Initial merge attempt with gnutls_with_ext_mpi

1 files changed, 35 insertions, 139 deletions

diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index e6dc8bffa1..4e47c63c1e 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -33,7 +33,7 @@
 #include "main.h"
 #include "packet.h"
 #include "types.h"
-
+#include <gnutls_algorithms.h>
 
 /* The version of the MDC packet considering the lastest OpenPGP draft. */
 #define MDC_PKT_VER 1
@@ -86,10 +86,10 @@ read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
 
 
 static cdk_error_t
-read_mpi (cdk_stream_t inp, gcry_mpi_t *ret_m, int secure)
+read_mpi (cdk_stream_t inp, bigint_t *ret_m, int secure)
 {
-  gcry_mpi_t m;
-  gcry_error_t err;
+  bigint_t m;
+  int err;
   byte buf[MAX_MPI_BYTES+2];
   size_t nread, nbits;
   cdk_error_t rc;
@@ -116,11 +116,11 @@ read_mpi (cdk_stream_t inp, gcry_mpi_t *ret_m, int secure)
   
   buf[0] = nbits >> 8;
   buf[1] = nbits >> 0;
-  err = gcry_mpi_scan (&m, GCRYMPI_FMT_PGP, buf, nread+2, &nread);
-  if (err)
-    return map_gcry_error (err);
-  if (secure)
-    gcry_mpi_set_flag (m, GCRYMPI_FLAG_SECURE);    
+  nread+=2;
+  err = _gnutls_mpi_scan_pgp( &m, buf, nread);
+  if (err < 0)
+    return map_gnutls_error (err);
+
   *ret_m = m;
   return rc;
 }
@@ -163,98 +163,6 @@ _cdk_pkt_read_len (FILE *inp, size_t *ret_partial)
 
 
 static cdk_error_t
-read_encrypted (cdk_stream_t inp, size_t pktlen, cdk_pkt_encrypted_t enc,
-		int is_partial, int is_mdc)
-{
-  if (!inp || !enc)
-    return CDK_Inv_Value;
-
-  if (DEBUG_PKT)
-    _cdk_log_debug ("read_encrypted: %d octets\n", pktlen);
-  
-  if (is_mdc) 
-    {
-      int version = cdk_stream_getc (inp);
-      if (version != MDC_PKT_VER)
-	return CDK_Inv_Packet;
-      enc->mdc_method = CDK_MD_SHA1;
-      pktlen--;
-    }
-  /* The packet must at least contain blocksize + 2 octets. */
-  if (pktlen < 10)
-    return CDK_Inv_Packet;
-  if (is_partial)
-    _cdk_stream_set_blockmode (inp, pktlen);
-  enc->len = pktlen;
-  enc->buf = inp;
-  return 0;
-}
-
-
-static cdk_error_t
-read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske)
-{
-  cdk_s2k_t s2k;
-  size_t minlen;
-  size_t nread, nleft;
-  
-  if (!inp || !ske)
-    return CDK_Inv_Value;
-  
-  if (DEBUG_PKT)
-    _cdk_log_debug ("read_symkey_enc: %d octets\n", pktlen);
-  
-  ske->version = cdk_stream_getc (inp);
-  if (ske->version != 4 || cdk_stream_eof (inp))
-    return CDK_Inv_Packet;
-  
-  s2k = ske->s2k = cdk_calloc (1, sizeof *ske->s2k);
-  if (!ske->s2k)
-    return CDK_Out_Of_Core;
-  
-  ske->cipher_algo = cdk_stream_getc (inp);
-  s2k->mode = cdk_stream_getc (inp);
-  switch (s2k->mode)
-    {
-    case CDK_S2K_SIMPLE    : minlen = 0; break;
-    case CDK_S2K_SALTED    : minlen = 8; break;
-    case CDK_S2K_ITERSALTED: minlen = 9; break;
-      
-    default:
-      /* Invalid S2K mode. */
-      return CDK_Inv_Packet;
-    }
-  
-  s2k->hash_algo = cdk_stream_getc (inp);
-  if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
-    {
-      if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
-	return CDK_Inv_Packet;
-      if (nread != DIM (s2k->salt))
-	return CDK_Inv_Packet;
-      
-      if (s2k->mode == CDK_S2K_ITERSALTED)
-	s2k->count = cdk_stream_getc (inp);
-    }
-  
-  ske->seskeylen = pktlen - 4 - minlen;
-  /* We check if there is an encrypted session key and if it fits into
-     the buffer. The maximal key length is 256-bit. */
-  if (ske->seskeylen > DIM (ske->seskey))
-    return CDK_Inv_Packet;
-  nleft = ske->seskeylen;
-  for (nread = 0; nread < ske->seskeylen; nread++)
-    {
-      ske->seskey[nread] = cdk_stream_getc (inp);
-      if (cdk_stream_eof (inp) && --nleft > 0)
-	return CDK_Inv_Packet;
-    }
-  
-  return 0;
-}
-
-
-static cdk_error_t
 read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
 {
   size_t i, nenc;
@@ -274,7 +182,7 @@ read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
   pke->keyid[1] = read_32 (inp);
   if (!pke->keyid[0] && !pke->keyid[1])
     pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
-  pke->pubkey_algo = cdk_stream_getc (inp);
+  pke->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc (inp));
   nenc = cdk_pk_get_nenc (pke->pubkey_algo);
   if (!nenc)
     return CDK_Inv_Algo;
@@ -361,10 +269,11 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
 	pk->expiredate = pk->timestamp + ndays * 86400L;
     }
   
