2
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
3
* 2003 Free Software Foundation, Inc.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
28
#include <unistd.h> /* need sleep() */
44
#include "call-agent.h"
47
#ifdef HAVE_DOSISH_SYSTEM
49
void __stdcall Sleep(ulong);
50
#define sleep(a) Sleep((a)*1000)
55
static int recipient_digest_algo=0;
58
* Create a notation. We assume thIt is assumed that the strings in
59
* the STRLISTs of the opt struct are already checked to contain only
60
* printable data and have a valid NAME=VALUE format.
63
mk_notation_policy_etc( PKT_signature *sig,
64
PKT_public_key *pk, PKT_secret_key *sk )
70
STRLIST nd=NULL,pu=NULL;
71
struct expando_args args;
73
memset(&args,0,sizeof(args));
77
/* It is actually impossible to get here when making a v3 key
78
signature since keyedit.c:sign_uids will automatically bump a
79
signature with a notation or policy url up to v4, but it is
80
good to do these checks anyway. */
83
if(IS_SIG(sig) && opt.sig_notation_data)
86
log_error(_("can't put notation data into v3 (PGP 2.x style) "
89
nd=opt.sig_notation_data;
91
else if( IS_CERT(sig) && opt.cert_notation_data )
94
log_error(_("can't put notation data into v3 (PGP 2.x style) "
97
nd=opt.cert_notation_data;
100
for( ; nd; nd = nd->next ) {
104
s = strchr( string, '=' );
106
BUG(); /* we have already parsed this */
110
expanded=pct_expando(s,&args);
113
log_error(_("WARNING: unable to %%-expand notation "
114
"(too large). Using unexpanded.\n"));
115
expanded=xstrdup (s);
118
n2 = strlen(expanded);
119
buf = xmalloc ( 8 + n1 + n2 );
120
buf[0] = 0x80; /* human readable */
121
buf[1] = buf[2] = buf[3] = 0;
126
memcpy(buf+8, string, n1 );
127
memcpy(buf+8+n1, expanded, n2 );
128
build_sig_subpkt( sig, SIGSUBPKT_NOTATION
129
| ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0),
136
if( IS_SIG(sig) && opt.sig_policy_url )
139
log_error(_("can't put a policy URL into v3 (PGP 2.x style) "
142
pu=opt.sig_policy_url;
144
else if( IS_CERT(sig) && opt.cert_policy_url )
147
log_error(_("can't put a policy URL into v3 key (PGP 2.x style) "
150
pu=opt.cert_policy_url;
157
s=pct_expando(string,&args);
160
log_error(_("WARNING: unable to %%-expand policy url "
161
"(too large). Using unexpanded.\n"));
165
build_sig_subpkt(sig,SIGSUBPKT_POLICY|
166
((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
172
/* preferred keyserver URL */
173
if( IS_SIG(sig) && opt.sig_keyserver_url )
176
log_info (_("can't put a preferred keyserver URL "
177
"into v3 signatures\n"));
179
pu=opt.sig_keyserver_url;
186
s=pct_expando(string,&args);
189
log_error(_("WARNING: unable to %%-expand preferred keyserver URL"
190
" (too large). Using unexpanded.\n"));
194
build_sig_subpkt(sig,SIGSUBPKT_PREF_KS|
195
((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
204
* Helper to hash a user ID packet.
