search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for bug 797.
[gnupg.git] / g10 / mainproc.c
blob4e76ab34d42770481f93ad230463a02609c7f1bd
1 /* mainproc.c - handle packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
20 * USA.
21 */
22
23 #include <config.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <assert.h>
28 #include <time.h>
29
30 #include "gpg.h"
31 #include "packet.h"
32 #include "iobuf.h"
33 #include "options.h"
34 #include "util.h"
35 #include "cipher.h"
36 #include "keydb.h"
37 #include "filter.h"
38 #include "main.h"
39 #include "status.h"
40 #include "i18n.h"
41 #include "trustdb.h"
42 #include "keyserver-internal.h"
43 #include "photoid.h"
44 #include "pka.h"
45
46
47 struct kidlist_item {
48 struct kidlist_item *next;
49 u32 kid[2];
50 int pubkey_algo;
51 int reason;
52 };
53
54
55 /****************
56 * Structure to hold the context
57 */
58 typedef struct mainproc_context *CTX;
59 struct mainproc_context
60 {
61 struct mainproc_context *anchor; /* May be useful in the future. */
62 PKT_public_key *last_pubkey;
63 PKT_secret_key *last_seckey;
64 PKT_user_id *last_user_id;
65 md_filter_context_t mfx;
66 int sigs_only; /* Process only signatures and reject all other stuff. */
67 int encrypt_only; /* Process only encryption messages. */
68
69 /* Name of the file with the complete signature or the file with the
70 detached signature. This is currently only used to deduce the
71 file name of the data file if that has not been given. */
72 const char *sigfilename;
73
74 /* A structure to describe the signed data in case of a detached
75 signature. */
76 struct
77 {
78 /* A file descriptor of the the signed data. Only used if not -1. */
79 int data_fd;
80 /* A list of filenames with the data files or NULL. This is only
81 used if DATA_FD is -1. */
82 strlist_t data_names;
83 /* Flag to indicated that either one of the next previous fieldss
84 is used. This is only needed for better readability. */
85 int used;
86 } signed_data;
87
88 DEK *dek;
89 int last_was_session_key;
90 KBNODE list; /* The current list of packets. */
91 int have_data;
92 IOBUF iobuf; /* Used to get the filename etc. */
93 int trustletter; /* Temporary usage in list_node. */
94 ulong symkeys;
95 struct kidlist_item *pkenc_list; /* List of encryption packets. */
96 int any_sig_seen; /* Set to true if a signature packet has been seen. */
97 };
98
99
100 static int do_proc_packets( CTX c, IOBUF a );
101 static void list_node( CTX c, KBNODE node );
102 static void proc_tree( CTX c, KBNODE node );
103 static int literals_seen;
104
105 void
106 reset_literals_seen(void)
107 {
108 literals_seen=0;
109 }
110
111 static void
112 release_list( CTX c )
113 {
114 if( !c->list )
115 return;
116 proc_tree(c, c->list );
117 release_kbnode( c->list );
118 while( c->pkenc_list ) {
119 struct kidlist_item *tmp = c->pkenc_list->next;
120 xfree( c->pkenc_list );
121 c->pkenc_list = tmp;
122 }
123 c->pkenc_list = NULL;
124 c->list = NULL;
125 c->have_data = 0;
126 c->last_was_session_key = 0;
127 xfree(c->dek); c->dek = NULL;
128 }
129
130
131 static int
132 add_onepass_sig( CTX c, PACKET *pkt )
133 {
134 KBNODE node;
135
136 if ( c->list ) /* add another packet */
137 add_kbnode( c->list, new_kbnode( pkt ));
138 else /* insert the first one */
139 c->list = node = new_kbnode( pkt );
140
141 return 1;
142 }
143
144
145 static int
146 add_gpg_control( CTX c, PACKET *pkt )
147 {
148 if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
149 /* New clear text signature.
150 * Process the last one and reset everything */
151 release_list(c);
152 }
153
154 if( c->list ) /* add another packet */
155 add_kbnode( c->list, new_kbnode( pkt ));
156 else /* insert the first one */
157 c->list = new_kbnode( pkt );
158
159 return 1;
160 }
161
162
163
164 static int
165 add_user_id( CTX c, PACKET *pkt )
166 {
167 if( !c->list ) {
168 log_error("orphaned user ID\n" );
169 return 0;
170 }
171 add_kbnode( c->list, new_kbnode( pkt ) );
172 return 1;
173 }
174
175 static int
176 add_subkey( CTX c, PACKET *pkt )
177 {
178 if( !c->list ) {
179 log_error("subkey w/o mainkey\n" );
180 return 0;
181 }
182 add_kbnode( c->list, new_kbnode( pkt ) );
183 return 1;
184 }
185
186 static int
187 add_ring_trust( CTX c, PACKET *pkt )
188 {
189 if( !c->list ) {
190 log_error("ring trust w/o key\n" );
191 return 0;
192 }
193 add_kbnode( c->list, new_kbnode( pkt ) );
194 return 1;
195 }
196
197
198 static int
199 add_signature( CTX c, PACKET *pkt )
200 {
201 KBNODE node;
202
203 c->any_sig_seen = 1;
204 if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
205 /* This is the first signature for the following datafile.
206 * GPG does not write such packets; instead it always uses
207 * onepass-sig packets. The drawback of PGP's method
208 * of prepending the signature to the data is
209 * that it is not possible to make a signature from data read
210 * from stdin. (GPG is able to read PGP stuff anyway.) */
211 node = new_kbnode( pkt );
212 c->list = node;
213 return 1;
214 }
215 else if( !c->list )
216 return 0; /* oops (invalid packet sequence)*/
217 else if( !c->list->pkt )
218 BUG(); /* so nicht */
219
220 /* add a new signature node id at the end */
221 node = new_kbnode( pkt );
222 add_kbnode( c->list, node );
223 return 1;
224 }
225
226 static int
227 symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
228 {
229 gcry_cipher_hd_t hd;
230
231 if(slen < 17 || slen > 33)
232 {
233 log_error ( _("weird size for an encrypted session key (%d)\n"),
234 (int)slen);
235 return G10ERR_BAD_KEY;
236 }
237
238 if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
239 BUG ();
240 if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
241 BUG ();
242 gcry_cipher_setiv ( hd, NULL, 0 );
243 gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
244 gcry_cipher_close ( hd );
245
246 /* Now we replace the dek components with the real session key to
247 decrypt the contents of the sequencing packet. */
248
249 dek->keylen=slen-1;
250 dek->algo=seskey[0];
251
252 if(dek->keylen > DIM(dek->key))
253 BUG ();
254
255 /* This is not completely accurate, since a bad passphrase may have
256 resulted in a garbage algorithm byte, but it's close enough since
257 a bogus byte here will fail later. */
258 if(dek->algo==CIPHER_ALGO_IDEA)
259 idea_cipher_warn(0);
260
261 memcpy(dek->key, seskey + 1, dek->keylen);
262
263 /*log_hexdump( "thekey", dek->key, dek->keylen );*/
264
265 return 0;
266 }
267
268 static void
269 proc_symkey_enc( CTX c, PACKET *pkt )
270 {
271 PKT_symkey_enc *enc;
272
273 enc = pkt->pkt.symkey_enc;
274 if (!enc)
275 log_error ("invalid symkey encrypted packet\n");
276 else if(!c->dek)
277 {
278 int algo = enc->cipher_algo;
279 const char *s = gcry_cipher_algo_name (algo);
280
281 if (!gcry_cipher_test_algo (algo))
282 {
283 if(!opt.quiet)
284 {
285 if(enc->seskeylen)
286 log_info(_("%s encrypted session key\n"), s );
287 else
288 log_info(_("%s encrypted data\n"), s );
289 }
290 }
291 else
292 log_error(_("encrypted with unknown algorithm %d\n"), algo );
293
294 if(openpgp_md_test_algo (enc->s2k.hash_algo))
295 {
296 log_error(_("passphrase generated with unknown digest"
297 " algorithm %d\n"),enc->s2k.hash_algo);
298 s=NULL;
299 }
300
301 c->last_was_session_key = 2;
302 if(!s || opt.list_only)
303 goto leave;
304
305 if(opt.override_session_key)
306 {
307 c->dek = xmalloc_clear( sizeof *c->dek );
308 if(get_override_session_key(c->dek, opt.override_session_key))
309 {
310 xfree(c->dek);
311 c->dek = NULL;
312 }
313 }
314 else
315 {
316 c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 0,
317 NULL, NULL);
318 if(c->dek)
319 {
320 c->dek->symmetric=1;
321
322 /* FIXME: This doesn't work perfectly if a symmetric
323 key comes before a public key in the message - if
324 the user doesn't know the passphrase, then there is
325 a chance that the "decrypted" algorithm will happen
326 to be a valid one, which will make the returned dek
327 appear valid, so we won't try any public keys that
