search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Better reset the PIN verification stati after changing the key attributes.
[gnupg.git] / g10 / sign.c
blob0528427db4fcdd204adff9ae9d2afd5fbf16b608
1 /* sign.c - sign data
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
27
28 #include "gpg.h"
29 #include "options.h"
30 #include "packet.h"
31 #include "status.h"
32 #include "iobuf.h"
33 #include "keydb.h"
34 #include "util.h"
35 #include "main.h"
36 #include "filter.h"
37 #include "ttyio.h"
38 #include "trustdb.h"
39 #include "status.h"
40 #include "i18n.h"
41 #include "pkglue.h"
42 #include "sysutils.h"
43 #include "call-agent.h"
44
45
46 #ifdef HAVE_DOSISH_SYSTEM
47 #define LF "\r\n"
48 #else
49 #define LF "\n"
50 #endif
51
52 static int recipient_digest_algo=0;
53
54 /****************
55 * Create notations and other stuff. It is assumed that the stings in
56 * STRLIST are already checked to contain only printable data and have
57 * a valid NAME=VALUE format.
58 */
59 static void
60 mk_notation_policy_etc( PKT_signature *sig,
61 PKT_public_key *pk, PKT_secret_key *sk )
62 {
63 const char *string;
64 char *s=NULL;
65 strlist_t pu=NULL;
66 struct notation *nd=NULL;
67 struct expando_args args;
68
69 assert(sig->version>=4);
70
71 memset(&args,0,sizeof(args));
72 args.pk=pk;
73 args.sk=sk;
74
75 /* notation data */
76 if(IS_SIG(sig) && opt.sig_notations)
77 nd=opt.sig_notations;
78 else if( IS_CERT(sig) && opt.cert_notations )
79 nd=opt.cert_notations;
80
81 if(nd)
82 {
83 struct notation *i;
84
85 for(i=nd;i;i=i->next)
86 {
87 i->altvalue=pct_expando(i->value,&args);
88 if(!i->altvalue)
89 log_error(_("WARNING: unable to %%-expand notation "
90 "(too large). Using unexpanded.\n"));
91 }
92
93 keygen_add_notations(sig,nd);
94
95 for(i=nd;i;i=i->next)
96 {
97 xfree(i->altvalue);
98 i->altvalue=NULL;
99 }
100 }
101
102 /* set policy URL */
103 if( IS_SIG(sig) && opt.sig_policy_url )
104 pu=opt.sig_policy_url;
105 else if( IS_CERT(sig) && opt.cert_policy_url )
106 pu=opt.cert_policy_url;
107
108 for(;pu;pu=pu->next)
109 {
110 string = pu->d;
111
112 s=pct_expando(string,&args);
113 if(!s)
114 {
115 log_error(_("WARNING: unable to %%-expand policy URL "
116 "(too large). Using unexpanded.\n"));
117 s=xstrdup(string);
118 }
119
120 build_sig_subpkt(sig,SIGSUBPKT_POLICY|
121 ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
122 s,strlen(s));
123
124 xfree(s);
125 }
126
127 /* preferred keyserver URL */
128 if( IS_SIG(sig) && opt.sig_keyserver_url )
129 pu=opt.sig_keyserver_url;
130
131 for(;pu;pu=pu->next)
132 {
133 string = pu->d;
134
135 s=pct_expando(string,&args);
136 if(!s)
137 {
138 log_error(_("WARNING: unable to %%-expand preferred keyserver URL"
139 " (too large). Using unexpanded.\n"));
140 s=xstrdup(string);
141 }
142
143 build_sig_subpkt(sig,SIGSUBPKT_PREF_KS|
144 ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
145 s,strlen(s));
146
147 xfree(s);
148 }
149 }
150
151
152 /*
153 * Helper to hash a user ID packet.
154 */
155 static void
156 hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
157 {
158 if ( sigversion >= 4 ) {
159 byte buf[5];
160
161 if(uid->attrib_data) {
162 buf[0] = 0xd1; /* indicates an attribute packet */
163 buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
164 buf[2] = uid->attrib_len >> 16;
165 buf[3] = uid->attrib_len >> 8;
166 buf[4] = uid->attrib_len;
167 }
168 else {
169 buf[0] = 0xb4; /* indicates a userid packet */
170 buf[1] = uid->len >> 24; /* always use 4 length bytes */
171 buf[2] = uid->len >> 16;
172 buf[3] = uid->len >> 8;
173 buf[4] = uid->len;
174 }
175 gcry_md_write( md, buf, 5 );
176 }
177
178 if(uid->attrib_data)
179 gcry_md_write (md, uid->attrib_data, uid->attrib_len );
180 else
181 gcry_md_write (md, uid->name, uid->len );
182 }
183
184
185 /*
186 * Helper to hash some parts from the signature
187 */
188 static void
189 hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
190 {
191 if (sig->version >= 4)
192 gcry_md_putc (md, sig->version);
193 gcry_md_putc (md, sig->sig_class);
194 if (sig->version < 4) {
195 u32 a = sig->timestamp;
196 gcry_md_putc (md, (a >> 24) & 0xff );
197 gcry_md_putc (md, (a >> 16) & 0xff );
198 gcry_md_putc (md, (a >> 8) & 0xff );
199 gcry_md_putc (md, a & 0xff );
200 }
201 else {
202 byte buf[6];
203 size_t n;
204
205 gcry_md_putc (md, sig->pubkey_algo);
206 gcry_md_putc (md, sig->digest_algo);
207 if (sig->hashed) {
208 n = sig->hashed->len;
209 gcry_md_putc (md, (n >> 8) );
210 gcry_md_putc (md, n );
211 gcry_md_write (md, sig->hashed->data, n );
