| blob | 15703346c7ce541830c454584ffabf8a152da4c2 |
1 /* sig-check.c - Check a signature
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3 * 2004 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
20 * USA.
21 */
23 #include <config.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <assert.h>
41 MD_HANDLE md;
42 };
47 /****************
48 * Check the signature which is contained in SIG.
49 * The MD_HANDLE should be currently open, so that this function
50 * is able to append some data, before finalizing the digest.
51 */
52 int
54 {
56 }
58 int
61 {
70 {
71 /* Sanity check that the md has a context for the hash that the
72 sig is expecting. This can happen if a onepass sig header does
73 not match the actual sig, and also if the clearsign "Hash:"
74 header is missing or does not match the actual sig. */
78 }
83 invalid subkey */
84 else
85 {
91 /* Check the backsig. This is a 0x19 signature from the
92 subkey on the primary key. The idea here is that it should
93 not be possible for someone to "steal" subkeys and claim
94 them as their own. The attacker couldn't actually use the
95 subkey, but they could try and claim ownership of any
96 signaures issued by it. */
98 {
100 {
105 /* --require-cross-certification makes this warning an
106 error. TODO: change the default to require this
107 after more keys have backsigs. */
110 }
112 {
116 }
117 }
118 }
123 /* This signature id works best with DLP algorithms because
124 * they use a random parameter for every signature. Instead of
125 * this sig-id we could have also used the hash of the document
126 * and the timestamp, but the drawback of this is, that it is
127 * not possible to sign more than one identical document within
128 * one second. Some remote batch processing applications might
129 * like this feature here */
130 MD_HANDLE md;
150 }
160 }
163 }
166 static int
169 {
170 u32 cur_time;
178 {
186 }
190 {
200 }
207 /* SIGEXPIRED is deprecated. Use KEYEXPIRED. */
213 }
219 }
222 static int
225 {
233 /* make sure the digest algo is enabled (in case of a detached signature)*/
236 /* complete the digest */
246 }
258 }
260 /* Two octets for the (empty) length of the hashed
261 section. */
265 }
266 /* add some magic */
274 }
286 {
290 }
296 }
299 static void
301 {
314 }
316 }
326 }
328 }
329 }
331 static void
333 {
337 }
341 }
345 }
346 }
348 /* Check the revocation keys to see if any of them have revoked our
349 pk. sig is the revocation sig. pk is the key it is on. This code
350 will need to be modified if gpg ever becomes multi-threaded. Note
351 that this guarantees that a designated revocation sig will never be
352 considered valid unless it is actually valid, as well as being
353 issued by a revocation key in a valid direct signature. Note also
354 that this is written so that a revoked revoker can still issue
355 revocations: i.e. If A revokes B, but A is revoked, B is still
356 revoked. I'm not completely convinced this is the proper behavior,
357 but it matches how PGP does it. -dms */
359 /* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
360 revoked. It is important that G10ERR_NO_PUBKEY is only returned
361 when a revocation signature is from a valid revocation key
362 designated in a revkey subpacket, but the revocation key itself
363 isn't present. */
364 int
366 {
374 {
375 /* return an error (i.e. not revoked), but mark the pk as
376 uncacheable as we don't really know its revocation status
377 until it is checked directly. */
381 }
385 /* printf("looking at %08lX with a sig from %08lX\n",(ulong)pk->keyid[1],
386 (ulong)sig->keyid[1]); */
388 /* is the issuer of the sig one of our revokers? */
391 else
393 {
399 {
400 MD_HANDLE md;
407 }
408 }
413 }
415 /* Backsigs (0x19) have the same format as binding sigs (0x18), but
416 this function is simpler than check_key_signature in a few ways.
417 For example, there is no support for expiring backsigs since it is
418 questionable what such a thing actually means. Note also that the
419 sig cache check here, unlike other sig caches in GnuPG, is not
420 persistent. */
421 int
424 {
425 MD_HANDLE md;
429 {
434 }
444 }
447 /****************
448 * check the signature pointed to by NODE. This is a key signature.
449 * If the function detects a self-signature, it uses the PK from
450 * ROOT and does not read any public key.
451 */
452 int
454 {
456 }
458 /* If check_pk is set, then use it to check the signature in node
459 rather than getting it from root or the keydb. If ret_pk is set,
460 fill in the public key that was used to verify the signature.
461 ret_pk is only meaningful when the verification was successful. */
462 /* TODO: add r_revoked here as well. It has the same problems as
463 r_expiredate and r_expired and the cache. */
464 int
468 {
469 MD_HANDLE md;
488 /* Check whether we have cached the result of a previous signature
489 check. Note that we may no longer have the pubkey or hash
490 needed to verify a sig, but can still use the cached value. A
491 cache refresh detects and clears these cases. */
500 }
501 /* BUG: This is wrong for non-self-sigs.. needs to be the
502 actual pk */
506 }
507 }
518 /* is it a designated revoker? */
521 else
522 {
528 }
529 }
540 }
541 else
542 {
547 }
548 }
559 }
566 }
567 else
568 {
573 }
574 }
581 }
593 {
597 }
600 else
605 }
606 else
607 {
612 }
613 }
616 }