~ubuntu-branches/ubuntu/utopic/gnupg2/utopic-updates
» Revision
22
: .pc/CVE-2013-4402.patch/g10/mainproc.c
« back to all changes in this revision
Viewing changes to .pc/CVE-2013-4402.patch/g10/mainproc.c
- browse files at revision 22
- compare with another revision
- download diff
- download tarball
- view history from revision 22
- Committer: Package Import Robot
- Author(s): Marc Deslauriers
- Date: 2013-10-07 15:38:03 UTC
- mfrom: (18.1.4 saucy)
- Revision ID: package-import@ubuntu.com-20131007153803-9z5dpnkp34igz6ax
Tags: 2.0.20-1ubuntu3
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.patch: set limits on number of filters
and nested packets in common/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
- debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.patch: set limits on number of filters
and nested packets in common/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
- files added:
- .pc/CVE-2013-4351.patch
- .pc/CVE-2013-4351.patch/g10
- .pc/CVE-2013-4351.patch/include
- .pc/CVE-2013-4402.patch
- .pc/CVE-2013-4402.patch/common
- .pc/CVE-2013-4402.patch/g10
- files modified:
- .pc/applied-patches
added
removed
.pc/CVE-2013-4402.patch/g10/mainproc.c
1
/* mainproc.c - handle packets
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3
* 2008, 2009 Free Software Foundation, Inc.
4
*
5
* This file is part of GnuPG.
6
*
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 3 of the License, or
10
* (at your option) any later version.
11
*
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
16
*
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, see <http://www.gnu.org/licenses/>.
19
*/
20
21
#include <config.h>
22
#include <stdio.h>
23
#include <stdlib.h>
24
#include <string.h>
25
#include <assert.h>
26
#include <time.h>
27
28
#include "gpg.h"
29
#include "packet.h"
30
#include "iobuf.h"
31
#include "options.h"
32
#include "util.h"
33
#include "cipher.h"
34
#include "keydb.h"
35
#include "filter.h"
36
#include "main.h"
37
#include "status.h"
38
#include "i18n.h"
39
#include "trustdb.h"
40
#include "keyserver-internal.h"
41
#include "photoid.h"
42
#include "pka.h"
43
44
45
struct kidlist_item {
46
struct kidlist_item *next;
47
u32 kid[2];
48
int pubkey_algo;
49
int reason;
50
};
51
52
53
/****************
54
* Structure to hold the context
55
*/
56
typedef struct mainproc_context *CTX;
57
struct mainproc_context
58
{
59
struct mainproc_context *anchor; /* May be useful in the future. */
60
PKT_public_key *last_pubkey;
61
PKT_secret_key *last_seckey;
62
PKT_user_id *last_user_id;
63
md_filter_context_t mfx;
64
int sigs_only; /* Process only signatures and reject all other stuff. */
65
int encrypt_only; /* Process only encryption messages. */
66
67
/* Name of the file with the complete signature or the file with the
68
detached signature. This is currently only used to deduce the
69
file name of the data file if that has not been given. */
70
const char *sigfilename;
71
72
/* A structure to describe the signed data in case of a detached
73
signature. */
74
struct
75
{
76
/* A file descriptor of the the signed data. Only used if not -1. */
77
int data_fd;
78
/* A list of filenames with the data files or NULL. This is only
79
used if DATA_FD is -1. */
80
strlist_t data_names;
81
/* Flag to indicated that either one of the next previous fieldss
82
is used. This is only needed for better readability. */
83
int used;
84
} signed_data;
85
86
DEK *dek;
87
int last_was_session_key;
88
KBNODE list; /* The current list of packets. */
89
int have_data;
90
IOBUF iobuf; /* Used to get the filename etc. */
91
int trustletter; /* Temporary usage in list_node. */
92
ulong symkeys;
93
struct kidlist_item *pkenc_list; /* List of encryption packets. */
94
int any_sig_seen; /* Set to true if a signature packet has been seen. */
95
};
96
97
98
static int do_proc_packets( CTX c, IOBUF a );
99
static void list_node( CTX c, KBNODE node );
100
static void proc_tree( CTX c, KBNODE node );
101
static int literals_seen;
102
103
void
104
reset_literals_seen(void)
105
{
106
literals_seen=0;
107
}
108
109
static void
110
release_list( CTX c )
111
{
112
if( !c->list )
113
return;
114
proc_tree(c, c->list );
115
release_kbnode( c->list );
116
while( c->pkenc_list ) {
117
struct kidlist_item *tmp = c->pkenc_list->next;
118
xfree( c->pkenc_list );
119
c->pkenc_list = tmp;
120
}
121
c->pkenc_list = NULL;
122
c->list = NULL;
123
c->have_data = 0;
124
c->last_was_session_key = 0;
125
xfree(c->dek); c->dek = NULL;
126
}
127
128
129
static int
130
add_onepass_sig( CTX c, PACKET *pkt )
131
{
132
KBNODE node;
133
134
if ( c->list ) /* add another packet */
135
add_kbnode( c->list, new_kbnode( pkt ));
136
else /* insert the first one */
137
c->list = node = new_kbnode( pkt );
138
139
return 1;
140
}
141
142
143
static int
144
add_gpg_control( CTX c, PACKET *pkt )
145
{
146
if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
147
/* New clear text signature.
148
* Process the last one and reset everything */
149
release_list(c);
150
}
151
152
if( c->list ) /* add another packet */
153
add_kbnode( c->list, new_kbnode( pkt ));
154
else /* insert the first one */
155
c->list = new_kbnode( pkt );
156
157
return 1;
158
}
159
160
161
162
static int
163
add_user_id( CTX c, PACKET *pkt )
164
{
165
if( !c->list ) {
166
log_error("orphaned user ID\n" );
167
return 0;
168
}
169
add_kbnode( c->list, new_kbnode( pkt ) );
170
return 1;
171
}
172
173
static int
174
add_subkey( CTX c, PACKET *pkt )
175
{
176
if( !c->list ) {
177
log_error("subkey w/o mainkey\n" );
178
return 0;
179
}
180
add_kbnode( c->list, new_kbnode( pkt ) );
181
return 1;
182
}
183
184
static int
185
add_ring_trust( CTX c, PACKET *pkt )
186
{
187
if( !c->list ) {
188
log_error("ring trust w/o key\n" );
189
return 0;
190
}
191
add_kbnode( c->list, new_kbnode( pkt ) );
192
return 1;
193
}
194
195
196
static int
197
add_signature( CTX c, PACKET *pkt )
198
{
199
KBNODE node;
200
201
c->any_sig_seen = 1;
202
if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
203
/* This is the first signature for the following datafile.
