* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ is
[gnupg.git] / g10 / sign.c
blob0528427db4fcdd204adff9ae9d2afd5fbf16b608
1 /* sign.c - sign data
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
28 #include "gpg.h"
29 #include "options.h"
30 #include "packet.h"
31 #include "status.h"
32 #include "iobuf.h"
33 #include "keydb.h"
34 #include "util.h"
35 #include "main.h"
36 #include "filter.h"
37 #include "ttyio.h"
38 #include "trustdb.h"
39 #include "status.h"
40 #include "i18n.h"
41 #include "pkglue.h"
42 #include "sysutils.h"
43 #include "call-agent.h"
46 #ifdef HAVE_DOSISH_SYSTEM
47 #define LF "\r\n"
48 #else
49 #define LF "\n"
50 #endif
52 static int recipient_digest_algo=0;
54 /****************
55 * Create notations and other stuff. It is assumed that the stings in
56 * STRLIST are already checked to contain only printable data and have
57 * a valid NAME=VALUE format.
59 static void
60 mk_notation_policy_etc( PKT_signature *sig,
61 PKT_public_key *pk, PKT_secret_key *sk )
63 const char *string;
64 char *s=NULL;
65 strlist_t pu=NULL;
66 struct notation *nd=NULL;
67 struct expando_args args;
69 assert(sig->version>=4);
71 memset(&args,0,sizeof(args));
72 args.pk=pk;
73 args.sk=sk;
75 /* notation data */
76 if(IS_SIG(sig) && opt.sig_notations)
77 nd=opt.sig_notations;
78 else if( IS_CERT(sig) && opt.cert_notations )
79 nd=opt.cert_notations;
81 if(nd)
83 struct notation *i;
85 for(i=nd;i;i=i->next)
87 i->altvalue=pct_expando(i->value,&args);
88 if(!i->altvalue)
89 log_error(_("WARNING: unable to %%-expand notation "
90 "(too large). Using unexpanded.\n"));
93 keygen_add_notations(sig,nd);
95 for(i=nd;i;i=i->next)
97 xfree(i->altvalue);
98 i->altvalue=NULL;
102 /* set policy URL */
103 if( IS_SIG(sig) && opt.sig_policy_url )
104 pu=opt.sig_policy_url;
105 else if( IS_CERT(sig) && opt.cert_policy_url )
106 pu=opt.cert_policy_url;
108 for(;pu;pu=pu->next)
110 string = pu->d;
112 s=pct_expando(string,&args);
113 if(!s)
115 log_error(_("WARNING: unable to %%-expand policy URL "
116 "(too large). Using unexpanded.\n"));
117 s=xstrdup(string);
120 build_sig_subpkt(sig,SIGSUBPKT_POLICY|
121 ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
122 s,strlen(s));
124 xfree(s);
127 /* preferred keyserver URL */
128 if( IS_SIG(sig) && opt.sig_keyserver_url )
129 pu=opt.sig_keyserver_url;
131 for(;pu;pu=pu->next)
133 string = pu->d;
135 s=pct_expando(string,&args);
136 if(!s)
138 log_error(_("WARNING: unable to %%-expand preferred keyserver URL"
139 " (too large). Using unexpanded.\n"));
140 s=xstrdup(string);
143 build_sig_subpkt(sig,SIGSUBPKT_PREF_KS|
144 ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
145 s,strlen(s));
147 xfree(s);
153 * Helper to hash a user ID packet.
155 static void
156 hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
158 if ( sigversion >= 4 ) {
159 byte buf[5];
161 if(uid->attrib_data) {
162 buf[0] = 0xd1; /* indicates an attribute packet */
163 buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
164 buf[2] = uid->attrib_len >> 16;
165 buf[3] = uid->attrib_len >> 8;
166 buf[4] = uid->attrib_len;
168 else {
169 buf[0] = 0xb4; /* indicates a userid packet */
170 buf[1] = uid->len >> 24; /* always use 4 length bytes */
171 buf[2] = uid->len >> 16;
172 buf[3] = uid->len >> 8;
173 buf[4] = uid->len;
175 gcry_md_write( md, buf, 5 );
178 if(uid->attrib_data)
179 gcry_md_write (md, uid->attrib_data, uid->attrib_len );
180 else
181 gcry_md_write (md, uid->name, uid->len );
186 * Helper to hash some parts from the signature
188 static void
189 hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
191 if (sig->version >= 4)
192 gcry_md_putc (md, sig->version);
193 gcry_md_putc (md, sig->sig_class);
194 if (sig->version < 4) {
195 u32 a = sig->timestamp;
196 gcry_md_putc (md, (a >> 24) & 0xff );
197 gcry_md_putc (md, (a >> 16) & 0xff );
198 gcry_md_putc (md, (a >> 8) & 0xff );
199 gcry_md_putc (md, a & 0xff );
201 else {
202 byte buf[6];
203 size_t n;
205 gcry_md_putc (md, sig->pubkey_algo);
206 gcry_md_putc (md, sig->digest_algo);
207 if (sig->hashed) {
208 n = sig->hashed->len;
209 gcry_md_putc (md, (n >> 8) );
210 gcry_md_putc (md, n );
211 gcry_md_write (md, sig->hashed->data, n );
212 n += 6;
214 else {