-  pk->pubkey_algo = cdk_stream_getc (inp);
+  pk->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc (inp));
   npkey = cdk_pk_get_npkey (pk->pubkey_algo);
   if (!npkey)
     {
+      gnutls_assert();
       _cdk_log_debug ("invalid public key algorithm %d\n", pk->pubkey_algo);
       return CDK_Inv_Algo;
     }  
@@ -390,7 +299,6 @@ read_public_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
   return read_public_key (inp, pktlen, pk);
 }
 
-
 static cdk_error_t
 read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
 {
@@ -414,15 +322,15 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
   if (sk->s2k_usage == 254 || sk->s2k_usage == 255)
     {
       sk->protect.sha1chk = (sk->s2k_usage == 254);
-      sk->protect.algo = cdk_stream_getc (inp);
+      sk->protect.algo = _pgp_cipher_to_gnutls(cdk_stream_getc (inp));
       sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k);
       if (!sk->protect.s2k)
 	return CDK_Out_Of_Core;
       rc = read_s2k (inp, sk->protect.s2k);
       if (rc) 
 	return rc;
-      sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
-      if (!sk->protect.ivlen)
+      sk->protect.ivlen = _gnutls_cipher_get_block_size (sk->protect.algo);
+      if (sk->protect.ivlen <= 0)
 	return CDK_Inv_Packet;
       rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
       if (rc)
@@ -431,13 +339,15 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
 	return CDK_Inv_Packet;
     }
   else
-    sk->protect.algo = sk->s2k_usage;
-  if (sk->protect.algo == GCRY_CIPHER_NONE)
+    sk->protect.algo = _pgp_cipher_to_gnutls(sk->s2k_usage);
+  if (sk->protect.algo == GNUTLS_CIPHER_NULL)
     {
       sk->csum = 0;
       nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
-      if (!nskey)
+      if (!nskey) {
+        gnutls_assert();
 	return CDK_Inv_Algo;
+      }
       for (i = 0; i < nskey; i++)
 	{
 	  rc = read_mpi (inp, &sk->mpi[i], 1);
@@ -447,12 +357,14 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
       sk->csum = read_16 (inp);
       sk->is_protected = 0;
     }
-  else if (sk->pk->version < 4) 
+  else if (sk->pk->version < 4)
     {    
       /* The length of each multiprecision integer is stored in plaintext. */
       nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
-      if (!nskey)
+      if (!nskey) {
+        gnutls_assert();
 	return CDK_Inv_Algo;
+      }
       for (i = 0; i < nskey; i++) 
 	{
 	  rc = read_mpi (inp, &sk->mpi[i], 1);
@@ -462,7 +374,7 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
       sk->csum = read_16 (inp);
       sk->is_protected = 1;
     }  
-  else 
+  else
     {
       /* We need to read the rest of the packet because we do not
        have any information how long the encrypted mpi's are */
@@ -477,8 +389,10 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
       if (stream_read (inp, sk->encdata, sk->enclen, &nread))
 	return CDK_Inv_Packet;
       nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
-      if (!nskey)
+      if (!nskey) {
+        gnutls_assert();
 	return CDK_Inv_Algo;
+      }
       /* We mark each MPI entry with NULL to indicate a protected key. */
