search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Regenerate Japanese resources
[cygwin-setup.git] / crypto.cc
bloba837f8da251c4328f3c74ca1c96cc65e3df302a6
1 /*
2 * Copyright (c) 2008, Dave Korn.
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * A copy of the GNU General Public License can be found at
10 * http://www.gnu.org/
11 *
12 * Written by Dave Korn <dave.korn.cygwin@gmail.com>
13 *
14 */
15
16 #include <stdio.h>
17 #include <stdlib.h>
18 #include <unistd.h>
19 #include <vector>
20 #include "io_stream.h"
21 #include "crypto.h"
22 #include "compress.h"
23 #include "gcrypt.h"
24 #include "msg.h"
25 #include "LogSingleton.h"
26 #include "resource.h"
27 #include "getopt++/StringArrayOption.h"
28 #include "getopt++/BoolOption.h"
29 #include "KeysSetting.h"
30 #include "gpg-packet.h"
31 #include "geturl.h"
32
33 #ifndef CRYPTODEBUGGING
34 #define CRYPTODEBUGGING (0)
35 #endif
36
37 #define ERRKIND note
38 #if CRYPTODEBUGGING
39 #define MESSAGE LogBabblePrintf
40 #else
41 #define MESSAGE while (0) LogBabblePrintf
42 #endif
43
44 /* Command-line options for specifying and controlling extra keys. */
45 static StringArrayOption ExtraKeyOption ('K', "pubkey", IDS_HELPTEXT_PUBKEY);
46 static StringArrayOption SexprExtraKeyOption ('S', "sexpr-pubkey", IDS_HELPTEXT_SEXPR_PUBKEY);
47 static BoolOption UntrustedKeysOption (false, 'u', "untrusted-keys", IDS_HELPTEXT_UNTRUSTED_KEYS);
48 static BoolOption KeepUntrustedKeysOption (false, 'U', "keep-untrusted-keys", IDS_HELPTEXT_KEEP_UNTRUSTED_KEYS);
49 static BoolOption EnableOldKeysOption (false, '\0', "old-keys", IDS_HELPTEXT_OLD_KEYS,
50 BoolOption::BoolOptionType::pairedAble);
51
52 /* Embedded public half of Cygwin signing key. */
53 static const char *cygwin_pubkey_sexpr =
54 #include "cyg-pubkey.h"
55 ;
56
57 static const char *cygwin_old_pubkey_sexpr =
58 #include "cyg-old-pubkey.h"
59 ;
60
61 /* S-expr template for DSA pubkey. */
62 static const char *dsa_pubkey_templ = "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))";
63
64 /* S-expr template for RSA pubkey. */
65 static const char *rsa_pubkey_templ = "(public-key (rsa (n %m) (e %m)))";
66
67 /* S-expr template for DSA signature. */
68 static const char *dsa_sig_templ = "(sig-val (dsa (r %m) (s %m)))";
69
70 /* S-expr template for RSA signature. */
71 static const char *rsa_sig_templ = "(sig-val (rsa (s %m)))";
72
73 /* S-expr template for DSA data block to be signed. */
74 static const char *dsa_data_hash_templ = "(data (flags raw) (hash %s %b))";
75
76 /* S-expr template for RSA data block to be signed. */
77 static const char *rsa_data_hash_templ = "(data (flags pkcs1) (hash %s %b))";
78
79 /* Information on a key to try */
80 struct key_info
81 {
82 key_info(std::string _name, bool _builtin, gcry_sexp_t _key, bool _owned=true) :
83 name(_name), builtin(_builtin), key(_key), owned(_owned)
84 {
85 }
86
87 std::string name;
88 bool builtin; // if true, we don't need to retain this key with add_key_from_sexpr()
89 gcry_sexp_t key;
90 bool owned; // if true, we own this key and should use gcry_sexp_release() on it
91 };
92
93 /* User context data for sig packet walk. */
94 struct sig_data
95 {
96 /* MPI values of sig components. */
97 gcry_mpi_t dsa_mpi_r, dsa_mpi_s;
98 gcry_mpi_t rsa_mpi_s;
99
100 /* Hash context. */
101 gcry_md_hd_t md;
102
103 /* Main data. */
104 io_stream *sign_data;
105
106 /* Auxiliary data. */
107 int sig_type;
108 int pk_alg;