215 gcry_md_putc (md, 0); /* always hash the length of the subpacket*/
216 gcry_md_putc (md, 0);
217 n = 6;
219 /* add some magic */
220 buf[0] = sig->version;
221 buf[1] = 0xff;
222 buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
223 buf[3] = n >> 16;
224 buf[4] = n >> 8;
225 buf[5] = n;
226 gcry_md_write (md, buf, 6);
231 static int
232 do_sign( PKT_secret_key *sk, PKT_signature *sig,
233 gcry_md_hd_t md, int digest_algo )
235 gcry_mpi_t frame;
236 byte *dp;
237 int rc;
239 if( sk->timestamp > sig->timestamp ) {
240 ulong d = sk->timestamp - sig->timestamp;
241 log_info( d==1 ? _("key has been created %lu second "
242 "in future (time warp or clock problem)\n")
243 : _("key has been created %lu seconds "
244 "in future (time warp or clock problem)\n"), d );
245 if( !opt.ignore_time_conflict )
246 return G10ERR_TIME_CONFLICT;
250 print_pubkey_algo_note(sk->pubkey_algo);
252 if( !digest_algo )
253 digest_algo = gcry_md_get_algo (md);
255 print_digest_algo_note( digest_algo );
256 dp = gcry_md_read ( md, digest_algo );
257 sig->digest_algo = digest_algo;
258 sig->digest_start[0] = dp[0];
259 sig->digest_start[1] = dp[1];
260 if (sk->is_protected && sk->protect.s2k.mode == 1002)
262 #ifdef ENABLE_CARD_SUPPORT
263 unsigned char *rbuf;
264 size_t rbuflen;
265 char *snbuf;
267 snbuf = serialno_and_fpr_from_sk (sk->protect.iv,
268 sk->protect.ivlen, sk);
269 rc = agent_scd_pksign (snbuf, digest_algo,
270 gcry_md_read (md, digest_algo),
271 gcry_md_get_algo_dlen (digest_algo),
272 &rbuf, &rbuflen);
273 xfree (snbuf);
274 if (!rc)
276 if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG,
277 rbuf, rbuflen, NULL))
278 BUG ();
279 xfree (rbuf);
281 #else
282 return gpg_error (GPG_ERR_NOT_SUPPORTED);
283 #endif /* ENABLE_CARD_SUPPORT */
285 else
287 frame = encode_md_value( NULL, sk, md, digest_algo );
288 if (!frame)
289 return G10ERR_GENERAL;
290 rc = pk_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
291 gcry_mpi_release (frame);
294 if (!rc && !opt.no_sig_create_check) {
295 /* Check that the signature verification worked and nothing is
296 * fooling us e.g. by a bug in the signature create
297 * code or by deliberately introduced faults. */
298 PKT_public_key *pk = xmalloc_clear (sizeof *pk);
300 if( get_pubkey( pk, sig->keyid ) )
301 rc = G10ERR_NO_PUBKEY;
302 else {
303 frame = encode_md_value (pk, NULL, md, sig->digest_algo );
304 if (!frame)
305 rc = G10ERR_GENERAL;
306 else
307 rc = pk_verify (pk->pubkey_algo, frame, sig->data, pk->pkey );
308 gcry_mpi_release (frame);
310 if (rc)
311 log_error (_("checking created signature failed: %s\n"),
312 g10_errstr (rc));
313 free_public_key (pk);
315 if( rc )
316 log_error(_("signing failed: %s\n"), g10_errstr(rc) );
317 else {
318 if( opt.verbose ) {
319 char *ustr = get_user_id_string_native (sig->keyid);
320 log_info(_("%s/%s signature from: \"%s\"\n"),
321 gcry_pk_algo_name (sk->pubkey_algo),
322 gcry_md_algo_name (sig->digest_algo),
323 ustr );
324 xfree(ustr);
327 return rc;
332 complete_sig( PKT_signature *sig, PKT_secret_key *sk, gcry_md_hd_t md )
334 int rc=0;
336 if( !(rc=check_secret_key( sk, 0 )) )
337 rc = do_sign( sk, sig, md, 0 );
338 return rc;
343 static int
344 match_dsa_hash (unsigned int qbytes)
346 if (qbytes <= 20)
347 return DIGEST_ALGO_SHA1;
349 if (qbytes <= 28)
350 return DIGEST_ALGO_SHA224;
352 if (qbytes <= 32)
353 return DIGEST_ALGO_SHA256;
355 if (qbytes <= 48)
356 return DIGEST_ALGO_SHA384;
358 if (qbytes <= 64)
359 return DIGEST_ALGO_SHA512;
361 return DEFAULT_DIGEST_ALGO;
362 /* DEFAULT_DIGEST_ALGO will certainly fail, but it's the best wrong
363 answer we have if a digest larger than 512 bits is requested. */
368 First try --digest-algo. If that isn't set, see if the recipient
369 has a preferred algorithm (which is also filtered through
370 --preferred-digest-prefs). If we're making a signature without a
371 particular recipient (i.e. signing, rather than signing+encrypting)
372 then take the first algorithm in --preferred-digest-prefs that is
373 usable for the pubkey algorithm. If --preferred-digest-prefs isn't
374 set, then take the OpenPGP default (i.e. SHA-1).
376 Possible improvement: Use the highest-ranked usable algorithm from
377 the signing key prefs either before or after using the personal
378 list?
