"Fossies" - the Fresh Open Source Software Archive

Member "libksba-1.6.0/src/cms-parser.c" (2 Jun 2021, 33105 Bytes) of package /linux/privat/libksba-1.6.0.tar.bz2:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "cms-parser.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1.5.1_vs_1.6.0.

    1 /* cms-parse.c - parse cryptographic message syntax
    2  *      Copyright (C) 2001, 2012 g10 Code GmbH
    3  *
    4  * This file is part of KSBA.
    5  *
    6  * KSBA is free software; you can redistribute it and/or modify
    7  * it under the terms of either
    8  *
    9  *   - the GNU Lesser General Public License as published by the Free
   10  *     Software Foundation; either version 3 of the License, or (at
   11  *     your option) any later version.
   12  *
   13  * or
   14  *
   15  *   - the GNU General Public License as published by the Free
   16  *     Software Foundation; either version 2 of the License, or (at
   17  *     your option) any later version.
   18  *
   19  * or both in parallel, as here.
   20  *
   21  * KSBA is distributed in the hope that it will be useful, but WITHOUT
   22  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
   23  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
   24  * License for more details.
   25  *
   26  * You should have received a copies of the GNU General Public License
   27  * and the GNU Lesser General Public License along with this program;
   28  * if not, see <http://www.gnu.org/licenses/>.
   29  */
   30 
   31 /*
   32    We handle CMS by using a handcrafted parser for the outer
   33    structures and the generic parser of the parts we can handle in
   34    memory.  Extending the generic parser to allow hooks for indefinite
   35    length objects and to auto select the object depending on the
   36    content type OID is too complicated.
   37 */
   38 
   39 
   40 #include <config.h>
   41 #include <stdio.h>
   42 #include <stdlib.h>
   43 #include <string.h>
   44 #include <assert.h>
   45 #include "util.h"
   46 
   47 #include "cms.h"
   48 #include "asn1-func.h" /* need some constants */
   49 #include "ber-decoder.h"
   50 #include "ber-help.h"
   51 #include "keyinfo.h"
   52 
   53 static int
   54 read_byte (ksba_reader_t reader)
   55 {
   56   unsigned char buf;
   57   size_t nread;
   58   int rc;
   59 
   60   do
   61     rc = ksba_reader_read (reader, &buf, 1, &nread);
   62   while (!rc && !nread);
   63   return rc? -1: buf;
   64 }
   65 
   66 /* read COUNT bytes into buffer.  Return 0 on success */
   67 static int
   68 read_buffer (ksba_reader_t reader, char *buffer, size_t count)
   69 {
   70   size_t nread;
   71 
   72   while (count)
   73     {
   74       if (ksba_reader_read (reader, buffer, count, &nread))
   75         return -1;
   76       buffer += nread;
   77       count -= nread;
   78     }
   79   return 0;
   80 }
   81 
   82 /* Create a new decoder and run it for the given element */
   83 static gpg_error_t
   84 create_and_run_decoder (ksba_reader_t reader, const char *elem_name,
   85                         unsigned int flags,
   86                         AsnNode *r_root,
   87                         unsigned char **r_image, size_t *r_imagelen)
   88 {
   89   gpg_error_t err;
   90   ksba_asn_tree_t cms_tree;
   91   BerDecoder decoder;
   92 
   93   err = ksba_asn_create_tree ("cms", &cms_tree);
   94   if (err)
   95     return err;
   96 
   97   decoder = _ksba_ber_decoder_new ();
   98   if (!decoder)
   99     {
  100       ksba_asn_tree_release (cms_tree);
  101       return gpg_error (GPG_ERR_ENOMEM);
  102     }
  103 
  104   err = _ksba_ber_decoder_set_reader (decoder, reader);
  105   if (err)
  106     {
  107       ksba_asn_tree_release (cms_tree);
  108       _ksba_ber_decoder_release (decoder);
  109       return err;
  110     }
  111 
  112   err = _ksba_ber_decoder_set_module (decoder, cms_tree);
  113   if (err)
  114     {
  115       ksba_asn_tree_release (cms_tree);
  116       _ksba_ber_decoder_release (decoder);
  117       return err;
  118     }
  119 
  120   err = _ksba_ber_decoder_decode (decoder, elem_name, flags,
  121                                   r_root, r_image, r_imagelen);
  122 
  123   _ksba_ber_decoder_release (decoder);
  124   ksba_asn_tree_release (cms_tree);
  125   return err;
  126 }
  127 
  128 
  129 
  130 /* Parse this structure and return the oid of the content.  The read
  131    position is then located at the value of content.  This fucntion is
  132    the core for parsing ContentInfo and EncapsulatedContentInfo.
  133 
  134    ContentInfo ::= SEQUENCE {
  135       contentType ContentType,
  136       content [0] EXPLICIT ANY DEFINED BY contentType
  137    }
  138    ContentType ::= OBJECT IDENTIFIER
  139 
  140    Returns: 0 on success or an error code. Other values are returned
  141    by the parameters.
