search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2009-05-15 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / g10 / mainproc.c
blob84a9de5f19d0761735cb39ceb059596c38db233f
1 /* mainproc.c - handle packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
26 #include <time.h>
27
28 #include "gpg.h"
29 #include "packet.h"
30 #include "iobuf.h"
31 #include "options.h"
32 #include "util.h"
33 #include "cipher.h"
34 #include "keydb.h"
35 #include "filter.h"
36 #include "main.h"
37 #include "status.h"
38 #include "i18n.h"
39 #include "trustdb.h"
40 #include "keyserver-internal.h"
41 #include "photoid.h"
42 #include "pka.h"
43
44
45 struct kidlist_item {
46 struct kidlist_item *next;
47 u32 kid[2];
48 int pubkey_algo;
49 int reason;
50 };
51
52
53 /****************
54 * Structure to hold the context
55 */
56 typedef struct mainproc_context *CTX;
57 struct mainproc_context
58 {
59 struct mainproc_context *anchor; /* May be useful in the future. */
60 PKT_public_key *last_pubkey;
61 PKT_secret_key *last_seckey;
62 PKT_user_id *last_user_id;
63 md_filter_context_t mfx;
64 int sigs_only; /* Process only signatures and reject all other stuff. */
65 int encrypt_only; /* Process only encryption messages. */
66
67 /* Name of the file with the complete signature or the file with the
68 detached signature. This is currently only used to deduce the
69 file name of the data file if that has not been given. */
70 const char *sigfilename;
71
72 /* A structure to describe the signed data in case of a detached
73 signature. */
74 struct
75 {
76 /* A file descriptor of the the signed data. Only used if not -1. */
77 int data_fd;
78 /* A list of filenames with the data files or NULL. This is only
79 used if DATA_FD is -1. */
80 strlist_t data_names;
81 /* Flag to indicated that either one of the next previous fieldss
82 is used. This is only needed for better readability. */
83 int used;
84 } signed_data;
85
86 DEK *dek;
87 int last_was_session_key;
88 KBNODE list; /* The current list of packets. */
89 int have_data;
90 IOBUF iobuf; /* Used to get the filename etc. */
91 int trustletter; /* Temporary usage in list_node. */
92 ulong symkeys;
93 struct kidlist_item *pkenc_list; /* List of encryption packets. */
94 int any_sig_seen; /* Set to true if a signature packet has been seen. */
95 };
96
97
98 static int do_proc_packets( CTX c, IOBUF a );
99 static void list_node( CTX c, KBNODE node );
100 static void proc_tree( CTX c, KBNODE node );
101 static int literals_seen;
102
103 void
104 reset_literals_seen(void)
105 {
106 literals_seen=0;
107 }
108
109 static void
110 release_list( CTX c )
111 {
112 if( !c->list )
113 return;
114 proc_tree(c, c->list );
115 release_kbnode( c->list );
116 while( c->pkenc_list ) {
117 struct kidlist_item *tmp = c->pkenc_list->next;
118 xfree( c->pkenc_list );
119 c->pkenc_list = tmp;
120 }
121 c->pkenc_list = NULL;
122 c->list = NULL;
123 c->have_data = 0;
124 c->last_was_session_key = 0;
125 xfree(c->dek); c->dek = NULL;
126 }
127
128
129 static int
130 add_onepass_sig( CTX c, PACKET *pkt )
131 {
132 KBNODE node;
133
134 if ( c->list ) /* add another packet */
135 add_kbnode( c->list, new_kbnode( pkt ));
136 else /* insert the first one */
137 c->list = node = new_kbnode( pkt );
138
139 return 1;
140 }
141
142
143 static int
144 add_gpg_control( CTX c, PACKET *pkt )
145 {
146 if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
147 /* New clear text signature.