380 static int
381 hash_for(PKT_secret_key *sk)
383 if( opt.def_digest_algo )
384 return opt.def_digest_algo;
385 else if( recipient_digest_algo )
386 return recipient_digest_algo;
387 else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
389 unsigned int qbytes = gcry_mpi_get_nbits (sk->skey[1]) / 8;
391 /* It's a DSA key, so find a hash that is the same size as q or
392 larger. If q is 160, assume it is an old DSA key and use a
393 160-bit hash unless --enable-dsa2 is set, in which case act
394 like a new DSA key that just happens to have a 160-bit q
395 (i.e. allow truncation). If q is not 160, by definition it
396 must be a new DSA key. */
398 if (opt.personal_digest_prefs)
400 prefitem_t *prefs;
402 if (qbytes != 20 || opt.flags.dsa2)
404 for (prefs=opt.personal_digest_prefs; prefs->type; prefs++)
405 if (gcry_md_get_algo_dlen (prefs->value) >= qbytes)
406 return prefs->value;
408 else
410 for (prefs=opt.personal_digest_prefs; prefs->type; prefs++)
411 if (gcry_md_get_algo_dlen (prefs->value) == qbytes)
412 return prefs->value;
416 return match_dsa_hash(qbytes);
418 else if (sk->is_protected && sk->protect.s2k.mode==1002)
420 /* The sk lives on a smartcard, and current smartcards only
421 handle SHA-1 and RIPEMD/160. This is correct now, but may
422 need revision as the cards add algorithms. */
424 if(opt.personal_digest_prefs)
426 prefitem_t *prefs;
428 for (prefs=opt.personal_digest_prefs;prefs->type;prefs++)
429 if (prefs->value==DIGEST_ALGO_SHA1
430 || prefs->value==DIGEST_ALGO_RMD160)
431 return prefs->value;
434 return DIGEST_ALGO_SHA1;
436 else if (PGP2 && sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
438 /* Old-style PGP only understands MD5 */
439 return DIGEST_ALGO_MD5;
441 else if ( opt.personal_digest_prefs )
443 /* It's not DSA, so we can use whatever the first hash algorithm
444 is in the pref list */
445 return opt.personal_digest_prefs[0].value;
447 else
448 return DEFAULT_DIGEST_ALGO;
452 static int
453 only_old_style( SK_LIST sk_list )
455 SK_LIST sk_rover = NULL;
456 int old_style = 0;
458 /* if there are only old style capable key we use the old sytle */
459 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
460 PKT_secret_key *sk = sk_rover->sk;
461 if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
462 old_style = 1;
463 else
464 return 0;
466 return old_style;
471 static void
472 print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what )
474 byte array[MAX_FINGERPRINT_LEN], *p;
475 char buf[100+MAX_FINGERPRINT_LEN*2];
476 size_t i, n;
478 sprintf(buf, "%c %d %d %02x %lu ",
479 what, sig->pubkey_algo, sig->digest_algo, sig->sig_class,
480 (ulong)sig->timestamp );
482 fingerprint_from_sk( sk, array, &n );
483 p = buf + strlen(buf);
484 for(i=0; i < n ; i++ )
485 sprintf(p+2*i, "%02X", array[i] );
487 write_status_text( STATUS_SIG_CREATED, buf );
492 * Loop over the secret certificates in SK_LIST and build the one pass
493 * signature packets. OpenPGP says that the data should be bracket by
494 * the onepass-sig and signature-packet; so we build these onepass
495 * packet here in reverse order
497 static int
498 write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
500 int skcount;
501 SK_LIST sk_rover;
503 for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
504 skcount++;
506 for (; skcount; skcount--) {
507 PKT_secret_key *sk;
508 PKT_onepass_sig *ops;
509 PACKET pkt;
510 int i, rc;
512 for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
513 if (++i == skcount)
514 break;
517 sk = sk_rover->sk;
518 ops = xmalloc_clear (sizeof *ops);
519 ops->sig_class = sigclass;
520 ops->digest_algo = hash_for (sk);
521 ops->pubkey_algo = sk->pubkey_algo;
522 keyid_from_sk (sk, ops->keyid);
523 ops->last = (skcount == 1);
525 init_packet(&pkt);
526 pkt.pkttype = PKT_ONEPASS_SIG;
527 pkt.pkt.onepass_sig = ops;
528 rc = build_packet (out, &pkt);
529 free_packet (&pkt);
530 if (rc) {
531 log_error ("build onepass_sig packet failed: %s\n",
532 g10_errstr(rc));
533 return rc;
537 return 0;
541 * Helper to write the plaintext (literal data) packet
543 static int
544 write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
546 PKT_plaintext *pt = NULL;
547 u32 filesize;
548 int rc = 0;
550 if (!opt.no_literal)
551 pt=setup_plaintext_name(fname,inp);
553 /* try to calculate the length of the data */
554 if ( !iobuf_is_pipe_filename (fname) && *fname )
556 off_t tmpsize;
557 int overflow;
559 if( !(tmpsize = iobuf_get_filelength(inp, &overflow))
560 && !overflow && opt.verbose)
561 log_info (_("WARNING: `%s' is an empty file\n"), fname);
563 /* We can't encode the length of very large files because
564 OpenPGP uses only 32 bit for file sizes. So if the size of
565 a file is larger than 2^32 minus some bytes for packet
566 headers, we switch to partial length encoding. */
567 if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
568 filesize = tmpsize;
569 else
570 filesize = 0;
572 /* Because the text_filter modifies the length of the
573 * data, it is not possible to know the used length
574 * without a double read of the file - to avoid that
575 * we simple use partial length packets. */
576 if ( ptmode == 't' )
577 filesize = 0;
579 else
580 filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
582 if (!opt.no_literal) {
583 PACKET pkt;
585 pt->timestamp = make_timestamp ();
586 pt->mode = ptmode;
587 pt->len = filesize;
588 pt->new_ctb = !pt->len && !RFC1991;
589 pt->buf = inp;
590 init_packet(&pkt);
591 pkt.pkttype = PKT_PLAINTEXT;
592 pkt.pkt.plaintext = pt;
593 /*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
594 if( (rc = build_packet (out, &pkt)) )
595 log_error ("build_packet(PLAINTEXT) failed: %s\n",
596 g10_errstr(rc) );
597 pt->buf = NULL;
599 else {
600 byte copy_buffer[4096];
601 int bytes_copied;
603 while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
604 if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
605 log_error ("copying input to output failed: %s\n",
606 gpg_strerror (rc));
607 break;
609 wipememory(copy_buffer,4096); /* burn buffer */
611 /* fixme: it seems that we never freed pt/pkt */
613 return rc;
617 * Write the signatures from the SK_LIST to OUT. HASH must be a non-finalized
618 * hash which will not be changes here.