  142 
  143 */
  144 static gpg_error_t
  145 parse_content_info (ksba_reader_t reader,
  146                     unsigned long *r_len, int *r_ndef,
  147                     char **r_oid, int *has_content)
  148 {
  149   struct tag_info ti;
  150   gpg_error_t err;
  151   int content_ndef;
  152   unsigned long content_len;
  153   unsigned char oidbuf[100]; /* pretty large for an OID */
  154   char *oid = NULL;
  155 
  156   /* read the sequence triplet */
  157   err = _ksba_ber_read_tl (reader, &ti);
  158   if (err)
  159     return err;
  160   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
  161          && ti.is_constructed) )
  162     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  163   content_len = ti.length;
  164   content_ndef = ti.ndef;
  165   if (!content_ndef && content_len < 3)
  166     return gpg_error (GPG_ERR_TOO_SHORT); /* to encode an OID */
  167 
  168   /* read the OID */
  169   err = _ksba_ber_read_tl (reader, &ti);
  170   if (err)
  171     return err;
  172   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_OBJECT_ID
  173          && !ti.is_constructed && ti.length) )
  174     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  175   if (!content_ndef)
  176     {
  177       if (content_len < ti.nhdr)
  178         return gpg_error (GPG_ERR_BAD_BER); /* triplet header larger that sequence */
  179       content_len -= ti.nhdr;
  180       if (content_len < ti.length)
  181         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  182       content_len -= ti.length;
  183     }
  184 
  185   if (ti.length >= DIM(oidbuf))
  186     return gpg_error (GPG_ERR_TOO_LARGE);
  187   err = read_buffer (reader, oidbuf, ti.length);
  188   if (err)
  189     return err;
  190   oid = ksba_oid_to_str (oidbuf, ti.length);
  191   if (!oid)
  192     return gpg_error (GPG_ERR_ENOMEM);
  193 
  194   if (!content_ndef && !content_len)
  195     { /* no data */
  196       *has_content = 0;
  197     }
  198   else
  199     { /* now read the explicit tag 0 which is optional */
  200       err = _ksba_ber_read_tl (reader, &ti);
  201       if (err)
  202         {
  203           xfree (oid);
  204           return err;
  205         }
  206 
  207       if ( ti.class == CLASS_CONTEXT && ti.tag == 0 && ti.is_constructed )
  208         {
  209           *has_content = 1;
  210         }
  211       else if ( ti.class == CLASS_UNIVERSAL && ti.tag == 0 && !ti.is_constructed )
  212         {
  213           *has_content = 0; /* this is optional - allow NUL tag */
  214         }
  215       else /* neither [0] nor NULL */
  216         {
  217           xfree (oid);
  218           return gpg_error (GPG_ERR_INV_CMS_OBJ);
  219         }
  220       if (!content_ndef)
  221         {
  222           if (content_len < ti.nhdr)
  223             return gpg_error (GPG_ERR_BAD_BER); /* triplet header larger that sequence */
  224           content_len -= ti.nhdr;
  225           if (!ti.ndef && content_len < ti.length)
  226             return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  227         }
  228     }
  229   *r_len = content_len;
  230   *r_ndef = content_ndef;
  231   *r_oid = oid;
  232   return 0;
  233 }
  234 
  235 
  236 /* Parse this structure and return the oid of the content as well as
  237    the algorithm identifier.  The read position is then located at the
  238    value of the octect string.
  239 
  240    EncryptedContentInfo ::= SEQUENCE {
  241      contentType OBJECT IDENTIFIER,
  242      contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
  243      encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL }
  244 
  245    Returns: 0 on success or an error code. Other values are returned
  246    by the parameters.