207
hash_uid (MD_HANDLE md, int sigversion, const PKT_user_id *uid)
209
if ( sigversion >= 4 ) {
212
if(uid->attrib_data) {
213
buf[0] = 0xd1; /* indicates an attribute packet */
214
buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
215
buf[2] = uid->attrib_len >> 16;
216
buf[3] = uid->attrib_len >> 8;
217
buf[4] = uid->attrib_len;
220
buf[0] = 0xb4; /* indicates a userid packet */
221
buf[1] = uid->len >> 24; /* always use 4 length bytes */
222
buf[2] = uid->len >> 16;
223
buf[3] = uid->len >> 8;
226
gcry_md_write( md, buf, 5 );
230
gcry_md_write (md, uid->attrib_data, uid->attrib_len );
232
gcry_md_write (md, uid->name, uid->len );
237
* Helper to hash some parts from the signature
240
hash_sigversion_to_magic (MD_HANDLE md, const PKT_signature *sig)
242
if (sig->version >= 4)
243
gcry_md_putc (md, sig->version);
244
gcry_md_putc (md, sig->sig_class);
245
if (sig->version < 4) {
246
u32 a = sig->timestamp;
247
gcry_md_putc (md, (a >> 24) & 0xff );
248
gcry_md_putc (md, (a >> 16) & 0xff );
249
gcry_md_putc (md, (a >> 8) & 0xff );
250
gcry_md_putc (md, a & 0xff );
256
gcry_md_putc (md, sig->pubkey_algo);
257
gcry_md_putc (md, sig->digest_algo);
259
n = sig->hashed->len;
260
gcry_md_putc (md, (n >> 8) );
261
gcry_md_putc (md, n );
262
gcry_md_write (md, sig->hashed->data, n );
266
gcry_md_putc (md, 0); /* always hash the length of the subpacket*/
267
gcry_md_putc (md, 0);
271
buf[0] = sig->version;
273
buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
277
gcry_md_write (md, buf, 6);
283
do_sign( PKT_secret_key *sk, PKT_signature *sig,
284
MD_HANDLE md, int digest_algo )
290
if( sk->timestamp > sig->timestamp ) {
291
ulong d = sk->timestamp - sig->timestamp;
292
log_info( d==1 ? _("key has been created %lu second "
293
"in future (time warp or clock problem)\n")
294
: _("key has been created %lu seconds "
295
"in future (time warp or clock problem)\n"), d );
296
if( !opt.ignore_time_conflict )
297
return GPG_ERR_TIME_CONFLICT;
300
print_pubkey_algo_note(sk->pubkey_algo);
303
digest_algo = gcry_md_get_algo(md);
305
print_digest_algo_note( digest_algo );
306
dp = gcry_md_read ( md, digest_algo );
307
sig->digest_algo = digest_algo;
308
sig->digest_start[0] = dp[0];
309
sig->digest_start[1] = dp[1];
310
if (sk->is_protected && sk->protect.s2k.mode == 1002)
311
{ /* FIXME: Note that we do only support RSA for now. */
316
snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
317
rc = agent_scd_pksign (snbuf, digest_algo,
318
gcry_md_read (md, digest_algo),
319
gcry_md_get_algo_dlen (digest_algo),
324
if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG,
325
rbuf, rbuflen, NULL))
331
frame = encode_md_value( sk->pubkey_algo, md,
332
digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
334
return GPG_ERR_GENERAL;
335
rc = pk_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
336
gcry_mpi_release (frame);
338
if (!rc && !opt.no_sig_create_check) {
339
/* check that the signature verification worked and nothing is
340
* fooling us e.g. by a bug in the signature create
341
* code or by deliberately introduced faults. */
342
PKT_public_key *pk = xcalloc (1,sizeof *pk);
344
if( get_pubkey( pk, sig->keyid ) )
345
rc = GPG_ERR_NO_PUBKEY;
347
frame = encode_md_value (pk->pubkey_algo, md,
349
mpi_get_nbits(pk->pkey[0]), 0);
351
rc = GPG_ERR_GENERAL;
353
rc = pk_verify (pk->pubkey_algo, frame,
354
sig->data, pk->pkey);
355
gcry_mpi_release (frame);
358
log_error (_("checking created signature failed: %s\n"),
360
free_public_key (pk);
363
log_error(_("signing failed: %s\n"), gpg_strerror (rc) );
366
char *ustr = get_user_id_string_printable (sig->keyid);
367
log_info(_("%s/%s signature from: \"%s\"\n"),
368
gcry_pk_algo_name (sk->pubkey_algo),
369
gcry_md_algo_name (sig->digest_algo),
380
complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
384
if( !(rc=check_secret_key( sk, 0 )) )
385
rc = do_sign( sk, sig, md, 0 );
390
hash_for(int pubkey_algo, int packet_version )
392
if( opt.def_digest_algo )
393
return opt.def_digest_algo;
394
else if( recipient_digest_algo )
395
return recipient_digest_algo;
396
else if(PGP2 && pubkey_algo == PUBKEY_ALGO_RSA && packet_version < 4 )
398