620 static int
621 write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
622 int sigclass, u32 timestamp, u32 duration,
623 int status_letter)
625 SK_LIST sk_rover;
627 /* loop over the secret certificates */
628 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
629 PKT_secret_key *sk;
630 PKT_signature *sig;
631 gcry_md_hd_t md;
632 int rc;
634 sk = sk_rover->sk;
636 /* build the signature packet */
637 sig = xmalloc_clear (sizeof *sig);
638 if(opt.force_v3_sigs || RFC1991)
639 sig->version=3;
640 else if(duration || opt.sig_policy_url
641 || opt.sig_notations || opt.sig_keyserver_url)
642 sig->version=4;
643 else
644 sig->version=sk->version;
645 keyid_from_sk (sk, sig->keyid);
646 sig->digest_algo = hash_for(sk);
647 sig->pubkey_algo = sk->pubkey_algo;
648 if(timestamp)
649 sig->timestamp = timestamp;
650 else
651 sig->timestamp = make_timestamp();
652 if(duration)
653 sig->expiredate = sig->timestamp+duration;
654 sig->sig_class = sigclass;
656 if (gcry_md_copy (&md, hash))
657 BUG ();
659 if (sig->version >= 4)
661 build_sig_subpkt_from_sig (sig);
662 mk_notation_policy_etc (sig, NULL, sk);
665 hash_sigversion_to_magic (md, sig);
666 gcry_md_final (md);
668 rc = do_sign( sk, sig, md, hash_for (sk) );
669 gcry_md_close (md);
670 if( !rc ) { /* and write it */
671 PACKET pkt;
673 init_packet(&pkt);
674 pkt.pkttype = PKT_SIGNATURE;
675 pkt.pkt.signature = sig;
676 rc = build_packet (out, &pkt);
677 if (!rc && is_status_enabled()) {
678 print_status_sig_created ( sk, sig, status_letter);
680 free_packet (&pkt);
681 if (rc)
682 log_error ("build signature packet failed: %s\n",
683 g10_errstr(rc) );
685 if( rc )
686 return rc;;
689 return 0;
692 /****************
693 * Sign the files whose names are in FILENAME.
694 * If DETACHED has the value true,
695 * make a detached signature. If FILENAMES->d is NULL read from stdin
696 * and ignore the detached mode. Sign the file with all secret keys
697 * which can be taken from LOCUSR, if this is NULL, use the default one
698 * If ENCRYPTFLAG is true, use REMUSER (or ask if it is NULL) to encrypt the
699 * signed data for these users.
700 * If OUTFILE is not NULL; this file is used for output and the function
701 * does not ask for overwrite permission; output is then always
702 * uncompressed, non-armored and in binary mode.
705 sign_file( strlist_t filenames, int detached, strlist_t locusr,
706 int encryptflag, strlist_t remusr, const char *outfile )
708 const char *fname;
709 armor_filter_context_t *afx;
710 compress_filter_context_t zfx;
711 md_filter_context_t mfx;
712 text_filter_context_t tfx;
713 progress_filter_context_t *pfx;
714 encrypt_filter_context_t efx;
715 IOBUF inp = NULL, out = NULL;
716 PACKET pkt;
717 int rc = 0;
718 PK_LIST pk_list = NULL;
719 SK_LIST sk_list = NULL;
720 SK_LIST sk_rover = NULL;
721 int multifile = 0;
722 u32 duration=0;
724 pfx = new_progress_context ();
725 afx = new_armor_context ();
726 memset( &zfx, 0, sizeof zfx);
727 memset( &mfx, 0, sizeof mfx);
728 memset( &efx, 0, sizeof efx);
729 init_packet( &pkt );
731 if( filenames ) {
732 fname = filenames->d;
733 multifile = !!filenames->next;
735 else
736 fname = NULL;
738 if( fname && filenames->next && (!detached || encryptflag) )
739 log_bug("multiple files can only be detached signed");
741 if(encryptflag==2
742 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
743 goto leave;
745 if(!opt.force_v3_sigs && !RFC1991)
747 if(opt.ask_sig_expire && !opt.batch)
748 duration=ask_expire_interval(1,opt.def_sig_expire);
749 else
750 duration=parse_expire_string(opt.def_sig_expire);
753 if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
754 goto leave;
756 if(PGP2 && !only_old_style(sk_list))
758 log_info(_("you can only detach-sign with PGP 2.x style keys "
759 "while in --pgp2 mode\n"));
760 compliance_failure();
763 if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )))
764 goto leave;
766 /* prepare iobufs */
767 if( multifile ) /* have list of filenames */
768 inp = NULL; /* we do it later */
769 else {
770 inp = iobuf_open(fname);
771 if (inp && is_secured_file (iobuf_get_fd (inp)))
773 iobuf_close (inp);
774 inp = NULL;
775 errno = EPERM;
777 if( !inp )
779 rc = gpg_error_from_syserror ();
780 log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]",
781 strerror(errno) );
782 goto leave;
785 handle_progress (pfx, inp, fname);
788 if( outfile ) {
789 if (is_secured_filename ( outfile )) {
790 out = NULL;
791 errno = EPERM;
793 else
794 out = iobuf_create( outfile );
795 if( !out )
797 rc = gpg_error_from_syserror ();
798 log_error(_("can't create `%s': %s\n"), outfile, strerror(errno) );
799 goto leave;
801 else if( opt.verbose )
802 log_info(_("writing to `%s'\n"), outfile );
804 else if( (rc = open_outfile( fname, opt.armor? 1: detached? 2:0, &out )))
805 goto leave;
807 /* prepare to calculate the MD over the input */
808 if( opt.textmode && !outfile && !multifile )
810 memset( &tfx, 0, sizeof tfx);
811 iobuf_push_filter( inp, text_filter, &tfx );
814 if ( gcry_md_open (&mfx.md, 0, 0) )
815 BUG ();
816 if (DBG_HASHING)
817 gcry_md_start_debug (mfx.md, "sign");
819 /* If we're encrypting and signing, it is reasonable to pick the
820 hash algorithm to use out of the recepient key prefs. This is
821 best effort only, as in a DSA2 and smartcard world there are
822 cases where we cannot please everyone with a single hash (DSA2
823 wants >160 and smartcards want =160). In the future this could
824 be more complex with different hashes for each sk, but the
825 current design requires a single hash for all SKs. */
826 if(pk_list)
828 if(opt.def_digest_algo)
830 if(!opt.expert &&
831 select_algo_from_prefs(pk_list,PREFTYPE_HASH,
832 opt.def_digest_algo,
833 NULL)!=opt.def_digest_algo)
834 log_info(_("WARNING: forcing digest algorithm %s (%d)"
835 " violates recipient preferences\n"),
836 gcry_md_algo_name (opt.def_digest_algo),
837 opt.def_digest_algo );
839 else
841 int algo, smartcard=0;
842 union pref_hint hint;
844 hint.digest_length = 0;
846 /* Of course, if the recipient asks for something
847 unreasonable (like the wrong hash for a DSA key) then
848 don't do it. Check all sk's - if any are DSA or live
849 on a smartcard, then the hash has restrictions and we
850 may not be able to give the recipient what they want.