212 n += 6;
213 }
214 else {
215 gcry_md_putc (md, 0); /* always hash the length of the subpacket*/
216 gcry_md_putc (md, 0);
217 n = 6;
218 }
219 /* add some magic */
220 buf[0] = sig->version;
221 buf[1] = 0xff;
222 buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
223 buf[3] = n >> 16;
224 buf[4] = n >> 8;
225 buf[5] = n;
226 gcry_md_write (md, buf, 6);
227 }
228 }
229
230
231 static int
232 do_sign( PKT_secret_key *sk, PKT_signature *sig,
233 gcry_md_hd_t md, int digest_algo )
234 {
235 gcry_mpi_t frame;
236 byte *dp;
237 int rc;
238
239 if( sk->timestamp > sig->timestamp ) {
240 ulong d = sk->timestamp - sig->timestamp;
241 log_info( d==1 ? _("key has been created %lu second "
242 "in future (time warp or clock problem)\n")
243 : _("key has been created %lu seconds "
244 "in future (time warp or clock problem)\n"), d );
245 if( !opt.ignore_time_conflict )
246 return G10ERR_TIME_CONFLICT;
247 }
248
249
250 print_pubkey_algo_note(sk->pubkey_algo);
251
252 if( !digest_algo )
253 digest_algo = gcry_md_get_algo (md);
254
255 print_digest_algo_note( digest_algo );
256 dp = gcry_md_read ( md, digest_algo );
257 sig->digest_algo = digest_algo;
258 sig->digest_start[0] = dp[0];
259 sig->digest_start[1] = dp[1];
260 if (sk->is_protected && sk->protect.s2k.mode == 1002)
261 {
262 #ifdef ENABLE_CARD_SUPPORT
263 unsigned char *rbuf;
264 size_t rbuflen;
265 char *snbuf;
266
267 snbuf = serialno_and_fpr_from_sk (sk->protect.iv,
268 sk->protect.ivlen, sk);
269 rc = agent_scd_pksign (snbuf, digest_algo,
270 gcry_md_read (md, digest_algo),
271 gcry_md_get_algo_dlen (digest_algo),
272 &rbuf, &rbuflen);
273 xfree (snbuf);
274 if (!rc)
275 {
276 if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG,
277 rbuf, rbuflen, NULL))
278 BUG ();
279 xfree (rbuf);
280 }
281 #else
282 return gpg_error (GPG_ERR_NOT_SUPPORTED);
283 #endif /* ENABLE_CARD_SUPPORT */
284 }
285 else
286 {
287 frame = encode_md_value( NULL, sk, md, digest_algo );
288 if (!frame)
289 return G10ERR_GENERAL;
290 rc = pk_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
291 gcry_mpi_release (frame);
292 }
293
294 if (!rc && !opt.no_sig_create_check) {
295 /* Check that the signature verification worked and nothing is
296 * fooling us e.g. by a bug in the signature create
297 * code or by deliberately introduced faults. */
298 PKT_public_key *pk = xmalloc_clear (sizeof *pk);
299
300 if( get_pubkey( pk, sig->keyid ) )
301 rc = G10ERR_NO_PUBKEY;
302 else {
303 frame = encode_md_value (pk, NULL, md, sig->digest_algo );
304 if (!frame)
305 rc = G10ERR_GENERAL;
306 else
307 rc = pk_verify (pk->pubkey_algo, frame, sig->data, pk->pkey );
308 gcry_mpi_release (frame);
309 }
310 if (rc)
311 log_error (_("checking created signature failed: %s\n"),
312 g10_errstr (rc));
313 free_public_key (pk);
314 }
315 if( rc )
316 log_error(_("signing failed: %s\n"), g10_errstr(rc) );
317 else {
318 if( opt.verbose ) {
319 char *ustr = get_user_id_string_native (sig->keyid);
320 log_info(_("%s/%s signature from: \"%s\"\n"),
321 gcry_pk_algo_name (sk->pubkey_algo),
322 gcry_md_algo_name (sig->digest_algo),
323 ustr );
324 xfree(ustr);
325 }
326 }
327 return rc;
328 }
329
330
331 int
332 complete_sig( PKT_signature *sig, PKT_secret_key *sk, gcry_md_hd_t md )
333 {
334 int rc=0;
335
336 if( !(rc=check_secret_key( sk, 0 )) )
337 rc = do_sign( sk, sig, md, 0 );
338 return rc;
339 }
340
341
342
343 static int
344 match_dsa_hash (unsigned int qbytes)
345 {
346 if (qbytes <= 20)
347 return DIGEST_ALGO_SHA1;
348
349 if (qbytes <= 28)
350 return DIGEST_ALGO_SHA224;
351
352 if (qbytes <= 32)
353 return DIGEST_ALGO_SHA256;
354
355 if (qbytes <= 48)
356 return DIGEST_ALGO_SHA384;
357
358 if (qbytes <= 64)
359 return DIGEST_ALGO_SHA512;
360
361 return DEFAULT_DIGEST_ALGO;
362 /* DEFAULT_DIGEST_ALGO will certainly fail, but it's the best wrong
363 answer we have if a digest larger than 512 bits is requested. */
364 }
365
366
367 /*
368 First try --digest-algo. If that isn't set, see if the recipient
369 has a preferred algorithm (which is also filtered through
370 --preferred-digest-prefs). If we're making a signature without a
371 particular recipient (i.e. signing, rather than signing+encrypting)
372 then take the first algorithm in --preferred-digest-prefs that is
373 usable for the pubkey algorithm. If --preferred-digest-prefs isn't
374 set, then take the OpenPGP default (i.e. SHA-1).
375
376 Possible improvement: Use the highest-ranked usable algorithm from
377 the signing key prefs either before or after using the personal
378 list?