/* Old-style PGP only understands MD5 */
399
return DIGEST_ALGO_MD5;
401
else if( pubkey_algo == PUBKEY_ALGO_DSA )
403
/* We need a 160-bit hash for DSA, so we can't just take the first
406
if(opt.personal_digest_prefs)
410
for(prefs=opt.personal_digest_prefs;prefs->type;prefs++)
411
if(gcry_md_get_algo_dlen (prefs->value) == 20)
415
return DIGEST_ALGO_SHA1;
417
else if( opt.personal_digest_prefs )
419
/* It's not DSA, so we can use whatever the first hash algorithm
420
is in the pref list */
421
return opt.personal_digest_prefs[0].value;
424
return DEFAULT_DIGEST_ALGO;
428
only_old_style( SK_LIST sk_list )
430
SK_LIST sk_rover = NULL;
433
/* if there are only old style capable key we use the old sytle */
434
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
435
PKT_secret_key *sk = sk_rover->sk;
436
if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
446
print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what )
448
byte array[MAX_FINGERPRINT_LEN], *p;
449
char buf[100+MAX_FINGERPRINT_LEN*2];
452
sprintf(buf, "%c %d %d %02x %lu ",
453
what, sig->pubkey_algo, sig->digest_algo, sig->sig_class,
454
(ulong)sig->timestamp );
456
fingerprint_from_sk( sk, array, &n );
457
p = buf + strlen(buf);
458
for(i=0; i < n ; i++ )
459
sprintf(p+2*i, "%02X", array[i] );
461
write_status_text( STATUS_SIG_CREATED, buf );
466
* Loop over the secret certificates in SK_LIST and build the one pass
467
* signature packets. OpenPGP says that the data should be bracket by
468
* the onepass-sig and signature-packet; so we build these onepass
469
* packet here in reverse order
472
write_onepass_sig_packets (SK_LIST sk_list, iobuf_t out, int sigclass )
477
for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
480
for (; skcount; skcount--) {
482
PKT_onepass_sig *ops;
486
for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
492
ops = xcalloc (1,sizeof *ops);
493
ops->sig_class = sigclass;
494
ops->digest_algo = hash_for (sk->pubkey_algo, sk->version);
495
ops->pubkey_algo = sk->pubkey_algo;
496
keyid_from_sk (sk, ops->keyid);
497
ops->last = (skcount == 1);
500
pkt.pkttype = PKT_ONEPASS_SIG;
501
pkt.pkt.onepass_sig = ops;
502
rc = build_packet (out, &pkt);
505
log_error ("build onepass_sig packet failed: %s\n",
515
* Helper to write the plaintext (literal data) packet
518
write_plaintext_packet (iobuf_t out, iobuf_t inp, const char *fname, int ptmode)
520
PKT_plaintext *pt = NULL;
524
if (!opt.no_literal) {
525
if (fname || opt.set_filename) {
526
char *s = make_basename (opt.set_filename? opt.set_filename
528
/*, iobuf_get_real_fname(inp)*/);
529
pt = xmalloc (sizeof *pt + strlen(s) - 1);
530
pt->namelen = strlen (s);
531
memcpy (pt->name, s, pt->namelen);
534
else { /* no filename */
535
pt = xmalloc (sizeof *pt - 1);
540
/* try to calculate the length of the data */
541
if (fname && *fname && !(*fname=='-' && !fname[1])) {
542
if( !(filesize = iobuf_get_filelength(inp)) )
543
log_info (_("WARNING: `%s' is an empty file\n"), fname);
545
/* we can't yet encode the length of very large files,
546
* so we switch to partial length encoding in this case */
547
if (filesize >= IOBUF_FILELENGTH_LIMIT)
550
/* because the text_filter modifies the length of the
551
* data, it is not possible to know the used length
552
* without a double read of the file - to avoid that
553
* we simple use partial length packets.
559
filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
562
if (!opt.no_literal) {
565
pt->timestamp = make_timestamp ();
568
pt->new_ctb = !pt->len && !RFC1991;
571
pkt.pkttype = PKT_PLAINTEXT;
572
pkt.pkt.plaintext = pt;
573
/*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
574
if( (rc = build_packet (out, &pkt)) )
575
log_error ("build_packet(PLAINTEXT) failed: %s\n",
580
byte copy_buffer[4096];
583
while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
584
if ( (rc=iobuf_write(out, copy_buffer, bytes_copied) )) {
585
log_error ("copying input to output failed: %s\n",
589
wipememory(copy_buffer,4096); /* burn buffer */
591
/* fixme: it seems that we never freed pt/pkt */
597
* Write the signatures from the SK_LIST to OUT. HASH must be a non-finalized
598
* hash which will not be changes here.
