c.sexp->d); xfree (c.sexp); c.sexp = newsexp; } *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, astr, alen); c.pos += alen; } else if (*p == 'd') { /* Insert an integer as string. */ int aint; size_t alen; char buf[35]; ARG_NEXT (aint, int); snprintf (buf, sizeof buf, "%d", aint); alen = strlen (buf); MAKE_SPACE (alen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, buf, alen); c.pos += alen; } else if (*p == 'u') { /* Insert an unsigned integer as string. */ unsigned int aint; size_t alen; char buf[35]; ARG_NEXT (aint, unsigned int); snprintf (buf, sizeof buf, "%u", aint); alen = strlen (buf); MAKE_SPACE (alen); *c.pos++ = ST_DATA; STORE_LEN (c.pos, alen); memcpy (c.pos, buf, alen); c.pos += alen; } else if (*p == 'S') { /* Insert a gcry_sexp_t. */ gcry_sexp_t asexp; size_t alen, aoff; ARG_NEXT (asexp, gcry_sexp_t); alen = get_internal_buffer (asexp, &aoff); if (alen) { MAKE_SPACE (alen); memcpy (c.pos, asexp->d + aoff, alen); c.pos += alen; } } else { *erroff = p - buffer; /* Invalid format specifier. */ err = GPG_ERR_SEXP_INV_LEN_SPEC; goto leave; } percent = NULL; } else if (*p == '(') { if (disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_UNMATCHED_DH; goto leave; } MAKE_SPACE (0); *c.pos++ = ST_OPEN; level++; } else if (*p == ')') { /* Walk up. */ if (disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_UNMATCHED_DH; goto leave; } if (level == 0) { *erroff = p - buffer; err = GPG_ERR_SEXP_UNMATCHED_PAREN; goto leave; } MAKE_SPACE (0); *c.pos++ = ST_CLOSE; level--; } else if (*p == '\"') { quoted = p; quoted_esc = 0; } else if (*p == '#') { hexfmt = p; hexcount = 0; } else if (*p == '|') { base64 = p; b64count = 0; } else if (*p == '[') { if (disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_NESTED_DH; goto leave; } disphint = p; } else if (*p == ']') { if (!disphint) { *erroff = p - buffer; /* Open display hint. */ err = GPG_ERR_SEXP_UNMATCHED_DH; goto leave; } disphint = NULL; } else if (digitp (p)) { if (*p == '0') { /* A length may not begin with zero. */ *erroff = p - buffer; err = GPG_ERR_SEXP_ZERO_PREFIX; goto leave; } digptr = p; } else if (strchr (tokenchars, *p)) tokenp = p; else if (whitespacep (p)) ; else if (*p == '{') { /* fixme: handle rescanning: we can do this by saving our current state and start over at p+1 -- Hmmm. At this point here we are in a well defined state, so we don't need to save it. Great. */ *erroff = p - buffer; err = GPG_ERR_SEXP_UNEXPECTED_PUNC; goto leave; } else if (strchr ("&\\", *p)) { /* Reserved punctuation. */ *erroff = p - buffer; err = GPG_ERR_SEXP_UNEXPECTED_PUNC; goto leave; } else if (argflag && (*p == '%')) percent = p; else { /* Bad or unavailable. */ *erroff = p - buffer; err = GPG_ERR_SEXP_BAD_CHARACTER; goto leave; } } MAKE_SPACE (0); *c.pos++ = ST_STOP; if (level && !err) err = GPG_ERR_SEXP_UNMATCHED_PAREN; leave: if (err) { /* Error -> deallocate. */ if (c.sexp) { /* Extra paranoid wipe on error. */ if (_gcry_is_secure (c.sexp)) wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1); xfree (c.sexp); } } else *retsexp = normalize (c.sexp); return err; #undef MAKE_SPACE #undef STORE_LEN } static gpg_err_code_t do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length, int argflag, void **arg_list, ...) { gcry_err_code_t rc; va_list arg_ptr; va_start (arg_ptr, arg_list); rc = do_vsexp_sscan (retsexp, erroff, buffer, length, argflag, arg_list, arg_ptr); va_end (arg_ptr); return rc; } gpg_err_code_t _gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, const char *format, ...) { gcry_err_code_t rc; va_list arg_ptr; va_start (arg_ptr, format); rc = do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1, NULL, arg_ptr); va_end (arg_ptr); return rc; } gcry_err_code_t _gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff, const char *format, va_list arg_ptr) { return do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1, NULL, arg_ptr); } /* Like gcry_sexp_build, but uses an array instead of variable function arguments. */ gcry_err_code_t _gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff, const char *format, void **arg_list) { return do_sexp_sscan (retsexp, erroff, format, strlen(format), 1, arg_list); } gcry_err_code_t _gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length) { return do_sexp_sscan (retsexp, erroff, buffer, length, 0, NULL); } /* Figure out a suitable encoding for BUFFER of LENGTH. Returns: 0 = Binary 1 = String possible 2 = Token possible */ static int suitable_encoding (const unsigned char *buffer, size_t length) { const unsigned char *s; int maybe_token = 1; if (!length) return 1; if (*buffer & 0x80) return 0; /* If the MSB is set we assume that buffer represents a negative number. */ if (!*buffer) return 0; /* Starting with a zero is pretty much a binary string. */ for (s=buffer; length; s++, length--) { if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)) && !strchr ("\b\t\v\n\f\r\"\'\\", *s)) return 0; /*binary*/ if ( maybe_token && !alphap (s) && !digitp (s) && !strchr (TOKEN_SPECIALS, *s)) maybe_token = 0; } s = buffer; if ( maybe_token && !digitp (s) ) return 2; return 1; } static int convert_to_hex (const unsigned char *src, size_t len, char *dest) { int i; if (dest) { *dest++ = '#'; for (i=0; i < len; i++, dest += 2 ) snprintf (dest, 3, "%02X", src[i]); *dest++ = '#'; } return len*2+2; } static int convert_to_string (const unsigned char *s, size_t len, char *dest) { if (dest) { char *p = dest; *p++ = '\"'; for (; len; len--, s++ ) { switch (*s) { case '\b': *p++ = '\\'; *p++ = 'b'; break; case '\t': *p++ = '\\'; *p++ = 't'; break; case '\v': *p++ = '\\'; *p++ = 'v'; break; case '\n': *p++ = '\\'; *p++ = 'n'; break; case '\f': *p++ = '\\'; *p++ = 'f'; break; case '\r': *p++ = '\\'; *p++ = 'r'; break; case '\"': *p++ = '\\'; *p++ = '\"'; break; case '\'': *p++ = '\\'; *p++ = '\''; break; case '\\': *p++ = '\\'; *p++ = '\\'; break; default: if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0))) { snprintf (p, 5, "\\x%02x", *s); p += 4; } else *p++ = *s; } } *p++ = '\"'; return p - dest; } else { int count = 2; for (; len; len--, s++ ) { switch (*s) { case '\b': case '\t': case '\v': case '\n': case '\f': case '\r': case '\"': case '\'': case '\\': count += 2; break; default: if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0))) count += 4; else count++; } } return count; } } static int convert_to_token (const unsigned char *src, size_t len, char *dest) { if (dest) memcpy (dest, src, len); return len; } /**************** * Print SEXP to buffer using the MODE. Returns the length of the * SEXP in buffer or 0 if the buffer is too short (We have at least an * empty list consisting of 2 bytes). If a buffer of NULL is provided, * the required length is returned. */ size_t _gcry_sexp_sprint (const gcry_sexp_t list, int