379 */
380 static int
381 hash_for(PKT_secret_key *sk)
382 {
383 if( opt.def_digest_algo )
384 return opt.def_digest_algo;
385 else if( recipient_digest_algo )
386 return recipient_digest_algo;
387 else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
388 {
389 unsigned int qbytes = gcry_mpi_get_nbits (sk->skey[1]) / 8;
390
391 /* It's a DSA key, so find a hash that is the same size as q or
392 larger. If q is 160, assume it is an old DSA key and use a
393 160-bit hash unless --enable-dsa2 is set, in which case act
394 like a new DSA key that just happens to have a 160-bit q
395 (i.e. allow truncation). If q is not 160, by definition it
396 must be a new DSA key. */
397
398 if (opt.personal_digest_prefs)
399 {
400 prefitem_t *prefs;
401
402 if (qbytes != 20 || opt.flags.dsa2)
403 {
404 for (prefs=opt.personal_digest_prefs; prefs->type; prefs++)
405 if (gcry_md_get_algo_dlen (prefs->value) >= qbytes)
406 return prefs->value;
407 }
408 else
409 {
410 for (prefs=opt.personal_digest_prefs; prefs->type; prefs++)
411 if (gcry_md_get_algo_dlen (prefs->value) == qbytes)
412 return prefs->value;
413 }
414 }
415
416 return match_dsa_hash(qbytes);
417 }
418 else if (sk->is_protected && sk->protect.s2k.mode==1002)
419 {
420 /* The sk lives on a smartcard, and current smartcards only
421 handle SHA-1 and RIPEMD/160. This is correct now, but may
422 need revision as the cards add algorithms. */
423
424 if(opt.personal_digest_prefs)
425 {
426 prefitem_t *prefs;
427
428 for (prefs=opt.personal_digest_prefs;prefs->type;prefs++)
429 if (prefs->value==DIGEST_ALGO_SHA1
430 || prefs->value==DIGEST_ALGO_RMD160)
431 return prefs->value;
432 }
433
434 return DIGEST_ALGO_SHA1;
435 }
436 else if (PGP2 && sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
437 {
438 /* Old-style PGP only understands MD5 */
439 return DIGEST_ALGO_MD5;
440 }
441 else if ( opt.personal_digest_prefs )
442 {
443 /* It's not DSA, so we can use whatever the first hash algorithm
444 is in the pref list */
445 return opt.personal_digest_prefs[0].value;
446 }
447 else
448 return DEFAULT_DIGEST_ALGO;
449 }
450
451
452 static int
453 only_old_style( SK_LIST sk_list )
454 {
455 SK_LIST sk_rover = NULL;
456 int old_style = 0;
457
458 /* if there are only old style capable key we use the old sytle */
459 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
460 PKT_secret_key *sk = sk_rover->sk;
461 if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
462 old_style = 1;
463 else
464 return 0;
465 }
466 return old_style;
467 }
468
469
470
471 static void
472 print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what )
473 {
474 byte array[MAX_FINGERPRINT_LEN], *p;
475 char buf[100+MAX_FINGERPRINT_LEN*2];
476 size_t i, n;
477
478 sprintf(buf, "%c %d %d %02x %lu ",
479 what, sig->pubkey_algo, sig->digest_algo, sig->sig_class,
480 (ulong)sig->timestamp );
481
482 fingerprint_from_sk( sk, array, &n );
483 p = buf + strlen(buf);
484 for(i=0; i < n ; i++ )
485 sprintf(p+2*i, "%02X", array[i] );
486
487 write_status_text( STATUS_SIG_CREATED, buf );
488 }
489
490
491 /*
492 * Loop over the secret certificates in SK_LIST and build the one pass
493 * signature packets. OpenPGP says that the data should be bracket by
494 * the onepass-sig and signature-packet; so we build these onepass
495 * packet here in reverse order
496 */
497 static int
498 write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
499 {
500 int skcount;
501 SK_LIST sk_rover;
502
503 for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
504 skcount++;
505
506 for (; skcount; skcount--) {
507 PKT_secret_key *sk;
508 PKT_onepass_sig *ops;
509 PACKET pkt;
510 int i, rc;
511
512 for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
513 if (++i == skcount)
514 break;
515 }
516
517 sk = sk_rover->sk;
518 ops = xmalloc_clear (sizeof *ops);
519 ops->sig_class = sigclass;
520 ops->digest_algo = hash_for (sk);
521 ops->pubkey_algo = sk->pubkey_algo;
522 keyid_from_sk (sk, ops->keyid);
523 ops->last = (skcount == 1);
524
525 init_packet(&pkt);
526 pkt.pkttype = PKT_ONEPASS_SIG;
527 pkt.pkt.onepass_sig = ops;
528 rc = build_packet (out, &pkt);
529 free_packet (&pkt);
530 if (rc) {
531 log_error ("build onepass_sig packet failed: %s\n",
532 g10_errstr(rc));
533 return rc;
534 }
535 }
536
537 return 0;
538 }
539
540 /*
541 * Helper to write the plaintext (literal data) packet
542 */
543 static int
544 write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
545 {
546 PKT_plaintext *pt = NULL;
547 u32 filesize;
548 int rc = 0;
549
550 if (!opt.no_literal)
551 pt=setup_plaintext_name(fname,inp);
552
553 /* try to calculate the length of the data */
554 if ( !iobuf_is_pipe_filename (fname) && *fname )
555 {
556 off_t tmpsize;
557 int overflow;
558
559 if( !(tmpsize = iobuf_get_filelength(inp, &overflow))
560 && !overflow && opt.verbose)
561 log_info (_("WARNING: `%s' is an empty file\n"), fname);
562
563 /* We can't encode the length of very large files because
564 OpenPGP uses only 32 bit for file sizes. So if the size of
565 a file is larger than 2^32 minus some bytes for packet
566 headers, we switch to partial length encoding. */
567 if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
568 filesize = tmpsize;
569 else
570 filesize = 0;
571
572 /* Because the text_filter modifies the length of the
573 * data, it is not possible to know the used length
574 * without a double read of the file - to avoid that
575 * we simple use partial length packets. */
576 if ( ptmode == 't' )
577 filesize = 0;
578 }
579 else
580 filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
581
582 if (!opt.no_literal) {
583 PACKET pkt;
584
585 pt->timestamp = make_timestamp ();
586 pt->mode = ptmode;
587 pt->len = filesize;
588 pt->new_ctb = !pt->len && !RFC1991;
589 pt->buf = inp;
590 init_packet(&pkt);
591 pkt.pkttype = PKT_PLAINTEXT;
592 pkt.pkt.plaintext = pt;
593 /*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
594 if( (rc = build_packet (out, &pkt)) )
595 log_error ("build_packet(PLAINTEXT) failed: %s\n",
596 g10_errstr(rc) );
597 pt->buf = NULL;
598 }
599 else {
600 byte copy_buffer[4096];
601 int bytes_copied;
602
603 while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
604 if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
605 log_error ("copying input to output failed: %s\n",
606 gpg_strerror (rc));
607 break;
608 }
609 wipememory(copy_buffer,4096); /* burn buffer */
610 }
611 /* fixme: it seems that we never freed pt/pkt */
612
613 return rc;
614 }
615
616 /*
617 * Write the signatures from the SK_LIST to OUT. HASH must be a non-finalized
618 * hash which will not be changes here.