109 int hash_alg;
110
111 /* Converted algo code. */
112 int algo;
113
114 /* Keys */
115 std::vector<struct key_info> *keys_to_try;
116
117 /* Final status. */
118 bool valid;
119 };
120
121 /* User context data for key packet walk. */
122 struct key_data
123 {
124 std::vector<gcry_sexp_t> keys;
125 };
126
127 /* Callback hook for walking packets in gpg key file. Extracts
128 the key coefficients from any public key packets encountered and
129 converts them into s-expr pubkey format, returning the public
130 keys thus found to the caller in a vector in the userdata context. */
131 static enum
132 pkt_cb_resp key_file_walker (struct packet_walker *wlk, unsigned char tag,
133 size_t packetsize, size_t hdrpos)
134 {
135 struct key_data *kdat = (struct key_data *)(wlk->userdata);
136
137 MESSAGE ("key packet %d size %d at offs $%04x kdat $%08x\n", tag,
138 packetsize, hdrpos, kdat);
139
140 if (tag != RFC4880_PT_PUBLIC_KEY)
141 return pktCONTINUE;
142
143 // So, get the data out. Version is first. In case of any errors during
144 // parsing, we just discard the key and continue, hoping to find a good one.
145 char ver = pkt_getch (wlk->pfile);
146 if (ver != 4)
147 {
148 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, ver, "unsupported key version.");
149 return pktCONTINUE;
150 }
151
152 // Only V4 accepted. Discard creation time.
153 if (pkt_getdword (wlk->pfile) == -1)
154 {
155 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, -1, "missing creation time.");
156 return pktCONTINUE;
157 }
158
159 char pkalg = pkt_getch (wlk->pfile);
160 if ((pkalg != RFC4880_PK_DSA) && (pkalg != RFC4880_PK_RSA))
161 {
162 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, pkalg, "unsupported key alg.");
163 return pktCONTINUE;
164 }
165
166 // Next, the key coefficient MPIs should be present. Read them out, convert
167 // to an s-expr and add that to the list of keys.
168 size_t erroff;
169 gcry_sexp_t new_key;
170
171 if (pkalg == RFC4880_PK_DSA)
172 {
173 gcry_mpi_t p, q, g, y;
174 p = q = g = y = 0;
175
176 if ((pkt_get_mpi (&p, wlk->pfile) >= 0)
177 && (pkt_get_mpi (&q, wlk->pfile) >= 0)
178 && (pkt_get_mpi (&g, wlk->pfile) >= 0)
179 && (pkt_get_mpi (&y, wlk->pfile) >= 0))
180 {
181 gcry_error_t rv = gcry_sexp_build (&new_key, &erroff, dsa_pubkey_templ, p, q, g, y);
182 if (rv != GPG_ERR_NO_ERROR)
183 {
184 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
185 return pktCONTINUE;
186 }
187 }
188
189 // Release temps and continue.
190 if (p)
191 gcry_mpi_release (p);
192 if (q)
193 gcry_mpi_release (q);
194 if (g)
195 gcry_mpi_release (g);
196 if (y)
197 gcry_mpi_release (y);
198 }
199 else if (pkalg == RFC4880_PK_RSA)
200 {
201 gcry_mpi_t n, e;
202 n = e = 0;
203
204 if ((pkt_get_mpi (&n, wlk->pfile) >= 0)
205 && (pkt_get_mpi (&e, wlk->pfile) >= 0))
206 {
207 gcry_error_t rv = gcry_sexp_build (&new_key, &erroff, rsa_pubkey_templ, n, e);
208 if (rv != GPG_ERR_NO_ERROR)
209 {
210 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
211 return pktCONTINUE;
212 }
213 }
214
215 if (n)
216 gcry_mpi_release (n);
217 if (e)
218 gcry_mpi_release (e);
219 }
220
221 #if CRYPTODEBUGGING
222 // Debugging
223 char sexprbuf[GPG_KEY_SEXPR_BUF_SIZE];
224 erroff = gcry_sexp_sprint (new_key, GCRYSEXP_FMT_ADVANCED, sexprbuf,
225 GPG_KEY_SEXPR_BUF_SIZE);
226 LogBabblePrintf ("key:%d\n'%s'", erroff, sexprbuf);
227 #endif /* CRYPTODEBUGGING */
228
229 // Return it to caller in the vector.