328 come later. */
329 if(enc->seskeylen)
330 {
331 if(symkey_decrypt_seskey(c->dek, enc->seskey,
332 enc->seskeylen))
333 {
334 xfree(c->dek);
335 c->dek=NULL;
336 }
337 }
338 else
339 c->dek->algo_info_printed = 1;
340 }
341 }
342 }
343
344 leave:
345 c->symkeys++;
346 free_packet(pkt);
347 }
348
349 static void
350 proc_pubkey_enc( CTX c, PACKET *pkt )
351 {
352 PKT_pubkey_enc *enc;
353 int result = 0;
354
355 /* check whether the secret key is available and store in this case */
356 c->last_was_session_key = 1;
357 enc = pkt->pkt.pubkey_enc;
358 /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
359 /* Hmmm: why do I have this algo check here - anyway there is
360 * function to check it. */
361 if( opt.verbose )
362 log_info(_("public key is %s\n"), keystr(enc->keyid) );
363
364 if( is_status_enabled() ) {
365 char buf[50];
366 sprintf(buf, "%08lX%08lX %d 0",
367 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
368 write_status_text( STATUS_ENC_TO, buf );
369 }
370
371 if( !opt.list_only && opt.override_session_key ) {
372 /* It does not make much sense to store the session key in
373 * secure memory because it has already been passed on the
374 * command line and the GCHQ knows about it. */
375 c->dek = xmalloc_clear( sizeof *c->dek );
376 result = get_override_session_key ( c->dek, opt.override_session_key );
377 if ( result ) {
378 xfree(c->dek); c->dek = NULL;
379 }
380 }
381 else if( is_ELGAMAL(enc->pubkey_algo)
382 || enc->pubkey_algo == PUBKEY_ALGO_DSA
383 || is_RSA(enc->pubkey_algo) ) {
384 /* FIXME: strore this all in a list and process it later */
385
386 if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
387 || opt.try_all_secrets
388 || !seckey_available( enc->keyid )) ) {
389 if( opt.list_only )
390 result = -1;
391 else {
392 c->dek = xmalloc_secure_clear( sizeof *c->dek );
393 if( (result = get_session_key( enc, c->dek )) ) {
394 /* error: delete the DEK */
395 xfree(c->dek); c->dek = NULL;
396 }
397 }
398 }
399 else
400 result = G10ERR_NO_SECKEY;
401 }
402 else
403 result = G10ERR_PUBKEY_ALGO;
404
405 if( result == -1 )
406 ;
407 else
408 {
409 /* store it for later display */
410 struct kidlist_item *x = xmalloc( sizeof *x );
411 x->kid[0] = enc->keyid[0];
412 x->kid[1] = enc->keyid[1];
413 x->pubkey_algo = enc->pubkey_algo;
414 x->reason = result;
415 x->next = c->pkenc_list;
416 c->pkenc_list = x;
417
418 if( !result && opt.verbose > 1 )
419 log_info( _("public key encrypted data: good DEK\n") );
420 }
421
422 free_packet(pkt);
423 }
424
425
426
427 /****************
428 * Print the list of public key encrypted packets which we could
429 * not decrypt.
430 */
431 static void
432 print_pkenc_list( struct kidlist_item *list, int failed )
433 {
434 for( ; list; list = list->next ) {
435 PKT_public_key *pk;
436 const char *algstr;
437
438 if ( failed && !list->reason )
439 continue;
440 if ( !failed && list->reason )
441 continue;
442
443 algstr = gcry_pk_algo_name ( list->pubkey_algo );
444 pk = xmalloc_clear( sizeof *pk );
445
446 if( !algstr )
447 algstr = "[?]";
448 pk->pubkey_algo = list->pubkey_algo;
449 if( !get_pubkey( pk, list->kid ) )
450 {
451 char *p;
452 log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
453 nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
454 strtimestamp(pk->timestamp) );
455 p=get_user_id_native(list->kid);
456 log_printf (_(" \"%s\"\n"),p);
457 xfree(p);
458 }
459 else
460 log_info(_("encrypted with %s key, ID %s\n"),
461 algstr,keystr(list->kid));
462
463 free_public_key( pk );
464
465 if( list->reason == G10ERR_NO_SECKEY ) {
466 if( is_status_enabled() ) {
467 char buf[20];
468 sprintf(buf,"%08lX%08lX", (ulong)list->kid[0],
469 (ulong)list->kid[1] );
470 write_status_text( STATUS_NO_SECKEY, buf );
471 }
472 }
473 else if (list->reason)
474 log_info(_("public key decryption failed: %s\n"),
475 g10_errstr(list->reason));
476 }
477 }
478
479
480 static void
481 proc_encrypted( CTX c, PACKET *pkt )
482 {
483 int result = 0;
484
485 if (!opt.quiet)
486 {
487 if(c->symkeys>1)
488 log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
489 else if(c->symkeys==1)
490 log_info(_("encrypted with 1 passphrase\n"));
491 print_pkenc_list ( c->pkenc_list, 1 );
492 print_pkenc_list ( c->pkenc_list, 0 );
493 }
494
495 /* FIXME: Figure out the session key by looking at all pkenc packets. */
496
497
498 write_status( STATUS_BEGIN_DECRYPTION );
499
500 /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
501 if( opt.list_only )
502 result = -1;
503 else if( !c->dek && !c->last_was_session_key ) {
504 int algo;
505 STRING2KEY s2kbuf, *s2k = NULL;
506
507 if(opt.override_session_key)
508 {
509 c->dek = xmalloc_clear( sizeof *c->dek );
510 result=get_override_session_key(c->dek, opt.override_session_key);
511 if(result)
512 {
513 xfree(c->dek);
514 c->dek = NULL;
515 }
516 }
517 else
518 {
519 /* Assume this is old style conventional encrypted data. */
520 algo = opt.def_cipher_algo;
521 if ( algo )
522 log_info (_("assuming %s encrypted data\n"),
523 gcry_cipher_algo_name (algo));
524 else if ( gcry_cipher_test_algo (CIPHER_ALGO_IDEA) )
525 {
526 algo = opt.def_cipher_algo;
527 if (!algo)
528 algo = opt.s2k_cipher_algo;
529 idea_cipher_warn(1);
530 log_info (_("IDEA cipher unavailable, "
531 "optimistically attempting to use %s instead\n"),
532 gcry_cipher_algo_name (algo));
533 }
534 else
535 {
536 algo = CIPHER_ALGO_IDEA;
537 if (!opt.s2k_digest_algo)
538 {
539 /* If no digest is given we assume MD5 */
540 s2kbuf.mode = 0;
541 s2kbuf.hash_algo = DIGEST_ALGO_MD5;
542 s2k = &s2kbuf;
543 }
544 log_info (_("assuming %s encrypted data\n"), "IDEA");
545 }
546
547 c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
548 if (c->dek)
549 c->dek->algo_info_printed = 1;
550 }
551 }
552 else if( !c->dek )
553 result = G10ERR_NO_SECKEY;
554 if( !result )
555 result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
556
557 if( result == -1 )
558 ;
559 else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
560 && opt.ignore_mdc_error)) {
561 write_status( STATUS_DECRYPTION_OKAY );
562 if( opt.verbose > 1 )
563 log_info(_("decryption okay\n"));
564 if( pkt->pkt.encrypted->mdc_method && !result )
565 write_status( STATUS_GOODMDC );
566 else if(!opt.no_mdc_warn)
567 log_info (_("WARNING: message was not integrity protected\n"));
568 if(opt.show_session_key)
569 {
570 int i;
571 char *buf = xmalloc ( c->dek->keylen*2 + 20 );
572 sprintf ( buf, "%d:", c->dek->algo );
573 for(i=0; i < c->dek->keylen; i++ )
574 sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
575 log_info( "session key: `%s'\n", buf );
576 write_status_text ( STATUS_SESSION_KEY, buf );
577 }
578 }
579 else if( result == G10ERR_BAD_SIGN ) {
580 log_error(_("WARNING: encrypted message has been manipulated!\n"));
581 write_status( STATUS_BADMDC );
582 write_status( STATUS_DECRYPTION_FAILED );
583 }
584 else {
585 write_status( STATUS_DECRYPTION_FAILED );
586 log_error(_("decryption failed: %s\n"), g10_errstr(result));
587 /* Hmmm: does this work when we have encrypted using multiple
588 * ways to specify the session key (symmmetric and PK)*/
589 }
590 xfree(c->dek); c->dek = NULL;
591 free_packet(pkt);
592 c->last_was_session_key = 0;
593 write_status( STATUS_END_DECRYPTION );
594 }
595
596
597 static void
598 proc_plaintext( CTX c, PACKET *pkt )
599 {
600 PKT_plaintext *pt = pkt->pkt.plaintext;
601 int any, clearsig, only_md5, rc;
602 KBNODE n;
603
604 literals_seen++;
605
606 if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
607 log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
608 else if( opt.verbose )
609 log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
610 free_md_filter_context( &c->mfx );
611 if (gcry_md_open (&c->mfx.md, 0, 0))
612 BUG ();
613 /* fixme: we may need to push the textfilter if we have sigclass 1
614 * and no armoring - Not yet tested
615 * Hmmm, why don't we need it at all if we have sigclass 1
616 * Should we assume that plaintext in mode 't' has always sigclass 1??