619 */
620 static int
621 write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
622 int sigclass, u32 timestamp, u32 duration,
623 int status_letter)
624 {
625 SK_LIST sk_rover;
626
627 /* loop over the secret certificates */
628 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
629 PKT_secret_key *sk;
630 PKT_signature *sig;
631 gcry_md_hd_t md;
632 int rc;
633
634 sk = sk_rover->sk;
635
636 /* build the signature packet */
637 sig = xmalloc_clear (sizeof *sig);
638 if(opt.force_v3_sigs || RFC1991)
639 sig->version=3;
640 else if(duration || opt.sig_policy_url
641 || opt.sig_notations || opt.sig_keyserver_url)
642 sig->version=4;
643 else
644 sig->version=sk->version;
645 keyid_from_sk (sk, sig->keyid);
646 sig->digest_algo = hash_for(sk);
647 sig->pubkey_algo = sk->pubkey_algo;
648 if(timestamp)
649 sig->timestamp = timestamp;
650 else
651 sig->timestamp = make_timestamp();
652 if(duration)
653 sig->expiredate = sig->timestamp+duration;
654 sig->sig_class = sigclass;
655
656 if (gcry_md_copy (&md, hash))
657 BUG ();
658
659 if (sig->version >= 4)
660 {
661 build_sig_subpkt_from_sig (sig);
662 mk_notation_policy_etc (sig, NULL, sk);
663 }
664
665 hash_sigversion_to_magic (md, sig);
666 gcry_md_final (md);
667
668 rc = do_sign( sk, sig, md, hash_for (sk) );
669 gcry_md_close (md);
670 if( !rc ) { /* and write it */
671 PACKET pkt;
672
673 init_packet(&pkt);
674 pkt.pkttype = PKT_SIGNATURE;
675 pkt.pkt.signature = sig;
676 rc = build_packet (out, &pkt);
677 if (!rc && is_status_enabled()) {
678 print_status_sig_created ( sk, sig, status_letter);
679 }
680 free_packet (&pkt);
681 if (rc)
682 log_error ("build signature packet failed: %s\n",
683 g10_errstr(rc) );
684 }
685 if( rc )
686 return rc;;
687 }
688
689 return 0;
690 }
691
692 /****************
693 * Sign the files whose names are in FILENAME.
694 * If DETACHED has the value true,
695 * make a detached signature. If FILENAMES->d is NULL read from stdin
696 * and ignore the detached mode. Sign the file with all secret keys
697 * which can be taken from LOCUSR, if this is NULL, use the default one
698 * If ENCRYPTFLAG is true, use REMUSER (or ask if it is NULL) to encrypt the
699 * signed data for these users.
700 * If OUTFILE is not NULL; this file is used for output and the function
701 * does not ask for overwrite permission; output is then always
702 * uncompressed, non-armored and in binary mode.
703 */
704 int
705 sign_file( strlist_t filenames, int detached, strlist_t locusr,
706 int encryptflag, strlist_t remusr, const char *outfile )
707 {
708 const char *fname;
709 armor_filter_context_t *afx;
710 compress_filter_context_t zfx;
711 md_filter_context_t mfx;
712 text_filter_context_t tfx;
713 progress_filter_context_t *pfx;
714 encrypt_filter_context_t efx;
715 IOBUF inp = NULL, out = NULL;
716 PACKET pkt;
717 int rc = 0;
718 PK_LIST pk_list = NULL;
719 SK_LIST sk_list = NULL;
720 SK_LIST sk_rover = NULL;
721 int multifile = 0;
722 u32 duration=0;
723
724 pfx = new_progress_context ();
725 afx = new_armor_context ();
726 memset( &zfx, 0, sizeof zfx);
727 memset( &mfx, 0, sizeof mfx);
728 memset( &efx, 0, sizeof efx);
729 init_packet( &pkt );
730
731 if( filenames ) {
732 fname = filenames->d;
733 multifile = !!filenames->next;
734 }
735 else
736 fname = NULL;
737
738 if( fname && filenames->next && (!detached || encryptflag) )
739 log_bug("multiple files can only be detached signed");
740
741 if(encryptflag==2
742 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
743 goto leave;
744
745 if(!opt.force_v3_sigs && !RFC1991)
746 {
747 if(opt.ask_sig_expire && !opt.batch)
748 duration=ask_expire_interval(1,opt.def_sig_expire);
749 else
750 duration=parse_expire_string(opt.def_sig_expire);
751 }
752
753 if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
754 goto leave;
755
756 if(PGP2 && !only_old_style(sk_list))
757 {
758 log_info(_("you can only detach-sign with PGP 2.x style keys "
759 "while in --pgp2 mode\n"));
760 compliance_failure();
761 }
762
763 if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )))
764 goto leave;
765
766 /* prepare iobufs */
767 if( multifile ) /* have list of filenames */
768 inp = NULL; /* we do it later */
769 else {
770 inp = iobuf_open(fname);
771 if (inp && is_secured_file (iobuf_get_fd (inp)))
772 {
773 iobuf_close (inp);
774 inp = NULL;
775 errno = EPERM;
776 }
777 if( !inp )
778 {
779 rc = gpg_error_from_syserror ();
780 log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]",
781 strerror(errno) );
782 goto leave;
783 }
784
785 handle_progress (pfx, inp, fname);
786 }
787
788 if( outfile ) {
789 if (is_secured_filename ( outfile )) {
790 out = NULL;
791 errno = EPERM;
792 }
793 else
794 out = iobuf_create( outfile );
795 if( !out )
796 {
797 rc = gpg_error_from_syserror ();
798 log_error(_("can't create `%s': %s\n"), outfile, strerror(errno) );
799 goto leave;
800 }
801 else if( opt.verbose )
802 log_info(_("writing to `%s'\n"), outfile );
803 }
804 else if( (rc = open_outfile( fname, opt.armor? 1: detached? 2:0, &out )))
805 goto leave;
806
807 /* prepare to calculate the MD over the input */
808 if( opt.textmode && !outfile && !multifile )
809 {
810 memset( &tfx, 0, sizeof tfx);
811 iobuf_push_filter( inp, text_filter, &tfx );
812 }
813
814 if ( gcry_md_open (&mfx.md, 0, 0) )
815 BUG ();
816 if (DBG_HASHING)
817 gcry_md_start_debug (mfx.md, "sign");
818
819 /* If we're encrypting and signing, it is reasonable to pick the
820 hash algorithm to use out of the recepient key prefs. This is
821 best effort only, as in a DSA2 and smartcard world there are
822 cases where we cannot please everyone with a single hash (DSA2
823 wants >160 and smartcards want =160). In the future this could
824 be more complex with different hashes for each sk, but the
825 current design requires a single hash for all SKs. */
826 if(pk_list)
827 {
828 if(opt.def_digest_algo)
829 {
830 if(!opt.expert &&
831 select_algo_from_prefs(pk_list,PREFTYPE_HASH,
832 opt.def_digest_algo,
833 NULL)!=opt.def_digest_algo)
834 log_info(_("WARNING: forcing digest algorithm %s (%d)"
835 " violates recipient preferences\n"),
836 gcry_md_algo_name (opt.def_digest_algo),
837 opt.def_digest_algo );
838 }
839 else
840 {
841 int algo, smartcard=0;
842 union pref_hint hint;
843
844 hint.digest_length = 0;
845
846 /* Of course, if the recipient asks for something
847 unreasonable (like the wrong hash for a DSA key) then
848 don't do it. Check all sk's - if any are DSA or live
849 on a smartcard, then the hash has restrictions and we
850 may not be able to give the recipient what they want.