230 kdat->keys.push_back (new_key);
231
232 return pktCONTINUE;
233 }
234
235 /* Does what its name suggests: feeds a chosen amount of the data found
236 at the current seek position in an io_stream into the message digest
237 context passed in, using reasonably-sized chunks for efficiency. */
238 static size_t
239 shovel_stream_data_into_md (io_stream *stream, size_t nbytes, gcry_md_hd_t md)
240 {
241 const size_t TMPBUFSZ = 1024;
242 unsigned char tmpbuf[TMPBUFSZ];
243 size_t this_time, total = 0;
244 ssize_t actual;
245 MESSAGE ("shovel %d bytes at pos $%08x\n", nbytes, stream->tell ());
246 while (nbytes)
247 {
248 this_time = (nbytes > TMPBUFSZ) ? TMPBUFSZ : nbytes;
249 actual = stream->read (tmpbuf, this_time);
250 if (actual <= 0)
251 break;
252 gcry_md_write (md, tmpbuf, actual);
253 total += actual;
254 nbytes -= actual;
255 if (actual != (ssize_t)this_time)
256 break;
257 }
258 return total;
259 }
260
261 /* Canonicalise an s-expr by converting LFs to spaces so that
262 it's all on one line and folding multiple spaces as we go. */
263 static size_t
264 fold_lfs_and_spaces (char *buf, size_t n)
265 {
266 char *ptr1 = buf, *ptr2 = buf;
267
268 while (n--)
269 {
270 char ch = *ptr1++;
271 if (ch == 0x0a)
272 ch = ' ';
273 *ptr2++ = ch;
274 if (ch == 0x20)
275 while (n && ((*ptr1 == ' ') || (*ptr1 == 0x0a)))
276 {
277 --n;
278 ++ptr1;
279 }
280 }
281 return ptr2 - buf;
282 }
283
284 /* Size and allocate a temp buffer to print a representation
285 of a public key s-expr into, then add that to the extra keys
286 setting so it persists for the next run. */
287 static void
288 add_key_from_sexpr (gcry_sexp_t key)
289 {
290 size_t n = gcry_sexp_sprint (key, GCRYSEXP_FMT_ADVANCED, 0, ~0);
291 char *sexprbuf = new char[n];
292 n = gcry_sexp_sprint (key, GCRYSEXP_FMT_ADVANCED, sexprbuf, n);
293 // +1 because we want to include the nul-terminator.
294 n = fold_lfs_and_spaces (sexprbuf, n + 1);
295 ExtraKeysSetting::instance().add_key (sexprbuf);
296 MESSAGE ("keep:%d\n'%s'", n, sexprbuf);
297 delete [] sexprbuf;
298 }
299
300 static bool
301 verify_sig(struct sig_data *sigdat, HWND owner)
302 {
303 gcry_error_t rv;
304 size_t n;
305 {
306 /* sig coefficients in s-expr format. */
307 gcry_sexp_t sig;
308
309 /* signature hash data in s-expr format. */
310 gcry_sexp_t hash;
311
312 /* Build everything into s-exprs, and call the libgcrypt verification
313 routine. */
314
315 if (sigdat->pk_alg == RFC4880_PK_DSA)
316 {
317 rv = gcry_sexp_build (&sig, &n, dsa_sig_templ, sigdat->dsa_mpi_r,
318 sigdat->dsa_mpi_s);
319 if (rv != GPG_ERR_NO_ERROR)
320 {
321 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
322 return false;
323 }
324
325 rv = gcry_sexp_build (&hash, &n, dsa_data_hash_templ,
326 gcry_md_algo_name(sigdat->algo),
327 gcry_md_get_algo_dlen (sigdat->algo),
328 gcry_md_read (sigdat->md, 0));
329 if (rv != GPG_ERR_NO_ERROR)
330 {
331 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "while creating hash s-expr.");
332 return false;
333 }
334 }
335 else if (sigdat->pk_alg == RFC4880_PK_RSA)
336 {
337 rv = gcry_sexp_build (&sig, &n, rsa_sig_templ, sigdat->rsa_mpi_s);