  247 */
  248 static gpg_error_t
  249 parse_encrypted_content_info (ksba_reader_t reader,
  250                               unsigned long *r_len, int *r_ndef,
  251                               char **r_cont_oid, char **r_algo_oid,
  252                               char **r_algo_parm, size_t *r_algo_parmlen,
  253                               int *r_algo_parmtype,
  254                               int *has_content)
  255 {
  256   struct tag_info ti;
  257   gpg_error_t err;
  258   int content_ndef;
  259   unsigned long content_len;
  260   unsigned char tmpbuf[500]; /* for OID or algorithmIdentifier */
  261   char *cont_oid = NULL;
  262   char *algo_oid = NULL;
  263   char *algo_parm = NULL;
  264   size_t algo_parmlen;
  265   size_t nread;
  266   int algo_parmtype;
  267 
  268   /* Fixme: release oids in case of errors */
  269 
  270   /* read the sequence triplet */
  271   err = _ksba_ber_read_tl (reader, &ti);
  272   if (err)
  273     return err;
  274   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
  275          && ti.is_constructed) )
  276     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  277   content_len = ti.length;
  278   content_ndef = ti.ndef;
  279   if (!content_ndef && content_len < 3)
  280     return gpg_error (GPG_ERR_TOO_SHORT); /* to encode an OID */
  281 
  282   /* read the OID */
  283   err = _ksba_ber_read_tl (reader, &ti);
  284   if (err)
  285     return err;
  286   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_OBJECT_ID
  287          && !ti.is_constructed && ti.length) )
  288     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  289   if (!content_ndef)
  290     {
  291       if (content_len < ti.nhdr)
  292         return gpg_error (GPG_ERR_BAD_BER); /* triplet header larger that sequence */
  293       content_len -= ti.nhdr;
  294       if (content_len < ti.length)
  295         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  296       content_len -= ti.length;
  297     }
  298   if (ti.length >= DIM(tmpbuf))
  299     return gpg_error (GPG_ERR_TOO_LARGE);
  300   err = read_buffer (reader, tmpbuf, ti.length);
  301   if (err)
  302     return err;
  303   cont_oid = ksba_oid_to_str (tmpbuf, ti.length);
  304   if (!cont_oid)
  305     return gpg_error (GPG_ERR_ENOMEM);
  306 
  307   /* read the algorithmIdentifier */
  308   err = _ksba_ber_read_tl (reader, &ti);
  309   if (err)
  310     return err;
  311   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
  312          && ti.is_constructed) )
  313     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  314   if (!content_ndef)
  315     {
  316       if (content_len < ti.nhdr)
  317         return gpg_error (GPG_ERR_BAD_BER); /* triplet header larger that sequence */
  318       content_len -= ti.nhdr;
  319       if (content_len < ti.length)
  320         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  321       content_len -= ti.length;
  322     }
  323   if (ti.nhdr + ti.length >= DIM(tmpbuf))
  324     return gpg_error (GPG_ERR_TOO_LARGE);
  325   memcpy (tmpbuf, ti.buf, ti.nhdr);
  326   err = read_buffer (reader, tmpbuf+ti.nhdr, ti.length);
  327   if (err)
  328     return err;
  329   err = _ksba_parse_algorithm_identifier3 (tmpbuf, ti.nhdr+ti.length,
  330                                            0x30,
  331                                            &nread, &algo_oid,
  332                                            &algo_parm, &algo_parmlen,
  333                                            &algo_parmtype);
  334   if (err)
  335     return err;
  336   assert (nread <= ti.nhdr + ti.length);
  337   if (nread < ti.nhdr + ti.length)
  338     return gpg_error (GPG_ERR_TOO_SHORT);
  339 
  340   /* the optional encryptedDataInfo */
  341   *has_content = 0;
  342   if (content_ndef || content_len)
  343     { /* now read the implicit tag 0.  Actually this is optional but
  344          in that case we don't expect to have a content_len - well, it
  345          may be the end tag */
  346       err = _ksba_ber_read_tl (reader, &ti);
  347       if (err)
  348         {
  349           xfree (cont_oid);
  350           xfree (algo_oid);
  351           return err;
  352         }
  353 
  354       /* Note: the tag may either denote a constructed or a primitve
  355          object.  Actually this should match the use of NDEF header
  356          but we don't ceck that */
  357       if ( ti.class == CLASS_CONTEXT && ti.tag == 0 )
  358         {
  359           *has_content = 1;
  360           if (!content_ndef)
  361             {
  362               if (content_len < ti.nhdr)
  363                 return gpg_error (GPG_ERR_BAD_BER);
  364               content_len -= ti.nhdr;
  365               if (!ti.ndef && content_len < ti.length)
  366                 return gpg_error (GPG_ERR_BAD_BER);
  367             }
  368         }
  369       else /* not what we want - push it back */
  370         {
  371           *has_content = 0;
  372           err = ksba_reader_unread (reader, ti.buf, ti.nhdr);
  373           if (err)
  374             return err;
  375         }
  376     }
  377   *r_len = content_len;
  378   *r_ndef = content_ndef;
  379   *r_cont_oid = cont_oid;
  380   *r_algo_oid = algo_oid;
  381   *r_algo_parm = algo_parm;
  382   *r_algo_parmlen = algo_parmlen;
  383   *r_algo_parmtype = algo_parmtype;
  384   return 0;
  385 }
  386 
  387 
  388 
  389 /* Parse this structure and return the oid of the content.  The read
  390    position is then located at the value of content.
  391 
  392    ContentInfo ::= SEQUENCE {
  393       contentType ContentType,
  394       content [0] EXPLICIT ANY DEFINED BY contentType
  395    }
  396    ContentType ::= OBJECT IDENTIFIER
  397 
  398    Returns: 0 on success or an error code.  On success the OID and the
  399    length values are stored in the cms structure.