851 For DSA, pass a hint for the largest q we have. Note
852 that this means that a q>160 key will override a q=160
853 key and force the use of truncation for the q=160 key.
854 The alternative would be to ignore the recipient prefs
855 completely and get a different hash for each DSA key in
856 hash_for(). The override behavior here is more or less
857 reasonable as it is under the control of the user which
858 keys they sign with for a given message and the fact
859 that the message with multiple signatures won't be
860 usable on an implementation that doesn't understand
861 DSA2 anyway. */
862
863 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
864 {
865 if (sk_rover->sk->pubkey_algo == PUBKEY_ALGO_DSA)
866 {
867 int temp_hashlen = gcry_mpi_get_nbits
868 (sk_rover->sk->skey[1])+7/8;
869
870 /* Pick a hash that is large enough for our
871 largest q */
872
873 if (hint.digest_length<temp_hashlen)
874 hint.digest_length=temp_hashlen;
875 }
876 else if (sk_rover->sk->is_protected
877 && sk_rover->sk->protect.s2k.mode == 1002)
878 smartcard = 1;
879 }
880
881 /* Current smartcards only do 160-bit hashes. If we have
882 to have a >160-bit hash, then we can't use the
883 recipient prefs as we'd need both =160 and >160 at the
884 same time and recipient prefs currently require a
885 single hash for all signatures. All this may well have
886 to change as the cards add algorithms. */
887
888 if (!smartcard || (smartcard && hint.digest_length==20))
889 if ( (algo=
890 select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hint)) > 0)
891 recipient_digest_algo=algo;
892 }
893 }
894
895 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
896 PKT_secret_key *sk = sk_rover->sk;
897 gcry_md_enable (mfx.md, hash_for(sk));
898 }
899
900 if( !multifile )
901 iobuf_push_filter( inp, md_filter, &mfx );
902
903 if( detached && !encryptflag && !RFC1991 )
904 afx->what = 2;
905
906 if( opt.armor && !outfile )
907 push_armor_filter (afx, out);
908
909 if( encryptflag ) {
910 efx.pk_list = pk_list;
911 /* fixme: set efx.cfx.datalen if known */
912 iobuf_push_filter( out, encrypt_filter, &efx );
913 }
914
915 if( opt.compress_algo && !outfile && ( !detached || opt.compress_sigs) )
916 {
917 int compr_algo=opt.compress_algo;
918
919 /* If not forced by user */
920 if(compr_algo==-1)
921 {
922 /* If we're not encrypting, then select_algo_from_prefs
923 will fail and we'll end up with the default. If we are
924 encrypting, select_algo_from_prefs cannot fail since
925 there is an assumed preference for uncompressed data.
926 Still, if it did fail, we'll also end up with the
927 default. */
928
929 if((compr_algo=
930 select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
931 compr_algo=default_compress_algo();
932 }
933 else if(!opt.expert && pk_list
934 && select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
935 compr_algo,NULL)!=compr_algo)
936 log_info(_("WARNING: forcing compression algorithm %s (%d)"
937 " violates recipient preferences\n"),
938 compress_algo_to_string(compr_algo),compr_algo);
939
940 /* algo 0 means no compression */
941 if( compr_algo )
942 push_compress_filter(out,&zfx,compr_algo);
943 }
944
945 /* Write the one-pass signature packets if needed */
946 if (!detached && !RFC1991) {
947 rc = write_onepass_sig_packets (sk_list, out,
948 opt.textmode && !outfile ? 0x01:0x00);
949 if (rc)
950 goto leave;
951 }
952
953 write_status_begin_signing (mfx.md);
954
955 /* Setup the inner packet. */
956 if( detached ) {
957 if( multifile ) {
958 strlist_t sl;
959
960 if( opt.verbose )
961 log_info(_("signing:") );
962 /* must walk reverse trough this list */
963 for( sl = strlist_last(filenames); sl;
964 sl = strlist_prev( filenames, sl ) ) {
965 inp = iobuf_open(sl->d);
966 if (inp && is_secured_file (iobuf_get_fd (inp)))
967 {
968 iobuf_close (inp);
969 inp = NULL;
970 errno = EPERM;
971 }
972 if( !inp )
973 {
974 rc = gpg_error_from_syserror ();
975 log_error(_("can't open `%s': %s\n"),
976 sl->d,strerror(errno));
977 goto leave;
978 }
979 handle_progress (pfx, inp, sl->d);
980 if( opt.verbose )
981 fprintf(stderr, " `%s'", sl->d );
982 if(opt.textmode)
983 {
984 memset( &tfx, 0, sizeof tfx);
985 iobuf_push_filter( inp, text_filter, &tfx );
986 }
987 iobuf_push_filter( inp, md_filter, &mfx );
988 while( iobuf_get(inp) != -1 )
989 ;
990 iobuf_close(inp); inp = NULL;
991 }
992 if( opt.verbose )
993 putc( '\n', stderr );
994 }
995 else {
996 /* read, so that the filter can calculate the digest */
997 while( iobuf_get(inp) != -1 )
998 ;
999 }
1000 }
1001 else {
1002 rc = write_plaintext_packet (out, inp, fname,
1003 opt.textmode && !outfile ? 't':'b');
1004 }
1005
1006 /* catch errors from above */
1007 if (rc)
1008 goto leave;
1009
1010 /* write the signatures */