mode, void *buffer, size_t maxlength ) { static unsigned char empty[3] = { ST_OPEN, ST_CLOSE, ST_STOP }; const unsigned char *s; char *d; DATALEN n; char numbuf[20]; size_t len = 0; int i, indent = 0; s = list? list->d : empty; d = buffer; while ( *s != ST_STOP ) { switch ( *s ) { case ST_OPEN: s++; if ( mode != GCRYSEXP_FMT_CANON ) { if (indent) len++; len += indent; } len++; if ( buffer ) { if ( len >= maxlength ) return 0; if ( mode != GCRYSEXP_FMT_CANON ) { if (indent) *d++ = '\n'; for (i=0; i < indent; i++) *d++ = ' '; } *d++ = '('; } indent++; break; case ST_CLOSE: s++; len++; if ( buffer ) { if ( len >= maxlength ) return 0; *d++ = ')'; } indent--; if (*s != ST_OPEN && *s != ST_STOP && mode != GCRYSEXP_FMT_CANON) { len++; len += indent; if (buffer) { if (len >= maxlength) return 0; *d++ = '\n'; for (i=0; i < indent; i++) *d++ = ' '; } } break; case ST_DATA: s++; memcpy ( &n, s, sizeof n ); s += sizeof n; if (mode == GCRYSEXP_FMT_ADVANCED) { int type; size_t nn; switch ( (type=suitable_encoding (s, n))) { case 1: nn = convert_to_string (s, n, NULL); break; case 2: nn = convert_to_token (s, n, NULL); break; default: nn = convert_to_hex (s, n, NULL); break; } len += nn; if (buffer) { if (len >= maxlength) return 0; switch (type) { case 1: convert_to_string (s, n, d); break; case 2: convert_to_token (s, n, d); break; default: convert_to_hex (s, n, d); break; } d += nn; } if (s[n] != ST_CLOSE) { len++; if (buffer) { if (len >= maxlength) return 0; *d++ = ' '; } } } else { snprintf (numbuf, sizeof numbuf, "%u:", (unsigned int)n ); len += strlen (numbuf) + n; if ( buffer ) { if ( len >= maxlength ) return 0; d = stpcpy ( d, numbuf ); memcpy ( d, s, n ); d += n; } } s += n; break; default: BUG (); } } if ( mode != GCRYSEXP_FMT_CANON ) { len++; if (buffer) { if ( len >= maxlength ) return 0; *d++ = '\n'; } } if (buffer) { if ( len >= maxlength ) return 0; *d++ = 0; /* for convenience we make a C string */ } else len++; /* we need one byte more for this */ return len; } /* Scan a canonical encoded buffer with implicit length values and return the actual length this S-expression uses. For a valid S-Exp it should never return 0. If LENGTH is not zero, the maximum length to scan is given - this can be used for syntax checks of data passed from outside. errorcode and erroff may both be passed as NULL. */ size_t _gcry_sexp_canon_len (const unsigned char *buffer, size_t length, size_t *erroff, gcry_err_code_t *errcode) { const unsigned char *p; const unsigned char *disphint = NULL; unsigned int datalen = 0; size_t dummy_erroff; gcry_err_code_t dummy_errcode; size_t count = 0; int level = 0; if (!erroff) erroff = &dummy_erroff; if (!errcode) errcode = &dummy_errcode; *errcode = GPG_ERR_NO_ERROR; *erroff = 0; if (!buffer) return 0; if (*buffer != '(') { *errcode = GPG_ERR_SEXP_NOT_CANONICAL; return 0; } for (p=buffer; ; p++, count++ ) { if (length && count >= length) { *erroff = count; *errcode = GPG_ERR_SEXP_STRING_TOO_LONG; return 0; } if (datalen) { if (*p == ':') { if (length && (count+datalen) >= length) { *erroff = count; *errcode = GPG_ERR_SEXP_STRING_TOO_LONG; return 0; } count += datalen; p += datalen; datalen = 0; } else if (digitp(p)) datalen = datalen*10 + atoi_1(p); else { *erroff = count; *errcode = GPG_ERR_SEXP_INV_LEN_SPEC; return 0; } } else if (*p == '(') { if (disphint) { *erroff = count; *errcode = GPG_ERR_SEXP_UNMATCHED_DH; return 0; } level++; } else if (*p == ')') { /* walk up */ if (!level) { *erroff = count; *errcode = GPG_ERR_SEXP_UNMATCHED_PAREN; return 0; } if (disphint) { *erroff = count; *errcode = GPG_ERR_SEXP_UNMATCHED_DH; return 0; } if (!