601
write_signature_packets (SK_LIST sk_list, iobuf_t out, MD_HANDLE hash,
602
int sigclass, u32 timestamp, u32 duration,
607
/* loop over the secret certificates */
608
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
616
/* build the signature packet */
617
sig = xcalloc (1,sizeof *sig);
618
if(opt.force_v3_sigs || RFC1991)
620
else if(duration || opt.sig_policy_url
621
|| opt.sig_notation_data || opt.sig_keyserver_url)
624
sig->version=sk->version;
625
keyid_from_sk (sk, sig->keyid);
626
sig->digest_algo = hash_for (sk->pubkey_algo, sk->version);
627
sig->pubkey_algo = sk->pubkey_algo;
629
sig->timestamp = timestamp;
631
sig->timestamp = make_timestamp();
633
sig->expiredate = sig->timestamp+duration;
634
sig->sig_class = sigclass;
636
gcry_md_copy (&md, hash);
638
if (sig->version >= 4)
639
build_sig_subpkt_from_sig (sig);
640
mk_notation_policy_etc (sig, NULL, sk);
642
hash_sigversion_to_magic (md, sig);
645
rc = do_sign( sk, sig, md, hash_for (sig->pubkey_algo, sk->version) );
648
if( !rc ) { /* and write it */
652
pkt.pkttype = PKT_SIGNATURE;
653
pkt.pkt.signature = sig;
654
rc = build_packet (out, &pkt);
655
if (!rc && is_status_enabled()) {
656
print_status_sig_created ( sk, sig, status_letter);
660
log_error ("build signature packet failed: %s\n",
671
* Sign the files whose names are in FILENAME.
672
* If DETACHED has the value true,
673
* make a detached signature. If FILENAMES->d is NULL read from stdin
674
* and ignore the detached mode. Sign the file with all secret keys
675
* which can be taken from LOCUSR, if this is NULL, use the default one
676
* If ENCRYPTFLAG is true, use REMUSER (or ask if it is NULL) to encrypt the
677
* signed data for these users.
678
* If OUTFILE is not NULL; this file is used for output and the function
679
* does not ask for overwrite permission; output is then always
680
* uncompressed, non-armored and in binary mode.
683
sign_file( STRLIST filenames, int detached, STRLIST locusr,
684
int encryptflag, STRLIST remusr, const char *outfile )
687
armor_filter_context_t afx;
688
compress_filter_context_t zfx;
689
md_filter_context_t mfx;
690
text_filter_context_t tfx;
691
progress_filter_context_t pfx;
692
encrypt_filter_context_t efx;
693
iobuf_t inp = NULL, out = NULL;
696
PK_LIST pk_list = NULL;
697
SK_LIST sk_list = NULL;
698
SK_LIST sk_rover = NULL;
702
memset( &afx, 0, sizeof afx);
703
memset( &zfx, 0, sizeof zfx);
704
memset( &mfx, 0, sizeof mfx);
705
memset( &efx, 0, sizeof efx);
709
fname = filenames->d;
710
multifile = !!filenames->next;
715
if( fname && filenames->next && (!detached || encryptflag) )
716
log_bug("multiple files can only be detached signed");
718
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
719
duration=ask_expire_interval(1);
721
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
724
if(PGP2 && !only_old_style(sk_list))
726
log_info(_("you can only detach-sign with PGP 2.x style keys "
727
"while in --pgp2 mode\n"));
728
compliance_failure();
731
if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )))
735
if( multifile ) /* have list of filenames */
736
inp = NULL; /* we do it later */
738
if( !(inp = iobuf_open(fname)) ) {
739
rc = gpg_error_from_errno (errno);
740
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
745
handle_progress (&pfx, inp, fname);
749
if( !(out = iobuf_create( outfile )) ) {
750
rc = gpg_error_from_errno (errno);
751
log_error(_("can't create %s: %s\n"), outfile, strerror(errno) );
754
else if( opt.verbose )
755