617 * See: Russ Allbery's mail 1999-02-09
618 */
619 any = clearsig = only_md5 = 0;
620 for(n=c->list; n; n = n->next )
621 {
622 if( n->pkt->pkttype == PKT_ONEPASS_SIG )
623 {
624 /* For the onepass signature case */
625 if( n->pkt->pkt.onepass_sig->digest_algo )
626 {
627 gcry_md_enable (c->mfx.md,
628 n->pkt->pkt.onepass_sig->digest_algo);
629 if( !any && n->pkt->pkt.onepass_sig->digest_algo
630 == DIGEST_ALGO_MD5 )
631 only_md5 = 1;
632 else
633 only_md5 = 0;
634 any = 1;
635 }
636 if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
637 only_md5 = 0;
638 }
639 else if( n->pkt->pkttype == PKT_GPG_CONTROL
640 && n->pkt->pkt.gpg_control->control
641 == CTRLPKT_CLEARSIGN_START )
642 {
643 /* For the clearsigned message case */
644 size_t datalen = n->pkt->pkt.gpg_control->datalen;
645 const byte *data = n->pkt->pkt.gpg_control->data;
646
647 /* check that we have at least the sigclass and one hash */
648 if ( datalen < 2 )
649 log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
650 /* Note that we don't set the clearsig flag for not-dash-escaped
651 * documents */
652 clearsig = (*data == 0x01);
653 for( data++, datalen--; datalen; datalen--, data++ )
654 gcry_md_enable (c->mfx.md, *data);
655 any = 1;
656 break; /* Stop here as one-pass signature packets are not
657 expected. */
658 }
659 else if(n->pkt->pkttype==PKT_SIGNATURE)
660 {
661 /* For the SIG+LITERAL case that PGP used to use. */
662 gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
663 any=1;
664 }
665 }
666
667 if( !any && !opt.skip_verify )
668 {
669 /* This is for the old GPG LITERAL+SIG case. It's not legal
670 according to 2440, so hopefully it won't come up that
671 often. There is no good way to specify what algorithms to
672 use in that case, so these three are the historical
673 answer. */
674 gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
675 gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
676 gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
677 }
678 if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
679 /* This is a kludge to work around a bug in pgp2. It does only
680 * catch those mails which are armored. To catch the non-armored
681 * pgp mails we could see whether there is the signature packet
682 * in front of the plaintext. If someone needs this, send me a patch.
683 */
684 if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
685 BUG ();
686 }
687 if ( DBG_HASHING ) {
688 gcry_md_start_debug ( c->mfx.md, "verify" );
689 if ( c->mfx.md2 )
690 gcry_md_start_debug ( c->mfx.md2, "verify2" );
691 }
692
693 rc=0;
694
695 if (literals_seen>1)
696 {
697 log_info (_("WARNING: multiple plaintexts seen\n"));
698
699 if (!opt.flags.allow_multiple_messages)
700 {
701 write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
702 log_inc_errorcount ();
703 rc = gpg_error (GPG_ERR_UNEXPECTED);
704 }
705 }
706
707 if(!rc)
708 {
709 rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
710 if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
711 {
712 /* Can't write output but we hash it anyway to check the
713 signature. */
714 rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
715 }
716 }
717
718 if( rc )
719 log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
720 free_packet(pkt);
721 c->last_was_session_key = 0;
722
723 /* We add a marker control packet instead of the plaintext packet.
724 * This is so that we can later detect invalid packet sequences.
725 */
726 n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
727 if (c->list)
728 add_kbnode (c->list, n);
729 else
730 c->list = n;
731 }
732
733
734 static int
735 proc_compressed_cb( IOBUF a, void *info )
736 {
737 if ( ((CTX)info)->signed_data.used
738 && ((CTX)info)->signed_data.data_fd != -1)
739 return proc_signature_packets_by_fd (info, a,
740 ((CTX)info)->signed_data.data_fd);
741 else
742 return proc_signature_packets (info, a,
743 ((CTX)info)->signed_data.data_names,
744 ((CTX)info)->sigfilename );
745 }
746
747 static int
748 proc_encrypt_cb( IOBUF a, void *info )
749 {
750 return proc_encryption_packets( info, a );
751 }
752
753 static void
754 proc_compressed( CTX c, PACKET *pkt )
755 {
756 PKT_compressed *zd = pkt->pkt.compressed;
757 int rc;
758
759 /*printf("zip: compressed data packet\n");*/
760 if( !zd->algorithm )
761 rc=G10ERR_COMPR_ALGO;
762 else if( c->sigs_only )
763 rc = handle_compressed( c, zd, proc_compressed_cb, c );
764 else if( c->encrypt_only )
765 rc = handle_compressed( c, zd, proc_encrypt_cb, c );
766 else
767 rc = handle_compressed( c, zd, NULL, NULL );
768 if( rc )
769 log_error("uncompressing failed: %s\n", g10_errstr(rc));
770 free_packet(pkt);
771 c->last_was_session_key = 0;
772 }
773
774 /****************
775 * check the signature
776 * Returns: 0 = valid signature or an error code
777 */
778 static int
779 do_check_sig( CTX c, KBNODE node, int *is_selfsig,
780 int *is_expkey, int *is_revkey )
781 {
782 PKT_signature *sig;
783 gcry_md_hd_t md = NULL, md2 = NULL;
784 int algo, rc;
785
786 assert( node->pkt->pkttype == PKT_SIGNATURE );
787 if( is_selfsig )
788 *is_selfsig = 0;
789 sig = node->pkt->pkt.signature;
790
791 algo = sig->digest_algo;
792 rc = openpgp_md_test_algo(algo);
793 if (rc)
794 return rc;
795
796 if( sig->sig_class == 0x00 ) {
797 if( c->mfx.md )
798 {
799 if (gcry_md_copy (&md, c->mfx.md ))
800 BUG ();
801 }
802 else /* detached signature */
803 {
804 /* signature_check() will enable the md*/
805 if (gcry_md_open (&md, 0, 0 ))
806 BUG ();
807 }
808 }
809 else if( sig->sig_class == 0x01 ) {
810 /* how do we know that we have to hash the (already hashed) text
811 * in canonical mode ??? (calculating both modes???) */
812 if( c->mfx.md ) {
813 if (gcry_md_copy (&md, c->mfx.md ))
814 BUG ();
815 if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
816 BUG ();
817 }
818 else { /* detached signature */
819 log_debug("Do we really need this here?");
820 /* signature_check() will enable the md*/
821 if (gcry_md_open (&md, 0, 0 ))
822 BUG ();
823 if (gcry_md_open (&md2, 0, 0 ))
824 BUG ();
825 }
826 }
827 else if( (sig->sig_class&~3) == 0x10
828 || sig->sig_class == 0x18
829 || sig->sig_class == 0x1f
830 || sig->sig_class == 0x20
831 || sig->sig_class == 0x28
832 || sig->sig_class == 0x30 ) {
833 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
834 || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
835 return check_key_signature( c->list, node, is_selfsig );
836 }
837 else if( sig->sig_class == 0x20 ) {
838 log_error (_("standalone revocation - "
839 "use \"gpg --import\" to apply\n"));
840 return G10ERR_NOT_PROCESSED;
841 }
842 else {
843 log_error("invalid root packet for sigclass %02x\n",
844 sig->sig_class);
845 return G10ERR_SIG_CLASS;
846 }
847 }
848 else
849 return G10ERR_SIG_CLASS;
850 rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
851 if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
852 rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
853 gcry_md_close(md);
854 gcry_md_close(md2);
855
856 return rc;
857 }
858
859
860 static void
861 print_userid( PACKET *pkt )
862 {
863 if( !pkt )
864 BUG();
865 if( pkt->pkttype != PKT_USER_ID ) {
866 printf("ERROR: unexpected packet type %d", pkt->pkttype );
867 return;
868 }
869 if( opt.with_colons )
870 {
871 if(pkt->pkt.user_id->attrib_data)
872 printf("%u %lu",
873 pkt->pkt.user_id->numattribs,
874 pkt->pkt.user_id->attrib_len);
875 else
876 print_string( stdout, pkt->pkt.user_id->name,
877 pkt->pkt.user_id->len, ':');
878 }
879 else
880 print_utf8_string( stdout, pkt->pkt.user_id->name,
881 pkt->pkt.user_id->len );
882 }
883
884
885 /****************
886 * List the certificate in a user friendly way
887 */
888
889 static void
890 list_node( CTX c, KBNODE node )
891 {
892 int any=0;
893 int mainkey;
894
895 if( !node )
896 ;
897 else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
898 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
899 PKT_public_key *pk = node->pkt->pkt.public_key;
900
901 if( opt.with_colons )
902 {
903 u32 keyid[2];
904 keyid_from_pk( pk, keyid );
905 if( mainkey )
906 c->trustletter = opt.fast_list_mode?