--level) return ++count; /* ready */ } else if (*p == '[') { if (disphint) { *erroff = count; *errcode = GPG_ERR_SEXP_NESTED_DH; return 0; } disphint = p; } else if (*p == ']') { if ( !disphint ) { *erroff = count; *errcode = GPG_ERR_SEXP_UNMATCHED_DH; return 0; } disphint = NULL; } else if (digitp (p) ) { if (*p == '0') { *erroff = count; *errcode = GPG_ERR_SEXP_ZERO_PREFIX; return 0; } datalen = atoi_1 (p); } else if (*p == '&' || *p == '\\') { *erroff = count; *errcode = GPG_ERR_SEXP_UNEXPECTED_PUNC; return 0; } else { *erroff = count; *errcode = GPG_ERR_SEXP_BAD_CHARACTER; return 0; } } } /* Extract MPIs from an s-expression using a list of parameters. The * names of these parameters are given by the string LIST. Some * special characters may be given to control the conversion: * * + :: Switch to unsigned integer format (default). * - :: Switch to standard signed format. * / :: Switch to opaque format * & :: Switch to buffer descriptor mode - see below. * %s :: Switch to allocated string arguments. * %#s :: Switch to allocated string arguments for a list of string flags. * %u :: Switch to unsigned integer arguments. * %lu :: Switch to unsigned long integer arguments. * %zu :: Switch to size_t arguments. * %d :: Switch to signed integer arguments. * %ld :: Switch to signed long integer arguments. * ? :: The previous parameter is optional. * * In general parameter names are single letters. To use a string for * a parameter name, enclose the name in single quotes. * * Unless in gcry_buffer_t mode for each parameter name a pointer to * an MPI variable is expected that must be set to NULL prior to * invoking this function, and finally a NULL is expected. Example: * * _gcry_sexp_extract_param (key, NULL, "n/x+ed", * &mpi_n, &mpi_x, &mpi_e, NULL) * * This stores the parameter "N" from KEY as an unsigned MPI into * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the * parameter "E" again as an unsigned MPI into MPI_E. * * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor * is expected instead of a pointer to an MPI. The caller may use two * different operation modes: If the DATA field of the provided buffer * descriptor is NULL, the function allocates a new buffer and stores * it at DATA; the other fields are set accordingly with OFF being 0. * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF * describe a buffer where to but the data; on return the LEN field * receives the number of bytes copied to that buffer; if the buffer * is too small, the function immediately returns with an error code * (and LEN set to 0). * * For a flag list ("%#s") which has other lists as elements these * sub-lists are skipped and a indicated by "()" in the output. * * PATH is an optional string used to locate a token. The exclamation * mark separated tokens are used to via gcry_sexp_find_token to find * a start point inside SEXP. * * The function returns 0 on success. On error an error code is * returned, all passed MPIs that might have been allocated up to this * point are deallocated and set to NULL, and all passed buffers are * either truncated if the caller supplied the buffer, or deallocated * if the function