204
* GPG does not write such packets; instead it always uses
205
* onepass-sig packets. The drawback of PGP's method
206
* of prepending the signature to the data is
207
* that it is not possible to make a signature from data read
208
* from stdin. (GPG is able to read PGP stuff anyway.) */
209
node = new_kbnode( pkt );
210
c->list = node;
211
return 1;
212
}
213
else if( !c->list )
214
return 0; /* oops (invalid packet sequence)*/
215
else if( !c->list->pkt )
216
BUG(); /* so nicht */
217
218
/* add a new signature node id at the end */
219
node = new_kbnode( pkt );
220
add_kbnode( c->list, node );
221
return 1;
222
}
223
224
static int
225
symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
226
{
227
gcry_cipher_hd_t hd;
228
229
if(slen < 17 || slen > 33)
230
{
231
log_error ( _("weird size for an encrypted session key (%d)\n"),
232
(int)slen);
233
return G10ERR_BAD_KEY;
234
}
235
236
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
237
BUG ();
238
if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
239
BUG ();
240
gcry_cipher_setiv ( hd, NULL, 0 );
241
gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
242
gcry_cipher_close ( hd );
243
244
/* Now we replace the dek components with the real session key to
245
decrypt the contents of the sequencing packet. */
246
247
dek->keylen=slen-1;
248
dek->algo=seskey[0];
249
250
if(dek->keylen > DIM(dek->key))
251
BUG ();
252
253
/* This is not completely accurate, since a bad passphrase may have
254
resulted in a garbage algorithm byte, but it's close enough since
255
a bogus byte here will fail later. */
256
if(dek->algo==CIPHER_ALGO_IDEA)
257
idea_cipher_warn(0);
258
259
memcpy(dek->key, seskey + 1, dek->keylen);
260
261
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
262
263
return 0;
264
}
265
266
static void
267
proc_symkey_enc( CTX c, PACKET *pkt )
268
{
269
PKT_symkey_enc *enc;
270
271
enc = pkt->pkt.symkey_enc;
272
if (!enc)
273
log_error ("invalid symkey encrypted packet\n");
274
else if(!c->dek)
275
{
276
int algo = enc->cipher_algo;
277
const char *s = openpgp_cipher_algo_name (algo);
278
279
if (!openpgp_cipher_test_algo (algo))
280
{
281
if(!opt.quiet)
282
{
283
if(enc->seskeylen)
284
log_info(_("%s encrypted session key\n"), s );
285
else
286
log_info(_("%s encrypted data\n"), s );
287
}
288
}
289
else
290
log_error(_("encrypted with unknown algorithm %d\n"), algo );
291
292
if(openpgp_md_test_algo (enc->s2k.hash_algo))
293
{
294
log_error(_("passphrase generated with unknown digest"
295
" algorithm %d\n"),enc->s2k.hash_algo);
296
s=NULL;
297
}
298
299
c->last_was_session_key = 2;
300
if(!s || opt.list_only)
301
goto leave;
302
303
if(opt.override_session_key)
304
{
305
c->dek = xmalloc_clear( sizeof *c->dek );
306
if(get_override_session_key(c->dek, opt.override_session_key))
307
{
308
xfree(c->dek);
309
c->dek = NULL;
310
}
311
}
312
else
313
{
314
c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
315
NULL, NULL);
316
if(c->dek)
317
{
318
c->dek->symmetric=1;
319
320
/* FIXME: This doesn't work perfectly if a symmetric
321
key comes before a public key in the message - if
322
the user doesn't know the passphrase, then there is
323
a chance that the "decrypted" algorithm will happen
324
to be a valid one, which will make the returned dek
325
appear valid, so we won't try any public keys that
326
come later. */
327
if(enc->seskeylen)
328
{
329
if(symkey_decrypt_seskey(c->dek, enc->seskey,
330
enc->seskeylen))
331
{
332
xfree(c->dek);
333
c->dek=NULL;
334
}
335
}
336
else
337
c->dek->algo_info_printed = 1;
338
}
339
}
340
}
341
342
leave:
343
c->symkeys++;
344
free_packet(pkt);
345
}
346
347
static void
348
proc_pubkey_enc( CTX c, PACKET *pkt )
349
{
350
PKT_pubkey_enc *enc;
351
int result = 0;
352
353
/* check whether the secret key is available and store in this case */
354
c->last_was_session_key = 1;
355
enc = pkt->pkt.pubkey_enc;
356
/*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
357
/* Hmmm: why do I have this algo check here - anyway there is
358
* function to check it. */
359
if( opt.verbose )
360
log_info(_("public key is %s\n"), keystr(enc->keyid) );
361
362
if( is_status_enabled() ) {
363
char buf[50];
364
sprintf(buf, "%08lX%08lX %d 0",
365
(ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
366
write_status_text( STATUS_ENC_TO, buf );
367
}
368
369
if( !opt.list_only && opt.override_session_key ) {
370
/* It does not make much sense to store the session key in
371
* secure memory because it has already been passed on the
372
* command line and the GCHQ knows about it. */
373
c->dek = xmalloc_clear( sizeof *c->dek );
374
result = get_override_session_key ( c->dek, opt.override_session_key );
375
if ( result ) {
376
xfree(c->dek); c->dek = NULL;
377
}
378
}
379
else if( is_ELGAMAL(enc->pubkey_algo)
380
|| enc->pubkey_algo == PUBKEY_ALGO_DSA
381
|| is_RSA(enc->pubkey_algo)
382
|| enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
383
/* Note that we also allow type 20 Elgamal keys for decryption.
384
There are still a couple of those keys in active use as a
385
subkey. */
386
387
/* FIXME: Store this all in a list and process it later so that
388
we can prioritize what key to use. This gives a better user
389
experience if wildcard keyids are used. */
390
if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
391
|| opt.try_all_secrets
392
|| !seckey_available( enc->keyid )) ) {
393
if( opt.list_only )
394
result = -1;
395
else {
396
c->dek = xmalloc_secure_clear( sizeof *c->dek );
397
if( (result = get_session_key( enc, c->dek )) ) {
398
/* error: delete the DEK */
399
xfree(c->dek); c->dek = NULL;
400
}
401
}
402
}
403
else
404
result = G10ERR_NO_SECKEY;
405
}
406
else
407
result = G10ERR_PUBKEY_ALGO;
408
409
if( result == -1 )
410
;
411
else
412
{
413
/* store it for later display */
414
struct kidlist_item *x = xmalloc( sizeof *x );
415
x->kid[0] = enc->keyid[0];
416
x->kid[1] = enc->keyid[1];
417
x->pubkey_algo = enc->pubkey_algo;
418
x->reason = result;
419
x->next = c->pkenc_list;
420
c->pkenc_list = x;
421
422
if( !result && opt.verbose > 1 )
423
log_info( _("public key encrypted data: good DEK\n") );
424
}
425
426
free_packet(pkt);
427
}
428
429
430
431
/****************
432
* Print the list of public key encrypted packets which we could
433
* not decrypt.
434
*/
435
static void
436
print_pkenc_list( struct kidlist_item *list, int failed )
437
{
438
for( ; list; list = list->next ) {
439
PKT_public_key *pk;
440
const char *algstr;
441
442
if ( failed && !list->reason )
443
continue;
444
if ( !failed && list->reason )
445
continue;
446
447
algstr = gcry_pk_algo_name ( list->pubkey_algo );
448
pk = xmalloc_clear( sizeof *pk );
449
450
if( !algstr )
451
algstr = "[?]";
452
pk->pubkey_algo = list->pubkey_algo;
453
if( !get_pubkey( pk, list->kid ) )
454
{
455
char *p;
456
log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
457
nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
458
strtimestamp(pk->timestamp) );
459
p=get_user_id_native(list->kid);
460
log_printf (_(" \"%s\"\n"),p);
461
xfree(p);
462
}
463
else
464
log_info(_("encrypted with %s key, ID %s\n"),
465
algstr,keystr(list->kid));
466
467
free_public_key( pk );
468
469
if( list->reason == G10ERR_NO_SECKEY ) {
470
if( is_status_enabled() ) {
471
char buf[20];
472
snprintf (buf, sizeof buf, "%08lX%08lX",
473
(ulong)list->kid[0], (ulong)list->kid[1]);
474
write_status_text( STATUS_NO_SECKEY, buf );
475
}
476
}
477
else if (list->reason)
478
{
479
log_info(_("public key decryption failed: %s\n"),
480
g10_errstr(list->reason));
481
write_status_error ("pkdecrypt_failed", list->reason);
482
}
483
}
484
}
485
486
487
static void
488
proc_encrypted( CTX c, PACKET *pkt )
489
{
490