  400 */
  401 gpg_error_t
  402 _ksba_cms_parse_content_info (ksba_cms_t cms)
  403 {
  404   gpg_error_t err;
  405   int has_content;
  406   int content_ndef;
  407   unsigned long content_len;
  408   char *oid;
  409 
  410   err = parse_content_info (cms->reader, &content_len, &content_ndef,
  411                             &oid, &has_content);
  412   if (err)
  413     { /* return a more meaningful error message.  This way the caller
  414          can pass arbitrary data to the function and get back an error
  415          that this is not CMS instead of the the not very detailed BER
  416          Error. */
  417       if (gpg_err_code (err) == GPG_ERR_BAD_BER
  418           || gpg_err_code (err) == GPG_ERR_INV_CMS_OBJ
  419           || gpg_err_code (err) == GPG_ERR_TOO_SHORT)
  420         err = gpg_error (GPG_ERR_NO_CMS_OBJ);
  421       return err;
  422     }
  423   if (!has_content)
  424     return gpg_error (GPG_ERR_NO_CMS_OBJ); /* It is not optional here */
  425   cms->content.length = content_len;
  426   cms->content.ndef = content_ndef;
  427   xfree (cms->content.oid);
  428   cms->content.oid = oid;
  429   return 0;
  430 }
  431 
  432 
  433 
  434 /* parse a SEQUENCE and the first element which is expected to be the
  435    CMS version.  Return the version and the length info */
  436 static gpg_error_t
  437 parse_cms_version (ksba_reader_t reader, int *r_version,
  438                    unsigned long *r_len, int *r_ndef)
  439 {
  440   struct tag_info ti;
  441   gpg_error_t err;
  442   unsigned long data_len;
  443   int data_ndef;
  444   int c;
  445 
  446   /* read the sequence triplet */
  447   err = _ksba_ber_read_tl (reader, &ti);
  448   if (err)
  449     return err;
  450   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
  451          && ti.is_constructed) )
  452     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  453   data_len = ti.length;
  454   data_ndef = ti.ndef;
  455   if (!data_ndef && data_len < 3)
  456     return gpg_error (GPG_ERR_TOO_SHORT); /*to encode the version*/
  457 
  458   /* read the version integer */
  459   err = _ksba_ber_read_tl (reader, &ti);
  460   if (err)
  461     return err;
  462   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_INTEGER
  463          && !ti.is_constructed && ti.length) )
  464     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  465   if (!data_ndef)
  466     {
  467       if (data_len < ti.nhdr)
  468         return gpg_error (GPG_ERR_BAD_BER); /* triplet header larger that sequence */
  469       data_len -= ti.nhdr;
  470       if (data_len < ti.length)
  471         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  472       data_len -= ti.length;
  473     }
  474   if (ti.length != 1)
  475     return gpg_error (GPG_ERR_UNSUPPORTED_CMS_VERSION);
  476   if ( (c=read_byte (reader)) == -1)
  477     {
  478       err = ksba_reader_error (reader);
  479       return err? err : gpg_error (GPG_ERR_GENERAL);
  480     }
  481   if ( !(c == 0 || c == 1 || c == 2 || c == 3 || c == 4) )
  482     return gpg_error (GPG_ERR_UNSUPPORTED_CMS_VERSION);
  483   *r_version = c;
  484   *r_len = data_len;
  485   *r_ndef = data_ndef;
  486   return 0;
  487 }
  488 
  489 
  490 
  491 
  492 /* Parse a structure:
  493 
  494    SignedData ::= SEQUENCE {
  495      version INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4) }),
  496      digestAlgorithms SET OF AlgorithmIdentifier,
  497      encapContentInfo EncapsulatedContentInfo,
  498      certificates [0] IMPLICIT CertificateSet OPTIONAL,
  499      crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
  500      signerInfos SignerInfos }
  501 
  502    AlgorithmIdentifier ::= SEQUENCE {
  503     algorithm    OBJECT IDENTIFIER,
  504     parameters   ANY DEFINED BY algorithm OPTIONAL
  505    }
  506 
  507 */
  508 gpg_error_t
  509 _ksba_cms_parse_signed_data_part_1 (ksba_cms_t cms)
  510 {
  511   struct tag_info ti;
  512   gpg_error_t err;
  513   int signed_data_ndef;
  514   unsigned long signed_data_len;
  515   int algo_set_ndef;
  516   unsigned long algo_set_len;
  517   int encap_cont_ndef;
  518   unsigned long encap_cont_len;
  519   int has_content;
  520   char *oid;
  521   char *p, *buffer;
  522   unsigned long off, len;
  523 
  524   err = parse_cms_version (cms->reader, &cms->cms_version,
  525                            &signed_data_len, &signed_data_ndef);
  526   if (err)
  527     return err;
  528 
  529   /* read the SET OF algorithmIdentifiers */
  530   err = _ksba_ber_read_tl (cms->reader, &ti);
  531   if (err)
  532     return err;
  533   if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SET
  534          && ti.is_constructed) )
  535     return gpg_error (GPG_ERR_INV_CMS_OBJ);  /* not the expected SET tag */
  536   if (!signed_data_ndef)
  537     {
  538       if (signed_data_len < ti.nhdr)
  539         return gpg_error (GPG_ERR_BAD_BER); /* triplet header larger that sequence */
  540       signed_data_len -= ti.nhdr;
  541       if (!ti.ndef && signed_data_len < ti.length)
  542         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  543       signed_data_len -= ti.length;
  544     }
  545   algo_set_len = ti.length;
  546   algo_set_ndef = ti.ndef;
  547 
  548   /* fixme: we are not able to read ndef length algorithm indentifiers. */
  549   if (algo_set_ndef)
