2016-04-24 09:22:02 +00:00
|
|
|
"""Decoders for GPG v2 data structures."""
|
2016-04-17 19:18:31 +00:00
|
|
|
import hashlib
|
|
|
|
|
import io
|
|
|
|
|
import logging
|
|
|
|
|
import struct
|
2016-04-24 10:04:53 +00:00
|
|
|
import subprocess
|
2016-04-17 19:18:31 +00:00
|
|
|
|
|
|
|
|
import ecdsa
|
2016-04-22 18:43:54 +00:00
|
|
|
import ed25519
|
|
|
|
|
|
2016-04-24 10:04:53 +00:00
|
|
|
from .. import util
|
2016-04-17 19:18:31 +00:00
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def parse_subpackets(s):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-5.2.3.1 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
subpackets = []
|
|
|
|
|
total_size = s.readfmt('>H')
|
|
|
|
|
data = s.read(total_size)
|
2016-04-24 10:04:53 +00:00
|
|
|
s = util.Reader(io.BytesIO(data))
|
2016-04-17 19:18:31 +00:00
|
|
|
|
|
|
|
|
while True:
|
|
|
|
|
try:
|
|
|
|
|
subpacket_len = s.readfmt('B')
|
|
|
|
|
except EOFError:
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
subpackets.append(s.read(subpacket_len))
|
|
|
|
|
|
|
|
|
|
return subpackets
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def parse_mpi(s):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-3.2 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
bits = s.readfmt('>H')
|
|
|
|
|
blob = bytearray(s.read(int((bits + 7) // 8)))
|
|
|
|
|
return sum(v << (8 * i) for i, v in enumerate(reversed(blob)))
|
|
|
|
|
|
|
|
|
|
|
2016-04-24 07:33:29 +00:00
|
|
|
def _parse_nist256p1_verifier(mpi):
|
2016-04-24 10:04:53 +00:00
|
|
|
prefix, x, y = util.split_bits(mpi, 4, 256, 256)
|
2016-04-24 07:33:29 +00:00
|
|
|
assert prefix == 4
|
|
|
|
|
point = ecdsa.ellipticcurve.Point(curve=ecdsa.NIST256p.curve,
|
|
|
|
|
x=x, y=y)
|
|
|
|
|
vk = ecdsa.VerifyingKey.from_public_point(
|
|
|
|
|
point=point, curve=ecdsa.curves.NIST256p,
|
|
|
|
|
hashfunc=hashlib.sha256)
|
|
|
|
|
|
|
|
|
|
def _nist256p1_verify(signature, digest):
|
2016-04-26 09:57:27 +00:00
|
|
|
result = vk.verify_digest(signature=signature,
|
|
|
|
|
digest=digest,
|
|
|
|
|
sigdecode=lambda rs, order: rs)
|
|
|
|
|
log.debug('nist256p1 ECDSA signature is OK (%s)', result)
|
2016-04-24 07:33:29 +00:00
|
|
|
return _nist256p1_verify
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _parse_ed25519_verifier(mpi):
|
2016-04-24 10:04:53 +00:00
|
|
|
prefix, value = util.split_bits(mpi, 8, 256)
|
2016-04-24 07:33:29 +00:00
|
|
|
assert prefix == 0x40
|
2016-04-24 10:04:53 +00:00
|
|
|
vk = ed25519.VerifyingKey(util.num2bytes(value, size=32))
|
2016-04-24 07:33:29 +00:00
|
|
|
|
|
|
|
|
def _ed25519_verify(signature, digest):
|
2016-04-24 10:04:53 +00:00
|
|
|
sig = b''.join(util.num2bytes(val, size=32)
|
2016-04-24 07:33:29 +00:00
|
|
|
for val in signature)
|
2016-04-26 09:57:27 +00:00
|
|
|
result = vk.verify(sig, digest)
|
|
|
|
|
log.debug('ed25519 ECDSA signature is OK (%s)', result)
|
2016-04-24 07:33:29 +00:00
|
|
|
return _ed25519_verify
|
|
|
|
|
|
|
|
|
|
|
2016-04-22 18:43:54 +00:00
|
|
|
SUPPORTED_CURVES = {
|
2016-04-24 07:33:29 +00:00
|
|
|
b'\x2A\x86\x48\xCE\x3D\x03\x01\x07': _parse_nist256p1_verifier,
|
|
|
|
|
b'\x2B\x06\x01\x04\x01\xDA\x47\x0F\x01': _parse_ed25519_verifier,
|
2016-04-22 18:43:54 +00:00
|
|
|
}
|
2016-04-17 19:18:31 +00:00
|
|
|
|
2016-04-22 20:37:04 +00:00
|
|
|
|
2016-04-17 19:18:31 +00:00
|
|
|
class Parser(object):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""Parse GPG packets from a given stream."""