907 0 : get_validity_info( pk, NULL );
908 printf("%s:", mainkey? "pub":"sub" );
909 if( c->trustletter )
910 putchar( c->trustletter );
911 printf(":%u:%d:%08lX%08lX:%s:%s::",
912 nbits_from_pk( pk ),
913 pk->pubkey_algo,
914 (ulong)keyid[0],(ulong)keyid[1],
915 colon_datestr_from_pk( pk ),
916 colon_strtime (pk->expiredate) );
917 if( mainkey && !opt.fast_list_mode )
918 putchar( get_ownertrust_info (pk) );
919 putchar(':');
920 if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
921 putchar('\n'); any=1;
922 if( opt.fingerprint )
923 print_fingerprint( pk, NULL, 0 );
924 printf("rtv:1:%u:\n",
925 node->next->pkt->pkt.ring_trust->trustval );
926 }
927 }
928 else
929 printf("%s %4u%c/%s %s%s",
930 mainkey? "pub":"sub", nbits_from_pk( pk ),
931 pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
932 datestr_from_pk( pk ), mainkey?" ":"");
933
934 if( mainkey ) {
935 /* and now list all userids with their signatures */
936 for( node = node->next; node; node = node->next ) {
937 if( node->pkt->pkttype == PKT_SIGNATURE ) {
938 if( !any ) {
939 if( node->pkt->pkt.signature->sig_class == 0x20 )
940 puts("[revoked]");
941 else
942 putchar('\n');
943 any = 1;
944 }
945 list_node(c, node );
946 }
947 else if( node->pkt->pkttype == PKT_USER_ID ) {
948 if( any ) {
949 if( opt.with_colons )
950 printf("%s:::::::::",
951 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
952 else
953 printf( "uid%*s", 28, "" );
954 }
955 print_userid( node->pkt );
956 if( opt.with_colons )
957 putchar(':');
958 putchar('\n');
959 if( opt.fingerprint && !any )
960 print_fingerprint( pk, NULL, 0 );
961 if( opt.with_colons
962 && node->next
963 && node->next->pkt->pkttype == PKT_RING_TRUST ) {
964 printf("rtv:2:%u:\n",
965 node->next->pkt->pkt.ring_trust?
966 node->next->pkt->pkt.ring_trust->trustval : 0);
967 }
968 any=1;
969 }
970 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
971 if( !any ) {
972 putchar('\n');
973 any = 1;
974 }
975 list_node(c, node );
976 }
977 }
978 }
979 else
980 {
981 /* of subkey */
982 if( pk->is_revoked )
983 {
984 printf(" [");
985 printf(_("revoked: %s"),revokestr_from_pk(pk));
986 printf("]");
987 }
988 else if( pk->expiredate )
989 {
990 printf(" [");
991 printf(_("expires: %s"),expirestr_from_pk(pk));
992 printf("]");
993 }
994 }
995
996 if( !any )
997 putchar('\n');
998 if( !mainkey && opt.fingerprint > 1 )
999 print_fingerprint( pk, NULL, 0 );
1000 }
1001 else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1002 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1003 PKT_secret_key *sk = node->pkt->pkt.secret_key;
1004
1005 if( opt.with_colons )
1006 {
1007 u32 keyid[2];
1008 keyid_from_sk( sk, keyid );
1009 printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
1010 mainkey? "sec":"ssb",
1011 nbits_from_sk( sk ),
1012 sk->pubkey_algo,
1013 (ulong)keyid[0],(ulong)keyid[1],
1014 colon_datestr_from_sk( sk ),
1015 colon_strtime (sk->expiredate)
1016 /* fixme: add LID */ );
1017 }
1018 else
1019 printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
1020 nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
1021 keystr_from_sk( sk ), datestr_from_sk( sk ));
1022 if( mainkey ) {
1023 /* and now list all userids with their signatures */
1024 for( node = node->next; node; node = node->next ) {
1025 if( node->pkt->pkttype == PKT_SIGNATURE ) {
1026 if( !any ) {
1027 if( node->pkt->pkt.signature->sig_class == 0x20 )
1028 puts("[revoked]");
1029 else
1030 putchar('\n');
1031 any = 1;
1032 }
1033 list_node(c, node );
1034 }
1035 else if( node->pkt->pkttype == PKT_USER_ID ) {
1036 if( any ) {
1037 if( opt.with_colons )
1038 printf("%s:::::::::",
1039 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1040 else
1041 printf( "uid%*s", 28, "" );
1042 }
1043 print_userid( node->pkt );
1044 if( opt.with_colons )
1045 putchar(':');
1046 putchar('\n');
1047 if( opt.fingerprint && !any )
1048 print_fingerprint( NULL, sk, 0 );
1049 any=1;
1050 }
1051 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1052 if( !any ) {
1053 putchar('\n');
1054 any = 1;
1055 }
1056 list_node(c, node );
1057 }
1058 }
1059 }
1060 if( !any )
1061 putchar('\n');
1062 if( !mainkey && opt.fingerprint > 1 )
1063 print_fingerprint( NULL, sk, 0 );
1064 }
1065 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
1066 PKT_signature *sig = node->pkt->pkt.signature;
1067 int is_selfsig = 0;
1068 int rc2=0;
1069 size_t n;
1070 char *p;
1071 int sigrc = ' ';
1072
1073 if( !opt.verbose )
1074 return;
1075
1076 if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
1077 fputs("rev", stdout);
1078 else
1079 fputs("sig", stdout);
1080 if( opt.check_sigs ) {
1081 fflush(stdout);
1082 rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
1083 switch (gpg_err_code (rc2)) {
1084 case 0: sigrc = '!'; break;
1085 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1086 case GPG_ERR_NO_PUBKEY:
1087 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1088 default: sigrc = '%'; break;
1089 }
1090 }
1091 else { /* check whether this is a self signature */
1092 u32 keyid[2];
1093
1094 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
1095 || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
1096 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
1097 keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
1098 else
1099 keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
1100
1101 if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
1102 is_selfsig = 1;
1103 }
1104 }
1105 if( opt.with_colons ) {
1106 putchar(':');
1107 if( sigrc != ' ' )
1108 putchar(sigrc);
1109 printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1110 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1111 colon_datestr_from_sig(sig),
1112 colon_expirestr_from_sig(sig));
1113
1114 if(sig->trust_depth || sig->trust_value)
1115 printf("%d %d",sig->trust_depth,sig->trust_value);
1116 printf(":");
1117
1118 if(sig->trust_regexp)
1119 print_string(stdout,sig->trust_regexp,
1120 strlen(sig->trust_regexp),':');
1121 printf(":");
1122 }
1123 else
1124 printf("%c %s %s ",
1125 sigrc, keystr(sig->keyid), datestr_from_sig(sig));
1126 if( sigrc == '%' )
1127 printf("[%s] ", g10_errstr(rc2) );
1128 else if( sigrc == '?' )
1129 ;
1130 else if( is_selfsig ) {
1131 if( opt.with_colons )
1132 putchar(':');
1133 fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
1134 if( opt.with_colons )
1135 putchar(':');
1136 }
1137 else if( !opt.fast_list_mode ) {
1138 p = get_user_id( sig->keyid, &n );
1139 print_string( stdout, p, n, opt.with_colons );
1140 xfree(p);
1141 }
1142 if( opt.with_colons )
1143 printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1144 putchar('\n');
1145 }
1146 else
1147 log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
1148 }
1149
1150
1151
1152 int
1153 proc_packets( void *anchor, IOBUF a )
1154 {
1155 int rc;
1156 CTX c = xmalloc_clear( sizeof *c );
1157
1158 c->anchor = anchor;
1159 rc = do_proc_packets( c, a );
1160 xfree( c );
1161 return rc;
1162 }
1163
1164
1165
1166 int
1167 proc_signature_packets( void *anchor, IOBUF a,
1168 strlist_t signedfiles, const char *sigfilename )
1169 {
1170 CTX c = xmalloc_clear( sizeof *c );
1171 int rc;
1172
1173 c->anchor = anchor;
1174 c->sigs_only = 1;
1175
1176 c->signed_data.data_fd = -1;
1177 c->signed_data.data_names = signedfiles;
1178 c->signed_data.used = !!signedfiles;
1179
1180 c->sigfilename = sigfilename;
1181 rc = do_proc_packets( c, a );
1182
1183 /* If we have not encountered any signature we print an error
1184 messages, send a NODATA status back and return an error code.