log_info(_("writing to `%s'\n"), outfile );
757
else if( (rc = open_outfile( fname, opt.armor? 1: detached? 2:0, &out )))
760
/* prepare to calculate the MD over the input */
761
if( opt.textmode && !outfile && !multifile )
763
memset( &tfx, 0, sizeof tfx);
764
iobuf_push_filter( inp, text_filter, &tfx );
767
gcry_md_open (&mfx.md, 0, 0);
769
/* If we're encrypting and signing, it is reasonable to pick the
770
hash algorithm to use out of the recepient key prefs. */
773
if(opt.def_digest_algo)
776
select_algo_from_prefs(pk_list,PREFTYPE_HASH,
778
NULL)!=opt.def_digest_algo)
779
log_info(_("forcing digest algorithm %s (%d) "
780
"violates recipient preferences\n"),
781
gcry_md_algo_name (opt.def_digest_algo),
782
opt.def_digest_algo);
788
/* Of course, if the recipient asks for something
789
unreasonable (like a non-160-bit hash for DSA, for
790
example), then don't do it. Check all sk's - if any
791
are DSA, then the hash must be 160-bit. In the future
792
this can be more complex with different hashes for each
793
sk, but so long as there is only one signing algorithm
794
with hash restrictions, this is ok. -dms */
796
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
797
if(sk_rover->sk->pubkey_algo==PUBKEY_ALGO_DSA)
801
select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,
802
hashlen?&hashlen:NULL))>0)
803
recipient_digest_algo=algo;
807
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
808
PKT_secret_key *sk = sk_rover->sk;
809
gcry_md_enable (mfx.md, hash_for(sk->pubkey_algo, sk->version ));
813
iobuf_push_filter( inp, md_filter, &mfx );
815
if( detached && !encryptflag && !RFC1991 )
818
if( opt.armor && !outfile )
819
iobuf_push_filter( out, armor_filter, &afx );
822
efx.pk_list = pk_list;
823
/* fixme: set efx.cfx.datalen if known */
824
iobuf_push_filter( out, encrypt_filter, &efx );
827
if( opt.compress && !outfile && ( !detached || opt.compress_sigs) )
829
int compr_algo=opt.def_compress_algo;
831
/* If not forced by user */
834
/* If we're not encrypting, then select_algo_from_prefs
835
will fail and we'll end up with the default. If we are
836
encrypting, select_algo_from_prefs cannot fail since
837
there is an assumed preference for uncompressed data.
838
Still, if it did fail, we'll also end up with the
842
select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
843
compr_algo=default_compress_algo();
845
else if(!opt.expert && pk_list
846
&& select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
847
compr_algo,NULL)!=compr_algo)
848
log_info(_("forcing compression algorithm %s (%d) "
849
"violates recipient preferences\n"),
850
compress_algo_to_string(compr_algo),compr_algo);
852
/* algo 0 means no compression */
855
zfx.algo = compr_algo;
856
iobuf_push_filter( out, compress_filter, &zfx );
860
/* Write the one-pass signature packets if needed */
861
if (!detached && !RFC1991) {
862
rc = write_onepass_sig_packets (sk_list, out,
863
opt.textmode && !outfile ? 0x01:0x00);
868
/* setup the inner packet */
874
log_info(_("signing:") );
875
/* must walk reverse trough this list */
876
for( sl = strlist_last(filenames); sl;
877
sl = strlist_prev( filenames, sl ) ) {
878
if( !(inp = iobuf_open(sl->d)) ) {
879
rc = gpg_error_from_errno (errno);
880
log_error(_("can't open %s: %s\n"),
881
sl->d, strerror(errno) );
884
handle_progress (&pfx, inp, sl->d);
886
fprintf(stderr, " `%s'", sl->d );
889
memset( &tfx, 0, sizeof tfx);
890
iobuf_push_filter( inp, text_filter, &tfx );
892
iobuf_push_filter( inp, md_filter, &mfx );
893