|
|
|
|
|
|
2016-04-26 09:34:50 +00:00
|
|
|
def __init__(self, stream):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""Create an empty parser."""
|
2016-04-17 19:18:31 +00:00
|
|
|
self.stream = stream
|
|
|
|
|
self.packet_types = {
|
|
|
|
|
2: self.signature,
|
|
|
|
|
6: self.pubkey,
|
|
|
|
|
11: self.literal,
|
|
|
|
|
13: self.user_id,
|
2016-04-26 09:53:51 +00:00
|
|
|
14: self.subkey,
|
2016-04-17 19:18:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
def __iter__(self):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""Support iterative parsing of available GPG packets."""
|
2016-04-17 19:18:31 +00:00
|
|
|
return self
|
|
|
|
|
|
|
|
|
|
def literal(self, stream):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-5.9 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
p = {'type': 'literal'}
|
|
|
|
|
p['format'] = stream.readfmt('c')
|
|
|
|
|
filename_len = stream.readfmt('B')
|
|
|
|
|
p['filename'] = stream.read(filename_len)
|
|
|
|
|
p['date'] = stream.readfmt('>L')
|
2016-04-26 09:34:50 +00:00
|
|
|
p['content'] = stream.read()
|
|
|
|
|
p['_to_hash'] = p['content']
|
2016-04-17 19:18:31 +00:00
|
|
|
return p
|
|
|
|
|
|
2016-04-26 12:30:18 +00:00
|
|
|
def _embedded_signatures(self, subpackets):
|
|
|
|
|
for packet in subpackets:
|
|
|
|
|
data = bytearray(packet)
|
|
|
|
|
if data[0] == 32:
|
|
|
|
|
# https://tools.ietf.org/html/rfc4880#section-5.2.3.26
|
|
|
|
|
stream = io.BytesIO(data[1:])
|
|
|
|
|
yield self.signature(util.Reader(stream))
|
|
|
|
|
|
|
|
|
|
|
2016-04-17 19:18:31 +00:00
|
|
|
def signature(self, stream):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-5.2 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
p = {'type': 'signature'}
|
|
|
|
|
|
|
|
|
|
to_hash = io.BytesIO()
|
|
|
|
|
with stream.capture(to_hash):
|
|
|
|
|
p['version'] = stream.readfmt('B')
|
|
|
|
|
p['sig_type'] = stream.readfmt('B')
|
|
|
|
|
p['pubkey_alg'] = stream.readfmt('B')
|
|
|
|
|
p['hash_alg'] = stream.readfmt('B')
|
|
|
|
|
p['hashed_subpackets'] = parse_subpackets(stream)
|
|
|
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc4880#section-5.2.4
|
2016-04-26 09:34:50 +00:00
|
|
|
tail_to_hash = b'\x04\xff' + struct.pack('>L', to_hash.tell())
|
|
|
|
|
|
|
|
|
|
p['_to_hash'] = to_hash.getvalue() + tail_to_hash
|
2016-04-17 19:18:31 +00:00
|
|
|
|
|
|
|
|
p['unhashed_subpackets'] = parse_subpackets(stream)
|
2016-04-26 12:30:18 +00:00
|
|
|
embedded = list(self._embedded_signatures(p['unhashed_subpackets']))
|
|
|
|
|
if embedded:
|
|
|
|
|
p['embedded'] = embedded
|
|
|
|
|
|
2016-04-17 19:18:31 +00:00
|
|
|
p['hash_prefix'] = stream.readfmt('2s')
|
|
|
|
|
p['sig'] = (parse_mpi(stream), parse_mpi(stream))
|
|
|
|
|
assert not stream.read()
|
|
|
|
|
|
|
|
|
|
return p
|
|
|
|
|
|
|
|
|
|
def pubkey(self, stream):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-5.5 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
p = {'type': 'pubkey'}
|
|
|
|
|
packet = io.BytesIO()
|
|
|
|
|
with stream.capture(packet):
|
|
|
|
|
p['version'] = stream.readfmt('B')
|
|
|
|
|
p['created'] = stream.readfmt('>L')
|
|
|
|
|
p['algo'] = stream.readfmt('B')
|
|
|
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc6637#section-11
|
|
|
|
|
oid_size = stream.readfmt('B')
|
|
|
|
|
oid = stream.read(oid_size)
|
2016-04-22 18:43:54 +00:00
|
|
|
assert oid in SUPPORTED_CURVES
|
2016-04-24 07:33:29 +00:00
|
|
|
parser = SUPPORTED_CURVES[oid]
|
2016-04-17 19:18:31 +00:00
|
|
|
|
|
|
|
|
mpi = parse_mpi(stream)
|
2016-04-22 18:43:54 +00:00
|
|
|
log.debug('mpi: %x (%d bits)', mpi, mpi.bit_length())
|
2016-04-24 07:33:29 +00:00
|
|
|
p['verifier'] = parser(mpi)
|
2016-04-17 19:18:31 +00:00
|
|
|
assert not stream.read()
|
|
|
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc4880#section-12.2
|
|
|
|
|
packet_data = packet.getvalue()
|
|
|
|
|
data_to_hash = (b'\x99' + struct.pack('>H', len(packet_data)) +
|
|
|
|
|
packet_data)
|
|
|
|
|
p['key_id'] = hashlib.sha1(data_to_hash).digest()[-8:]
|
2016-04-26 09:34:50 +00:00
|
|
|
p['_to_hash'] = data_to_hash
|
2016-04-24 10:04:53 +00:00
|
|
|
log.debug('key ID: %s', util.hexlify(p['key_id']))
|
2016-04-26 09:53:51 +00:00
|
|
|
return p
|
|
|
|
|
|
|
|
|
|
def subkey(self, stream):
|
|
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-5.5 for details."""