1011 rc = write_signature_packets (sk_list, out, mfx.md,
1012 opt.textmode && !outfile? 0x01 : 0x00,
1013 0, duration, detached ? 'D':'S');
1014 if( rc )
1015 goto leave;
1016
1017
1018 leave:
1019 if( rc )
1020 iobuf_cancel(out);
1021 else {
1022 iobuf_close(out);
1023 if (encryptflag)
1024 write_status( STATUS_END_ENCRYPTION );
1025 }
1026 iobuf_close(inp);
1027 gcry_md_close ( mfx.md );
1028 release_sk_list( sk_list );
1029 release_pk_list( pk_list );
1030 recipient_digest_algo=0;
1031 release_progress_context (pfx);
1032 release_armor_context (afx);
1033 return rc;
1034 }
1035
1036
1037
1038 /****************
1039 * make a clear signature. note that opt.armor is not needed
1040 */
1041 int
1042 clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
1043 {
1044 armor_filter_context_t *afx;
1045 progress_filter_context_t *pfx;
1046 gcry_md_hd_t textmd = NULL;
1047 IOBUF inp = NULL, out = NULL;
1048 PACKET pkt;
1049 int rc = 0;
1050 SK_LIST sk_list = NULL;
1051 SK_LIST sk_rover = NULL;
1052 int old_style = RFC1991;
1053 int only_md5 = 0;
1054 u32 duration=0;
1055
1056 pfx = new_progress_context ();
1057 afx = new_armor_context ();
1058 init_packet( &pkt );
1059
1060 if(!opt.force_v3_sigs && !RFC1991)
1061 {
1062 if(opt.ask_sig_expire && !opt.batch)
1063 duration=ask_expire_interval(1,opt.def_sig_expire);
1064 else
1065 duration=parse_expire_string(opt.def_sig_expire);
1066 }
1067
1068 if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
1069 goto leave;
1070
1071 if( !old_style && !duration )
1072 old_style = only_old_style( sk_list );
1073
1074 if(PGP2 && !only_old_style(sk_list))
1075 {
1076 log_info(_("you can only clearsign with PGP 2.x style keys "
1077 "while in --pgp2 mode\n"));
1078 compliance_failure();
1079 }
1080
1081 /* prepare iobufs */
1082 inp = iobuf_open(fname);
1083 if (inp && is_secured_file (iobuf_get_fd (inp)))
1084 {
1085 iobuf_close (inp);
1086 inp = NULL;
1087 errno = EPERM;
1088 }
1089 if( !inp ) {
1090 rc = gpg_error_from_syserror ();
1091 log_error (_("can't open `%s': %s\n"),
1092 fname? fname: "[stdin]", strerror(errno) );
1093 goto leave;
1094 }
1095 handle_progress (pfx, inp, fname);
1096
1097 if( outfile ) {
1098 if (is_secured_filename (outfile) ) {
1099 outfile = NULL;
1100 errno = EPERM;
1101 }
1102 else
1103 out = iobuf_create( outfile );
1104 if( !out )
1105 {
1106 rc = gpg_error_from_syserror ();
1107 log_error(_("can't create `%s': %s\n"), outfile, strerror(errno) );
1108 goto leave;
1109 }
1110 else if( opt.verbose )
1111 log_info(_("writing to `%s'\n"), outfile );
1112 }
1113 else if( (rc = open_outfile( fname, 1, &out )) )
1114 goto leave;
1115
1116 iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
1117
1118 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1119 PKT_secret_key *sk = sk_rover->sk;
1120 if( hash_for(sk) == DIGEST_ALGO_MD5 )
1121 only_md5 = 1;
1122 else {
1123 only_md5 = 0;
1124 break;
1125 }
1126 }
1127
1128 if( !(old_style && only_md5) ) {
1129 const char *s;
1130 int any = 0;
1131 byte hashs_seen[256];
1132
1133 memset( hashs_seen, 0, sizeof hashs_seen );
1134 iobuf_writestr(out, "Hash: " );
1135 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1136 PKT_secret_key *sk = sk_rover->sk;
1137 int i = hash_for(sk);
1138
1139 if( !hashs_seen[ i & 0xff ] ) {
1140 s = gcry_md_algo_name ( i );
1141 if( s ) {
1142 hashs_seen[ i & 0xff ] = 1;
1143 if( any )
1144 iobuf_put(out, ',' );
1145 iobuf_writestr(out, s );
1146 any = 1;
1147 }
1148 }
1149 }
1150 assert(any);
1151 iobuf_writestr(out, LF );
1152 }
1153
1154 if( opt.not_dash_escaped )
1155 iobuf_writestr( out,
1156 "NotDashEscaped: You need GnuPG to verify this message" LF );
1157 iobuf_writestr(out, LF );
1158
1159 if ( gcry_md_open (&textmd, 0, 0) )
1160 BUG ();
1161 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1162 PKT_secret_key *sk = sk_rover->sk;
1163 gcry_md_enable (textmd, hash_for(sk));
1164 }
1165 if ( DBG_HASHING )
1166 gcry_md_start_debug ( textmd, "clearsign" );
1167
1168 copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
1169 opt.escape_from, (old_style && only_md5) );
1170 /* fixme: check for read errors */
1171
1172 /* now write the armor */
1173 afx->what = 2;
1174 push_armor_filter (afx, out);
1175
1176 /* write the signatures */
1177 rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C');
1178 if( rc )
1179 goto leave;
1180
1181 leave:
1182 if( rc )
1183 iobuf_cancel(out);
1184 else
1185 iobuf_close(out);
1186 iobuf_close(inp);
1187 gcry_md_close ( textmd );
1188 release_sk_list( sk_list );
1189 release_progress_context (pfx);
1190 release_armor_context (afx);
1191 return rc;
1192 }
1193
1194 /*
1195 * Sign and conventionally encrypt the given file.
1196 * FIXME: Far too much code is duplicated - revamp the whole file.