851 For DSA, pass a hint for the largest q we have. Note
852 that this means that a q>160 key will override a q=160
853 key and force the use of truncation for the q=160 key.
854 The alternative would be to ignore the recipient prefs
855 completely and get a different hash for each DSA key in
856 hash_for(). The override behavior here is more or less
857 reasonable as it is under the control of the user which
858 keys they sign with for a given message and the fact
859 that the message with multiple signatures won't be
860 usable on an implementation that doesn't understand
861 DSA2 anyway. */
863 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
865 if (sk_rover->sk->pubkey_algo == PUBKEY_ALGO_DSA)
867 int temp_hashlen = gcry_mpi_get_nbits
868 (sk_rover->sk->skey[1])+7/8;
870 /* Pick a hash that is large enough for our
871 largest q */
873 if (hint.digest_length<temp_hashlen)
874 hint.digest_length=temp_hashlen;
876 else if (sk_rover->sk->is_protected
877 && sk_rover->sk->protect.s2k.mode == 1002)
878 smartcard = 1;
881 /* Current smartcards only do 160-bit hashes. If we have
882 to have a >160-bit hash, then we can't use the
883 recipient prefs as we'd need both =160 and >160 at the
884 same time and recipient prefs currently require a
885 single hash for all signatures. All this may well have
886 to change as the cards add algorithms. */
888 if (!smartcard || (smartcard && hint.digest_length==20))
889 if ( (algo=
890 select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hint)) > 0)
891 recipient_digest_algo=algo;
895 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
896 PKT_secret_key *sk = sk_rover->sk;
897 gcry_md_enable (mfx.md, hash_for(sk));
900 if( !multifile )
901 iobuf_push_filter( inp, md_filter, &mfx );
903 if( detached && !encryptflag && !RFC1991 )
904 afx->what = 2;
906 if( opt.armor && !outfile )
907 push_armor_filter (afx, out);
909 if( encryptflag ) {
910 efx.pk_list = pk_list;
911 /* fixme: set efx.cfx.datalen if known */
912 iobuf_push_filter( out, encrypt_filter, &efx );
915 if( opt.compress_algo && !outfile && ( !detached || opt.compress_sigs) )
917 int compr_algo=opt.compress_algo;
919 /* If not forced by user */
920 if(compr_algo==-1)
922 /* If we're not encrypting, then select_algo_from_prefs
923 will fail and we'll end up with the default. If we are
924 encrypting, select_algo_from_prefs cannot fail since
925 there is an assumed preference for uncompressed data.
926 Still, if it did fail, we'll also end up with the
927 default. */
929 if((compr_algo=
930 select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
931 compr_algo=default_compress_algo();
933 else if(!opt.expert && pk_list
934 && select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
935 compr_algo,NULL)!=compr_algo)
936 log_info(_("WARNING: forcing compression algorithm %s (%d)"
937 " violates recipient preferences\n"),
938 compress_algo_to_string(compr_algo),compr_algo);
940 /* algo 0 means no compression */
941 if( compr_algo )
942 push_compress_filter(out,&zfx,compr_algo);
945 /* Write the one-pass signature packets if needed */
946 if (!detached && !RFC1991) {
947 rc = write_onepass_sig_packets (sk_list, out,
948 opt.textmode && !outfile ? 0x01:0x00);
949 if (rc)
950 goto leave;
953 write_status_begin_signing (mfx.md);
955 /* Setup the inner packet. */
956 if( detached ) {
957 if( multifile ) {
958 strlist_t sl;
960 if( opt.verbose )
961 log_info(_("signing:") );
962 /* must walk reverse trough this list */
963 for( sl = strlist_last(filenames); sl;
964 sl = strlist_prev( filenames, sl ) ) {
965 inp = iobuf_open(sl->d);
966 if (inp && is_secured_file (iobuf_get_fd (inp)))
968 iobuf_close (inp);
969 inp = NULL;
970 errno = EPERM;
972 if( !inp )
974 rc = gpg_error_from_syserror ();
975 log_error(_("can't open `%s': %s\n"),
976 sl->d,strerror(errno));
977 goto leave;
979 handle_progress (pfx, inp, sl->d);
980 if( opt.verbose )
981 fprintf(stderr, " `%s'", sl->d );
982 if(opt.textmode)
984 memset( &tfx, 0, sizeof tfx);
985 iobuf_push_filter( inp, text_filter, &tfx );
987 iobuf_push_filter( inp, md_filter, &mfx );
988 while( iobuf_get(inp) != -1 )
990 iobuf_close(inp); inp = NULL;
992 if( opt.verbose )
993 putc( '\n', stderr );
995 else {
996 /* read, so that the filter can calculate the digest */
997 while( iobuf_get(inp) != -1 )
1001 else {
1002 rc = write_plaintext_packet (out, inp, fname,
1003 opt.textmode && !outfile ? 't':'b');
1006 /* catch errors from above */
1007 if (rc)
1008 goto leave;