|
|
|
|
|
p = {'type': 'subkey'}
|
|
|
|
|
packet = io.BytesIO()
|
|
|
|
|
with stream.capture(packet):
|
|
|
|
|
p['version'] = stream.readfmt('B')
|
|
|
|
|
p['created'] = stream.readfmt('>L')
|
|
|
|
|
p['algo'] = stream.readfmt('B')
|
|
|
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc6637#section-11
|
|
|
|
|
oid_size = stream.readfmt('B')
|
|
|
|
|
oid = stream.read(oid_size)
|
|
|
|
|
assert oid in SUPPORTED_CURVES
|
|
|
|
|
parser = SUPPORTED_CURVES[oid]
|
2016-04-17 19:18:31 +00:00
|
|
|
|
2016-04-26 09:53:51 +00:00
|
|
|
mpi = parse_mpi(stream)
|
|
|
|
|
log.debug('mpi: %x (%d bits)', mpi, mpi.bit_length())
|
|
|
|
|
p['verifier'] = parser(mpi)
|
2016-04-26 12:30:18 +00:00
|
|
|
leftover = stream.read() # TBD: what is this?
|
|
|
|
|
if leftover:
|
|
|
|
|
log.warning('unexpected subkey leftover: %r', leftover)
|
2016-04-26 09:53:51 +00:00
|
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc4880#section-12.2
|
|
|
|
|
packet_data = packet.getvalue()
|
|
|
|
|
data_to_hash = (b'\x99' + struct.pack('>H', len(packet_data)) +
|
|
|
|
|
packet_data)
|
|
|
|
|
p['key_id'] = hashlib.sha1(data_to_hash).digest()[-8:]
|
|
|
|
|
p['_to_hash'] = data_to_hash
|
|
|
|
|
log.debug('key ID: %s', util.hexlify(p['key_id']))
|
2016-04-17 19:18:31 +00:00
|
|
|
return p
|
|
|
|
|
|
|
|
|
|
def user_id(self, stream):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-5.11 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
value = stream.read()
|
2016-04-26 09:34:50 +00:00
|
|
|
to_hash = b'\xb4' + util.prefix_len('>L', value)
|
|
|
|
|
return {'type': 'user_id', 'value': value, '_to_hash': to_hash}
|
2016-04-17 19:18:31 +00:00
|
|
|
|
|
|
|
|
def __next__(self):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""See https://tools.ietf.org/html/rfc4880#section-4.2 for details."""