int result = 0;
491
492
if (!opt.quiet)
493
{
494
if(c->symkeys>1)
495
log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
496
else if(c->symkeys==1)
497
log_info(_("encrypted with 1 passphrase\n"));
498
print_pkenc_list ( c->pkenc_list, 1 );
499
print_pkenc_list ( c->pkenc_list, 0 );
500
}
501
502
/* FIXME: Figure out the session key by looking at all pkenc packets. */
503
504
505
write_status( STATUS_BEGIN_DECRYPTION );
506
507
/*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
508
if( opt.list_only )
509
result = -1;
510
else if( !c->dek && !c->last_was_session_key ) {
511
int algo;
512
STRING2KEY s2kbuf, *s2k = NULL;
513
514
if(opt.override_session_key)
515
{
516
c->dek = xmalloc_clear( sizeof *c->dek );
517
result=get_override_session_key(c->dek, opt.override_session_key);
518
if(result)
519
{
520
xfree(c->dek);
521
c->dek = NULL;
522
}
523
}
524
else
525
{
526
/* Assume this is old style conventional encrypted data. */
527
algo = opt.def_cipher_algo;
528
if ( algo )
529
log_info (_("assuming %s encrypted data\n"),
530
openpgp_cipher_algo_name (algo));
531
else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
532
{
533
algo = opt.def_cipher_algo;
534
if (!algo)
535
algo = opt.s2k_cipher_algo;
536
idea_cipher_warn(1);
537
log_info (_("IDEA cipher unavailable, "
538
"optimistically attempting to use %s instead\n"),
539
openpgp_cipher_algo_name (algo));
540
}
541
else
542
{
543
algo = CIPHER_ALGO_IDEA;
544
if (!opt.s2k_digest_algo)
545
{
546
/* If no digest is given we assume MD5 */
547
s2kbuf.mode = 0;
548
s2kbuf.hash_algo = DIGEST_ALGO_MD5;
549
s2k = &s2kbuf;
550
}
551
log_info (_("assuming %s encrypted data\n"), "IDEA");
552
}
553
554
c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
555
if (c->dek)
556
c->dek->algo_info_printed = 1;
557
}
558
}
559
else if( !c->dek )
560
result = G10ERR_NO_SECKEY;
561
if( !result )
562
result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
563
564
if( result == -1 )
565
;
566
else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
567
&& opt.ignore_mdc_error)) {
568
write_status( STATUS_DECRYPTION_OKAY );
569
if( opt.verbose > 1 )
570
log_info(_("decryption okay\n"));
571
if( pkt->pkt.encrypted->mdc_method && !result )
572
write_status( STATUS_GOODMDC );
573
else if(!opt.no_mdc_warn)
574
log_info (_("WARNING: message was not integrity protected\n"));
575
if(opt.show_session_key)
576
{
577
int i;
578
char *buf = xmalloc ( c->dek->keylen*2 + 20 );
579
sprintf ( buf, "%d:", c->dek->algo );
580
for(i=0; i < c->dek->keylen; i++ )
581
sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
582
log_info( "session key: `%s'\n", buf );
583
write_status_text ( STATUS_SESSION_KEY, buf );
584
}
585
}
586
else if( result == G10ERR_BAD_SIGN ) {
587
log_error(_("WARNING: encrypted message has been manipulated!\n"));
588
write_status( STATUS_BADMDC );
589
write_status( STATUS_DECRYPTION_FAILED );
590
}
591
else {
592
if (gpg_err_code (result) == GPG_ERR_BAD_KEY
593
&& *c->dek->s2k_cacheid != '\0')
594
{
595
log_debug(_("cleared passphrase cached with ID: %s\n"),
596
c->dek->s2k_cacheid);
597
passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
598
}
599
write_status( STATUS_DECRYPTION_FAILED );
600
log_error(_("decryption failed: %s\n"), g10_errstr(result));
601
/* Hmmm: does this work when we have encrypted using multiple
602
* ways to specify the session key (symmmetric and PK)*/
603
}
604
xfree(c->dek); c->dek = NULL;
605
free_packet(pkt);
606
c->last_was_session_key = 0;
607
write_status( STATUS_END_DECRYPTION );
608
}
609
610
611
static void
612
proc_plaintext( CTX c, PACKET *pkt )
613
{
614
PKT_plaintext *pt = pkt->pkt.plaintext;
615
int any, clearsig, only_md5, rc;
616
KBNODE n;
617
618
literals_seen++;
619
620
if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
621
log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
622
else if( opt.verbose )
623
log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
624
free_md_filter_context( &c->mfx );
625
if (gcry_md_open (&c->mfx.md, 0, 0))
626
BUG ();
627
/* fixme: we may need to push the textfilter if we have sigclass 1
628
* and no armoring - Not yet tested
629
* Hmmm, why don't we need it at all if we have sigclass 1
630
* Should we assume that plaintext in mode 't' has always sigclass 1??
631
* See: Russ Allbery's mail 1999-02-09
632
*/
633
any = clearsig = only_md5 = 0;
634
for(n=c->list; n; n = n->next )
635
{
636
if( n->pkt->pkttype == PKT_ONEPASS_SIG )
637
{
638
/* For the onepass signature case */
639
if( n->pkt->pkt.onepass_sig->digest_algo )
640
{
641
gcry_md_enable (c->mfx.md,
642
n->pkt->pkt.onepass_sig->digest_algo);
643
if( !any && n->pkt->pkt.onepass_sig->digest_algo
644
== DIGEST_ALGO_MD5 )
645
only_md5 = 1;
646
else
647
only_md5 = 0;
648
any = 1;
649
}
650
if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
651
only_md5 = 0;
652
}
653
else if( n->pkt->pkttype == PKT_GPG_CONTROL
654
&& n->pkt->pkt.gpg_control->control
655
== CTRLPKT_CLEARSIGN_START )
656
{
657
/* For the clearsigned message case */
658
size_t datalen = n->pkt->pkt.gpg_control->datalen;
659
const byte *data = n->pkt->pkt.gpg_control->data;
660
661
/* check that we have at least the sigclass and one hash */
662
if ( datalen < 2 )
663
log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
664
/* Note that we don't set the clearsig flag for not-dash-escaped
665
* documents */
666
clearsig = (*data == 0x01);
667
for( data++, datalen--; datalen; datalen--, data++ )
668
gcry_md_enable (c->mfx.md, *data);
669
any = 1;
670
break; /* Stop here as one-pass signature packets are not
671
expected. */
672
}
673
else if(n->pkt->pkttype==PKT_SIGNATURE)
674
{
675
/* For the SIG+LITERAL case that PGP used to use. */
676
gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
677
any=1;
678
}
679
}
680
681
if( !any && !opt.skip_verify )
682
{
683
/* This is for the old GPG LITERAL+SIG case. It's not legal
684
according to 2440, so hopefully it won't come up that
685
often. There is no good way to specify what algorithms to
686
use in that case, so these three are the historical
687
answer. */
688
gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
689
gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
690
gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
691
}
692
if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
693
/* This is a kludge to work around a bug in pgp2. It does only
694
* catch those mails which are armored. To catch the non-armored
695
* pgp mails we could see whether there is the signature packet
696
* in front of the plaintext. If someone needs this, send me a patch.
697
*/
698
if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
699
BUG ();
700
}
701
if ( DBG_HASHING ) {
702
gcry_md_debug ( c->mfx.md, "verify" );
703
if ( c->mfx.md2 )
704
gcry_md_debug ( c->mfx.md2, "verify2" );
705
}
706
707
rc=0;
708
709
if (literals_seen>1)
710
{
711
log_info (_("WARNING: multiple plaintexts seen\n"));
712
713
if (!opt.flags.allow_multiple_messages)
714
{
715
write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
716
log_inc_errorcount ();
717
rc = gpg_error (GPG_ERR_UNEXPECTED);
718
}
719
}
720
721
if(!rc)
722
{
723
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
724
if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
725
{
726
/* Can't write output but we hash it anyway to check the
727
signature. */
728
rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
729
}
730
}
731
732
if( rc )
733
log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
734
free_packet(pkt);
735
c->last_was_session_key = 0;
736
737
/* We add a marker control packet instead of the plaintext packet.
738
* This is so that we can later detect invalid packet sequences.