1185 Using log_error is required because verify_files does not check
1186 error codes for each file but we want to terminate the process
1187 with an error. */
1188 if (!rc && !c->any_sig_seen)
1189 {
1190 write_status_text (STATUS_NODATA, "4");
1191 log_error (_("no signature found\n"));
1192 rc = G10ERR_NO_DATA;
1193 }
1194
1195 /* Propagate the signature seen flag upward. Do this only on
1196 success so that we won't issue the nodata status several
1197 times. */
1198 if (!rc && c->anchor && c->any_sig_seen)
1199 c->anchor->any_sig_seen = 1;
1200
1201 xfree( c );
1202 return rc;
1203 }
1204
1205 int
1206 proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
1207 {
1208 int rc;
1209 CTX c = xcalloc (1, sizeof *c);
1210
1211 c->anchor = anchor;
1212 c->sigs_only = 1;
1213
1214 c->signed_data.data_fd = signed_data_fd;
1215 c->signed_data.data_names = NULL;
1216 c->signed_data.used = (signed_data_fd != -1);
1217
1218 rc = do_proc_packets ( c, a );
1219
1220 /* If we have not encountered any signature we print an error
1221 messages, send a NODATA status back and return an error code.
1222 Using log_error is required because verify_files does not check
1223 error codes for each file but we want to terminate the process
1224 with an error. */
1225 if (!rc && !c->any_sig_seen)
1226 {
1227 write_status_text (STATUS_NODATA, "4");
1228 log_error (_("no signature found\n"));
1229 rc = gpg_error (GPG_ERR_NO_DATA);
1230 }
1231
1232 /* Propagate the signature seen flag upward. Do this only on success
1233 so that we won't issue the nodata status several times. */
1234 if (!rc && c->anchor && c->any_sig_seen)
1235 c->anchor->any_sig_seen = 1;
1236
1237 xfree ( c );
1238 return rc;
1239 }
1240
1241
1242 int
1243 proc_encryption_packets( void *anchor, IOBUF a )
1244 {
1245 CTX c = xmalloc_clear( sizeof *c );
1246 int rc;
1247
1248 c->anchor = anchor;
1249 c->encrypt_only = 1;
1250 rc = do_proc_packets( c, a );
1251 xfree( c );
1252 return rc;
1253 }
1254
1255
1256 int
1257 do_proc_packets( CTX c, IOBUF a )
1258 {
1259 PACKET *pkt = xmalloc( sizeof *pkt );
1260 int rc=0;
1261 int any_data=0;
1262 int newpkt;
1263
1264 c->iobuf = a;
1265 init_packet(pkt);
1266 while( (rc=parse_packet(a, pkt)) != -1 ) {
1267 any_data = 1;
1268 if( rc ) {
1269 free_packet(pkt);
1270 /* stop processing when an invalid packet has been encountered
1271 * but don't do so when we are doing a --list-packets. */
1272 if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1273 && opt.list_packets != 2 )
1274 break;
1275 continue;
1276 }
1277 newpkt = -1;
1278 if( opt.list_packets ) {
1279 switch( pkt->pkttype ) {
1280 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1281 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1282 case PKT_ENCRYPTED:
1283 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1284 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1285 default: newpkt = 0; break;
1286 }
1287 }
1288 else if( c->sigs_only ) {
1289 switch( pkt->pkttype ) {
1290 case PKT_PUBLIC_KEY:
1291 case PKT_SECRET_KEY:
1292 case PKT_USER_ID:
1293 case PKT_SYMKEY_ENC:
1294 case PKT_PUBKEY_ENC:
1295 case PKT_ENCRYPTED:
1296 case PKT_ENCRYPTED_MDC:
1297 write_status_text( STATUS_UNEXPECTED, "0" );
1298 rc = G10ERR_UNEXPECTED;
1299 goto leave;
1300 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1301 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1302 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1303 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1304 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1305 default: newpkt = 0; break;
1306 }
1307 }
1308 else if( c->encrypt_only ) {
1309 switch( pkt->pkttype ) {
1310 case PKT_PUBLIC_KEY:
1311 case PKT_SECRET_KEY:
1312 case PKT_USER_ID:
1313 write_status_text( STATUS_UNEXPECTED, "0" );
1314 rc = G10ERR_UNEXPECTED;
1315 goto leave;
1316 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1317 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1318 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1319 case PKT_ENCRYPTED:
1320 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1321 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1322 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1323 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1324 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1325 default: newpkt = 0; break;
1326 }
1327 }
1328 else {
1329 switch( pkt->pkttype ) {
1330 case PKT_PUBLIC_KEY:
1331 case PKT_SECRET_KEY:
1332 release_list( c );
1333 c->list = new_kbnode( pkt );
1334 newpkt = 1;
1335 break;
1336 case PKT_PUBLIC_SUBKEY:
1337 case PKT_SECRET_SUBKEY:
1338 newpkt = add_subkey( c, pkt );
1339 break;
1340 case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
1341 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1342 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1343 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1344 case PKT_ENCRYPTED:
1345 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1346 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1347 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1348 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1349 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1350 case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
1351 default: newpkt = 0; break;
1352 }
1353 }
1354 /* This is a very ugly construct and frankly, I don't remember why
1355 * I used it. Adding the MDC check here is a hack.
1356 * The right solution is to initiate another context for encrypted
1357 * packet and not to reuse the current one ... It works right
1358 * when there is a compression packet inbetween which adds just
1359 * an extra layer.
1360 * Hmmm: Rewrite this whole module here??