allocated the buffer. */ gpg_err_code_t _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, const char *list, va_list arg_ptr) { gpg_err_code_t rc; const char *s, *s2; void **array[20]; char arrayisdesc[20]; int idx, i; gcry_sexp_t l1 = NULL; int mode = '+'; /* Default to GCRYMPI_FMT_USG. */ int submode = 0; gcry_sexp_t freethis = NULL; char *tmpstr = NULL; /* Values in ARRAYISDESC describing what the ARRAY holds. * 0 - MPI * 1 - gcry_buffer_t provided by caller. * 2 - gcry_buffer_t allocated by us. * 's' - String allocated by us. * 'x' - Ignore */ memset (arrayisdesc, 0, sizeof arrayisdesc); /* First copy all the args into an array. This is required so that we are able to release already allocated MPIs if later an error was found. */ for (s=list, idx=0; *s && idx < DIM (array); s++) { if (*s == '&' || *s == '+' || *s == '-' || *s == '/' || *s == '?') ; else if (*s == '%') { s++; if (*s == 'l' && (s[1] == 'u' || s[1] == 'd')) s++; else if (*s == 'z' && s[1] == 'u') s++; else if (*s == '#' && s[1] == 's') s++; continue; } else if (whitespacep (s)) ; else { if (*s == '\'') { s++; s2 = strchr (s, '\''); if (!s2 || s2 == s) { /* Closing quote not found or empty string. */ return GPG_ERR_SYNTAX; } s = s2; } array[idx] = va_arg (arg_ptr, void *); if (!array[idx]) return GPG_ERR_MISSING_VALUE; /* NULL pointer given. */ idx++; } } if (*s) return GPG_ERR_LIMIT_REACHED; /* Too many list elements. */ if (va_arg (arg_ptr, gcry_mpi_t *)) return GPG_ERR_INV_ARG; /* Not enough list elemends. */ /* Drill down. */ while (path && *path) { size_t n; s = strchr (path, '!'); if (s == path) { rc = GPG_ERR_NOT_FOUND; goto cleanup; } n = s? s - path : 0; l1 = _gcry_sexp_find_token (sexp, path, n); if (!l1) { rc = GPG_ERR_NOT_FOUND; goto cleanup; } sexp = l1; l1 = NULL; sexp_release (freethis); freethis = sexp; if (n) path += n + 1; else path = NULL; } /* Now extract all parameters. */ for (s=list, idx=0; *s; s++) { if (*s == '&' || *s == '+' || *s == '-' || *s == '/') mode = *s; else if (*s == '%') { s++; if (!*s) continue; /* Ignore at end of format. */ if (*s == 's' || *s == 'd' || *s == 'u') { mode = *s; submode = 0; } else if (*s == 'l' && (s[1] == 'u' || s[1] == 'd')) { mode = s[1]; submode = 'l'; s++; } else if (*s == 'z' && s[1] == 'u') { mode = s[1]; submode = 'z'; s++; } else if (*s == '#' && s[1] == 's') { mode = s[1]; submode = '#'; s++; } continue; } else if (whitespacep (s)) ; else if (*s == '?') ; /* Only used via lookahead. */ else { if (*s == '\'') { /* Find closing quote, find token, set S to closing quote. */ s++; s2 = strchr (s, '\''); if (!s2 || s2 == s) { /* Closing quote not found or empty string. */ rc = GPG_ERR_SYNTAX; goto cleanup; } l1 = _gcry_sexp_find_token (sexp, s, s2 - s); s = s2; } else l1 = _gcry_sexp_find_token (sexp, s, 1); if (!l1 && s[1] == '?') { /* Optional element not found. */ if (mode == '&') { gcry_buffer_t *spec = (gcry_buffer_t*)array[idx]; if (!spec->data) { spec->size = 0; spec->off = 0; } spec->len = 0; } else if (mode == 's') { *array[idx] = NULL; arrayisdesc[idx] = 's'; } else if (mode == 'd') { if (submode == 'l') *(long *)array[idx] = 0; else *(int *)array[idx] = 0; arrayisdesc[idx] = 'x'; } else if (mode == 'u') { if (submode == 'l') *(unsigned long *)array[idx] = 0; else if (submode == 'z') *(size_t *)array[idx] = 0; else *(unsigned int *)array[idx] = 0; arrayisdesc[idx] = 'x'; } else *array[idx] = NULL; } else