|
2016-04-17 19:18:31 +00:00
|
|
|
try:
|
|
|
|
|
value = self.stream.readfmt('B')
|
|
|
|
|
except EOFError:
|
|
|
|
|
raise StopIteration
|
|
|
|
|
|
|
|
|
|
log.debug('prefix byte: %02x', value)
|
2016-04-24 10:04:53 +00:00
|
|
|
assert util.bit(value, 7) == 1
|
|
|
|
|
assert util.bit(value, 6) == 0 # new format not supported yet
|
2016-04-17 19:18:31 +00:00
|
|
|
|
2016-04-24 10:04:53 +00:00
|
|
|
tag = util.low_bits(value, 6)
|
|
|
|
|
length_type = util.low_bits(tag, 2)
|
2016-04-17 19:18:31 +00:00
|
|
|
tag = tag >> 2
|
2016-04-24 10:04:53 +00:00
|
|
|
fmt = {0: '>B', 1: '>H', 2: '>L'}[length_type]
|
2016-04-17 19:18:31 +00:00
|
|
|
log.debug('length_type: %s', fmt)
|
|
|
|
|
packet_size = self.stream.readfmt(fmt)
|
|
|
|
|
log.debug('packet length: %d', packet_size)
|
|
|
|
|
packet_data = self.stream.read(packet_size)
|
|
|
|
|
packet_type = self.packet_types.get(tag)
|
|
|
|
|
if packet_type:
|
2016-04-24 10:04:53 +00:00
|
|
|
p = packet_type(util.Reader(io.BytesIO(packet_data)))
|
2016-04-17 19:18:31 +00:00
|
|
|
else:
|
2016-04-25 15:19:08 +00:00
|
|
|
raise ValueError('Unknown packet type: {}'.format(tag))
|
2016-04-17 19:18:31 +00:00
|
|
|
p['tag'] = tag
|
|
|
|
|
log.debug('packet "%s": %s', p['type'], p)
|
|
|
|
|
return p
|
|
|
|
|
|
|
|
|
|
next = __next__
|
|
|
|
|
|
|
|
|
|
|
2016-04-26 09:34:50 +00:00
|
|
|
def digest_packets(packets):
|
|
|
|
|
data_to_hash = io.BytesIO()
|
|
|
|
|
for p in packets:
|
|
|
|
|
data_to_hash.write(p['_to_hash'])
|
|
|
|
|
return hashlib.sha256(data_to_hash.getvalue()).digest()
|
|
|
|
|
|
|
|
|
|
|
2016-04-17 20:03:41 +00:00
|
|
|
def load_public_key(stream):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""Parse and validate GPG public key from an input stream."""
|
2016-04-24 10:04:53 +00:00
|
|
|
parser = Parser(util.Reader(stream))
|
2016-04-17 19:18:31 +00:00
|
|
|
pubkey, userid, signature = list(parser)
|
2016-04-26 09:34:50 +00:00
|
|
|
digest = digest_packets([pubkey, userid, signature])
|
|
|
|
|
assert signature['hash_prefix'] == digest[:2]
|
2016-04-18 18:55:23 +00:00
|
|
|
log.debug('loaded public key "%s"', userid['value'])
|
2016-04-26 09:34:50 +00:00
|
|
|
verify_digest(pubkey=pubkey, digest=digest,
|
2016-04-17 20:03:41 +00:00
|
|
|
signature=signature['sig'], label='GPG public key')
|
2016-04-17 19:18:31 +00:00
|
|
|
return pubkey
|
|
|
|
|
|
2016-04-26 09:53:51 +00:00
|
|
|
|
2016-04-26 09:34:50 +00:00
|
|
|
def load_signature(stream, original_data):
|
|
|
|
|
parser = Parser(util.Reader(stream))
|
|
|
|
|
signature, = parser
|
|
|
|
|
digest = digest_packets([{'_to_hash': original_data}, signature])
|
|
|
|
|
assert signature['hash_prefix'] == digest[:2]
|
|
|
|
|
return signature, digest
|
|
|
|
|
|
2016-04-17 19:18:31 +00:00
|
|
|
|
2016-04-24 10:04:53 +00:00
|
|
|
def load_from_gpg(user_id):
|
|
|
|
|
"""Load existing GPG public key for `user_id` from local keyring."""
|
|
|
|
|
pubkey_bytes = subprocess.check_output(['gpg2', '--export', user_id])
|
|
|
|
|
if pubkey_bytes:
|
|
|
|
|
return load_public_key(io.BytesIO(pubkey_bytes))
|
|
|
|
|
else:
|
|
|
|
|
log.error('could not find public key %r in local GPG keyring', user_id)
|
|
|
|
|
raise KeyError(user_id)
|
|
|
|
|
|
|
|
|
|
|
2016-04-17 19:18:31 +00:00
|
|
|
def verify_digest(pubkey, digest, signature, label):
|
2016-04-24 09:22:02 +00:00
|
|
|
"""Verify a digest signature from a specified public key."""
|
2016-04-22 18:43:54 +00:00
|
|
|
verifier = pubkey['verifier']
|
2016-04-17 19:18:31 +00:00
|
|
|
try:
|
2016-04-22 18:43:54 +00:00
|
|
|
verifier(signature, digest)
|
2016-04-18 18:55:23 +00:00
|
|
|
log.debug('%s is OK', label)
|
2016-04-17 19:18:31 +00:00
|
|
|
except ecdsa.keys.BadSignatureError:
|
2016-04-17 20:03:41 +00:00
|
|
|
log.error('Bad %s!', label)
|
2016-04-17 19:18:31 +00:00
|
|
|
raise
|