1361 */
1362 if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
1363 c->have_data = pkt->pkttype == PKT_PLAINTEXT;
1364
1365 if( newpkt == -1 )
1366 ;
1367 else if( newpkt ) {
1368 pkt = xmalloc( sizeof *pkt );
1369 init_packet(pkt);
1370 }
1371 else
1372 free_packet(pkt);
1373 }
1374 if( rc == G10ERR_INVALID_PACKET )
1375 write_status_text( STATUS_NODATA, "3" );
1376 if( any_data )
1377 rc = 0;
1378 else if( rc == -1 )
1379 write_status_text( STATUS_NODATA, "2" );
1380
1381
1382 leave:
1383 release_list( c );
1384 xfree(c->dek);
1385 free_packet( pkt );
1386 xfree( pkt );
1387 free_md_filter_context( &c->mfx );
1388 return rc;
1389 }
1390
1391
1392 /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1393 of the notation data. */
1394 static pka_info_t *
1395 get_pka_address (PKT_signature *sig)
1396 {
1397 pka_info_t *pka = NULL;
1398 struct notation *nd,*notation;
1399
1400 notation=sig_to_notation(sig);
1401
1402 for(nd=notation;nd;nd=nd->next)
1403 {
1404 if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1405 continue; /* Not the notation we want. */
1406
1407 /* For now we only use the first valid PKA notation. In future
1408 we might want to keep additional PKA notations in a linked
1409 list. */
1410 if (is_valid_mailbox (nd->value))
1411 {
1412 pka = xmalloc (sizeof *pka + strlen(nd->value));
1413 pka->valid = 0;
1414 pka->checked = 0;
1415 pka->uri = NULL;
1416 strcpy (pka->email, nd->value);
1417 break;
1418 }
1419 }
1420
1421 free_notation(notation);
1422
1423 return pka;
1424 }
1425
1426
1427 /* Return the URI from a DNS PKA record. If this record has already
1428 be retrieved for the signature we merely return it; if not we go
1429 out and try to get that DNS record. */
1430 static const char *
1431 pka_uri_from_sig (PKT_signature *sig)
1432 {
1433 if (!sig->flags.pka_tried)
1434 {
1435 assert (!sig->pka_info);
1436 sig->flags.pka_tried = 1;
1437 sig->pka_info = get_pka_address (sig);
1438 if (sig->pka_info)
1439 {
1440 char *uri;
1441
1442 uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
1443 if (uri)
1444 {
1445 sig->pka_info->valid = 1;
1446 if (!*uri)
1447 xfree (uri);
1448 else
1449 sig->pka_info->uri = uri;
1450 }
1451 }
1452 }
1453 return sig->pka_info? sig->pka_info->uri : NULL;
1454 }
1455
1456
1457 static int
1458 check_sig_and_print( CTX c, KBNODE node )
1459 {
1460 PKT_signature *sig = node->pkt->pkt.signature;
1461 const char *astr;
1462 int rc, is_expkey=0, is_revkey=0;
1463
1464 if (opt.skip_verify)
1465 {
1466 log_info(_("signature verification suppressed\n"));
1467 return 0;
1468 }
1469
1470 /* Check that the message composition is valid.
1471
1472 Per RFC-2440bis (-15) allowed:
1473
1474 S{1,n} -- detached signature.
1475 S{1,n} P -- old style PGP2 signature
1476 O{1,n} P S{1,n} -- standard OpenPGP signature.
1477 C P S{1,n} -- cleartext signature.
1478
1479
1480 O = One-Pass Signature packet.
1481 S = Signature packet.
1482 P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1483 (Note that the current rfc2440bis draft also allows
1484 for a signed message but that does not work as it
1485 introduces ambiguities.)
1486 We keep track of these packages using the marker packet
1487 CTRLPKT_PLAINTEXT_MARK.
1488 C = Marker packet for cleartext signatures.
1489
1490 We reject all other messages.
1491
1492 Actually we are calling this too often, i.e. for verification of
1493 each message but better have some duplicate work than to silently
1494 introduce a bug here.
1495 */
1496 {
1497 KBNODE n;
1498 int n_onepass, n_sig;
1499
1500 /* log_debug ("checking signature packet composition\n"); */
1501 /* dump_kbnode (c->list); */
1502
1503 n = c->list;
1504 assert (n);
1505 if ( n->pkt->pkttype == PKT_SIGNATURE )
1506 {
1507 /* This is either "S{1,n}" case (detached signature) or
1508 "S{1,n} P" (old style PGP2 signature). */
1509 for (n = n->next; n; n = n->next)
1510 if (n->pkt->pkttype != PKT_SIGNATURE)
1511 break;
1512 if (!n)
1513 ; /* Okay, this is a detached signature. */
1514 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1515 && (n->pkt->pkt.gpg_control->control
1516 == CTRLPKT_PLAINTEXT_MARK) )
1517 {
1518 if (n->next)
1519 goto ambiguous; /* We only allow one P packet. */
1520 }
1521 else
1522 goto ambiguous;
1523 }
1524 else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1525 {
1526 /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1527 for (n_onepass=1, n = n->next;
1528 n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1529 n_onepass++;
1530 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1531 && (n->pkt->pkt.gpg_control->control
1532 == CTRLPKT_PLAINTEXT_MARK)))
1533 goto ambiguous;
1534 for (n_sig=0, n = n->next;
1535 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1536 n_sig++;
1537 if (!n_sig)
1538 goto ambiguous;
1539
1540 /* If we wanted to disallow multiple sig verification, we'd do
1541 something like this:
1542
1543 if (n && !opt.allow_multisig_verification)
1544 goto ambiguous;
1545
1546 However, now that we have --allow-multiple-messages, this
1547 can stay allowable as we can't get here unless multiple
1548 messages (i.e. multiple literals) are allowed. */
1549
1550 if (n_onepass != n_sig)
1551 {
1552 log_info ("number of one-pass packets does not match "
1553 "number of signature packets\n");
1554 goto ambiguous;
1555 }
1556 }
1557 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1558 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1559 {
1560 /* This is the "C P S{1,n}" case (clear text signature). */
1561 n = n->next;
1562 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1563 && (n->pkt->pkt.gpg_control->control
1564 == CTRLPKT_PLAINTEXT_MARK)))
1565 goto ambiguous;
1566 for (n_sig=0, n = n->next;
1567 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1568 n_sig++;
1569 if (n || !n_sig)
1570 goto ambiguous;
1571 }
1572 else
1573 {
1574 ambiguous:
1575 log_error(_("can't handle this ambiguous signature data\n"));
1576 return 0;
1577 }
1578
1579 }
1580
1581 /* (Indendation below not yet changed to GNU style.) */
1582
1583 astr = gcry_pk_algo_name ( sig->pubkey_algo );
1584 if(keystrlen()>8)
1585 {
1586 log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
1587 log_info(_(" using %s key %s\n"),
1588 astr? astr: "?",keystr(sig->keyid));
1589 }
1590 else
1591 log_info(_("Signature made %s using %s key ID %s\n"),
1592 asctimestamp(sig->timestamp), astr? astr: "?",
1593 keystr(sig->keyid));
1594
1595 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1596
1597 /* If the key isn't found, check for a preferred keyserver */
1598
1599 if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
1600 {
1601 const byte *p;
1602 int seq=0;
1603 size_t n;
1604
1605 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1606 {
1607 /* According to my favorite copy editor, in English
1608 grammar, you say "at" if the key is located on a web
1609 page, but "from" if it is located on a keyserver. I'm
1610 not going to even try to make two strings here :) */
1611 log_info(_("Key available at: ") );
1612 print_utf8_string( log_get_stream(), p, n );
1613 log_printf ("\n");
1614
1615 if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1616 && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1617 {
1618 struct keyserver_spec *spec;
1619
1620 spec=parse_preferred_keyserver(sig);
1621 if(spec)
1622 {
1623 int res;
1624
1625 glo_ctrl.in_auto_key_retrieve++;
1626 res=keyserver_import_keyid(sig->keyid,spec);
1627 glo_ctrl.in_auto_key_retrieve--;
1628 if(!res)
1629 rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1630 free_keyserver_spec(spec);
1631
1632 if(!rc)
1633 break;
1634 }
1635 }
1636 }
1637 }
1638
1639 /* If the preferred keyserver thing above didn't work, our second
1640 try is to use the URI from a DNS PKA record. */
1641 if ( rc == G10ERR_NO_PUBKEY
1642 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1643 && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