       for (i = 0; i < nskey; i++)
 	sk->mpi[i] = NULL;
@@ -668,8 +582,8 @@ read_onepass_sig (cdk_stream_t inp, size_t pktlen, cdk_pkt_onepass_sig_t sig)
   if (sig->version != 3)
     return CDK_Inv_Packet_Ver;
   sig->sig_class = cdk_stream_getc (inp);
-  sig->digest_algo = cdk_stream_getc (inp);
-  sig->pubkey_algo = cdk_stream_getc (inp);
+  sig->digest_algo = _pgp_hash_algo_to_gnutls(cdk_stream_getc (inp));
+  sig->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc (inp));
   sig->keyid[0] = read_32 (inp);
     sig->keyid[1] = read_32 (inp);
   sig->last = cdk_stream_getc (inp);
@@ -780,8 +694,8 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
       sig->timestamp = read_32 (inp);
       sig->keyid[0] = read_32 (inp);
       sig->keyid[1] = read_32 (inp);
-      sig->pubkey_algo = cdk_stream_getc (inp);
-      sig->digest_algo = cdk_stream_getc (inp);
+      sig->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc (inp));
+      sig->digest_algo = _pgp_hash_algo_to_gnutls(cdk_stream_getc (inp));
       sig->digest_start[0] = cdk_stream_getc (inp);
       sig->digest_start[1] = cdk_stream_getc (inp);
       nsig = cdk_pk_get_nsig (sig->pubkey_algo);
@@ -797,8 +711,8 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
   else 
     {
       sig->sig_class = cdk_stream_getc (inp);
-      sig->pubkey_algo = cdk_stream_getc (inp);
-      sig->digest_algo = cdk_stream_getc (inp);
+      sig->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc (inp));
+      sig->digest_algo = _pgp_hash_algo_to_gnutls(cdk_stream_getc (inp));
       sig->hashed_size = read_16 (inp);
       size = sig->hashed_size;
       sig->hashed = NULL;
@@ -870,7 +784,7 @@ read_literal (cdk_stream_t inp, size_t pktlen,
       rc = stream_read (inp, pt->name, pt->namelen, &nread);
       if (rc)
 	return rc;
-      if (nread != pt->namelen)
+      if ((int)nread != pt->namelen)
 	return CDK_Inv_Packet;
       pt->name[pt->namelen] = '\0';
     }
@@ -970,7 +884,6 @@ skip_packet (cdk_stream_t inp, size_t pktlen)
 cdk_error_t
 cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
 {
-  int use_mdc = 0;
   int ctb, is_newctb;
   int pkttype;
   size_t pktlen = 0, pktsize = 0, is_partial = 0;
@@ -1098,23 +1011,6 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
       rc = read_signature (inp, pktlen, pkt->pkt.signature);
       break;
       
-    case CDK_PKT_ENCRYPTED_MDC:
-    case CDK_PKT_ENCRYPTED:
-      pkt->pkt.encrypted = cdk_calloc (1, sizeof *pkt->pkt.encrypted);
-      if (!pkt->pkt.encrypted)
-	return CDK_Out_Of_Core;
-      use_mdc = (pkt->pkttype == CDK_PKT_ENCRYPTED_MDC) ? 1 : 0;
-      rc = read_encrypted (inp, pktlen, pkt->pkt.encrypted,
-			   is_partial, use_mdc);
-      break;
-      
-    case CDK_PKT_SYMKEY_ENC:
-      pkt->pkt.symkey_enc = cdk_calloc (1, sizeof *pkt->pkt.symkey_enc);
-      if (!pkt->pkt.symkey_enc)
-	return CDK_Out_Of_Core;
-      rc = read_symkey_enc (inp, pktlen, pkt->pkt.symkey_enc);
-      break;
-      
     case CDK_PKT_PUBKEY_ENC:
       pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
       if (!pkt->pkt.pubkey_enc)