739
*/
740
n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
741
if (c->list)
742
add_kbnode (c->list, n);
743
else
744
c->list = n;
745
}
746
747
748
static int
749
proc_compressed_cb( IOBUF a, void *info )
750
{
751
if ( ((CTX)info)->signed_data.used
752
&& ((CTX)info)->signed_data.data_fd != -1)
753
return proc_signature_packets_by_fd (info, a,
754
((CTX)info)->signed_data.data_fd);
755
else
756
return proc_signature_packets (info, a,
757
((CTX)info)->signed_data.data_names,
758
((CTX)info)->sigfilename );
759
}
760
761
static int
762
proc_encrypt_cb( IOBUF a, void *info )
763
{
764
return proc_encryption_packets( info, a );
765
}
766
767
static void
768
proc_compressed( CTX c, PACKET *pkt )
769
{
770
PKT_compressed *zd = pkt->pkt.compressed;
771
int rc;
772
773
/*printf("zip: compressed data packet\n");*/
774
if (c->sigs_only)
775
rc = handle_compressed( c, zd, proc_compressed_cb, c );
776
else if( c->encrypt_only )
777
rc = handle_compressed( c, zd, proc_encrypt_cb, c );
778
else
779
rc = handle_compressed( c, zd, NULL, NULL );
780
if( rc )
781
log_error("uncompressing failed: %s\n", g10_errstr(rc));
782
free_packet(pkt);
783
c->last_was_session_key = 0;
784
}
785
786
/****************
787
* check the signature
788
* Returns: 0 = valid signature or an error code
789
*/
790
static int
791
do_check_sig( CTX c, KBNODE node, int *is_selfsig,
792
int *is_expkey, int *is_revkey )
793
{
794
PKT_signature *sig;
795
gcry_md_hd_t md = NULL, md2 = NULL;
796
int algo, rc;
797
798
assert( node->pkt->pkttype == PKT_SIGNATURE );
799
if( is_selfsig )
800
*is_selfsig = 0;
801
sig = node->pkt->pkt.signature;
802
803
algo = sig->digest_algo;
804
rc = openpgp_md_test_algo(algo);
805
if (rc)
806
return rc;
807
808
if( sig->sig_class == 0x00 ) {
809
if( c->mfx.md )
810
{
811
if (gcry_md_copy (&md, c->mfx.md ))
812
BUG ();
813
}
814
else /* detached signature */
815
{
816
/* signature_check() will enable the md*/
817
if (gcry_md_open (&md, 0, 0 ))
818
BUG ();
819
}
820
}
821
else if( sig->sig_class == 0x01 ) {
822
/* how do we know that we have to hash the (already hashed) text
823
* in canonical mode ??? (calculating both modes???) */
824
if( c->mfx.md ) {
825
if (gcry_md_copy (&md, c->mfx.md ))
826
BUG ();
827
if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
828
BUG ();
829
}
830
else { /* detached signature */
831
log_debug("Do we really need this here?");
832
/* signature_check() will enable the md*/
833
if (gcry_md_open (&md, 0, 0 ))
834
BUG ();
835
if (gcry_md_open (&md2, 0, 0 ))
836
BUG ();
837
}
838
}
839
else if( (sig->sig_class&~3) == 0x10
840
|| sig->sig_class == 0x18
841
|| sig->sig_class == 0x1f
842
|| sig->sig_class == 0x20
843
|| sig->sig_class == 0x28
844
|| sig->sig_class == 0x30 ) {
845
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
846
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
847
return check_key_signature( c->list, node, is_selfsig );
848
}
849
else if( sig->sig_class == 0x20 ) {
850
log_error (_("standalone revocation - "
851
"use \"gpg --import\" to apply\n"));
852
return G10ERR_NOT_PROCESSED;
853
}
854
else {
855
log_error("invalid root packet for sigclass %02x\n",
856
sig->sig_class);
857
return G10ERR_SIG_CLASS;
858
}
859
}
860
else
861
return G10ERR_SIG_CLASS;
862
rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
863
if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
864
rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
865
gcry_md_close(md);
866
gcry_md_close(md2);
867
868
return rc;
869
}
870
871
872
static void
873
print_userid( PACKET *pkt )
874
{
875
if( !pkt )
876
BUG();
877
if( pkt->pkttype != PKT_USER_ID ) {
878
printf("ERROR: unexpected packet type %d", pkt->pkttype );
879
return;
880
}
881
if( opt.with_colons )
882
{
883
if(pkt->pkt.user_id->attrib_data)
884
printf("%u %lu",
885
pkt->pkt.user_id->numattribs,
886
pkt->pkt.user_id->attrib_len);
887
else
888
print_string( stdout, pkt->pkt.user_id->name,
889
pkt->pkt.user_id->len, ':');
890
}
891
else
892
print_utf8_string( stdout, pkt->pkt.user_id->name,
893
pkt->pkt.user_id->len );
894
}
895
896
897
/****************
898
* List the certificate in a user friendly way
899
*/
900
901
static void
902
list_node( CTX c, KBNODE node )
903
{
904
int any=0;
905
int mainkey;
906
907
if( !node )
908
;
909
else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
910
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
911
PKT_public_key *pk = node->pkt->pkt.public_key;
912
913
if( opt.with_colons )
914
{
915
u32 keyid[2];
916
keyid_from_pk( pk, keyid );
917
if( mainkey )
918
c->trustletter = opt.fast_list_mode?
919
0 : get_validity_info( pk, NULL );
920
printf("%s:", mainkey? "pub":"sub" );
921
if( c->trustletter )
922
putchar( c->trustletter );
923
printf(":%u:%d:%08lX%08lX:%s:%s::",
924
nbits_from_pk( pk ),
925
pk->pubkey_algo,
926
(ulong)keyid[0],(ulong)keyid[1],
927
colon_datestr_from_pk( pk ),
928
colon_strtime (pk->expiredate) );
929
if( mainkey && !opt.fast_list_mode )
930
putchar( get_ownertrust_info (pk) );
931
putchar(':');
932
if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
933
putchar('\n'); any=1;
934
if( opt.fingerprint )
935
print_fingerprint( pk, NULL, 0 );
936
printf("rtv:1:%u:\n",
937
node->next->pkt->pkt.ring_trust->trustval );
938
}
939
}
940
else
941
printf("%s %4u%c/%s %s%s",
942
mainkey? "pub":"sub", nbits_from_pk( pk ),
943
pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
944
datestr_from_pk( pk ), mainkey?" ":"");
945
946
if( mainkey ) {
947
/* and now list all userids with their signatures */
948
for( node = node->next; node; node = node->next ) {
949
if( node->pkt->pkttype == PKT_SIGNATURE ) {
950
if( !any ) {
951
if( node->pkt->pkt.signature->sig_class == 0x20 )
952
puts("[revoked]");
953
else
954
putchar('\n');
955
any = 1;
956
}
957
list_node(c, node );
958
}
959
else if( node->pkt->pkttype == PKT_USER_ID ) {
960
if( any ) {
961
if( opt.with_colons )
962
printf("%s:::::::::",
963
node->pkt->pkt.user_id->attrib_data?"uat":"uid");
964
else
965
printf( "uid%*s", 28, "" );
966
}
967
print_userid( node->pkt );
968
if( opt.with_colons )
969
putchar(':');
970
putchar('\n');
971
if( opt.fingerprint && !any )
972
print_fingerprint( pk, NULL, 0 );
973
if( opt.with_colons
974
&& node->next
975
&& node->next->pkt->pkttype == PKT_RING_TRUST ) {
976
printf("rtv:2:%u:\n",
977
node->next->pkt->pkt.ring_trust?
978
node->next->pkt->pkt.ring_trust->trustval : 0);
979
}
980
any=1;
981
}
982
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
983
if( !any ) {
984
putchar('\n');
985
any = 1;
986
}
987
list_node(c, node );
988
}
989
}
990
}
991
else
992
{
993
/* of subkey */
994
if( pk->is_revoked )
995
{
996
printf(" [");
997
printf(_("revoked: %s"),revokestr_from_pk(pk));
998
printf("]");
999
}
1000
else if( pk->expiredate )
1001
{
1002
printf(" [");
1003
printf(_("expires: %s"),expirestr_from_pk(pk));
1004
printf("]");
1005
}
1006
}
1007
1008
if( !any )
1009
putchar('\n');
1010
if( !mainkey && opt.fingerprint > 1 )
1011
print_fingerprint( pk, NULL, 0 );
1012
}
1013
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1014
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1015
PKT_secret_key *sk = node->pkt->pkt.secret_key;
1016
1017
if( opt.with_colons )
1018
{
1019
u32 keyid[2];
1020
keyid_from_sk( sk, keyid );
1021
printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
1022
mainkey? "sec":"ssb",
1023
nbits_from_sk( sk ),
1024
sk->pubkey_algo,
1025
(ulong)keyid[0],(ulong)keyid[1],
1026
colon_datestr_from_sk( sk ),
1027
colon_strtime (sk->expiredate)
1028
/* fixme: add LID */ );
1029
}
1030
else
1031
printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
1032
nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
1033
keystr_from_sk( sk ), datestr_from_sk( sk ));
1034
if( mainkey ) {
1035
/* and now list all userids with their signatures */
1036
for( node = node->next; node; node = node->next ) {
1037
if( node->pkt->pkttype == PKT_SIGNATURE ) {
1038
if( !any ) {
1039
if( node->pkt->pkt.signature->sig_class == 0x20 )
1040
puts("[revoked]");
1041
else
1042
putchar('\n');
1043
any = 1;
1044
}
1045
list_node(c, node );
1046
}
1047
else if( node->pkt->pkttype == PKT_USER_ID ) {
1048
if( any ) {
1049
if( opt.with_colons )
1050
printf("%s:::::::::",
1051
node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1052
else
1053
printf( "uid%*s", 28, "" );
1054
}
1055
print_userid( node->pkt );
1056
if( opt.with_colons )
1057
putchar(':');
1058
putchar('\n');
1059
if( opt.fingerprint && !any )
1060
print_fingerprint( NULL, sk, 0 );
1061
any=1;
1062
}
1063
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1064
if( !any ) {
1065
putchar('\n');
1066
any = 1;
1067
}
1068
list_node(c, node );
1069
}
1070
}
1071
}
1072
if( !any )
1073
putchar('\n');
1074
if( !mainkey && opt.fingerprint > 1 )
1075
print_fingerprint( NULL, sk, 0 );
1076
}
1077
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
1078
PKT_signature *sig = node->pkt->pkt.signature;