1644 {
1645 const char *uri = pka_uri_from_sig (sig);
1646
1647 if (uri)
1648 {
1649 /* FIXME: We might want to locate the key using the
1650 fingerprint instead of the keyid. */
1651 int res;
1652 struct keyserver_spec *spec;
1653
1654 spec = parse_keyserver_uri (uri, 1, NULL, 0);
1655 if (spec)
1656 {
1657 glo_ctrl.in_auto_key_retrieve++;
1658 res = keyserver_import_keyid (sig->keyid, spec);
1659 glo_ctrl.in_auto_key_retrieve--;
1660 free_keyserver_spec (spec);
1661 if (!res)
1662 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1663 }
1664 }
1665 }
1666
1667 /* If the preferred keyserver thing above didn't work and we got
1668 no information from the DNS PKA, this is a third try. */
1669
1670 if( rc == G10ERR_NO_PUBKEY && opt.keyserver
1671 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1672 {
1673 int res;
1674
1675 glo_ctrl.in_auto_key_retrieve++;
1676 res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
1677 glo_ctrl.in_auto_key_retrieve--;
1678 if(!res)
1679 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1680 }
1681
1682 if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
1683 KBNODE un, keyblock;
1684 int count=0, statno;
1685 char keyid_str[50];
1686 PKT_public_key *pk=NULL;
1687
1688 if(rc)
1689 statno=STATUS_BADSIG;
1690 else if(sig->flags.expired)
1691 statno=STATUS_EXPSIG;
1692 else if(is_expkey)
1693 statno=STATUS_EXPKEYSIG;
1694 else if(is_revkey)
1695 statno=STATUS_REVKEYSIG;
1696 else
1697 statno=STATUS_GOODSIG;
1698
1699 keyblock = get_pubkeyblock( sig->keyid );
1700
1701 sprintf (keyid_str, "%08lX%08lX [uncertain] ",
1702 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1703
1704 /* find and print the primary user ID */
1705 for( un=keyblock; un; un = un->next ) {
1706 char *p;
1707 int valid;
1708 if(un->pkt->pkttype==PKT_PUBLIC_KEY)
1709 {
1710 pk=un->pkt->pkt.public_key;
1711 continue;
1712 }
1713 if( un->pkt->pkttype != PKT_USER_ID )
1714 continue;
1715 if ( !un->pkt->pkt.user_id->created )
1716 continue;
1717 if ( un->pkt->pkt.user_id->is_revoked )
1718 continue;
1719 if ( un->pkt->pkt.user_id->is_expired )
1720 continue;
1721 if ( !un->pkt->pkt.user_id->is_primary )
1722 continue;
1723 /* We want the textual primary user ID here */
1724 if ( un->pkt->pkt.user_id->attrib_data )
1725 continue;
1726
1727 assert(pk);
1728
1729 /* Get it before we print anything to avoid interrupting
1730 the output with the "please do a --check-trustdb"
1731 line. */
1732 valid=get_validity(pk,un->pkt->pkt.user_id);
1733
1734 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1735 write_status_text_and_buffer (statno, keyid_str,
1736 un->pkt->pkt.user_id->name,
1737 un->pkt->pkt.user_id->len,
1738 -1 );
1739
1740 p=utf8_to_native(un->pkt->pkt.user_id->name,
1741 un->pkt->pkt.user_id->len,0);
1742
1743 if(rc)
1744 log_info(_("BAD signature from \"%s\""),p);
1745 else if(sig->flags.expired)
1746 log_info(_("Expired signature from \"%s\""),p);
1747 else
1748 log_info(_("Good signature from \"%s\""),p);
1749
1750 xfree(p);
1751
1752 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1753 log_printf (" [%s]\n",trust_value_to_string(valid));
1754 else
1755 log_printf ("\n");
1756 count++;
1757 }
1758 if( !count ) { /* just in case that we have no valid textual
1759 userid */
1760 char *p;
1761
1762 /* Try for an invalid textual userid */
1763 for( un=keyblock; un; un = un->next ) {
1764 if( un->pkt->pkttype == PKT_USER_ID &&
1765 !un->pkt->pkt.user_id->attrib_data )
1766 break;
1767 }
1768
1769 /* Try for any userid at all */
1770 if(!un) {
1771 for( un=keyblock; un; un = un->next ) {
1772 if( un->pkt->pkttype == PKT_USER_ID )
1773 break;
1774 }
1775 }
1776
1777 if (opt.trust_model==TM_ALWAYS || !un)
1778 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1779
1780 write_status_text_and_buffer (statno, keyid_str,
1781 un? un->pkt->pkt.user_id->name:"[?]",
1782 un? un->pkt->pkt.user_id->len:3,
1783 -1 );
1784
1785 if(un)
1786 p=utf8_to_native(un->pkt->pkt.user_id->name,
1787 un->pkt->pkt.user_id->len,0);
1788 else
1789 p=xstrdup("[?]");
1790
1791 if(rc)
1792 log_info(_("BAD signature from \"%s\""),p);
1793 else if(sig->flags.expired)
1794 log_info(_("Expired signature from \"%s\""),p);
1795 else
1796 log_info(_("Good signature from \"%s\""),p);
1797 if (opt.trust_model!=TM_ALWAYS && un)
1798 log_printf (" %s",_("[uncertain]") );
1799 log_printf ("\n");
1800 }
1801
1802 /* If we have a good signature and already printed
1803 * the primary user ID, print all the other user IDs */
1804 if ( count && !rc
1805 && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
1806 char *p;
1807 for( un=keyblock; un; un = un->next ) {
1808 if( un->pkt->pkttype != PKT_USER_ID )
1809 continue;
1810 if((un->pkt->pkt.user_id->is_revoked
1811 || un->pkt->pkt.user_id->is_expired)
1812 && !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
1813 continue;
1814 /* Only skip textual primaries */
1815 if ( un->pkt->pkt.user_id->is_primary &&
1816 !un->pkt->pkt.user_id->attrib_data )
1817 continue;
1818
1819 if(un->pkt->pkt.user_id->attrib_data)
1820 {
1821 dump_attribs(un->pkt->pkt.user_id,pk,NULL);
1822
1823 if(opt.verify_options&VERIFY_SHOW_PHOTOS)
1824 show_photos(un->pkt->pkt.user_id->attribs,
1825 un->pkt->pkt.user_id->numattribs,pk,NULL);
1826 }
1827
1828 p=utf8_to_native(un->pkt->pkt.user_id->name,
1829 un->pkt->pkt.user_id->len,0);
1830 log_info(_(" aka \"%s\""),p);
1831 xfree(p);
1832
1833 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1834 {
1835 const char *valid;
1836 if(un->pkt->pkt.user_id->is_revoked)
1837 valid=_("revoked");
1838 else if(un->pkt->pkt.user_id->is_expired)
1839 valid=_("expired");
1840 else
1841 valid=trust_value_to_string(get_validity(pk,
1842 un->pkt->
1843 pkt.user_id));
1844 log_printf (" [%s]\n",valid);
1845 }
1846 else
1847 log_printf ("\n");
1848 }
1849 }
1850 release_kbnode( keyblock );
1851
1852 if( !rc )
1853 {
1854 if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
1855 show_policy_url(sig,0,1);
1856 else
1857 show_policy_url(sig,0,2);
1858
1859 if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
1860 show_keyserver_url(sig,0,1);
1861 else
1862 show_keyserver_url(sig,0,2);
1863
1864 if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
1865 show_notation(sig,0,1,
1866 ((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
1867 ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
1868 else
1869 show_notation(sig,0,2,0);
1870 }
1871
1872 if( !rc && is_status_enabled() ) {
1873 /* print a status response with the fingerprint */
1874 PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
1875
1876 if( !get_pubkey( vpk, sig->keyid ) ) {
1877 byte array[MAX_FINGERPRINT_LEN], *p;
1878 char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
1879 size_t i, n;
1880
1881 bufp = buf;
1882 fingerprint_from_pk( vpk, array, &n );
1883 p = array;
1884 for(i=0; i < n ; i++, p++, bufp += 2)
1885 sprintf(bufp, "%02X", *p );
1886 /* TODO: Replace the reserved '0' in the field below
1887 with bits for status flags (policy url, notation,
1888 etc.). Remember to make the buffer larger to
1889 match! */
1890 sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
1891 strtimestamp( sig->timestamp ),
1892 (ulong)sig->timestamp,(ulong)sig->expiredate,
1893 sig->version,sig->pubkey_algo,sig->digest_algo,
1894 sig->sig_class);
1895 bufp = bufp + strlen (bufp);
1896 if (!vpk->is_primary) {
1897 u32 akid[2];
1898
1899 akid[0] = vpk->main_keyid[0];
1900 akid[1] = vpk->main_keyid[1];
1901 free_public_key (vpk);
1902 vpk = xmalloc_clear( sizeof *vpk );
1903 if (get_pubkey (vpk, akid)) {
1904 /* impossible error, we simply return a zeroed out fpr */
1905 n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
1906 memset (array, 0, n);
1907 }
1908 else
1909 fingerprint_from_pk( vpk, array, &n );
1910 }
1911 p = array;
1912 for(i=0; i < n ; i++, p++, bufp += 2)