338 if (rv != GPG_ERR_NO_ERROR)
339 {
340 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
341 return false;
342 }
343
344 rv = gcry_sexp_build (&hash, &n, rsa_data_hash_templ,
345 gcry_md_algo_name(sigdat->algo),
346 gcry_md_get_algo_dlen (sigdat->algo),
347 gcry_md_read (sigdat->md, 0));
348 if (rv != GPG_ERR_NO_ERROR)
349 {
350 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "while creating hash s-expr.");
351 return false;
352 }
353 }
354
355 #if CRYPTODEBUGGING
356 char sexprbuf[GPG_KEY_SEXPR_BUF_SIZE];
357 n = gcry_sexp_sprint (sig, GCRYSEXP_FMT_ADVANCED, sexprbuf,
358 GPG_KEY_SEXPR_BUF_SIZE);
359 LogBabblePrintf ("sig:%d\n'%s'", n, sexprbuf);
360 n = gcry_sexp_sprint (hash, GCRYSEXP_FMT_ADVANCED, sexprbuf,
361 GPG_KEY_SEXPR_BUF_SIZE);
362 LogBabblePrintf ("hash:%d\n'%s'", n, sexprbuf);
363 #endif /* CRYPTODEBUGGING */
364
365 // Well, we're actually there!
366 // Try it against each key in turn
367
368 std::vector<key_info>::iterator it;
369 for (it = sigdat->keys_to_try->begin ();
370 it < sigdat->keys_to_try->end ();
371 ++it)
372 {
373 rv = gcry_pk_verify (sig, hash, it->key);
374
375 LogBabblePrintf("signature: tried key %s, returned 0x%08x %s\n",
376 it->name.c_str(), rv, gcry_strerror(rv));
377
378 if (rv != GPG_ERR_NO_ERROR)
379 continue;
380 // Found it! This key gets kept!
381 if (!it->builtin)
382 add_key_from_sexpr (it->key);
383 break;
384 }
385
386 gcry_sexp_release (sig);
387 gcry_sexp_release (hash);
388 }
389
390 return (rv == GPG_ERR_NO_ERROR);
391 }
392
393 /* Do-nothing stubs called by the sig file walker to
394 walk over the embedded subpackets. In the event, we don't
395 actually need to do this as we aren't inspecting them. */
396 static enum
397 pkt_cb_resp hashed_subpkt_walker (struct packet_walker *wlk, unsigned char tag,
398 size_t packetsize, size_t hdrpos)
399 {
400 return pktCONTINUE;
401 }
402
403 static enum
404 pkt_cb_resp unhashed_subpkt_walker (struct packet_walker *wlk, unsigned char tag,
405 size_t packetsize, size_t hdrpos)
406 {
407 return pktCONTINUE;
408 }
409
410 /* Callback to parse the packets found in the setup.ini/setup.bz2
411 signature file. We have to parse the header to get the hash type
412 and other details. Once we have that we can create a message
413 digest context and start pumping data through it; first the ini
414 file itself, then the portion of the packet itself that is
415 covered by the hash. */
416 static enum
417 pkt_cb_resp sig_file_walker (struct packet_walker *wlk, unsigned char tag,
418 size_t packetsize, size_t hdrpos)
419 {
420 struct sig_data *sigdat = (struct sig_data *)(wlk->userdata);
421
422 if (tag != RFC4880_PT_SIGNATURE)
423 return pktCONTINUE;
424
425 // To add the trailers later, we hang on to the current pos.
426 size_t v34hdrofs = wlk->pfile->tell ();
427
428 // So, get the data out. Version is first.
429 char ver = pkt_getch (wlk->pfile);
430 if ((ver < 3) || (ver > 4))
431 {
432 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, ver, "unsupported sig version.");
433 return pktHALT;
434 }
435
436 // Only V3 and V4 accepted.