148 * Process the last one and reset everything */
149 release_list(c);
150 }
151
152 if( c->list ) /* add another packet */
153 add_kbnode( c->list, new_kbnode( pkt ));
154 else /* insert the first one */
155 c->list = new_kbnode( pkt );
156
157 return 1;
158 }
159
160
161
162 static int
163 add_user_id( CTX c, PACKET *pkt )
164 {
165 if( !c->list ) {
166 log_error("orphaned user ID\n" );
167 return 0;
168 }
169 add_kbnode( c->list, new_kbnode( pkt ) );
170 return 1;
171 }
172
173 static int
174 add_subkey( CTX c, PACKET *pkt )
175 {
176 if( !c->list ) {
177 log_error("subkey w/o mainkey\n" );
178 return 0;
179 }
180 add_kbnode( c->list, new_kbnode( pkt ) );
181 return 1;
182 }
183
184 static int
185 add_ring_trust( CTX c, PACKET *pkt )
186 {
187 if( !c->list ) {
188 log_error("ring trust w/o key\n" );
189 return 0;
190 }
191 add_kbnode( c->list, new_kbnode( pkt ) );
192 return 1;
193 }
194
195
196 static int
197 add_signature( CTX c, PACKET *pkt )
198 {
199 KBNODE node;
200
201 c->any_sig_seen = 1;
202 if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
203 /* This is the first signature for the following datafile.
204 * GPG does not write such packets; instead it always uses
205 * onepass-sig packets. The drawback of PGP's method
206 * of prepending the signature to the data is
207 * that it is not possible to make a signature from data read
208 * from stdin. (GPG is able to read PGP stuff anyway.) */
209 node = new_kbnode( pkt );
210 c->list = node;
211 return 1;
212 }
213 else if( !c->list )
214 return 0; /* oops (invalid packet sequence)*/
215 else if( !c->list->pkt )
216 BUG(); /* so nicht */
217
218 /* add a new signature node id at the end */
219 node = new_kbnode( pkt );
220 add_kbnode( c->list, node );
221 return 1;
222 }
223
224 static int
225 symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
226 {
227 gcry_cipher_hd_t hd;
228
229 if(slen < 17 || slen > 33)
230 {
231 log_error ( _("weird size for an encrypted session key (%d)\n"),
232 (int)slen);
233 return G10ERR_BAD_KEY;
234 }
235
236 if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
237 BUG ();
238 if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
239 BUG ();
240 gcry_cipher_setiv ( hd, NULL, 0 );
241 gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
242 gcry_cipher_close ( hd );
243
244 /* Now we replace the dek components with the real session key to
245 decrypt the contents of the sequencing packet. */
246
247 dek->keylen=slen-1;
248 dek->algo=seskey[0];
249
250 if(dek->keylen > DIM(dek->key))
251 BUG ();
252
253 /* This is not completely accurate, since a bad passphrase may have
254 resulted in a garbage algorithm byte, but it's close enough since
255 a bogus byte here will fail later. */
256 if(dek->algo==CIPHER_ALGO_IDEA)
257 idea_cipher_warn(0);
258
259 memcpy(dek->key, seskey + 1, dek->keylen);
260
261 /*log_hexdump( "thekey", dek->key, dek->keylen );*/
262
263 return 0;
264 }
265
266 static void
267 proc_symkey_enc( CTX c, PACKET *pkt )
268 {
269 PKT_symkey_enc *enc;
270
271 enc = pkt->pkt.symkey_enc;
272 if (!enc)
273 log_error ("invalid symkey encrypted packet\n");
274 else if(!c->dek)
275 {
276 int algo = enc->cipher_algo;
277 const char *s = openpgp_cipher_algo_name (algo);
278
279 if (!openpgp_cipher_test_algo (algo))
280 {
281 if(!opt.quiet)
282 {
283 if(enc->seskeylen)
284 log_info(_("%s encrypted session key\n"), s );
285 else
286 log_info(_("%s encrypted data\n"), s );
287 }
288 }
289 else
290 log_error(_("encrypted with unknown algorithm %d\n"), algo );
291
292 if(openpgp_md_test_algo (enc->s2k.hash_algo))
293 {
294 log_error(_("passphrase generated with unknown digest"
295 " algorithm %d\n"),enc->s2k.hash_algo);
296 s=NULL;
297 }
298