while( iobuf_get(inp) != -1 )
895
iobuf_close(inp); inp = NULL;
898
putc( '\n', stderr );
901
/* read, so that the filter can calculate the digest */
902
while( iobuf_get(inp) != -1 )
907
rc = write_plaintext_packet (out, inp, fname,
908
opt.textmode && !outfile ? 't':'b');
911
/* catch errors from above */
915
/* write the signatures */
916
rc = write_signature_packets (sk_list, out, mfx.md,
917
opt.textmode && !outfile? 0x01 : 0x00,
918
0, duration, detached ? 'D':'S');
929
write_status( STATUS_END_ENCRYPTION );
932
gcry_md_close ( mfx.md );
933
release_sk_list( sk_list );
934
release_pk_list( pk_list );
935
recipient_digest_algo=0;
942
* make a clear signature. note that opt.armor is not needed
945
clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
947
armor_filter_context_t afx;
948
progress_filter_context_t pfx;
949
MD_HANDLE textmd = NULL;
950
iobuf_t inp = NULL, out = NULL;
953
SK_LIST sk_list = NULL;
954
SK_LIST sk_rover = NULL;
955
int old_style = RFC1991;
959
memset( &afx, 0, sizeof afx);
962
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
963
duration=ask_expire_interval(1);
965
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
968
if( !old_style && !duration )
969
old_style = only_old_style( sk_list );
971
if(PGP2 && !only_old_style(sk_list))
973
log_info(_("you can only clearsign with PGP 2.x style keys "
974
"while in --pgp2 mode\n"));
975
compliance_failure();
979
if( !(inp = iobuf_open(fname)) ) {
980
rc = gpg_error_from_errno (errno);
981
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
985
handle_progress (&pfx, inp, fname);
988
if( !(out = iobuf_create( outfile )) ) {
989
rc = gpg_error_from_errno (errno);
990
log_error(_("can't create %s: %s\n"), outfile, strerror(errno) );
993
else if( opt.verbose )
994
log_info(_("writing to `%s'\n"), outfile );
996
else if( (rc = open_outfile( fname, 1, &out )) )
999
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
1001
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1002
PKT_secret_key *sk = sk_rover->sk;
1003
if( hash_for(sk->pubkey_algo, sk->version) == DIGEST_ALGO_MD5 )
1011
if( !(old_style && only_md5) ) {
1014
byte hashs_seen[256];
1016
memset( hashs_seen, 0, sizeof hashs_seen );
1017
iobuf_writestr(out, "Hash: " );
1018
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1019
PKT_secret_key *sk = sk_rover->sk;
1020
int i = hash_for(sk->pubkey_algo, sk->version);
1022
if( !hashs_seen[ i & 0xff ] ) {
1023
s = gcry_md_algo_name (i);
1025
hashs_seen[ i & 0xff ] = 1;
1027
iobuf_put(out, ',' );
1028
iobuf_writestr(out, s );
1034
iobuf_writestr(out, LF );
1037
if( opt.not_dash_escaped )
1038
iobuf_writestr( out,
1039
"NotDashEscaped: You need GnuPG to verify this message" LF );
1040
iobuf_writestr(out, LF );
1042
gcry_md_open (&textmd, 0, 0);
1043
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1044
PKT_secret_key *sk = sk_rover->sk;
1045
gcry_md_enable (textmd, hash_for(sk->pubkey_algo, sk->version));
1048
gcry_md_start_debug ( textmd, "clearsign" );
1049
copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
1050
opt.escape_from, (old_style && only_md5) );
1051
/* fixme: check for read errors */
1053
/* now write the armor */
1055
iobuf_push_filter( out, armor_filter, &afx );
1057
/* write the signatures */
1058
rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C');
1068
gcry_md_close ( textmd );
1069
release_sk_list( sk_list );
1074
* Sign and conventionally encrypt the given file.
1075
* FIXME: Far too much code is duplicated - revamp the whole file.