437 if (ver == 4)
438 {
439 sigdat->sig_type = pkt_getch (wlk->pfile);
440 sigdat->pk_alg = pkt_getch (wlk->pfile);
441 sigdat->hash_alg = pkt_getch (wlk->pfile);
442 }
443 else
444 {
445 int hmsize = pkt_getch (wlk->pfile);
446 if (hmsize != RFC4880_SIGV3_HASHED_SIZE)
447 {
448 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, hmsize, "wrong hashed material size.");
449 return pktHALT;
450 }
451 v34hdrofs = wlk->pfile->tell ();
452 if ((pkt_getch (wlk->pfile) < 0) || (pkt_getdword (wlk->pfile) == -1))
453 {
454 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, hmsize, "wrong hashed material size.");
455 return pktHALT;
456 }
457 if ((pkt_getdword (wlk->pfile) == -1) || (pkt_getdword (wlk->pfile) == -1))
458 {
459 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, -1, "missing signer ID.");
460 return pktHALT;
461 }
462
463 sigdat->sig_type = 0;
464 sigdat->pk_alg = pkt_getch (wlk->pfile);
465 sigdat->hash_alg = pkt_getch (wlk->pfile);
466 }
467
468 LogBabblePrintf("signature: sig_type %d, pk_alg %d, hash_alg %d\n",
469 sigdat->sig_type, sigdat->pk_alg, sigdat->hash_alg);
470
471 // We only handle binary file signatures
472 if (sigdat->sig_type != RFC4880_ST_BINARY)
473 {
474 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, sigdat->sig_type, "unsupported sig type.");
475 return pktHALT;
476 }
477
478 // We only handle RSA and DSA keys
479 if ((sigdat->pk_alg != RFC4880_PK_DSA) && (sigdat->pk_alg != RFC4880_PK_RSA))
480 {
481 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, sigdat->pk_alg, "unsupported pk alg.");
482 return pktHALT;
483 }
484
485 // Start to hash all the data. Figure out what hash to use.
486 sigdat->algo = pkt_convert_hashcode (sigdat->hash_alg);
487 if (sigdat->algo == GCRY_MD_NONE)
488 {
489 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, sigdat->hash_alg, "unconvertible hash.");
490 return pktHALT;
491 }
492
493 // Now we know hash algo, we can create md context.
494 sigdat->md = 0;
495 gcry_error_t rv = gcry_md_open (&sigdat->md, sigdat->algo, 0);
496 if (rv != GPG_ERR_NO_ERROR)
497 {
498 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, rv, "while initialising message digest.");
499 return pktHALT;
500 }
501
502 // Add all the sig_file data into the hash.
503 sigdat->sign_data->seek (0, IO_SEEK_SET);
504 size_t nbytes = sigdat->sign_data->get_size ();
505 if (nbytes != shovel_stream_data_into_md (sigdat->sign_data, nbytes, sigdat->md))
506 {
507 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, sigdat->hash_alg, "internal buffer error.");
508 return pktHALT;
509 }
510 sigdat->sign_data->seek (0, IO_SEEK_SET);
511
512 // V4 now has some hashed subpackets
513 int hashed_subpkt_size = (ver == 4) ? pkt_getword (wlk->pfile) : 0;
514 if (hashed_subpkt_size)
515 pkt_walk_subpackets (wlk->pfile, hashed_subpkt_walker, wlk->owner,
516 wlk->pfile->tell (), hashed_subpkt_size, wlk->userdata);
517
518 // V4 now has some unhashed subpackets
519 int unhashed_subpkt_size = (ver == 4) ? pkt_getword (wlk->pfile) : 0;
520 if (unhashed_subpkt_size)
521 pkt_walk_subpackets (wlk->pfile, unhashed_subpkt_walker, wlk->owner,
522 wlk->pfile->tell (), unhashed_subpkt_size, wlk->userdata);
523
524 // Both formats now have 16 bits of the hash value.
525 int hash_first = pkt_getword (wlk->pfile);
526
527 MESSAGE ("signature: hash leftmost 2 bytes 0x%04x\n", hash_first);
528
529 /* Algorithm-Specific Fields for signatures:
530
531 for DSA:
532 - MPI of DSA value r
533 - MPI of DSA value s
534
535 DSA signatures MUST use hashes that are equal in size to the number of
536 bits of q, the group generated by the DSA key's generator value.