1197 */
1198 int
1199 sign_symencrypt_file (const char *fname, strlist_t locusr)
1200 {
1201 armor_filter_context_t *afx;
1202 progress_filter_context_t *pfx;
1203 compress_filter_context_t zfx;
1204 md_filter_context_t mfx;
1205 text_filter_context_t tfx;
1206 cipher_filter_context_t cfx;
1207 IOBUF inp = NULL, out = NULL;
1208 PACKET pkt;
1209 STRING2KEY *s2k = NULL;
1210 int rc = 0;
1211 SK_LIST sk_list = NULL;
1212 SK_LIST sk_rover = NULL;
1213 int algo;
1214 u32 duration=0;
1215 int canceled;
1216
1217 pfx = new_progress_context ();
1218 afx = new_armor_context ();
1219 memset( &zfx, 0, sizeof zfx);
1220 memset( &mfx, 0, sizeof mfx);
1221 memset( &tfx, 0, sizeof tfx);
1222 memset( &cfx, 0, sizeof cfx);
1223 init_packet( &pkt );
1224
1225 if(!opt.force_v3_sigs && !RFC1991)
1226 {
1227 if(opt.ask_sig_expire && !opt.batch)
1228 duration=ask_expire_interval(1,opt.def_sig_expire);
1229 else
1230 duration=parse_expire_string(opt.def_sig_expire);
1231 }
1232
1233 rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
1234 if (rc)
1235 goto leave;
1236
1237 /* prepare iobufs */
1238 inp = iobuf_open(fname);
1239 if (inp && is_secured_file (iobuf_get_fd (inp)))
1240 {
1241 iobuf_close (inp);
1242 inp = NULL;
1243 errno = EPERM;
1244 }
1245 if( !inp ) {
1246 rc = gpg_error_from_syserror ();
1247 log_error (_("can't open `%s': %s\n"),
1248 fname? fname: "[stdin]", strerror(errno) );
1249 goto leave;
1250 }
1251 handle_progress (pfx, inp, fname);
1252
1253 /* prepare key */
1254 s2k = xmalloc_clear( sizeof *s2k );
1255 s2k->mode = RFC1991? 0:opt.s2k_mode;
1256 s2k->hash_algo = S2K_DIGEST_ALGO;
1257
1258 algo = default_cipher_algo();
1259 if (!opt.quiet || !opt.batch)
1260 log_info (_("%s encryption will be used\n"),
1261 openpgp_cipher_algo_name (algo) );
1262 cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, &canceled);
1263
1264 if (!cfx.dek || !cfx.dek->keylen) {
1265 rc = gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
1266 log_error(_("error creating passphrase: %s\n"), gpg_strerror (rc) );
1267 goto leave;
1268 }
1269
1270 /* We have no way to tell if the recipient can handle messages
1271 with an MDC, so this defaults to no. Perhaps in a few years,
1272 this can be defaulted to yes. Note that like regular
1273 encrypting, --force-mdc overrides --disable-mdc. */
1274 if(opt.force_mdc)
1275 cfx.dek->use_mdc=1;
1276
1277 /* now create the outfile */
1278 rc = open_outfile (fname, opt.armor? 1:0, &out);
1279 if (rc)
1280 goto leave;
1281
1282 /* prepare to calculate the MD over the input */
1283 if (opt.textmode)
1284 iobuf_push_filter (inp, text_filter, &tfx);
1285 if ( gcry_md_open (&mfx.md, 0, 0) )
1286 BUG ();
1287 if ( DBG_HASHING )
1288 gcry_md_start_debug (mfx.md, "symc-sign");
1289
1290 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
1291 PKT_secret_key *sk = sk_rover->sk;
1292 gcry_md_enable (mfx.md, hash_for (sk));
1293 }
1294
1295 iobuf_push_filter (inp, md_filter, &mfx);
1296
1297 /* Push armor output filter */
1298 if (opt.armor)
1299 push_armor_filter (afx, out);
1300
1301 /* Write the symmetric key packet */
1302 /*(current filters: armor)*/
1303 if (!RFC1991) {
1304 PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
1305 enc->version = 4;
1306 enc->cipher_algo = cfx.dek->algo;
1307 enc->s2k = *s2k;
1308 pkt.pkttype = PKT_SYMKEY_ENC;
1309 pkt.pkt.symkey_enc = enc;
1310 if( (rc = build_packet( out, &pkt )) )
1311 log_error("build symkey packet failed: %s\n", g10_errstr(rc) );
1312 xfree(enc);
1313 }
1314
1315 /* Push the encryption filter */
1316 iobuf_push_filter( out, cipher_filter, &cfx );
1317
1318 /* Push the compress filter */
1319 if (default_compress_algo())
1320 push_compress_filter(out,&zfx,default_compress_algo());
1321
1322 /* Write the one-pass signature packets */
1323 /*(current filters: zip - encrypt - armor)*/
1324 if (!RFC1991) {
1325 rc = write_onepass_sig_packets (sk_list, out,
1326 opt.textmode? 0x01:0x00);
1327 if (rc)
1328 goto leave;
1329 }
1330
1331 write_status_begin_signing (mfx.md);
1332
1333 /* Pipe data through all filters; i.e. write the signed stuff */
1334 /*(current filters: zip - encrypt - armor)*/
1335 rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
1336 if (rc)
1337 goto leave;
1338
1339 /* Write the signatures */
1340 /*(current filters: zip - encrypt - armor)*/
1341 rc = write_signature_packets (sk_list, out, mfx.md,
1342 opt.textmode? 0x01 : 0x00,
1343 0, duration, 'S');
1344 if( rc )
1345 goto leave;
1346
1347
1348 leave:
1349 if( rc )
1350 iobuf_cancel(out);
1351 else {
1352 iobuf_close(out);
1353 write_status( STATUS_END_ENCRYPTION );
1354 }
1355 iobuf_close(inp);
1356 release_sk_list( sk_list );
1357 gcry_md_close( mfx.md );
1358 xfree(cfx.dek);
1359 xfree(s2k);
1360 release_progress_context (pfx);
1361 release_armor_context (afx);
1362 return rc;
1363 }
1364
1365
1366 /****************
1367 * Create a signature packet for the given public key certificate and
1368 * the user id and return it in ret_sig. User signature class SIGCLASS
1369 * user-id is not used (and may be NULL if sigclass is 0x20) If
1370 * DIGEST_ALGO is 0 the function selects an appropriate one.