1079
int is_selfsig = 0;
1080
int rc2=0;
1081
size_t n;
1082
char *p;
1083
int sigrc = ' ';
1084
1085
if( !opt.verbose )
1086
return;
1087
1088
if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
1089
fputs("rev", stdout);
1090
else
1091
fputs("sig", stdout);
1092
if( opt.check_sigs ) {
1093
fflush(stdout);
1094
rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
1095
switch (gpg_err_code (rc2)) {
1096
case 0: sigrc = '!'; break;
1097
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1098
case GPG_ERR_NO_PUBKEY:
1099
case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1100
default: sigrc = '%'; break;
1101
}
1102
}
1103
else { /* check whether this is a self signature */
1104
u32 keyid[2];
1105
1106
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
1107
|| c->list->pkt->pkttype == PKT_SECRET_KEY ) {
1108
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
1109
keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
1110
else
1111
keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
1112
1113
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
1114
is_selfsig = 1;
1115
}
1116
}
1117
if( opt.with_colons ) {
1118
putchar(':');
1119
if( sigrc != ' ' )
1120
putchar(sigrc);
1121
printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1122
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
1123
colon_datestr_from_sig(sig),
1124
colon_expirestr_from_sig(sig));
1125
1126
if(sig->trust_depth || sig->trust_value)
1127
printf("%d %d",sig->trust_depth,sig->trust_value);
1128
printf(":");
1129
1130
if(sig->trust_regexp)
1131
print_string(stdout,sig->trust_regexp,
1132
strlen(sig->trust_regexp),':');
1133
printf(":");
1134
}
1135
else
1136
printf("%c %s %s ",
1137
sigrc, keystr(sig->keyid), datestr_from_sig(sig));
1138
if( sigrc == '%' )
1139
printf("[%s] ", g10_errstr(rc2) );
1140
else if( sigrc == '?' )
1141
;
1142
else if( is_selfsig ) {
1143
if( opt.with_colons )
1144
putchar(':');
1145
fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
1146
if( opt.with_colons )
1147
putchar(':');
1148
}
1149
else if( !opt.fast_list_mode ) {
1150
p = get_user_id( sig->keyid, &n );
1151
print_string( stdout, p, n, opt.with_colons );
1152
xfree(p);
1153
}
1154
if( opt.with_colons )
1155
printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1156
putchar('\n');
1157
}
1158
else
1159
log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
1160
}
1161
1162
1163
1164
int
1165
proc_packets( void *anchor, IOBUF a )
1166
{
1167
int rc;
1168
CTX c = xmalloc_clear( sizeof *c );
1169
1170
c->anchor = anchor;
1171
rc = do_proc_packets( c, a );
1172
xfree( c );
1173
return rc;
1174
}
1175
1176
1177
1178
int
1179
proc_signature_packets( void *anchor, IOBUF a,
1180
strlist_t signedfiles, const char *sigfilename )
1181
{
1182
CTX c = xmalloc_clear( sizeof *c );
1183
int rc;
1184
1185
c->anchor = anchor;
1186
c->sigs_only = 1;
1187
1188
c->signed_data.data_fd = -1;
1189
c->signed_data.data_names = signedfiles;
1190
c->signed_data.used = !!signedfiles;
1191
1192
c->sigfilename = sigfilename;
1193
rc = do_proc_packets( c, a );
1194
1195
/* If we have not encountered any signature we print an error
1196
messages, send a NODATA status back and return an error code.
1197
Using log_error is required because verify_files does not check
1198
error codes for each file but we want to terminate the process
1199
with an error. */
1200
if (!rc && !c->any_sig_seen)
1201
{
1202
write_status_text (STATUS_NODATA, "4");
1203
log_error (_("no signature found\n"));
1204
rc = G10ERR_NO_DATA;
1205
}
1206
1207
/* Propagate the signature seen flag upward. Do this only on
1208
success so that we won't issue the nodata status several
1209
times. */
1210
if (!rc && c->anchor && c->any_sig_seen)
1211
c->anchor->any_sig_seen = 1;
1212
1213
xfree( c );
1214
return rc;
1215
}
1216
1217
int
1218
proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
1219
{
1220
int rc;
1221
CTX c = xcalloc (1, sizeof *c);
1222
1223
c->anchor = anchor;
1224
c->sigs_only = 1;
1225
1226
c->signed_data.data_fd = signed_data_fd;
1227
c->signed_data.data_names = NULL;
1228
c->signed_data.used = (signed_data_fd != -1);
1229
1230
rc = do_proc_packets ( c, a );
1231
1232
/* If we have not encountered any signature we print an error
1233
messages, send a NODATA status back and return an error code.
1234
Using log_error is required because verify_files does not check
1235
error codes for each file but we want to terminate the process
1236
with an error. */
1237
if (!rc && !c->any_sig_seen)
1238
{
1239
write_status_text (STATUS_NODATA, "4");
1240
log_error (_("no signature found\n"));
1241
rc = gpg_error (GPG_ERR_NO_DATA);
1242
}
1243
1244
/* Propagate the signature seen flag upward. Do this only on success
1245
so that we won't issue the nodata status several times. */
1246
if (!rc && c->anchor && c->any_sig_seen)
1247
c->anchor->any_sig_seen = 1;
1248
1249
xfree ( c );
1250
return rc;
1251
}
1252
1253
1254
int
1255
proc_encryption_packets( void *anchor, IOBUF a )
1256
{
1257
CTX c = xmalloc_clear( sizeof *c );
1258
int rc;
1259
1260
c->anchor = anchor;
1261
c->encrypt_only = 1;
1262
rc = do_proc_packets( c, a );
1263
xfree( c );
1264
return rc;
1265
}
1266
1267
1268
int
1269
do_proc_packets( CTX c, IOBUF a )
1270
{
1271
PACKET *pkt = xmalloc( sizeof *pkt );
1272
int rc=0;
1273
int any_data=0;
1274
int newpkt;
1275
1276
c->iobuf = a;
1277
init_packet(pkt);
1278
while( (rc=parse_packet(a, pkt)) != -1 ) {
1279
any_data = 1;
1280
if( rc ) {
1281
free_packet(pkt);
1282
/* stop processing when an invalid packet has been encountered
1283
* but don't do so when we are doing a --list-packets. */
1284
if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1285
&& opt.list_packets != 2 )
1286
break;
1287
continue;
1288
}
1289
newpkt = -1;
1290
if( opt.list_packets ) {
1291
switch( pkt->pkttype ) {
1292
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1293
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1294
case PKT_ENCRYPTED:
1295
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1296
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1297
default: newpkt = 0; break;
1298
}
1299
}
1300
else if( c->sigs_only ) {
1301
switch( pkt->pkttype ) {
1302
case PKT_PUBLIC_KEY:
1303
case PKT_SECRET_KEY:
1304
case PKT_USER_ID:
1305
case PKT_SYMKEY_ENC:
1306
case PKT_PUBKEY_ENC:
1307
case PKT_ENCRYPTED:
1308
case PKT_ENCRYPTED_MDC:
1309
write_status_text( STATUS_UNEXPECTED, "0" );
1310
rc = G10ERR_UNEXPECTED;
1311
goto leave;
1312
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1313
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1314
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1315
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1316
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1317
default: newpkt = 0; break;
1318
}
1319
}
1320
else if( c->encrypt_only ) {
1321
switch( pkt->pkttype ) {
1322
case PKT_PUBLIC_KEY:
1323
case PKT_SECRET_KEY:
1324
case PKT_USER_ID:
1325
write_status_text( STATUS_UNEXPECTED, "0" );
1326
rc = G10ERR_UNEXPECTED;
1327
goto leave;
1328
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1329
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1330
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1331
case PKT_ENCRYPTED:
1332
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1333
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1334
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1335
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1336
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1337
default: newpkt = 0; break;
1338
}
1339
}
1340
else {
1341
switch( pkt->pkttype ) {
1342
case PKT_PUBLIC_KEY:
1343
case PKT_SECRET_KEY:
1344
release_list( c );
1345
c->list = new_kbnode( pkt );
1346
newpkt = 1;
1347
break;
1348
case PKT_PUBLIC_SUBKEY:
1349
case PKT_SECRET_SUBKEY:
1350
newpkt = add_subkey( c, pkt );
1351
break;
1352
case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
1353
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1354
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1355
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1356
case PKT_ENCRYPTED:
1357
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1358
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1359
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1360
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1361
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1362
case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
1363
default: newpkt = 0; break;
1364
}
1365
}
1366
/* This is a very ugly construct and frankly, I don't remember why
1367
* I used it. Adding the MDC check here is a hack.
1368
* The right solution is to initiate another context for encrypted
1369
* packet and not to reuse the current one ... It works right
1370
* when there is a compression packet inbetween which adds just
1371
* an extra layer.
1372
* Hmmm: Rewrite this whole module here??