if (!l1) { rc = GPG_ERR_NO_OBJ; /* List element not found. */ goto cleanup; } else { if (mode == '&') { gcry_buffer_t *spec = (gcry_buffer_t*)array[idx]; if (spec->data) { const char *pbuf; size_t nbuf; pbuf = _gcry_sexp_nth_data (l1, 1, &nbuf); if (!pbuf || !nbuf) { rc = GPG_ERR_INV_OBJ; goto cleanup; } if (spec->off + nbuf > spec->size) { rc = GPG_ERR_BUFFER_TOO_SHORT; goto cleanup; } memcpy ((char*)spec->data + spec->off, pbuf, nbuf); spec->len = nbuf; arrayisdesc[idx] = 1; } else { spec->data = _gcry_sexp_nth_buffer (l1, 1, &spec->size); if (!spec->data) { rc = GPG_ERR_INV_OBJ; /* Or out of core. */ goto cleanup; } spec->len = spec->size; spec->off = 0; arrayisdesc[idx] = 2; } } else if (mode == 's') { if (submode == '#') { size_t needed = 0; size_t n; int l1len; char *p; l1len = l1? sexp_length (l1) : 0; for (i = 1; i < l1len; i++) { s2 = sexp_nth_data (l1, i, &n); if (!s2) n = 2; /* Not a data element; we use "()". */ needed += n + 1; } if (!needed) { *array[idx] = p = xtrymalloc (1); if (p) *p = 0; } else if ((*array[idx] = p = xtrymalloc (needed))) { for (i = 1; i < l1len; i++) { s2 = sexp_nth_data (l1, i, &n); if (!s2) memcpy (p, "()", (n=2)); else memcpy (p, s2, n); p[n] = ' '; p += n + 1; } if (p != *array[idx]) p[-1] = 0; } } else *array[idx] = _gcry_sexp_nth_string (l1, 1); if (!*array[idx]) { rc = gpg_err_code_from_syserror (); goto cleanup; } arrayisdesc[idx] = 's'; } else if (mode == 'd') { long along; xfree (tmpstr); tmpstr = _gcry_sexp_nth_string (l1, 1); if (!tmpstr) { rc = gpg_err_code_from_syserror (); goto cleanup; } along = strtol (tmpstr, NULL, 10); if (submode == 'l') *(long *)array[idx] = along; else *(int *)array[idx] = along; arrayisdesc[idx] = 'x'; } else if (mode == 'u') { long aulong; xfree (tmpstr); tmpstr = _gcry_sexp_nth_string (l1, 1); if (!tmpstr) { rc = gpg_err_code_from_syserror (); goto cleanup; } aulong = strtoul (tmpstr, NULL, 10); if (submode == 'l') *(unsigned long *)array[idx] = aulong; else if (submode == 'z') *(size_t *)array[idx] = aulong; else *(unsigned int *)array[idx] = aulong; arrayisdesc[idx] = 'x'; } else { if (mode == '/') *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_OPAQUE); else if (mode == '-') *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_STD); else *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_USG); if (!*array[idx]) { rc = GPG_ERR_INV_OBJ; /* Conversion failed. */ goto cleanup; } } sexp_release (l1); l1 = NULL; } idx++; } } xfree (tmpstr); sexp_release (freethis); return 0; cleanup: xfree (tmpstr); sexp_release (freethis); sexp_release (l1); while (idx--) { if (!arrayisdesc[idx]) { _gcry_mpi_release (*array[idx]); *array[idx] = NULL; } else if (arrayisdesc[idx] == 1) { /* Caller provided buffer. */ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx]; spec->len = 0; } else if (arrayisdesc[idx] == 2) { /* We might have allocated a buffer. */ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx]; xfree (spec->data); spec->data = NULL; spec->size = spec->off = spec->len = 0; } else if (arrayisdesc[idx] == 's') { /* We might have allocated a buffer. */ xfree (*array[idx]); *array[idx] = NULL; } } return rc; } gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path, const char *list, ...) { gcry_err_code_t rc; va_list arg_ptr; va_start (arg_ptr, list); rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr); va_end (arg_ptr); return rc; }