1078
sign_symencrypt_file (const char *fname, STRLIST locusr)
1080
armor_filter_context_t afx;
1081
progress_filter_context_t pfx;
1082
compress_filter_context_t zfx;
1083
md_filter_context_t mfx;
1084
text_filter_context_t tfx;
1085
cipher_filter_context_t cfx;
1086
iobuf_t inp = NULL, out = NULL;
1088
STRING2KEY *s2k = NULL;
1090
SK_LIST sk_list = NULL;
1091
SK_LIST sk_rover = NULL;
1095
memset( &afx, 0, sizeof afx);
1096
memset( &zfx, 0, sizeof zfx);
1097
memset( &mfx, 0, sizeof mfx);
1098
memset( &tfx, 0, sizeof tfx);
1099
memset( &cfx, 0, sizeof cfx);
1100
init_packet( &pkt );
1102
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
1103
duration=ask_expire_interval(1);
1105
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
1109
/* prepare iobufs */
1110
inp = iobuf_open(fname);
1112
rc = gpg_error_from_errno (errno);
1113
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
1117
handle_progress (&pfx, inp, fname);
1120
s2k = xcalloc (1, sizeof *s2k );
1121
s2k->mode = RFC1991? 0:opt.s2k_mode;
1122
s2k->hash_algo = opt.s2k_digest_algo;
1124
algo = default_cipher_algo();
1125
if (!opt.quiet || !opt.batch)
1126
log_info (_("%s encryption will be used\n"),
1127
gcry_cipher_algo_name (algo) );
1128
cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, NULL);
1130
if (!cfx.dek || !cfx.dek->keylen) {
1131
rc = gpg_error (GPG_ERR_INV_PASSPHRASE);
1132
log_error(_("error creating passphrase: %s\n"), gpg_strerror (rc) );
1136
/* now create the outfile */
1137
rc = open_outfile (fname, opt.armor? 1:0, &out);
1141
/* prepare to calculate the MD over the input */
1143
iobuf_push_filter (inp, text_filter, &tfx);
1144
gcry_md_open (&mfx.md, 0, 0);
1146
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
1147
PKT_secret_key *sk = sk_rover->sk;
1148
gcry_md_enable (mfx.md, hash_for (sk->pubkey_algo, sk->version ));
1151
iobuf_push_filter (inp, md_filter, &mfx);
1153
/* Push armor output filter */
1155
iobuf_push_filter (out, armor_filter, &afx);
1157
/* Write the symmetric key packet */
1158
/*(current filters: armor)*/
1160
PKT_symkey_enc *enc = xcalloc (1, sizeof *enc );
1162
enc->cipher_algo = cfx.dek->algo;
1164
pkt.pkttype = PKT_SYMKEY_ENC;
1165
pkt.pkt.symkey_enc = enc;
1166
if( (rc = build_packet( out, &pkt )) )
1167
log_error("build symkey packet failed: %s\n", gpg_strerror (rc) );
1171
/* Push the encryption filter */
1172
iobuf_push_filter( out, cipher_filter, &cfx );
1174
/* Push the Zip filter */
1175
if (opt.compress && default_compress_algo())
1177
zfx.algo = default_compress_algo();
1178
iobuf_push_filter( out, compress_filter, &zfx );
1181
/* Write the one-pass signature packets */
1182
/*(current filters: zip - encrypt - armor)*/
1184
rc = write_onepass_sig_packets (sk_list, out,
1185
opt.textmode? 0x01:0x00);
1190
/* Pipe data through all filters; i.e. write the signed stuff */
1191
/*(current filters: zip - encrypt - armor)*/
1192
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
1196
/* Write the signatures */
1197
/*(current filters: zip - encrypt - armor)*/
1198
rc = write_signature_packets (sk_list, out, mfx.md,
1199
opt.textmode? 0x01 : 0x00,
1210
write_status( STATUS_END_ENCRYPTION );
1213
release_sk_list( sk_list );
1214
gcry_md_close ( mfx.md );
1222
* Create a signature packet for the given public key certificate and
1223
* the user id and return it in ret_sig. User signature class SIGCLASS
1224
* user-id is not used (and may be NULL if sigclass is 0x20) If
1225
* DIGEST_ALGO is 0 the function selects an appropriate one.