299 c->last_was_session_key = 2;
300 if(!s || opt.list_only)
301 goto leave;
302
303 if(opt.override_session_key)
304 {
305 c->dek = xmalloc_clear( sizeof *c->dek );
306 if(get_override_session_key(c->dek, opt.override_session_key))
307 {
308 xfree(c->dek);
309 c->dek = NULL;
310 }
311 }
312 else
313 {
314 c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 0,
315 NULL, NULL);
316 if(c->dek)
317 {
318 c->dek->symmetric=1;
319
320 /* FIXME: This doesn't work perfectly if a symmetric
321 key comes before a public key in the message - if
322 the user doesn't know the passphrase, then there is
323 a chance that the "decrypted" algorithm will happen
324 to be a valid one, which will make the returned dek
325 appear valid, so we won't try any public keys that
326 come later. */
327 if(enc->seskeylen)
328 {
329 if(symkey_decrypt_seskey(c->dek, enc->seskey,
330 enc->seskeylen))
331 {
332 xfree(c->dek);
333 c->dek=NULL;
334 }
335 }
336 else
337 c->dek->algo_info_printed = 1;
338 }
339 }
340 }
341
342 leave:
343 c->symkeys++;
344 free_packet(pkt);
345 }
346
347 static void
348 proc_pubkey_enc( CTX c, PACKET *pkt )
349 {
350 PKT_pubkey_enc *enc;
351 int result = 0;
352
353 /* check whether the secret key is available and store in this case */
354 c->last_was_session_key = 1;
355 enc = pkt->pkt.pubkey_enc;
356 /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
357 /* Hmmm: why do I have this algo check here - anyway there is
358 * function to check it. */
359 if( opt.verbose )
360 log_info(_("public key is %s\n"), keystr(enc->keyid) );
361
362 if( is_status_enabled() ) {
363 char buf[50];
364 sprintf(buf, "%08lX%08lX %d 0",
365 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
366 write_status_text( STATUS_ENC_TO, buf );
367 }
368
369 if( !opt.list_only && opt.override_session_key ) {
370 /* It does not make much sense to store the session key in
371 * secure memory because it has already been passed on the
372 * command line and the GCHQ knows about it. */
373 c->dek = xmalloc_clear( sizeof *c->dek );
374 result = get_override_session_key ( c->dek, opt.override_session_key );
375 if ( result ) {
376 xfree(c->dek); c->dek = NULL;
377 }
378 }
379 else if( is_ELGAMAL(enc->pubkey_algo)
380 || enc->pubkey_algo == PUBKEY_ALGO_DSA
381 || is_RSA(enc->pubkey_algo)
382 || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
383 /* Note that we also allow type 20 Elgamal keys for decryption.
384 There are still a couple of those keys in active use as a
385 subkey. */
386
387 /* FIXME: Store this all in a list and process it later so that
388 we can prioritize what key to use. This gives a better user
389 experience if wildcard keyids are used. */
390 if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
391 || opt.try_all_secrets
392 || !seckey_available( enc->keyid )) ) {
393 if( opt.list_only )
394 result = -1;
395 else {
396 c->dek = xmalloc_secure_clear( sizeof *c->dek );
397 if( (result = get_session_key( enc, c->dek )) ) {
398 /* error: delete the DEK */
399 xfree(c->dek); c->dek = NULL;
400 }
401 }
402 }
403 else
404 result = G10ERR_NO_SECKEY;
405 }
406 else
407 result = G10ERR_PUBKEY_ALGO;
408
409 if( result == -1 )
410 ;
411 else
412 {
413 /* store it for later display */
414 struct kidlist_item *x = xmalloc( sizeof *x );
415 x->kid[0] = enc->keyid[0];
416 x->kid[1] = enc->keyid[1];
417 x->pubkey_algo = enc->pubkey_algo;
418 x->reason = result;
419 x->next = c->pkenc_list;
420 c->pkenc_list = x;
421
422 if( !result && opt.verbose > 1 )
423 log_info( _("public key encrypted data: good DEK\n") );
424 }
425
426 free_packet(pkt);
427 }
428
429
430
431 /****************
432 * Print the list of public key encrypted packets which we could
433 * not decrypt.