1371 * SIGVERSION gives the minimal required signature packet version;
1372 * this is needed so that special properties like local sign are not
1373 * applied (actually: dropped) when a v3 key is used. TIMESTAMP is
1374 * the timestamp to use for the signature. 0 means "now" */
1375 int
1376 make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
1377 PKT_user_id *uid, PKT_public_key *subpk,
1378 PKT_secret_key *sk,
1379 int sigclass, int digest_algo,
1380 int sigversion, u32 timestamp, u32 duration,
1381 int (*mksubpkt)(PKT_signature *, void *), void *opaque
1382 )
1383 {
1384 PKT_signature *sig;
1385 int rc=0;
1386 gcry_md_hd_t md;
1387
1388 assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
1389 || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
1390 || sigclass == 0x30 || sigclass == 0x28 );
1391
1392 if (opt.force_v4_certs)
1393 sigversion = 4;
1394
1395 if (sigversion < sk->version)
1396 sigversion = sk->version;
1397
1398 /* If you are making a signature on a v4 key using your v3 key, it
1399 doesn't make sense to generate a v3 sig. After all, no v3-only
1400 PGP implementation could understand the v4 key in the first
1401 place. Note that this implies that a signature on an attribute
1402 uid is usually going to be v4 as well, since they are not
1403 generally found on v3 keys. */
1404 if (sigversion < pk->version)
1405 sigversion = pk->version;
1406
1407 if( !digest_algo )
1408 {
1409 /* Basically, this means use SHA1 always unless it's a v3 RSA
1410 key making a v3 cert (use MD5), or the user specified
1411 something (use whatever they said), or it's DSA (use the
1412 best match). They still can't pick an inappropriate hash
1413 for DSA or the signature will fail. Note that this still
1414 allows the caller of make_keysig_packet to override the
1415 user setting if it must. */
1416
1417 if(opt.cert_digest_algo)
1418 digest_algo=opt.cert_digest_algo;
1419 else if(sk->pubkey_algo==PUBKEY_ALGO_RSA
1420 && pk->version<4 && sigversion<4)
1421 digest_algo = DIGEST_ALGO_MD5;
1422 else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
1423 digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
1424 else
1425 digest_algo = DIGEST_ALGO_SHA1;
1426 }
1427
1428 if ( gcry_md_open (&md, digest_algo, 0 ) )
1429 BUG ();
1430
1431 /* Hash the public key certificate. */
1432 hash_public_key( md, pk );
1433
1434 if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 )
1435 {
1436 /* hash the subkey binding/backsig/revocation */
1437 hash_public_key( md, subpk );
1438 }
1439 else if( sigclass != 0x1F && sigclass != 0x20 )
1440 {
1441 /* hash the user id */
1442 hash_uid (md, sigversion, uid);
1443 }
1444 /* and make the signature packet */
1445 sig = xmalloc_clear( sizeof *sig );
1446 sig->version = sigversion;
1447 sig->flags.exportable=1;
1448 sig->flags.revocable=1;
1449 keyid_from_sk( sk, sig->keyid );
1450 sig->pubkey_algo = sk->pubkey_algo;
1451 sig->digest_algo = digest_algo;
1452 if(timestamp)
1453 sig->timestamp=timestamp;
1454 else
1455 sig->timestamp=make_timestamp();
1456 if(duration)
1457 sig->expiredate=sig->timestamp+duration;
1458 sig->sig_class = sigclass;
1459 if( sig->version >= 4 )
1460 {
1461 build_sig_subpkt_from_sig( sig );
1462 mk_notation_policy_etc( sig, pk, sk );
1463 }
1464
1465 /* Crucial that the call to mksubpkt comes LAST before the calls
1466 to finalize the sig as that makes it possible for the mksubpkt
1467 function to get a reliable pointer to the subpacket area. */
1468 if( sig->version >= 4 && mksubpkt )
1469 rc = (*mksubpkt)( sig, opaque );
1470
1471 if( !rc ) {
1472 hash_sigversion_to_magic (md, sig);
1473 gcry_md_final (md);
1474
1475 rc = complete_sig( sig, sk, md );
1476 }
1477
1478 gcry_md_close ( md );
1479 if( rc )
1480 free_seckey_enc( sig );
1481 else
1482 *ret_sig = sig;
1483 return rc;
1484 }
1485
1486
1487
1488 /****************
1489 * Create a new signature packet based on an existing one.
1490 * Only user ID signatures are supported for now.
1491 * TODO: Merge this with make_keysig_packet.
1492 */
1493 int
1494 update_keysig_packet( PKT_signature **ret_sig,
1495 PKT_signature *orig_sig,
1496 PKT_public_key *pk,
1497 PKT_user_id *uid,
1498 PKT_public_key *subpk,
1499 PKT_secret_key *sk,
1500 int (*mksubpkt)(PKT_signature *, void *),
1501 void *opaque )
1502 {
1503 PKT_signature *sig;
1504 int rc=0;
1505 gcry_md_hd_t md;
1506
1507 if ((!orig_sig || !pk || !sk)
1508 || (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
1509 || (orig_sig->sig_class == 0x18 && !subpk))
1510 return G10ERR_GENERAL;
1511
1512 if ( gcry_md_open (&md, orig_sig->digest_algo, 0 ) )
1513 BUG ();
1514
1515 /* Hash the public key certificate and the user id. */
1516 hash_public_key( md, pk );
1517
1518 if( orig_sig->sig_class == 0x18 )
1519 hash_public_key( md, subpk );
1520 else
1521 hash_uid (md, orig_sig->version, uid);
1522
1523 /* create a new signature packet */
1524 sig = copy_signature (NULL, orig_sig);
1525
1526 /* We need to create a new timestamp so that new sig expiration
1527 calculations are done correctly... */
1528 sig->timestamp=make_timestamp();
1529
1530 /* ... but we won't make a timestamp earlier than the existing
1531 one. */
1532 while(sig->timestamp<=orig_sig->timestamp)
1533 {
1534 gnupg_sleep (1);
1535 sig->timestamp=make_timestamp();
1536 }
1537
1538 /* Note that already expired sigs will remain expired (with a
1539 duration of 1) since build-packet.c:build_sig_subpkt_from_sig
1540 detects this case. */
1541
1542 if( sig->version >= 4 )
1543 {
1544 /* Put the updated timestamp into the sig. Note that this
1545 will automagically lower any sig expiration dates to
1546 correctly correspond to the differences in the timestamps
1547 (i.e. the duration will shrink). */
1548 build_sig_subpkt_from_sig( sig );
1549
1550 if (mksubpkt)
1551 rc = (*mksubpkt)(sig, opaque);
1552 }
1553
1554 if (!rc) {
1555 hash_sigversion_to_magic (md, sig);
1556 gcry_md_final (md);
1557
1558 rc = complete_sig( sig, sk, md );
1559 }
1560
1561 gcry_md_close (md);
1562 if( rc )
1563 free_seckey_enc (sig);
1564 else
1565 *ret_sig = sig;
1566 return rc;
1567 }
gnupg svn clone