  550     return gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
  551   /* read the entire sequence into a buffer (add one to avoid malloc(0)) */
  552   buffer = xtrymalloc (algo_set_len + 1);
  553   if (!buffer)
  554     return gpg_error (GPG_ERR_ENOMEM);
  555   if (read_buffer (cms->reader, buffer, algo_set_len))
  556     {
  557       xfree (buffer);
  558       err = ksba_reader_error (cms->reader);
  559       return err? err: gpg_error (GPG_ERR_GENERAL);
  560     }
  561   p = buffer;
  562   while (algo_set_len)
  563     {
  564       size_t nread;
  565       struct oidlist_s *ol;
  566 
  567       err = _ksba_parse_algorithm_identifier (p, algo_set_len, &nread, &oid);
  568       if (err)
  569         {
  570           xfree (buffer);
  571           return err;
  572         }
  573       assert (nread <= algo_set_len);
  574       algo_set_len -= nread;
  575       p += nread;
  576       /* store the oid */
  577       ol = xtrymalloc (sizeof *ol);
  578       if (!ol)
  579         {
  580           xfree (oid);
  581           return gpg_error (GPG_ERR_ENOMEM);
  582         }
  583       ol->oid = oid;
  584       ol->next = cms->digest_algos;
  585       cms->digest_algos = ol;
  586     }
  587   xfree (buffer); buffer = NULL;
  588 
  589   /* Now for the encapsulatedContentInfo */
  590   off = ksba_reader_tell (cms->reader);
  591   err = parse_content_info (cms->reader,
  592                             &encap_cont_len, &encap_cont_ndef,
  593                             &oid, &has_content);
  594   if (err)
  595     return err;
  596   cms->inner_cont_len = encap_cont_len;
  597   cms->inner_cont_ndef = encap_cont_ndef;
  598   cms->inner_cont_oid = oid;
  599   cms->detached_data = !has_content;
  600   if (!signed_data_ndef)
  601     {
  602       len = ksba_reader_tell (cms->reader) - off;
  603       if (signed_data_len < len)
  604         return gpg_error (GPG_ERR_BAD_BER); /* parsed content info larger that sequence */
  605       signed_data_len -= len;
  606       if (!encap_cont_ndef && signed_data_len < encap_cont_len)
  607         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
  608     }
  609 
  610   /* We have to stop here so that the caller can set up the hashing etc. */
  611   return 0;
  612 }
  613 
  614 /* Continue parsing of the structure we started to parse with the
  615    part_1 function.  We expect to be right at the certificates tag.  */
  616 gpg_error_t
  617 _ksba_cms_parse_signed_data_part_2 (ksba_cms_t cms)
  618 {
  619   struct tag_info ti;
  620   gpg_error_t err;
  621   struct signer_info_s *si, **si_tail;
  622 
  623   /* read the next triplet which is either a [0], a [1] or a SET OF
  624      (signerInfo) */
  625   err = _ksba_ber_read_tl (cms->reader, &ti);
  626   if (err)
  627     return err;
  628   if (ti.class == CLASS_UNIVERSAL && !ti.tag && !ti.is_constructed)
  629     {
  630       /* well, there might be still an end tag pending; eat it -
  631          fixme: we should keep track of this to catch invalid
  632          encodings */
  633       err = _ksba_ber_read_tl (cms->reader, &ti);
  634       if (err)
  635         return err;
  636     }
  637 
  638   if (ti.class == CLASS_CONTEXT && ti.tag == 0 && ti.is_constructed)
  639     {  /* Implicit SET OF certificateSet with elements of CHOICE, but
  640           we assume the first choice which is a Certificate; all other
  641           choices are obsolete.  We are now parsing a set of
  642           certificates which we do by utilizing the ksba_cert code. */
  643       ksba_cert_t cert;
  644       int expect_endtag;
  645 
  646       expect_endtag = !!ti.ndef;
  647 
  648       for (;;)
  649         {
  650           struct certlist_s *cl;
  651 
  652           /* First see whether this is really a sequence */
  653           err = _ksba_ber_read_tl (cms->reader, &ti);
  654           if (err)
  655             return err;
  656           if (expect_endtag && !ti.class && !ti.tag)
  657             {
  658               /* This is an end tag.  Read the next tag but don't fail
  659                  if this is just an EOF.  */
  660               err = _ksba_ber_read_tl (cms->reader, &ti);
  661               if (err)
  662                 {
  663                   if (gpg_err_code (err) == GPG_ERR_EOF)
  664                     err = 0;
  665                   return err;
  666                 }
  667               break;
  668             }
  669           if (!(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
  670                 && ti.is_constructed))
  671             break; /* not a sequence, so we are ready with the set */
  672 
  673           /* We must unread so that the standard parser sees the sequence */
  674           err = ksba_reader_unread (cms->reader, ti.buf, ti.nhdr);
  675           if (err)
  676             return err;
  677           /* Use the standard certificate parser */
  678           err = ksba_cert_new (&cert);
  679           if (err)
  680             return err;
  681           err = ksba_cert_read_der (cert, cms->reader);
  682           if (err)
  683             {
  684               ksba_cert_release (cert);
  685               return err;
  686             }
  687           cl = xtrycalloc (1, sizeof *cl);
  688           if (!cl)
  689             {
  690               ksba_cert_release (cert);