537
538 for RSA:
539 - MPI of RSA value m^d mod n (aka s)
540 */
541 sigdat->dsa_mpi_r = sigdat->dsa_mpi_s = 0;
542 sigdat->rsa_mpi_s = 0;
543
544 if (sigdat->pk_alg == RFC4880_PK_DSA)
545 {
546 if ((pkt_get_mpi (&sigdat->dsa_mpi_r, wlk->pfile) < 0)
547 || (pkt_get_mpi (&sigdat->dsa_mpi_s, wlk->pfile) < 0))
548 {
549 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, "unpacking mpi.");
550 return pktHALT;
551 }
552 }
553 else if (sigdat->pk_alg == RFC4880_PK_RSA)
554 {
555 if (pkt_get_mpi (&sigdat->rsa_mpi_s, wlk->pfile) < 0)
556 {
557 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, "unpacking mpi.");
558 return pktHALT;
559 }
560 }
561
562 MESSAGE ("Read sig packets succesfully!\n");
563
564 // Now we got all the data out ok, rewind and hash the first trailer.
565 wlk->pfile->seek (v34hdrofs, IO_SEEK_SET);
566 nbytes = (ver == 4) ? (RFC4880_SIGV4_HASHED_OVERHEAD + hashed_subpkt_size)
567 : (RFC4880_SIGV3_HASHED_SIZE);
568 if (nbytes != shovel_stream_data_into_md (wlk->pfile, nbytes, sigdat->md))
569 {
570 ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, sigdat->hash_alg, "internal buffer error 2.");
571 return pktHALT;
572 }
573
574 if (ver == 4)
575 {
576 // And now the synthetic final trailer.
577 gcry_md_putc (sigdat->md, 4);
578 gcry_md_putc (sigdat->md, 0xff);
579 gcry_md_putc (sigdat->md, (nbytes >> 24) & 0xff);
580 gcry_md_putc (sigdat->md, (nbytes >> 16) & 0xff);
581 gcry_md_putc (sigdat->md, (nbytes >> 8) & 0xff);
582 gcry_md_putc (sigdat->md, nbytes & 0xff);
583 }
584
585 // finalize the hash
586 gcry_md_final (sigdat->md);
587 MESSAGE("digest length is %d\n",gcry_md_get_algo_dlen (sigdat->algo));
588
589 // we have hashed all the data, and found the sig coefficients.
590 // heck this signature
591 if (verify_sig (sigdat, wlk->owner))
592 sigdat->valid = true;
593
594 // discard hash
595 if (sigdat->md)
596 gcry_md_close (sigdat->md);
597
598 // discard sig coefffcients
599 if (sigdat->dsa_mpi_r)
600 gcry_mpi_release (sigdat->dsa_mpi_r);
601 if (sigdat->dsa_mpi_s)
602 gcry_mpi_release (sigdat->dsa_mpi_s);
603 if (sigdat->rsa_mpi_s)
604 gcry_mpi_release (sigdat->rsa_mpi_s);
605
606 // we can stop immediately if we found a good signature
607 return sigdat->valid ? pktHALT : pktCONTINUE;
608 }
609
610 #if CRYPTODEBUGGING
611 static void
612 gcrypt_log_adaptor(void *priv, int level, const char *fmt, va_list args)
613 {
614 static std::string collected;
615
616 char buf[GPG_KEY_SEXPR_BUF_SIZE];
617 vsnprintf (buf, GPG_KEY_SEXPR_BUF_SIZE, fmt, args);
618
619 char *start = buf;
620 char *end;
621
622 do
623 {
624 if (collected.length() == 0)
625 {
626 collected = "gcrypt: ";
627 }
628
629 end = strchr(start, '\n');
630 if (end)
631 *end = '\0';
632
633 collected += start;
634
635 if (end)
636 {
637 if (level == GCRY_LOG_DEBUG)
638 Log (LOG_BABBLE) << collected << endLog;
639 else
640 Log (LOG_PLAIN) << collected << endLog;
641
642 collected.clear();
643 start = end + 1;
644 }
645 }
646 while (end);
647 }
648 #endif
649
650 /* Verify the signature on an ini file. Takes care of all key-handling. */
651 bool
652 verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
653 {
654 /* Data returned from packet walker. */
655 struct sig_data sigdat;
656
657 /* Vector of keys to use. */
658 std::vector<struct key_info> keys_to_try;
659
660 /* Overall status of signature. */
661 bool sig_ok = false;
662
663 // Temps for intermediate processing.