1010 /* write the signatures */
1011 rc = write_signature_packets (sk_list, out, mfx.md,
1012 opt.textmode && !outfile? 0x01 : 0x00,
1013 0, duration, detached ? 'D':'S');
1014 if( rc )
1015 goto leave;
1018 leave:
1019 if( rc )
1020 iobuf_cancel(out);
1021 else {
1022 iobuf_close(out);
1023 if (encryptflag)
1024 write_status( STATUS_END_ENCRYPTION );
1026 iobuf_close(inp);
1027 gcry_md_close ( mfx.md );
1028 release_sk_list( sk_list );
1029 release_pk_list( pk_list );
1030 recipient_digest_algo=0;
1031 release_progress_context (pfx);
1032 release_armor_context (afx);
1033 return rc;
1038 /****************
1039 * make a clear signature. note that opt.armor is not needed
1042 clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
1044 armor_filter_context_t *afx;
1045 progress_filter_context_t *pfx;
1046 gcry_md_hd_t textmd = NULL;
1047 IOBUF inp = NULL, out = NULL;
1048 PACKET pkt;
1049 int rc = 0;
1050 SK_LIST sk_list = NULL;
1051 SK_LIST sk_rover = NULL;
1052 int old_style = RFC1991;
1053 int only_md5 = 0;
1054 u32 duration=0;
1056 pfx = new_progress_context ();
1057 afx = new_armor_context ();
1058 init_packet( &pkt );
1060 if(!opt.force_v3_sigs && !RFC1991)
1062 if(opt.ask_sig_expire && !opt.batch)
1063 duration=ask_expire_interval(1,opt.def_sig_expire);
1064 else
1065 duration=parse_expire_string(opt.def_sig_expire);
1068 if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
1069 goto leave;
1071 if( !old_style && !duration )
1072 old_style = only_old_style( sk_list );
1074 if(PGP2 && !only_old_style(sk_list))
1076 log_info(_("you can only clearsign with PGP 2.x style keys "
1077 "while in --pgp2 mode\n"));
1078 compliance_failure();
1081 /* prepare iobufs */
1082 inp = iobuf_open(fname);
1083 if (inp && is_secured_file (iobuf_get_fd (inp)))
1085 iobuf_close (inp);
1086 inp = NULL;
1087 errno = EPERM;
1089 if( !inp ) {
1090 rc = gpg_error_from_syserror ();
1091 log_error (_("can't open `%s': %s\n"),
1092 fname? fname: "[stdin]", strerror(errno) );
1093 goto leave;
1095 handle_progress (pfx, inp, fname);
1097 if( outfile ) {
1098 if (is_secured_filename (outfile) ) {
1099 outfile = NULL;
1100 errno = EPERM;
1102 else
1103 out = iobuf_create( outfile );
1104 if( !out )
1106 rc = gpg_error_from_syserror ();
1107 log_error(_("can't create `%s': %s\n"), outfile, strerror(errno) );
1108 goto leave;
1110 else if( opt.verbose )
1111 log_info(_("writing to `%s'\n"), outfile );
1113 else if( (rc = open_outfile( fname, 1, &out )) )
1114 goto leave;
1116 iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
1118 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1119 PKT_secret_key *sk = sk_rover->sk;
1120 if( hash_for(sk) == DIGEST_ALGO_MD5 )
1121 only_md5 = 1;
1122 else {
1123 only_md5 = 0;
1124 break;
1128 if( !(old_style && only_md5) ) {
1129 const char *s;
1130 int any = 0;
1131 byte hashs_seen[256];
1133 memset( hashs_seen, 0, sizeof hashs_seen );
1134 iobuf_writestr(out, "Hash: " );
1135 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1136 PKT_secret_key *sk = sk_rover->sk;
1137 int i = hash_for(sk);
1139 if( !hashs_seen[ i & 0xff ] ) {
1140 s = gcry_md_algo_name ( i );
1141 if( s ) {
1142 hashs_seen[ i & 0xff ] = 1;
1143 if( any )
1144 iobuf_put(out, ',' );
1145 iobuf_writestr(out, s );
1146 any = 1;
1150 assert(any);
1151 iobuf_writestr(out, LF );
1154 if( opt.not_dash_escaped )
1155 iobuf_writestr( out,
1156 "NotDashEscaped: You need GnuPG to verify this message" LF );
1157 iobuf_writestr(out, LF );
1159 if ( gcry_md_open (&textmd, 0, 0) )
1160 BUG ();
1161 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
1162 PKT_secret_key *sk = sk_rover->sk;
1163 gcry_md_enable (textmd, hash_for(sk));
1165 if ( DBG_HASHING )
1166 gcry_md_start_debug ( textmd, "clearsign" );
1168 copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
1169 opt.escape_from, (old_style && only_md5) );
1170 /* fixme: check for read errors */
1172 /* now write the armor */
1173 afx->what = 2;
1174 push_armor_filter (afx, out);
1176 /* write the signatures */
1177 rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C');
1178 if( rc )
1179 goto leave;
1181 leave:
1182 if( rc )
1183 iobuf_cancel(out);
1184 else
1185 iobuf_close(out);
1186 iobuf_close(inp);
1187 gcry_md_close ( textmd );
1188 release_sk_list( sk_list );
1189 release_progress_context (pfx);
1190 release_armor_context (afx);
1191 return rc;
1195 * Sign and conventionally encrypt the given file.
1196 * FIXME: Far too much code is duplicated - revamp the whole file.