  691               return gpg_error (GPG_ERR_ENOMEM);
  692             }
  693           cl->cert = cert;
  694           cl->next = cms->cert_list;
  695           cms->cert_list = cl;
  696         }
  697     }
  698 
  699   if (ti.class == CLASS_CONTEXT && ti.tag == 1 && ti.is_constructed)
  700     {  /* implicit SET OF certificateList.  We should delegate the
  701           parsing to a - not yet existing - ksba_crl module.  CRLs are
  702           quite important for other applications too so we should
  703           provide a nice interface */
  704       int expect_endtag;
  705 
  706 
  707       expect_endtag = !!ti.ndef;
  708 
  709       /* FIXME this is just dummy read code */
  710        /* fprintf (stderr,"WARNING: Can't handle CRLs yet\n"); */
  711       for (;;)
  712         {
  713           /* first see whether this is really a sequence */
  714           err = _ksba_ber_read_tl (cms->reader, &ti);
  715           if (err)
  716             return err;
  717           if (expect_endtag && !ti.class && !ti.tag)
  718             {
  719               /* This is an end tag.  Read the next tag but don't fail
  720                  if this is just an EOF.  */
  721               err = _ksba_ber_read_tl (cms->reader, &ti);
  722               if (err)
  723                 {
  724                   if (gpg_err_code (err) == GPG_ERR_EOF)
  725                     err = 0;
  726                   return err;
  727                 }
  728               break;
  729             }
  730           if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
  731                  && ti.is_constructed))
  732             break; /* not a sequence, so we are ready with the set */
  733 
  734           while (ti.length)
  735             {
  736               size_t n, nread;
  737               char dummy[256];
  738 
  739               n = ti.length > DIM(dummy) ? DIM(dummy): ti.length;
  740               err = ksba_reader_read (cms->reader, dummy, n, &nread);
  741               if (err)
  742                 return err;
  743               ti.length -= nread;
  744             }
  745         }
  746     }
  747 
  748   /* expect a SET OF signerInfo */
  749   if ( !(ti.class == CLASS_UNIVERSAL
  750          && ti.tag == TYPE_SET && ti.is_constructed))
  751     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  752 
  753   si_tail = &cms->signer_info;
  754 
  755   while (ti.length)
  756     {
  757       size_t off1, off2;
  758 
  759       off1 = ksba_reader_tell (cms->reader);
  760       si = xtrycalloc (1, sizeof *si);
  761       if (!si)
  762         return gpg_error (GPG_ERR_ENOMEM);
  763 
  764       err = create_and_run_decoder (cms->reader,
  765                                     "CryptographicMessageSyntax.SignerInfo",
  766                                     0,
  767                                     &si->root, &si->image, &si->imagelen);
  768       /* The signerInfo might be an empty set in the case of a certs-only
  769          signature.  Thus we have to allow for EOF here */
  770       if (gpg_err_code (err) == GPG_ERR_EOF)
  771         {
  772       xfree (si);
  773           err = 0;
  774           break;
  775         }
  776       if (err)
  777     {
  778       xfree (si);
  779       return err;
  780     }
  781 
  782       *si_tail = si;
  783       si_tail = &si->next;
  784 
  785       off2 = ksba_reader_tell (cms->reader);
  786       if ( (off2 - off1) > ti.length )
  787         ti.length = 0;
  788       else
  789         ti.length -= off2 - off1;
  790     }
  791 
  792   return 0;
  793 }
  794 
  795 
  796 
  797 
  798 
  799 /* Parse the structure:
  800  *
  801  *   EnvelopedData ::= SEQUENCE {
  802  *     version INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4) }),
  803  *     originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
  804  *     recipientInfos RecipientInfos,
  805  *     encryptedContentInfo EncryptedContentInfo,
  806  *     unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
  807  *
  808  * or this one:
  809  *
  810  *   AuthEnvelopedData ::= SEQUENCE {
  811  *     version CMSVersion,
  812  *     originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
  813  *     recipientInfos RecipientInfos,
  814  *     authEncryptedContentInfo EncryptedContentInfo,
  815  *     authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,  -- not in above
  816  *     mac MessageAuthenticationCode,                   -- not in above
  817  *     unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL } -- different tag
  818  *
  819  * where
  820  *
  821  *   OriginatorInfo ::= SEQUENCE {
  822  *     certs [0] IMPLICIT CertificateSet OPTIONAL,
  823  *     crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
  824  *
  825  *   RecipientInfos ::= SET OF RecipientInfo
  826  *
  827  *   EncryptedContentInfo ::= SEQUENCE {
  828  *     contentType ContentType,
  829  *     contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
  830  *     encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
  831  *
  832  *   EncryptedContent ::= OCTET STRING
  833  *
  834  *   MessageAuthenticationCode ::= OCTET STRING
  835  *
  836  * We stop parsing so that the next read will be the first byte of the
  837  * encryptedContent or (if there is no content) the unprotectedAttrs
  838  * respective the authAttrs.