1373
*/
1374
if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
1375
c->have_data = pkt->pkttype == PKT_PLAINTEXT;
1376
1377
if( newpkt == -1 )
1378
;
1379
else if( newpkt ) {
1380
pkt = xmalloc( sizeof *pkt );
1381
init_packet(pkt);
1382
}
1383
else
1384
free_packet(pkt);
1385
}
1386
if( rc == G10ERR_INVALID_PACKET )
1387
write_status_text( STATUS_NODATA, "3" );
1388
if( any_data )
1389
rc = 0;
1390
else if( rc == -1 )
1391
write_status_text( STATUS_NODATA, "2" );
1392
1393
1394
leave:
1395
release_list( c );
1396
xfree(c->dek);
1397
free_packet( pkt );
1398
xfree( pkt );
1399
free_md_filter_context( &c->mfx );
1400
return rc;
1401
}
1402
1403
1404
/* Helper for pka_uri_from_sig to parse the to-be-verified address out
1405
of the notation data. */
1406
static pka_info_t *
1407
get_pka_address (PKT_signature *sig)
1408
{
1409
pka_info_t *pka = NULL;
1410
struct notation *nd,*notation;
1411
1412
notation=sig_to_notation(sig);
1413
1414
for(nd=notation;nd;nd=nd->next)
1415
{
1416
if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1417
continue; /* Not the notation we want. */
1418
1419
/* For now we only use the first valid PKA notation. In future
1420
we might want to keep additional PKA notations in a linked
1421
list. */
1422
if (is_valid_mailbox (nd->value))
1423
{
1424
pka = xmalloc (sizeof *pka + strlen(nd->value));
1425
pka->valid = 0;
1426
pka->checked = 0;
1427
pka->uri = NULL;
1428
strcpy (pka->email, nd->value);
1429
break;
1430
}
1431
}
1432
1433
free_notation(notation);
1434
1435
return pka;
1436
}
1437
1438
1439
/* Return the URI from a DNS PKA record. If this record has already
1440
be retrieved for the signature we merely return it; if not we go
1441
out and try to get that DNS record. */
1442
static const char *
1443
pka_uri_from_sig (PKT_signature *sig)
1444
{
1445
if (!sig->flags.pka_tried)
1446
{
1447
assert (!sig->pka_info);
1448
sig->flags.pka_tried = 1;
1449
sig->pka_info = get_pka_address (sig);
1450
if (sig->pka_info)
1451
{
1452
char *uri;
1453
1454
uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
1455
if (uri)
1456
{
1457
sig->pka_info->valid = 1;
1458
if (!*uri)
1459
xfree (uri);
1460
else
1461
sig->pka_info->uri = uri;
1462
}
1463
}
1464
}
1465
return sig->pka_info? sig->pka_info->uri : NULL;
1466
}
1467
1468
1469
static int
1470
check_sig_and_print( CTX c, KBNODE node )
1471
{
1472
PKT_signature *sig = node->pkt->pkt.signature;
1473
const char *astr;
1474
int rc, is_expkey=0, is_revkey=0;
1475
1476
if (opt.skip_verify)
1477
{
1478
log_info(_("signature verification suppressed\n"));
1479
return 0;
1480
}
1481
1482
/* Check that the message composition is valid.
1483
1484
Per RFC-2440bis (-15) allowed:
1485
1486
S{1,n} -- detached signature.
1487
S{1,n} P -- old style PGP2 signature
1488
O{1,n} P S{1,n} -- standard OpenPGP signature.
1489
C P S{1,n} -- cleartext signature.
1490
1491
1492
O = One-Pass Signature packet.
1493
S = Signature packet.
1494
P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1495
(Note that the current rfc2440bis draft also allows
1496
for a signed message but that does not work as it
1497
introduces ambiguities.)
1498
We keep track of these packages using the marker packet
1499
CTRLPKT_PLAINTEXT_MARK.
1500
C = Marker packet for cleartext signatures.
1501
1502
We reject all other messages.
1503
1504
Actually we are calling this too often, i.e. for verification of
1505
each message but better have some duplicate work than to silently
1506
introduce a bug here.
1507
*/
1508
{
1509
KBNODE n;
1510
int n_onepass, n_sig;
1511
1512
/* log_debug ("checking signature packet composition\n"); */
1513
/* dump_kbnode (c->list); */
1514
1515
n = c->list;
1516
assert (n);
1517
if ( n->pkt->pkttype == PKT_SIGNATURE )
1518
{
1519
/* This is either "S{1,n}" case (detached signature) or
1520
"S{1,n} P" (old style PGP2 signature). */
1521
for (n = n->next; n; n = n->next)
1522
if (n->pkt->pkttype != PKT_SIGNATURE)
1523
break;
1524
if (!n)
1525
; /* Okay, this is a detached signature. */
1526
else if (n->pkt->pkttype == PKT_GPG_CONTROL
1527
&& (n->pkt->pkt.gpg_control->control
1528
== CTRLPKT_PLAINTEXT_MARK) )
1529
{
1530
if (n->next)
1531
goto ambiguous; /* We only allow one P packet. */
1532
}
1533
else
1534
goto ambiguous;
1535
}
1536
else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1537
{
1538
/* This is the "O{1,n} P S{1,n}" case (standard signature). */
1539
for (n_onepass=1, n = n->next;
1540
n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1541
n_onepass++;
1542
if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1543
&& (n->pkt->pkt.gpg_control->control
1544
== CTRLPKT_PLAINTEXT_MARK)))
1545
goto ambiguous;
1546
for (n_sig=0, n = n->next;
1547
n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1548
n_sig++;
1549
if (!n_sig)
1550
goto ambiguous;
1551
1552
/* If we wanted to disallow multiple sig verification, we'd do
1553
something like this:
1554
1555
if (n && !opt.allow_multisig_verification)
1556
goto ambiguous;
1557
1558
However, now that we have --allow-multiple-messages, this
1559
can stay allowable as we can't get here unless multiple
1560
messages (i.e. multiple literals) are allowed. */
1561
1562
if (n_onepass != n_sig)
1563
{
1564
log_info ("number of one-pass packets does not match "
1565
"number of signature packets\n");
1566
goto ambiguous;
1567
}
1568
}
1569
else if (n->pkt->pkttype == PKT_GPG_CONTROL
1570
&& n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1571
{
1572
/* This is the "C P S{1,n}" case (clear text signature). */
1573
n = n->next;
1574
if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1575
&& (n->pkt->pkt.gpg_control->control
1576
== CTRLPKT_PLAINTEXT_MARK)))
1577
goto ambiguous;
1578
for (n_sig=0, n = n->next;
1579
n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1580
n_sig++;
1581
if (n || !n_sig)
1582
goto ambiguous;
1583
}
1584
else
1585
{
1586
ambiguous:
1587
log_error(_("can't handle this ambiguous signature data\n"));
1588
return 0;
1589
}
1590
1591
}
1592
1593
/* (Indendation below not yet changed to GNU style.) */
1594
1595
astr = gcry_pk_algo_name ( sig->pubkey_algo );
1596
if(keystrlen()>8)
1597
{
1598
log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
1599
log_info(_(" using %s key %s\n"),
1600
astr? astr: "?",keystr(sig->keyid));
1601
}
1602
else
1603
log_info(_("Signature made %s using %s key ID %s\n"),
1604
asctimestamp(sig->timestamp), astr? astr: "?",
1605
keystr(sig->keyid));
1606
1607
rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1608
1609
/* If the key isn't found, check for a preferred keyserver */
1610
1611
if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
1612
{
1613
const byte *p;
1614
int seq=0;
1615
size_t n;
1616
1617
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1618
{
1619
/* According to my favorite copy editor, in English
1620
grammar, you say "at" if the key is located on a web
1621
page, but "from" if it is located on a keyserver. I'm
1622
not going to even try to make two strings here :) */
1623
log_info(_("Key available at: ") );
1624
print_utf8_string( log_get_stream(), p, n );
1625
log_printf ("\n");
1626
1627
if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1628
&& opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1629
{
1630
struct keyserver_spec *spec;
1631
1632
spec=parse_preferred_keyserver(sig);
1633
if(spec)
1634
{
1635
int res;
1636
1637
glo_ctrl.in_auto_key_retrieve++;
1638
res=keyserver_import_keyid(sig->keyid,spec);
1639
glo_ctrl.in_auto_key_retrieve--;
1640
if(!res)
1641
rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1642
free_keyserver_spec(spec);
1643
1644
if(!rc)
1645
break;
1646
}
1647
}
1648
}
1649
}
1650
1651
/* If the preferred keyserver thing above didn't work, our second
1652
try is to use the URI from a DNS PKA record. */
1653
if ( rc == G10ERR_NO_PUBKEY
1654
&& opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1655
&& opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
1656
{
1657
const char *uri = pka_uri_from_sig (sig);
1658
1659
if (uri)
1660
{
1661
/* FIXME: We might want to locate the key using the
1662
fingerprint instead of the keyid. */
1663
int res;
1664
struct keyserver_spec *spec;
1665
1666
spec = parse_keyserver_uri (uri, 1, NULL, 0);
1667
if (spec)
1668
{
1669
glo_ctrl.in_auto_key_retrieve++;
1670
res = keyserver_import_keyid (sig->keyid, spec);
1671
glo_ctrl.in_auto_key_retrieve--;
1672
free_keyserver_spec (spec);
1673
if (!res)
1674
rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1675
}
1676
}
1677
}
1678
1679
/* If the preferred keyserver thing above didn't work and we got
1680
no information from the DNS PKA, this is a third try. */
1681
1682
if( rc == G10ERR_NO_PUBKEY && opt.keyserver
1683
&& opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1684
{
1685
int res;
1686
1687
glo_ctrl.in_auto_key_retrieve++;
1688
res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
1689
glo_ctrl.in_auto_key_retrieve--;
1690
if(!res)
1691
rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1692
}
1693
1694
if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
1695
KBNODE un, keyblock;
1696
int count=0, statno;
1697
char keyid_str[50];
1698
PKT_public_key *pk=NULL;
1699
1700
if(rc)
1701
statno=STATUS_BADSIG;
1702
else if(sig->flags.expired)
1703
statno=STATUS_EXPSIG;
1704
else if(is_expkey)
1705
statno=STATUS_EXPKEYSIG;
1706
else if(is_revkey)
1707
statno=STATUS_REVKEYSIG;
1708
else
1709
statno=STATUS_GOODSIG;
1710
1711
keyblock = get_pubkeyblock( sig->keyid );
1712
1713
sprintf (keyid_str, "%08lX%08lX [uncertain] ",
1714
(ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1715
1716
/* find and print the primary user ID */
1717
for( un=keyblock; un; un = un->next ) {
1718
char *p;
1719
int valid;
1720
if(un->pkt->pkttype==PKT_PUBLIC_KEY)
1721
{
1722
pk=un->pkt->pkt.public_key;
1723
continue;
1724
}
1725
if( un->pkt->pkttype != PKT_USER_ID )
1726
continue;
1727
if ( !un->pkt->pkt.user_id->created )
1728
continue;
1729
if ( un->pkt->pkt.user_id->is_revoked )
1730
continue;
1731
if ( un->pkt->pkt.user_id->is_expired )
1732
continue;
1733
if ( !un->pkt->pkt.user_id->is_primary )
1734
continue;
1735
/* We want the textual primary user ID here */
1736
if ( un->pkt->pkt.user_id->attrib_data )
1737
continue;
1738
1739
assert(pk);
1740
1741
/* Get it before we print anything to avoid interrupting
1742
the output with the "please do a --check-trustdb"
1743
line. */
1744
valid=get_validity(pk,un->pkt->pkt.user_id);
1745
1746
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1747
write_status_text_and_buffer (statno, keyid_str,
1748
un->pkt->pkt.user_id->name,
1749
un->pkt->pkt.user_id->len,
1750
-1 );
1751
1752
p=utf8_to_native(un->pkt->pkt.user_id->name,
1753
un->pkt->pkt.user_id->len,0);
1754
1755
if(rc)
1756
log_info(_("BAD signature from \"%s\""),p);
1757
else if(sig->flags.expired)
1758
log_info(_("Expired signature from \"%s\""),p);
1759
else
1760
log_info(_("Good signature from \"%s\""),p);
1761
1762
xfree(p);
1763
1764
if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1765
log_printf (" [%s]\n",trust_value_to_string(valid));
1766
else
1767
log_printf ("\n");
1768
count++;
1769
}
1770
if( !count ) { /* just in case that we have no valid textual
1771
userid */
1772
char *p;
1773
1774
/* Try for an invalid textual userid */
1775
for( un=keyblock; un; un = un->next ) {
1776
if( un->pkt->pkttype == PKT_USER_ID &&
1777
!un->pkt->pkt.user_id->attrib_data )
1778
break;
1779
}
1780
1781
/* Try for any userid at all */
1782
if(!un) {
1783
for( un=keyblock; un; un = un->next ) {
1784
if( un->pkt->pkttype == PKT_USER_ID )
1785
break;
1786
}
1787
}
1788
1789
if (opt.trust_model==TM_ALWAYS || !un)
1790
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1791
1792
write_status_text_and_buffer (statno, keyid_str,
1793
un? un->pkt->pkt.user_id->name:"[?]",
1794
un? un->pkt->pkt.user_id->len:3,
1795
-1 );
1796
1797
if(un)
1798
p=utf8_to_native(un->pkt->pkt.user_id->name,
1799
un->pkt->pkt.user_id->len,0);
1800
else
1801
p=xstrdup("[?]");
1802
1803
if(rc)
1804
log_info(_("BAD signature from \"%s\""),p);
1805
else if(sig->flags.expired)
1806
log_info(_("Expired signature from \"%s\""),p);
1807
else
1808
log_info(_("Good signature from \"%s\""),p);
1809
if (opt.trust_model!=TM_ALWAYS && un)
1810
log_printf (" %s",_("[uncertain]") );
1811
log_printf ("\n");
1812
}
1813
1814
/* If we have a good signature and already printed
1815
* the primary user ID, print all the other user IDs */
1816
if ( count && !rc
1817
&& !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
1818
char *p;
1819
for( un=keyblock; un; un = un->next ) {
1820
if( un->pkt->pkttype != PKT_USER_ID )
1821
continue;
1822
if((un->pkt->pkt.user_id->is_revoked
1823
|| un->pkt->pkt.user_id->is_expired)
1824
&& !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
1825
continue;
1826
/* Only skip textual primaries */
1827
if ( un->pkt->pkt.user_id->is_primary &&
1828
!un->pkt->pkt.user_id->attrib_data )
1829
continue;
1830
1831
if(un->pkt->pkt.user_id->attrib_data)
1832
{
1833
dump_attribs(un->pkt->pkt.user_id,pk,NULL);
1834
1835
if(opt.verify_options&VERIFY_SHOW_PHOTOS)
1836
show_photos(un->pkt->pkt.user_id->attribs,
1837
un->pkt->pkt.user_id->numattribs,
1838
pk,NULL,un->pkt->pkt.user_id);
1839
}
1840
1841
p=utf8_to_native(un->pkt->pkt.user_id->name,
1842
un->pkt->pkt.user_id->len,0);
1843
log_info(_(" aka \"%s\""),p);
1844
xfree(p);
1845
1846
if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1847
{
1848
const char *valid;
1849
if(un->pkt->pkt.user_id->is_revoked)
1850
valid=_("revoked");
1851
else if(un->pkt->pkt.user_id->is_expired)
1852
valid=_("expired");
1853
else
1854
valid=trust_value_to_string(get_validity(pk,
1855
un->pkt->
1856
pkt.user_id));
1857
log_printf (" [%s]\n",valid);
1858
}
1859
else
1860
log_printf ("\n");
1861
}
1862
}
1863
release_kbnode( keyblock );
1864
1865
if( !rc )
1866
{
1867
if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
1868
show_policy_url(sig,0,1);
1869
else
1870
show_policy_url(sig,0,2);
1871
1872
if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
1873
show_keyserver_url(sig,0,1);
1874
else
1875
show_keyserver_url(sig,0,2);
1876
1877
if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
1878
show_notation(sig,0,1,
1879
((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
1880
((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
1881
else
1882
show_notation(sig,0,2,0);
1883
}
1884
1885
if( !rc && is_status_enabled() ) {
1886
/* print a status response with the fingerprint */
1887
PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
1888
1889
if( !get_pubkey( vpk, sig->keyid ) ) {
1890
byte array[MAX_FINGERPRINT_LEN], *p;
1891
char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
1892
size_t i, n;
1893
1894
bufp = buf;
1895
fingerprint_from_pk( vpk, array, &n );
1896
p = array;
1897
for(i=0; i < n ; i++, p++, bufp += 2)
1898
sprintf(bufp, "%02X", *p );
1899
/* TODO: Replace the reserved '0' in the field below
1900
with bits for status flags (policy url, notation,
1901
etc.). Remember to make the buffer larger to
1902
match! */
1903
sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
1904
strtimestamp( sig->timestamp ),
1905
(ulong)sig->timestamp,(ulong)sig->expiredate,
1906
sig->version,sig->pubkey_algo,sig->digest_algo,
1907
sig->sig_class);
1908
bufp = bufp + strlen (bufp);
1909
if (!vpk->is_primary) {
1910
u32 akid[2];
1911
1912
akid[0] = vpk->main_keyid[0];
1913
akid[1] = vpk->main_keyid[1];
1914
free_public_key (vpk);
1915
vpk = xmalloc_clear( sizeof *vpk );
1916
if (get_pubkey (vpk, akid)) {
1917
/* impossible error, we simply return a zeroed out fpr */
1918
n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
1919
memset (array, 0, n);
1920
}
1921
else
1922
fingerprint_from_pk( vpk, array, &n );
1923
}
1924
p = array;
1925
for(i=0; i < n ; i++, p++, bufp += 2)