1199 sign_symencrypt_file (const char *fname, strlist_t locusr)
1201 armor_filter_context_t *afx;
1202 progress_filter_context_t *pfx;
1203 compress_filter_context_t zfx;
1204 md_filter_context_t mfx;
1205 text_filter_context_t tfx;
1206 cipher_filter_context_t cfx;
1207 IOBUF inp = NULL, out = NULL;
1208 PACKET pkt;
1209 STRING2KEY *s2k = NULL;
1210 int rc = 0;
1211 SK_LIST sk_list = NULL;
1212 SK_LIST sk_rover = NULL;
1213 int algo;
1214 u32 duration=0;
1215 int canceled;
1217 pfx = new_progress_context ();
1218 afx = new_armor_context ();
1219 memset( &zfx, 0, sizeof zfx);
1220 memset( &mfx, 0, sizeof mfx);
1221 memset( &tfx, 0, sizeof tfx);
1222 memset( &cfx, 0, sizeof cfx);
1223 init_packet( &pkt );
1225 if(!opt.force_v3_sigs && !RFC1991)
1227 if(opt.ask_sig_expire && !opt.batch)
1228 duration=ask_expire_interval(1,opt.def_sig_expire);
1229 else
1230 duration=parse_expire_string(opt.def_sig_expire);
1233 rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
1234 if (rc)
1235 goto leave;
1237 /* prepare iobufs */
1238 inp = iobuf_open(fname);
1239 if (inp && is_secured_file (iobuf_get_fd (inp)))
1241 iobuf_close (inp);
1242 inp = NULL;
1243 errno = EPERM;
1245 if( !inp ) {
1246 rc = gpg_error_from_syserror ();
1247 log_error (_("can't open `%s': %s\n"),
1248 fname? fname: "[stdin]", strerror(errno) );
1249 goto leave;
1251 handle_progress (pfx, inp, fname);
1253 /* prepare key */
1254 s2k = xmalloc_clear( sizeof *s2k );
1255 s2k->mode = RFC1991? 0:opt.s2k_mode;
1256 s2k->hash_algo = S2K_DIGEST_ALGO;
1258 algo = default_cipher_algo();
1259 if (!opt.quiet || !opt.batch)
1260 log_info (_("%s encryption will be used\n"),
1261 openpgp_cipher_algo_name (algo) );
1262 cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, &canceled);
1264 if (!cfx.dek || !cfx.dek->keylen) {
1265 rc = gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
1266 log_error(_("error creating passphrase: %s\n"), gpg_strerror (rc) );
1267 goto leave;
1270 /* We have no way to tell if the recipient can handle messages
1271 with an MDC, so this defaults to no. Perhaps in a few years,
1272 this can be defaulted to yes. Note that like regular
1273 encrypting, --force-mdc overrides --disable-mdc. */
1274 if(opt.force_mdc)
1275 cfx.dek->use_mdc=1;
1277 /* now create the outfile */
1278 rc = open_outfile (fname, opt.armor? 1:0, &out);
1279 if (rc)
1280 goto leave;
1282 /* prepare to calculate the MD over the input */
1283 if (opt.textmode)
1284 iobuf_push_filter (inp, text_filter, &tfx);
1285 if ( gcry_md_open (&mfx.md, 0, 0) )
1286 BUG ();
1287 if ( DBG_HASHING )
1288 gcry_md_start_debug (mfx.md, "symc-sign");
1290 for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
1291 PKT_secret_key *sk = sk_rover->sk;
1292 gcry_md_enable (mfx.md, hash_for (sk));
1295 iobuf_push_filter (inp, md_filter, &mfx);
1297 /* Push armor output filter */
1298 if (opt.armor)
1299 push_armor_filter (afx, out);
1301 /* Write the symmetric key packet */
1302 /*(current filters: armor)*/
1303 if (!RFC1991) {
1304 PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
1305 enc->version = 4;
1306 enc->cipher_algo = cfx.dek->algo;
1307 enc->s2k = *s2k;
1308 pkt.pkttype = PKT_SYMKEY_ENC;
1309 pkt.pkt.symkey_enc = enc;
1310 if( (rc = build_packet( out, &pkt )) )
1311 log_error("build symkey packet failed: %s\n", g10_errstr(rc) );
1312 xfree(enc);
1315 /* Push the encryption filter */
1316 iobuf_push_filter( out, cipher_filter, &cfx );
1318 /* Push the compress filter */
1319 if (default_compress_algo())
1320 push_compress_filter(out,&zfx,default_compress_algo());
1322 /* Write the one-pass signature packets */
1323 /*(current filters: zip - encrypt - armor)*/
1324 if (!RFC1991) {
1325 rc = write_onepass_sig_packets (sk_list, out,
1326 opt.textmode? 0x01:0x00);
1327 if (rc)
1328 goto leave;
1331 write_status_begin_signing (mfx.md);
1333 /* Pipe data through all filters; i.e. write the signed stuff */
1334 /*(current filters: zip - encrypt - armor)*/
1335 rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
1336 if (rc)
1337 goto leave;
1339 /* Write the signatures */
1340 /*(current filters: zip - encrypt - armor)*/
1341 rc = write_signature_packets (sk_list, out, mfx.md,
1342 opt.textmode? 0x01 : 0x00,
1343 0, duration, 'S');
1344 if( rc )
1345 goto leave;
1348 leave:
1349 if( rc )
1350 iobuf_cancel(out);
1351 else {
1352 iobuf_close(out);
1353 write_status( STATUS_END_ENCRYPTION );
1355 iobuf_close(inp);
1356 release_sk_list( sk_list );
1357 gcry_md_close( mfx.md );
1358 xfree(cfx.dek);
1359 xfree(s2k);
1360 release_progress_context (pfx);
1361 release_armor_context (afx);
1362 return rc;
1366 /****************
1367 * Create a signature packet for the given public key certificate and
1368 * the user id and return it in ret_sig. User signature class SIGCLASS
1369 * user-id is not used (and may be NULL if sigclass is 0x20) If
1370 * DIGEST_ALGO is 0 the function selects an appropriate one.