  839  */
  840 gpg_error_t
  841 _ksba_cms_parse_enveloped_data_part_1 (ksba_cms_t cms)
  842 {
  843   struct tag_info ti;
  844   gpg_error_t err;
  845   int env_data_ndef;
  846   unsigned long env_data_len;
  847   int encr_cont_ndef = 0;
  848   unsigned long encr_cont_len = 0;
  849   int has_content = 0;
  850   unsigned long off, len;
  851   char *cont_oid = NULL;
  852   char *algo_oid = NULL;
  853   char *algo_parm = NULL;
  854   size_t algo_parmlen = 0;
  855   int algo_parmtype = 0;
  856   struct value_tree_s *vt, **vtend;
  857 
  858   /* get the version */
  859   err = parse_cms_version (cms->reader, &cms->cms_version,
  860                            &env_data_len, &env_data_ndef);
  861   if (err)
  862     return err;
  863 
  864   /* read the next triplet which is either a [0] for originatorInfos
  865      or a SET_OF (recipientInfo) */
  866   err = _ksba_ber_read_tl (cms->reader, &ti);
  867   if (err)
  868     return err;
  869 
  870   if (ti.class == CLASS_CONTEXT && ti.tag == 0 && ti.is_constructed)
  871     { /* originatorInfo - but we skip it for now */
  872       /* well, raise an error */
  873       return gpg_error (GPG_ERR_UNSUPPORTED_CMS_OBJ);
  874     }
  875 
  876   /* Next one is the SET OF RecipientInfo:
  877    * RecipientInfo ::= CHOICE {
  878    *     ktri KeyTransRecipientInfo,
  879    *     kari [1] KeyAgreeRecipientInfo,
  880    *     kekri [2] KEKRecipientInfo,
  881    *     pwri [3] PasswordRecipientInfo
  882    * }  */
  883   if ( !(ti.class == CLASS_UNIVERSAL
  884          && ti.tag == TYPE_SET && ti.is_constructed))
  885     return gpg_error (GPG_ERR_INV_CMS_OBJ);
  886 
  887 
  888   vtend = &cms->recp_info;
  889   if (ti.ndef)
  890     {
  891       for (;;)
  892         {
  893           struct tag_info ti2;
  894 
  895           err = _ksba_ber_read_tl (cms->reader, &ti2);
  896           if (err)
  897             return err;
  898 
  899           if (!ti2.class && !ti2.tag)
  900             break; /* End tag found: ready.  */
  901 
  902           /* Not an end tag:  Push it back and run the decoder.  */
  903           err = ksba_reader_unread (cms->reader, ti2.buf, ti2.nhdr);
  904           if (err)
  905             return err;
  906 
  907           vt = xtrycalloc (1, sizeof *vt);
  908           if (!vt)
  909             return gpg_error_from_syserror ();
  910 
  911           err = create_and_run_decoder
  912             (cms->reader,
  913              "CryptographicMessageSyntax.RecipientInfo",
  914              BER_DECODER_FLAG_FAST_STOP,
  915              &vt->root, &vt->image, &vt->imagelen);
  916           if (err)
  917             {
  918               xfree (vt);
  919               return err;
  920             }
  921 
  922           *vtend = vt;
  923           vtend = &vt->next;
  924         }
  925     }
  926   else
  927     {
  928       while (ti.length)
  929         {
  930           size_t off1, off2;
  931 
  932           off1 = ksba_reader_tell (cms->reader);
  933           vt = xtrycalloc (1, sizeof *vt);
  934           if (!vt)
  935             return gpg_error_from_syserror ();
  936 
  937           err = create_and_run_decoder
  938             (cms->reader,
  939              "CryptographicMessageSyntax.RecipientInfo",
  940              BER_DECODER_FLAG_FAST_STOP,
  941              &vt->root, &vt->image, &vt->imagelen);
  942           if (err)
  943             {
  944               xfree (vt);
  945               return err;
  946             }
  947 
  948           *vtend = vt;
  949           vtend = &vt->next;
  950 
  951           off2 = ksba_reader_tell (cms->reader);
  952           if ( (off2 - off1) > ti.length )
  953             ti.length = 0;
  954           else
  955             ti.length -= off2 - off1;
  956         }
  957     }
  958 
  959   /* Now for the encryptedContentInfo */
  960   off = ksba_reader_tell (cms->reader);
  961   err = parse_encrypted_content_info (cms->reader,
  962                                       &encr_cont_len, &encr_cont_ndef,
  963                                       &cont_oid,
  964                                       &algo_oid,
  965                                       &algo_parm, &algo_parmlen, &algo_parmtype,
  966                                       &has_content);
  967   if (err)
  968     return err;
  969 
  970   /* If this is AES with GCM the parameter should be
  971    *
  972    *   GCMParameters ::= SEQUENCE {
  973    *     aes-nonce        OCTET STRING, -- recommended size is 12 octets