1926
sprintf(bufp, "%02X", *p );
1927
write_status_text( STATUS_VALIDSIG, buf );
1928
}
1929
free_public_key( vpk );
1930
}
1931
1932
if (!rc)
1933
{
1934
if(opt.verify_options&VERIFY_PKA_LOOKUPS)
1935
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
1936
rc = check_signatures_trust( sig );
1937
}
1938
1939
if(sig->flags.expired)
1940
{
1941
log_info(_("Signature expired %s\n"),
1942
asctimestamp(sig->expiredate));
1943
rc=G10ERR_GENERAL; /* need a better error here? */
1944
}
1945
else if(sig->expiredate)
1946
log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
1947
1948
if(opt.verbose)
1949
log_info(_("%s signature, digest algorithm %s\n"),
1950
sig->sig_class==0x00?_("binary"):
1951
sig->sig_class==0x01?_("textmode"):_("unknown"),
1952
gcry_md_algo_name (sig->digest_algo));
1953
1954
if( rc )
1955
g10_errors_seen = 1;
1956
if( opt.batch && rc )
1957
g10_exit(1);
1958
}
1959
else {
1960
char buf[50];
1961
sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
1962
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
1963
sig->pubkey_algo, sig->digest_algo,
1964
sig->sig_class, (ulong)sig->timestamp, rc );
1965
write_status_text( STATUS_ERRSIG, buf );
1966
if( rc == G10ERR_NO_PUBKEY ) {
1967
buf[16] = 0;
1968
write_status_text( STATUS_NO_PUBKEY, buf );
1969
}
1970
if( rc != G10ERR_NOT_PROCESSED )
1971
log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
1972
}
1973
return rc;
1974
}
1975
1976
1977
/****************
1978
* Process the tree which starts at node
1979
*/
1980
static void
1981
proc_tree( CTX c, KBNODE node )
1982
{
1983
KBNODE n1;
1984
int rc;
1985
1986
if( opt.list_packets || opt.list_only )
1987
return;
1988
1989
/* we must skip our special plaintext marker packets here becuase
1990
they may be the root packet. These packets are only used in
1991
addionla checks and skipping them here doesn't matter */
1992
while ( node
1993
&& node->pkt->pkttype == PKT_GPG_CONTROL
1994
&& node->pkt->pkt.gpg_control->control
1995
== CTRLPKT_PLAINTEXT_MARK ) {
1996
node = node->next;
1997
}
1998
if (!node)
1999
return;
2000
2001
c->trustletter = ' ';
2002
if( node->pkt->pkttype == PKT_PUBLIC_KEY
2003
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2004
merge_keys_and_selfsig( node );
2005
list_node( c, node );
2006
}
2007
else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
2008
merge_keys_and_selfsig( node );
2009
list_node( c, node );
2010
}
2011
else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
2012
/* check all signatures */
2013
if( !c->have_data ) {
2014
int use_textmode = 0;
2015
2016
free_md_filter_context( &c->mfx );
2017
/* prepare to create all requested message digests */
2018
if (gcry_md_open (&c->mfx.md, 0, 0))
2019
BUG ();
2020
2021
/* fixme: why looking for the signature packet and not the
2022
one-pass packet? */
2023
for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2024
{
2025
gcry_md_enable (c->mfx.md,
2026
n1->pkt->pkt.signature->digest_algo);
2027
}
2028
2029
if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2030
use_textmode = 1;
2031
2032
/* Ask for file and hash it. */
2033
if( c->sigs_only ) {
2034
if (c->signed_data.used && c->signed_data.data_fd != -1)
2035
rc = hash_datafile_by_fd (c->mfx.md, NULL,
2036
c->signed_data.data_fd,
2037
use_textmode);
2038
else
2039
rc = hash_datafiles (c->mfx.md, NULL,
2040
c->signed_data.data_names,
2041
c->sigfilename,
2042
use_textmode );
2043
}
2044
else {
2045
rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2046
iobuf_get_real_fname(c->iobuf),
2047
use_textmode );
2048
}
2049
if( rc ) {
2050
log_error("can't hash datafile: %s\n", g10_errstr(rc));
2051
return;
2052
}
2053
}
2054
else if ( c->signed_data.used ) {
2055
log_error (_("not a detached signature\n") );
2056
return;
2057
}
2058
2059
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2060
check_sig_and_print( c, n1 );
2061
}
2062
else if( node->pkt->pkttype == PKT_GPG_CONTROL
2063
&& node->pkt->pkt.gpg_control->control
2064
== CTRLPKT_CLEARSIGN_START ) {
2065
/* clear text signed message */
2066
if( !c->have_data ) {
2067
log_error("cleartext signature without data\n" );
2068
return;
2069
}
2070
else if ( c->signed_data.used ) {
2071
log_error (_("not a detached signature\n") );
2072
return;
2073
}
2074
2075
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2076
check_sig_and_print( c, n1 );
2077
}
2078
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2079
PKT_signature *sig = node->pkt->pkt.signature;
2080
int multiple_ok=1;
2081
2082
n1=find_next_kbnode(node, PKT_SIGNATURE);
2083
if(n1)
2084
{
2085
byte class=sig->sig_class;
2086
byte hash=sig->digest_algo;
2087
2088
for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2089
{
2090
/* We can't currently handle multiple signatures of
2091
different classes or digests (we'd pretty much have
2092
to run a different hash context for each), but if
2093
they are all the same, make an exception. */
2094
if(n1->pkt->pkt.signature->sig_class!=class
2095
|| n1->pkt->pkt.signature->digest_algo!=hash)
2096
{
2097
multiple_ok=0;
2098
log_info(_("WARNING: multiple signatures detected. "
2099
"Only the first will be checked.\n"));
2100
break;
2101
}
2102
}
2103
}
2104
2105
if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
2106
log_info(_("standalone signature of class 0x%02x\n"),
2107
sig->sig_class);
2108
else if( !c->have_data ) {
2109
/* detached signature */
2110
free_md_filter_context( &c->mfx );
2111
if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
2112
BUG ();
2113
2114
if( !opt.pgp2_workarounds )
2115
;
2116
else if( sig->digest_algo == DIGEST_ALGO_MD5
2117
&& is_RSA( sig->pubkey_algo ) ) {
2118
/* enable a workaround for a pgp2 bug */
2119
if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
2120
BUG ();
2121
}
2122
else if( sig->digest_algo == DIGEST_ALGO_SHA1
2123
&& sig->pubkey_algo == PUBKEY_ALGO_DSA
2124
&& sig->sig_class == 0x01 ) {
2125
/* enable the workaround also for pgp5 when the detached
2126
* signature has been created in textmode */
2127
if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
2128
BUG ();
2129
}
2130
#if 0 /* workaround disabled */
2131
/* Here we have another hack to work around a pgp 2 bug
2132
* It works by not using the textmode for detached signatures;
2133
* this will let the first signature check (on md) fail
2134
* but the second one (on md2) which adds an extra CR should
2135
* then produce the "correct" hash. This is very, very ugly
2136
* hack but it may help in some cases (and break others)
2137
*/
2138
/* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
2139
#endif
2140
if ( DBG_HASHING ) {
2141
gcry_md_debug( c->mfx.md, "verify" );
2142
if ( c->mfx.md2 )
2143
gcry_md_debug( c->mfx.md2, "verify2" );
2144
}
2145
if( c->sigs_only ) {
2146
if (c->signed_data.used && c->signed_data.data_fd != -1)
2147
rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2148
c->signed_data.data_fd,
2149
(sig->sig_class == 0x01));
2150
else
2151
rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2152
c->signed_data.data_names,
2153
c->sigfilename,
2154
(sig->sig_class == 0x01));
2155
}
2156
else {
2157
rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
2158
iobuf_get_real_fname(c->iobuf),
2159
(sig->sig_class == 0x01) );
2160
}
2161
if( rc ) {
2162
log_error("can't hash datafile: %s\n", g10_errstr(rc));
2163
return;
2164
}
2165
}
2166
else if ( c->signed_data.used ) {
2167
log_error (_("not a detached signature\n") );
2168
return;
2169
}
2170
else if (!opt.quiet)
2171
log_info(_("old style (PGP 2.x) signature\n"));
2172
2173
if(multiple_ok)
2174
for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
2175
check_sig_and_print( c, n1 );
2176
else
2177
check_sig_and_print( c, node );
2178
}
2179
else {
2180
dump_kbnode (c->list);
2181
log_error(_("invalid root packet detected in proc_tree()\n"));
2182
dump_kbnode (node);
2183
}
2184
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1