1371 * SIGVERSION gives the minimal required signature packet version;
1372 * this is needed so that special properties like local sign are not
1373 * applied (actually: dropped) when a v3 key is used. TIMESTAMP is
1374 * the timestamp to use for the signature. 0 means "now" */
1376 make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
1377 PKT_user_id *uid, PKT_public_key *subpk,
1378 PKT_secret_key *sk,
1379 int sigclass, int digest_algo,
1380 int sigversion, u32 timestamp, u32 duration,
1381 int (*mksubpkt)(PKT_signature *, void *), void *opaque
1384 PKT_signature *sig;
1385 int rc=0;
1386 gcry_md_hd_t md;
1388 assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
1389 || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
1390 || sigclass == 0x30 || sigclass == 0x28 );
1392 if (opt.force_v4_certs)
1393 sigversion = 4;
1395 if (sigversion < sk->version)
1396 sigversion = sk->version;
1398 /* If you are making a signature on a v4 key using your v3 key, it
1399 doesn't make sense to generate a v3 sig. After all, no v3-only
1400 PGP implementation could understand the v4 key in the first
1401 place. Note that this implies that a signature on an attribute
1402 uid is usually going to be v4 as well, since they are not
1403 generally found on v3 keys. */
1404 if (sigversion < pk->version)
1405 sigversion = pk->version;
1407 if( !digest_algo )
1409 /* Basically, this means use SHA1 always unless it's a v3 RSA
1410 key making a v3 cert (use MD5), or the user specified
1411 something (use whatever they said), or it's DSA (use the
1412 best match). They still can't pick an inappropriate hash
1413 for DSA or the signature will fail. Note that this still
1414 allows the caller of make_keysig_packet to override the
1415 user setting if it must. */
1417 if(opt.cert_digest_algo)
1418 digest_algo=opt.cert_digest_algo;
1419 else if(sk->pubkey_algo==PUBKEY_ALGO_RSA
1420 && pk->version<4 && sigversion<4)
1421 digest_algo = DIGEST_ALGO_MD5;
1422 else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
1423 digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
1424 else
1425 digest_algo = DIGEST_ALGO_SHA1;
1428 if ( gcry_md_open (&md, digest_algo, 0 ) )
1429 BUG ();
1431 /* Hash the public key certificate. */
1432 hash_public_key( md, pk );
1434 if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 )
1436 /* hash the subkey binding/backsig/revocation */
1437 hash_public_key( md, subpk );
1439 else if( sigclass != 0x1F && sigclass != 0x20 )
1441 /* hash the user id */
1442 hash_uid (md, sigversion, uid);
1444 /* and make the signature packet */
1445 sig = xmalloc_clear( sizeof *sig );
1446 sig->version = sigversion;
1447 sig->flags.exportable=1;
1448 sig->flags.revocable=1;
1449 keyid_from_sk( sk, sig->keyid );
1450 sig->pubkey_algo = sk->pubkey_algo;
1451 sig->digest_algo = digest_algo;
1452 if(timestamp)
1453 sig->timestamp=timestamp;
1454 else
1455 sig->timestamp=make_timestamp();
1456 if(duration)
1457 sig->expiredate=sig->timestamp+duration;
1458 sig->sig_class = sigclass;
1459 if( sig->version >= 4 )
1461 build_sig_subpkt_from_sig( sig );
1462 mk_notation_policy_etc( sig, pk, sk );
1465 /* Crucial that the call to mksubpkt comes LAST before the calls
1466 to finalize the sig as that makes it possible for the mksubpkt
1467 function to get a reliable pointer to the subpacket area. */
1468 if( sig->version >= 4 && mksubpkt )
1469 rc = (*mksubpkt)( sig, opaque );
1471 if( !rc ) {
1472 hash_sigversion_to_magic (md, sig);
1473 gcry_md_final (md);
1475 rc = complete_sig( sig, sk, md );
1478 gcry_md_close ( md );
1479 if( rc )
1480 free_seckey_enc( sig );
1481 else
1482 *ret_sig = sig;
1483 return rc;
1488 /****************
1489 * Create a new signature packet based on an existing one.
1490 * Only user ID signatures are supported for now.
1491 * TODO: Merge this with make_keysig_packet.
1494 update_keysig_packet( PKT_signature **ret_sig,
1495 PKT_signature *orig_sig,
1496 PKT_public_key *pk,
1497 PKT_user_id *uid,
1498 PKT_public_key *subpk,
1499 PKT_secret_key *sk,
1500 int (*mksubpkt)(PKT_signature *, void *),
1501 void *opaque )
1503 PKT_signature *sig;
1504 int rc=0;
1505 gcry_md_hd_t md;
1507 if ((!orig_sig || !pk || !sk)
1508 || (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
1509 || (orig_sig->sig_class == 0x18 && !subpk))
1510 return G10ERR_GENERAL;
1512 if ( gcry_md_open (&md, orig_sig->digest_algo, 0 ) )
1513 BUG ();
1515 /* Hash the public key certificate and the user id. */
1516 hash_public_key( md, pk );
1518 if( orig_sig->sig_class == 0x18 )
1519 hash_public_key( md, subpk );
1520 else
1521 hash_uid (md, orig_sig->version, uid);
1523 /* create a new signature packet */
1524 sig = copy_signature (NULL, orig_sig);
1526 /* We need to create a new timestamp so that new sig expiration
1527 calculations are done correctly... */
1528 sig->timestamp=make_timestamp();
1530 /* ... but we won't make a timestamp earlier than the existing
1531 one. */
1532 while(sig->timestamp<=orig_sig->timestamp)
1534 gnupg_sleep (1);
1535 sig->timestamp=make_timestamp();
1538 /* Note that already expired sigs will remain expired (with a
1539 duration of 1) since build-packet.c:build_sig_subpkt_from_sig
1540 detects this case. */
1542 if( sig->version >= 4 )
1544 /* Put the updated timestamp into the sig. Note that this
1545 will automagically lower any sig expiration dates to
1546 correctly correspond to the differences in the timestamps
1547 (i.e. the duration will shrink). */
1548 build_sig_subpkt_from_sig( sig );
1550 if (mksubpkt)
1551 rc = (*mksubpkt)(sig, opaque);
1554 if (!rc) {
1555 hash_sigversion_to_magic (md, sig);
1556 gcry_md_final (md);
1558 rc = complete_sig( sig, sk, md );
1561 gcry_md_close (md);
1562 if( rc )
1563 free_seckey_enc (sig);
1564 else
1565 *ret_sig = sig;
1566 return rc;