1226
* SIGVERSION gives the minimal required signature packet version;
1227
* this is needed so that special properties like local sign are not
1228
* applied (actually: dropped) when a v3 key is used. TIMESTAMP is
1229
* the timestamp to use for the signature. 0 means "now". */
1231
make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
1232
PKT_user_id *uid, PKT_public_key *subpk,
1234
int sigclass, int digest_algo,
1235
int sigversion, u32 timestamp, u32 duration,
1236
int (*mksubpkt)(PKT_signature *, void *), void *opaque
1243
assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
1244
|| sigclass == 0x20 || sigclass == 0x18
1245
|| sigclass == 0x30 || sigclass == 0x28 );
1247
if (opt.force_v4_certs)
1250
if (sigversion < sk->version)
1251
sigversion = sk->version;
1253
/* If you are making a signature on a v4 key using your v3 key, it
1254
doesn't make sense to generate a v3 sig. After all, no v3-only
1255
PGP implementation could understand the v4 key in the first
1256
place. Note that this implies that a signature on an attribute
1257
uid is usually going to be v4 as well, since they are not
1258
generally found on v3 keys. */
1259
if (sigversion < pk->version)
1260
sigversion = pk->version;
1264
/* Basically, this means use SHA1 always unless it's a v3 RSA
1265
key making a v3 cert (use MD5), or the user specified
1266
something (use whatever they said). They still must use a
1267
160-bit hash with DSA, or the signature will fail. Note
1268
that this still allows the caller of make_keysig_packet to
1269
override the user setting if it must. */
1271
if(opt.cert_digest_algo)
1272
digest_algo=opt.cert_digest_algo;
1273
else if((sk->pubkey_algo==PUBKEY_ALGO_RSA ||
1274
sk->pubkey_algo==PUBKEY_ALGO_RSA_S) &&
1275
pk->version<4 && sigversion < 4)
1276
digest_algo = DIGEST_ALGO_MD5;
1278
digest_algo = DIGEST_ALGO_SHA1;
1281
gcry_md_open (&md, digest_algo, 0 );
1283
/* hash the public key certificate and the user id */
1284
hash_public_key( md, pk );
1285
if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/
1286
hash_public_key( md, subpk );
1288
else if( sigclass != 0x1F && sigclass != 0x20 ) {
1289
hash_uid (md, sigversion, uid);
1291
/* and make the signature packet */
1292
sig = xcalloc (1, sizeof *sig );
1293
sig->version = sigversion;
1294
sig->flags.exportable=1;
1295
sig->flags.revocable=1;
1296
keyid_from_sk( sk, sig->keyid );
1297
sig->pubkey_algo = sk->pubkey_algo;
1298
sig->digest_algo = digest_algo;
1300
sig->timestamp=timestamp;
1302
sig->timestamp=make_timestamp();
1304
sig->expiredate=sig->timestamp+duration;
1305
sig->sig_class = sigclass;
1306
if( sig->version >= 4 )
1307
build_sig_subpkt_from_sig( sig );
1308
mk_notation_policy_etc ( sig, pk, sk );
1310
/* Crucial that the call to mksubpkt comes LAST before the calls
1311
to finalize the sig as that makes it possible for the mksubpkt
1312
function to get a reliable pointer to the subpacket area. */
1313
if( sig->version >= 4 && mksubpkt )
1314
rc = (*mksubpkt)( sig, opaque );
1317
hash_sigversion_to_magic (md, sig);
1320
rc = complete_sig( sig, sk, md );
1323
gcry_md_close ( md );
1325
free_seckey_enc( sig );
1334
* Create a new signature packet based on an existing one.
1335
* Only user ID signatures are supported for now.
1336
* TODO: Merge this with make_keysig_packet.
1339
update_keysig_packet( PKT_signature **ret_sig,
1340
PKT_signature *orig_sig,
1343
PKT_public_key *subpk,
1345
int (*mksubpkt)(PKT_signature *, void *),
1353
if ((!orig_sig || !pk || !sk)
1354
|| (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
1355
|| (orig_sig->sig_class == 0x18 && !subpk))
1356
return GPG_ERR_GENERAL;
1358
gcry_md_open (&md, orig_sig->digest_algo, 0);
1360
/* hash the public key certificate and the user id */
1361
hash_public_key( md, pk );
1363
if( orig_sig->sig_class == 0x18 )
1364
hash_public_key( md, subpk );
1366
hash_uid (md, orig_sig->version, uid);
1368
/* create a new signature packet */
1369
sig = copy_signature (NULL, orig_sig);
1371
/* We need to create a new timestamp so that new sig expiration
1372
calculations are done correctly... */
1373
sig->timestamp=make_timestamp();
1375
/* ... but we won't make a timestamp earlier than the existing
1377
while(sig->timestamp<=orig_sig->timestamp)
1380
sig->timestamp=make_timestamp();
1383
/* Note that already expired sigs will remain expired (with a
1384
duration of 0) since build-packet.c:build_sig_subpkt_from_sig
1385
detects this case. */
1387
if( sig->version >= 4 )
1389
/* Put the updated timestamp into the sig. Note that this
1390
will automagically lower any sig expiration dates to
1391
correctly correspond to the differences in the timestamps
1392
(i.e. the duration will shrink). */
1393
build_sig_subpkt_from_sig( sig );
1396
rc = (*mksubpkt)(sig, opaque);
1400
hash_sigversion_to_magic (md, sig);
1403
rc = complete_sig( sig, sk, md );
1408
free_seckey_enc (sig);
added
removed
g10/sign.c
