PhotoRec: partial support for GPG/OpenPGP file recovery

1 files changed, 216 insertions, 0 deletions

diff --git a/src/file_gpg.c b/src/file_gpg.c
new file mode 100644
index 0000000..213daed
--- /dev/null
+++ b/src/file_gpg.c
@@ -0,0 +1,216 @@
+/*
+
+    File: file_gpg.c
+
+    Copyright (C) 2008 Christophe GRENIER <grenier@cgsecurity.org>
+  
+    This software is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+  
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+  
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write the Free Software Foundation, Inc., 51
+    Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "common.h"
+#include "filegen.h"
+#include "log.h"
+
+static void register_header_check_gpg(file_stat_t *file_stat);
+static int header_check_gpg(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+static int data_check_gpg(const unsigned char *buffer, const unsigned int buffer_size, file_recovery_t *file_recovery);
+static unsigned int openpgp_packet_tag(const unsigned char *buf);
+static unsigned int openpgp_length_type(const unsigned char *buf, unsigned int *length_type);
+
+const file_hint_t file_hint_gpg= {
+  .extension="gpg",
+  .description="OpenPGP (Partial support)",
+  .min_header_distance=0,
+  .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+  .recover=1,
+  .enable_by_default=1,
+  .register_header_check=&register_header_check_gpg
+};
+
+static const unsigned char gpg_header_pkey_enc[1]= {0x85};
+static const unsigned char gpg_header_seckey[1]= {0x95};
+#if 0
+static const unsigned char gpg_header_pkey[1]= {0x99};
+#endif
+
+static void register_header_check_gpg(file_stat_t *file_stat)
+{
+  register_header_check(0, gpg_header_seckey, sizeof(gpg_header_seckey), &header_check_gpg, file_stat);
+  register_header_check(0, gpg_header_pkey_enc, sizeof(gpg_header_pkey_enc), &header_check_gpg, file_stat);
+#if 0
+  register_header_check(0, gpg_header_pkey, sizeof(gpg_header_pkey), &header_check_gpg, file_stat);
+#endif
+}
+
+
+static unsigned int openpgp_packet_tag(const unsigned char *buf)
+{
+  /* Bit 7 -- Always one */
+  if((buf[0]&0x80)==0)
+    return 0;	/* Invalid */
+  return ((buf[0]&0x40)==0?((buf[0]>>2)&0x0f):(buf[0]&0x3f));
+}
+
+static unsigned int openpgp_length_type(const unsigned char *buf, unsigned int *length_type)
+{
+  /* Bit 7 -- Always one */
+  if((buf[0]&0x80)==0)
+  {
+    /* Invalid */
+    *length_type=0;
+    return 0;
+  }
+  log_debug("%02x %02x %02x %02x %02x %02x", buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
+  if((buf[0]&0x40)==0)
+  {
+    /* Old format */
+    log_debug(" old_format\n");
+    switch(buf[0]&0x3)
+    {
+      case 0:
+	*length_type=2;
+	return buf[1];
+      case 1:
+	*length_type=3;
+	return (buf[1] << 8) + buf[2];
+      case 2:
+	*length_type=5;
+	return (buf[1] << 24) +(buf[2] << 16) +  (buf[3] << 8) + buf[4];
+      default:
+	*length_type=1;
+	return 0;
+    }
+  }
+  log_debug(" new_format\n");
+  /* One-Octet Lengths */
+  if(buf[1]<=191)
+  {
+    *length_type=1;
+    return buf[1];
+  }
+  /* Two-Octet Lengths */
+  if(buf[1]<=223)
+  {
+    *length_type=2;
+    return ((buf[1] - 192) << 8) + buf[2] + 192;
+  }
+  /* Five-Octet Lengths */
+  if(buf[1]==255)
+  {
+    *length_type=5;
+    return (buf[2] << 24) | (buf[3] << 16) | (buf[4] << 8)  | buf[5];
+  }
+  /* Partial Body Lengths */
+  *length_type=1;
+  return 1 << (buf[1]& 0x1F);
+}
+
+static int header_check_gpg(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+  unsigned int potential_frame_offset=0;
+  unsigned int packet_tag[5];
+  unsigned int length_type[5];
+  unsigned int length[5];
+  unsigned int nbr=0;
+  unsigned int i;
+  int start_recovery=0;
+  memset(packet_tag, 0, sizeof(packet_tag));
+  memset(length_type, 0, sizeof(length_type));
+  memset(length, 0, sizeof(length));
+  while(nbr<5 && potential_frame_offset+5< buffer_size)
+  {
+    packet_tag[nbr]=openpgp_packet_tag(&buffer[potential_frame_offset]);
+    if(packet_tag[nbr]==0)	/* Reserved */
+      break;
+    length[nbr]=openpgp_length_type(&buffer[potential_frame_offset], &length_type[nbr]);
+    if(length_type[nbr]==0)
+      break;	/* Don't know how to find the size */
+    potential_frame_offset+=length_type[nbr];
+    potential_frame_offset+=length[nbr];
+    nbr++;
+  }
+  if(nbr<2)
+    return 0;
+  for(i=0;i<nbr;i++)
+  {
+    log_debug("%02u gpg tag %u, size=%u (0x%x - %u)\n",
+	i, packet_tag[i], length[i], length[i], length_type[i]);
+  }
+  /* Public-Key Encrypted Session Key Packet v3 */
+  if(buffer[0]==0x85 && buffer[3]==0x03)
+  {
+    for(i=1;i<nbr;i++)
+    {
+      /* Sym. Encrypted and Integrity Protected Data Packet */
+      if(packet_tag[i]==18)
+      {
+	start_recovery=1;
+	break;
+      }
+      /* Public-Key Encrypted Session Key Packet */
+      else if(packet_tag[i]!=1)
+	return 0;
+    }
+  }
+  /* Secret-Key Packet v4 followed by User ID Packet */
+  if(buffer[0]==0x95 && buffer[3]==0x04 && packet_tag[1]==13)
+    start_recovery=1;
+  /* Public-Key Packet + User ID Packet */
+#if 0
+  if(buffer[0]==0x99 && packet_tag[1]==13)
+    start_recovery=1;
+#endif
+  if(start_recovery==0)
+    return 0;
+  reset_file_recovery(file_recovery_new);
+  file_recovery_new->calculated_file_size=0;
+  file_recovery_new->min_filesize=0;
+  file_recovery_new->data_check=&data_check_gpg;
+  file_recovery_new->extension=file_hint_gpg.extension;
+  //file_recovery_new->file_check=&file_check_size;
+  return 1;
+}
+
+static int data_check_gpg(const unsigned char *buffer, const unsigned int buffer_size, file_recovery_t *file_recovery)
+{
+  log_debug("data_check_gpg\n");
+  while(file_recovery->calculated_file_size + 6 < file_recovery->file_size + buffer_size/2)
+  {
+    unsigned int packet_tag;
+    unsigned int length_type;
+    unsigned int length;
+    unsigned int i=file_recovery->calculated_file_size - file_recovery->file_size + buffer_size/2;
+    packet_tag=openpgp_packet_tag(&buffer[i]);
+    if(packet_tag==0)	/* Reserved */
+      return 2;
+    length=openpgp_length_type(&buffer[i], &length_type);
+    if(length_type==0)
+      return 2;	/* Don't know how to find the size */
+    log_debug("gpg tag %u, size=%u\n", packet_tag, length);
+    file_recovery->calculated_file_size+=length_type;
+    file_recovery->calculated_file_size+=length;
+  }
+  return 1;
+}
+