1913 sprintf(bufp, "%02X", *p );
1914 write_status_text( STATUS_VALIDSIG, buf );
1915 }
1916 free_public_key( vpk );
1917 }
1918
1919 if (!rc)
1920 {
1921 if(opt.verify_options&VERIFY_PKA_LOOKUPS)
1922 pka_uri_from_sig (sig); /* Make sure PKA info is available. */
1923 rc = check_signatures_trust( sig );
1924 }
1925
1926 if(sig->flags.expired)
1927 {
1928 log_info(_("Signature expired %s\n"),
1929 asctimestamp(sig->expiredate));
1930 rc=G10ERR_GENERAL; /* need a better error here? */
1931 }
1932 else if(sig->expiredate)
1933 log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
1934
1935 if(opt.verbose)
1936 log_info(_("%s signature, digest algorithm %s\n"),
1937 sig->sig_class==0x00?_("binary"):
1938 sig->sig_class==0x01?_("textmode"):_("unknown"),
1939 gcry_md_algo_name (sig->digest_algo));
1940
1941 if( rc )
1942 g10_errors_seen = 1;
1943 if( opt.batch && rc )
1944 g10_exit(1);
1945 }
1946 else {
1947 char buf[50];
1948 sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
1949 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1950 sig->pubkey_algo, sig->digest_algo,
1951 sig->sig_class, (ulong)sig->timestamp, rc );
1952 write_status_text( STATUS_ERRSIG, buf );
1953 if( rc == G10ERR_NO_PUBKEY ) {
1954 buf[16] = 0;
1955 write_status_text( STATUS_NO_PUBKEY, buf );
1956 }
1957 if( rc != G10ERR_NOT_PROCESSED )
1958 log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
1959 }
1960 return rc;
1961 }
1962
1963
1964 /****************
1965 * Process the tree which starts at node
1966 */
1967 static void
1968 proc_tree( CTX c, KBNODE node )
1969 {
1970 KBNODE n1;
1971 int rc;
1972
1973 if( opt.list_packets || opt.list_only )
1974 return;
1975
1976 /* we must skip our special plaintext marker packets here becuase
1977 they may be the root packet. These packets are only used in
1978 addionla checks and skipping them here doesn't matter */
1979 while ( node
1980 && node->pkt->pkttype == PKT_GPG_CONTROL
1981 && node->pkt->pkt.gpg_control->control
1982 == CTRLPKT_PLAINTEXT_MARK ) {
1983 node = node->next;
1984 }
1985 if (!node)
1986 return;
1987
1988 c->trustletter = ' ';
1989 if( node->pkt->pkttype == PKT_PUBLIC_KEY
1990 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
1991 merge_keys_and_selfsig( node );
1992 list_node( c, node );
1993 }
1994 else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
1995 merge_keys_and_selfsig( node );
1996 list_node( c, node );
1997 }
1998 else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
1999 /* check all signatures */
2000 if( !c->have_data ) {
2001 int use_textmode = 0;
2002
2003 free_md_filter_context( &c->mfx );
2004 /* prepare to create all requested message digests */
2005 if (gcry_md_open (&c->mfx.md, 0, 0))
2006 BUG ();
2007
2008 /* fixme: why looking for the signature packet and not the
2009 one-pass packet? */
2010 for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2011 {
2012 gcry_md_enable (c->mfx.md,
2013 n1->pkt->pkt.signature->digest_algo);
2014 }
2015
2016 if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2017 use_textmode = 1;
2018
2019 /* Ask for file and hash it. */
2020 if( c->sigs_only ) {
2021 if (c->signed_data.used && c->signed_data.data_fd != -1)
2022 rc = hash_datafile_by_fd (c->mfx.md, NULL,
2023 c->signed_data.data_fd,
2024 use_textmode);
2025 else
2026 rc = hash_datafiles (c->mfx.md, NULL,
2027 c->signed_data.data_names,
2028 c->sigfilename,
2029 use_textmode );
2030 }
2031 else {
2032 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2033 iobuf_get_real_fname(c->iobuf),
2034 use_textmode );
2035 }
2036 if( rc ) {
2037 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2038 return;
2039 }
2040 }
2041 else if ( c->signed_data.used ) {
2042 log_error (_("not a detached signature\n") );
2043 return;
2044 }
2045
2046 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2047 check_sig_and_print( c, n1 );
2048 }
2049 else if( node->pkt->pkttype == PKT_GPG_CONTROL
2050 && node->pkt->pkt.gpg_control->control
2051 == CTRLPKT_CLEARSIGN_START ) {
2052 /* clear text signed message */
2053 if( !c->have_data ) {
2054 log_error("cleartext signature without data\n" );
2055 return;
2056 }
2057 else if ( c->signed_data.used ) {
2058 log_error (_("not a detached signature\n") );
2059 return;
2060 }
2061
2062 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2063 check_sig_and_print( c, n1 );
2064 }
2065 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2066 PKT_signature *sig = node->pkt->pkt.signature;
2067 int multiple_ok=1;
2068
2069 n1=find_next_kbnode(node, PKT_SIGNATURE);
2070 if(n1)
2071 {
2072 byte class=sig->sig_class;
2073 byte hash=sig->digest_algo;
2074
2075 for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2076 {
2077 /* We can't currently handle multiple signatures of
2078 different classes or digests (we'd pretty much have
2079 to run a different hash context for each), but if
2080 they are all the same, make an exception. */
2081 if(n1->pkt->pkt.signature->sig_class!=class
2082 || n1->pkt->pkt.signature->digest_algo!=hash)
2083 {
2084 multiple_ok=0;
2085 log_info(_("WARNING: multiple signatures detected. "
2086 "Only the first will be checked.\n"));
2087 break;
2088 }
2089 }
2090 }
2091
2092 if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
2093 log_info(_("standalone signature of class 0x%02x\n"),
2094 sig->sig_class);
2095 else if( !c->have_data ) {
2096 /* detached signature */
2097 free_md_filter_context( &c->mfx );
2098 if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
2099 BUG ();
2100
2101 if( !opt.pgp2_workarounds )
2102 ;
2103 else if( sig->digest_algo == DIGEST_ALGO_MD5
2104 && is_RSA( sig->pubkey_algo ) ) {
2105 /* enable a workaround for a pgp2 bug */
2106 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
2107 BUG ();
2108 }
2109 else if( sig->digest_algo == DIGEST_ALGO_SHA1
2110 && sig->pubkey_algo == PUBKEY_ALGO_DSA
2111 && sig->sig_class == 0x01 ) {
2112 /* enable the workaround also for pgp5 when the detached
2113 * signature has been created in textmode */
2114 if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
2115 BUG ();
2116 }
2117 #if 0 /* workaround disabled */
2118 /* Here we have another hack to work around a pgp 2 bug
2119 * It works by not using the textmode for detached signatures;
2120 * this will let the first signature check (on md) fail
2121 * but the second one (on md2) which adds an extra CR should
2122 * then produce the "correct" hash. This is very, very ugly
2123 * hack but it may help in some cases (and break others)
2124 */
2125 /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
2126 #endif
2127 if ( DBG_HASHING ) {
2128 gcry_md_start_debug( c->mfx.md, "verify" );
2129 if ( c->mfx.md2 )
2130 gcry_md_start_debug( c->mfx.md2, "verify2" );
2131 }
2132 if( c->sigs_only ) {
2133 if (c->signed_data.used && c->signed_data.data_fd != -1)
2134 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2135 c->signed_data.data_fd,
2136 (sig->sig_class == 0x01));
2137 else
2138 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2139 c->signed_data.data_names,
2140 c->sigfilename,
2141 (sig->sig_class == 0x01));
2142 }
2143 else {
2144 rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
2145 iobuf_get_real_fname(c->iobuf),
2146 (sig->sig_class == 0x01) );
2147 }
2148 if( rc ) {
2149 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2150 return;
2151 }
2152 }
2153 else if ( c->signed_data.used ) {
2154 log_error (_("not a detached signature\n") );
2155 return;
2156 }
2157 else if (!opt.quiet)
2158 log_info(_("old style (PGP 2.x) signature\n"));
2159
2160 if(multiple_ok)
2161 for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
2162 check_sig_and_print( c, n1 );
2163 else
2164 check_sig_and_print( c, node );
2165 }
2166 else {
2167 dump_kbnode (c->list);
2168 log_error(_("invalid root packet detected in proc_tree()\n"));
2169 dump_kbnode (node);
2170 }
2171 }
gnupg svn clone