  974    *     aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 }
  975    *
  976    * Under the assumption that the IV is at max 16 bytes (i.e. the
  977    * blocksize of AES) and the default ICVlen is used, we modify the
  978    * parameter to have just the nonce without any encoding.  */
  979   if (algo_parmlen > 4 && algo_parm[0] == 0x30 /* Sequence.  */
  980       && algo_oid
  981       && (!strcmp (algo_oid, "2.16.840.1.101.3.4.1.46")     /*AES256.GCM*/
  982           || !strcmp (algo_oid, "2.16.840.1.101.3.4.1.26")  /*AES192.GCM*/
  983           || !strcmp (algo_oid, "2.16.840.1.101.3.4.1.6"))) /*AES128.GCM*/
  984     {
  985       if (algo_parmlen == algo_parm[1] + 2
  986           && algo_parm[1] == algo_parm[3] + 2
  987           && algo_parm[2] == 0x04
  988           && algo_parm[3] && algo_parm[3] <= 16)
  989         {
  990           algo_parmlen = algo_parm[3];
  991           memmove (algo_parm, algo_parm+4, algo_parmlen);
  992         }
  993     }
  994 
  995   cms->inner_cont_len = encr_cont_len;
  996   cms->inner_cont_ndef = encr_cont_ndef;
  997   cms->inner_cont_oid = cont_oid;
  998   cms->detached_data = !has_content;
  999   cms->encr_algo_oid = algo_oid;
 1000   cms->encr_iv = algo_parm; algo_parm = NULL;
 1001   cms->encr_ivlen = algo_parmlen;
 1002   if (!env_data_ndef)
 1003     {
 1004       len = ksba_reader_tell (cms->reader) - off;
 1005       if (env_data_len < len)
 1006         return gpg_error (GPG_ERR_BAD_BER); /* parsed content info larger that sequence */
 1007       env_data_len -= len;
 1008       if (!encr_cont_ndef && env_data_len < encr_cont_len)
 1009         return gpg_error (GPG_ERR_BAD_BER); /* triplet larger that sequence */
 1010     }
 1011 
 1012   return 0;
 1013 }
 1014 
 1015 
 1016 /* Handle the unprotected attributes and more important
 1017  *
 1018  *     authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
 1019  *     mac MessageAuthenticationCode,
 1020  *     unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL
 1021  *
 1022  * if case of cms->content.ct == KSBA_CT_AUTHENVELOPED_DATA
 1023  */
 1024 gpg_error_t
 1025 _ksba_cms_parse_enveloped_data_part_2 (ksba_cms_t cms)
 1026 {
 1027   gpg_error_t err;
 1028   struct tag_info ti;
 1029 
 1030   if (cms->content.ct != KSBA_CT_AUTHENVELOPED_DATA)
 1031     return 0; /* We don't yet support unprotectedAttrs.  */
 1032 
 1033   /* Shall we use ksba_cms_get_message_digest to return the mac?  To
 1034    * return the authAttrs we need a new function: A generic get_attr
 1035    * function which can be used for all kind of attributes would be
 1036    * best.  */
 1037 
 1038   /* Read authAttr if availabale.  */
 1039   err = _ksba_ber_read_tl (cms->reader, &ti);
 1040   if (err)
 1041     return err;
 1042   /* Skip an end tag.  */
 1043   if (!ti.class && !ti.tag && (err = _ksba_ber_read_tl (cms->reader, &ti)))
 1044     return err;
 1045 
 1046   if ((ti.class == CLASS_CONTEXT && ti.tag == 1 && ti.is_constructed))
 1047     {
 1048       /* Okay, we got an authAttr.  We need to do something with it.
 1049        * However, without sample data it does not make sense to handle
 1050        * it.  Further it is currently useless because in gpgsm we need
 1051        * to get access to authAttrs before we decrypt the content.
 1052        * This will require the use of temp files in gpgsm and thus a
 1053        * larger rework.*/
 1054       return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 1055 
 1056       /* err = _ksba_ber_read_tl (cms->reader, &ti); */
 1057       /* if (err) */
 1058       /*   return err; */
 1059       /* /\* Skip an end tag.  *\/ */
 1060       /* if (!ti.class && !ti.tag && (err = _ksba_ber_read_tl (cms->reader, &ti))) */
 1061       /*   return err; */
 1062     }
 1063 
 1064 
 1065   /* Next comes the mandatory mac.  We store it in the CMS. */
 1066   if (!(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_OCTET_STRING
 1067         && !ti.is_constructed) || !ti.length)
 1068     {
 1069       return gpg_error (GPG_ERR_INV_CMS_OBJ);
 1070     }
 1071   xfree (cms->authdata.mac);
 1072   cms->authdata.mac_len = ti.length;
 1073   cms->authdata.mac = xtrymalloc (ti.length);
 1074   if (!cms->authdata.mac)
 1075     return gpg_error_from_syserror ();
 1076 
 1077   err = read_buffer (cms->reader, cms->authdata.mac, ti.length);
 1078   if (err)
 1079     return err;
 1080 
 1081   /* No support for unauthAttr.  */
 1082 
 1083   return 0;
 1084 }