664 gcry_error_t rv;
665 size_t n;
666
667 /* Initialise the library. */
668 static bool gcrypt_init = false;
669 if (!gcrypt_init)
670 {
671 #if CRYPTODEBUGGING
672 gcry_set_log_handler (gcrypt_log_adaptor, NULL);
673 #endif
674 gcry_check_version (NULL);
675
676 if ((rv = gcry_control (GCRYCTL_SELFTEST)) != GPG_ERR_NO_ERROR)
677 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "libgcrypt selftest failed");
678
679 #if CRYPTODEBUGGING
680 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
681 #endif
682 gcrypt_init = true;
683 }
684
685 /* So first build the built-in key. */
686 gcry_sexp_t cygwin_key;
687 rv = gcry_sexp_new (&cygwin_key, cygwin_pubkey_sexpr, strlen (cygwin_pubkey_sexpr), 1);
688 if (rv != GPG_ERR_NO_ERROR)
689 {
690 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "while creating pubkey s-expr.");
691 }
692 else
693 {
694 keys_to_try.push_back (key_info("cygwin", true, cygwin_key));
695 }
696
697 #if CRYPTODEBUGGING
698 char sexprbuf[GPG_KEY_SEXPR_BUF_SIZE];
699 n = gcry_sexp_sprint (cygwin_key, GCRYSEXP_FMT_ADVANCED, sexprbuf, GPG_KEY_SEXPR_BUF_SIZE);
700 LogBabblePrintf ("key:%d\n'%s'", n, sexprbuf);
701 #endif /* CRYPTODEBUGGING */
702
703 /* If not disabled, also try the old built-in key */
704 gcry_sexp_t cygwin_old_key;
705 if (EnableOldKeysOption)
706 {
707 rv = gcry_sexp_new (&cygwin_old_key, cygwin_old_pubkey_sexpr, strlen (cygwin_old_pubkey_sexpr), 1);
708 if (rv != GPG_ERR_NO_ERROR)
709 {
710 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "while creating old pubkey s-expr.");
711 }
712 else
713 {
714 keys_to_try.push_back (key_info ("cygwin-old", TRUE, cygwin_old_key));
715 }
716 }
717 /* Vector of cached extra keys from last run. */
718 static std::vector<gcry_sexp_t> input_keys;
719
720 /* Next we should extract the keys from the extrakeys user
721 setting, and flush it; we'll only return them to it if they
722 get used. OTOH, should we do this at all? The user settings
723 file isn't heavily protected. So we only trust the extra
724 keys if we're told to by the user. We still read them in
725 and write them back out, which canonicalises and eliminates
726 any duplicates or garbage lines that may have crept in. */
727 static bool input_keys_read = false;
728 if (!input_keys_read)
729 {
730 // We only want to do this once, first time through:
731 input_keys_read = true;
732 // Copy all valid keys from ExtraKeysSetting into a
733 // static vector where we can keep them throughout the
734 // remainder of the run.
735 for (size_t i = 0; i < ExtraKeysSetting::instance().num_keys (); i++)
736 {
737 const char *keystring = ExtraKeysSetting::instance().get_key (i, &n);
738 gcry_sexp_t newkey;
739 rv = gcry_sexp_new (&newkey, keystring, n, 1);
740 if (rv == GPG_ERR_NO_ERROR)
741 input_keys.push_back (newkey);
742 }
743
744 // Now flush out the ExtraKeysSetting; from here on it
745 // will build up a list of the keys we want to retain.
746 ExtraKeysSetting::instance().flush ();
747
748 // Which, if we aren't using them, means all the ones
749 // we just read.
750 if (KeepUntrustedKeysOption || !UntrustedKeysOption)
751 {
752 std::vector<gcry_sexp_t>::iterator it;
753 for (it = input_keys.begin (); it < input_keys.end (); ++it)
754 add_key_from_sexpr (*it);
755 }
756 }
757
758 // We only use the untrusted keys if told to.
759 if (KeepUntrustedKeysOption || UntrustedKeysOption)
760 for (std::vector<gcry_sexp_t>::const_iterator it = input_keys.begin ();
761 it < input_keys.end ();
762 ++it)
763 {
764 keys_to_try.push_back (key_info ("saved key", false, *it, false));
765 }
766
767 /* Next, there may have been command-line options. */
768 std::vector<std::string> SexprExtraKeyStrings = SexprExtraKeyOption;
769 for (std::vector<std::string>::const_iterator it
770 = SexprExtraKeyStrings.begin ();
771 it != SexprExtraKeyStrings.end (); ++it)
772 {
773 MESSAGE ("key str is '%s'\n", it->c_str ());
774 gcry_sexp_t dsa_key2 = 0;
775 rv = gcry_sexp_new (&dsa_key2, it->c_str (), it->size (), 1);
776 if (rv == GPG_ERR_NO_ERROR)
777 {
778 // We probably want to add it to the extra keys setting
779 // if KeepUntrustedKeysOption is supplied.
780 if (KeepUntrustedKeysOption)
781 add_key_from_sexpr (dsa_key2);
782 #if CRYPTODEBUGGING
783 n = gcry_sexp_sprint (dsa_key2, GCRYSEXP_FMT_ADVANCED, sexprbuf,
784 GPG_KEY_SEXPR_BUF_SIZE);
785 // +1 because we want to include the nul-terminator.
786 n = fold_lfs_and_spaces (sexprbuf, n + 1);
787 ExtraKeysSetting::instance().add_key (sexprbuf);
788 LogBabblePrintf ("key2:%d\n'%s'", n, sexprbuf);
789 #endif /* CRYPTODEBUGGING */
790 keys_to_try.push_back (key_info ("from command-line option --sexpr-pubkey", false, dsa_key2));
791 }
792 else
793 {
794 ERRKIND (owner, IDS_CRYPTO_ERROR, rv, "invalid command-line pubkey s-expr.");
795 }
796 }
797
798 /* Also, we may have to read a key(s) file. */
799 std::vector<std::string> ExtraKeysFiles = ExtraKeyOption;
800 for (std::vector<std::string>::const_iterator it
801 = ExtraKeysFiles.begin ();
802 it != ExtraKeysFiles.end (); ++it)
803 {
804 io_stream *keys = get_url_to_membuf (*it, owner);
805 if (keys)
806 {
807 struct key_data kdat;
808 pkt_walk_packets (keys, key_file_walker, owner, 0, keys->get_size (), &kdat);
809 // We now have a vector of (some/any?) keys returned from
810 // the walker; add them to the list to try.
811 while (!kdat.keys.empty ())
812 {
813 // We probably want to add it to the extra keys setting
814 // if KeepUntrustedKeysOption is supplied.
815 if (KeepUntrustedKeysOption)
816 add_key_from_sexpr (kdat.keys.back ());
817 #if CRYPTODEBUGGING
818 n = gcry_sexp_sprint (kdat.keys.back (), GCRYSEXP_FMT_ADVANCED,
819 sexprbuf, GPG_KEY_SEXPR_BUF_SIZE);
820 // +1 because we want to include the nul-terminator.
821 n = fold_lfs_and_spaces (sexprbuf, n + 1);
822 ExtraKeysSetting::instance().add_key (sexprbuf);
823 LogBabblePrintf ("key3:%d\n'%s'", n, sexprbuf);
824 #endif /* CRYPTODEBUGGING */
825 keys_to_try.push_back (key_info ("from command-line option --pubkey", false, kdat.keys.back ()));
826 kdat.keys.pop_back ();
827 }
828 }
829 }
830
831 // We pass in a pointer to the ini file in the user context data,
832 // which the packet walker callback uses to create a new hash
833 // context preloaded with all the signature-covered data.
834 sigdat.valid = false;
835 sigdat.sign_data = ini_file;
836 sigdat.keys_to_try = &keys_to_try;
837
838 pkt_walk_packets (ini_sig_file, sig_file_walker, owner, 0,
839 ini_sig_file->get_size (), &sigdat);
840
841 sig_ok = sigdat.valid;
842
843 while (keys_to_try.size ())
844 {
845 if (keys_to_try.back ().owned)
846 gcry_sexp_release (keys_to_try.back ().key);
847 keys_to_try.pop_back ();
848 }
849
850 return sig_ok;
851 }
Mirror of Cygwin-Setup