434 */
435 static void
436 print_pkenc_list( struct kidlist_item *list, int failed )
437 {
438 for( ; list; list = list->next ) {
439 PKT_public_key *pk;
440 const char *algstr;
441
442 if ( failed && !list->reason )
443 continue;
444 if ( !failed && list->reason )
445 continue;
446
447 algstr = gcry_pk_algo_name ( list->pubkey_algo );
448 pk = xmalloc_clear( sizeof *pk );
449
450 if( !algstr )
451 algstr = "[?]";
452 pk->pubkey_algo = list->pubkey_algo;
453 if( !get_pubkey( pk, list->kid ) )
454 {
455 char *p;
456 log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
457 nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
458 strtimestamp(pk->timestamp) );
459 p=get_user_id_native(list->kid);
460 log_printf (_(" \"%s\"\n"),p);
461 xfree(p);
462 }
463 else
464 log_info(_("encrypted with %s key, ID %s\n"),
465 algstr,keystr(list->kid));
466
467 free_public_key( pk );
468
469 if( list->reason == G10ERR_NO_SECKEY ) {
470 if( is_status_enabled() ) {
471 char buf[20];
472 snprintf (buf, sizeof buf, "%08lX%08lX",
473 (ulong)list->kid[0], (ulong)list->kid[1]);
474 write_status_text( STATUS_NO_SECKEY, buf );
475 }
476 }
477 else if (list->reason)
478 log_info(_("public key decryption failed: %s\n"),
479 g10_errstr(list->reason));
480 }
481 }
482
483
484 static void
485 proc_encrypted( CTX c, PACKET *pkt )
486 {
487 int result = 0;
488
489 if (!opt.quiet)
490 {
491 if(c->symkeys>1)
492 log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
493 else if(c->symkeys==1)
494 log_info(_("encrypted with 1 passphrase\n"));
495 print_pkenc_list ( c->pkenc_list, 1 );
496 print_pkenc_list ( c->pkenc_list, 0 );
497 }
498
499 /* FIXME: Figure out the session key by looking at all pkenc packets. */
500
501
502 write_status( STATUS_BEGIN_DECRYPTION );
503
504 /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
505 if( opt.list_only )
506 result = -1;
507 else if( !c->dek && !c->last_was_session_key ) {
508 int algo;
509 STRING2KEY s2kbuf, *s2k = NULL;
510
511 if(opt.override_session_key)
512 {
513 c->dek = xmalloc_clear( sizeof *c->dek );
514 result=get_override_session_key(c->dek, opt.override_session_key);
515 if(result)
516 {
517 xfree(c->dek);
518 c->dek = NULL;
519 }
520 }
521 else
522 {
523 /* Assume this is old style conventional encrypted data. */
524 algo = opt.def_cipher_algo;
525 if ( algo )
526 log_info (_("assuming %s encrypted data\n"),
527 openpgp_cipher_algo_name (algo));
528 else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
529 {
530 algo = opt.def_cipher_algo;
531 if (!algo)
532 algo = opt.s2k_cipher_algo;
533 idea_cipher_warn(1);
534 log_info (_("IDEA cipher unavailable, "
535 "optimistically attempting to use %s instead\n"),
536 openpgp_cipher_algo_name (algo));
537 }
538 else
539 {
540 algo = CIPHER_ALGO_IDEA;
541 if (!opt.s2k_digest_algo)
542 {
543 /* If no digest is given we assume MD5 */
544 s2kbuf.mode = 0;
545 s2kbuf.hash_algo = DIGEST_ALGO_MD5;
546 s2k = &s2kbuf;
547 }
548 log_info (_("assuming %s encrypted data\n"), "IDEA");
549 }
550
551 c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
552 if (c->dek)
553 c->dek->algo_info_printed = 1;
554 }
555 }
556 else if( !c->dek )
557 result = G10ERR_NO_SECKEY;
558 if( !result )
559 result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
560
561 if( result == -1 )
562 ;
563 else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
564 && opt.ignore_mdc_error)) {
565 write_status( STATUS_DECRYPTION_OKAY );
566 if( opt.verbose > 1 )
567 log_info(_("decryption okay\n"));
568 if( pkt->pkt.encrypted->mdc_method && !result )
569 write_status( STATUS_GOODMDC );
570 else if(!opt.no_mdc_warn)
571 log_info (_("WARNING: message was not integrity protected\n"));
572 if(opt.show_session_key)
573 {
574 int i;
575 char *buf = xmalloc ( c->dek->keylen*2 + 20 );
576 sprintf ( buf, "%d:", c->dek->algo );
577 for(i=0; i < c->dek->keylen; i++ )
578 sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
579 log_info( "session key: `%s'\n", buf );
580 write_status_text ( STATUS_SESSION_KEY, buf );
581 }
582 }
583 else if( result == G10ERR_BAD_SIGN ) {
584 log_error(_("WARNING: encrypted message has been manipulated!\n"));
585 write_status( STATUS_BADMDC );
586 write_status( STATUS_DECRYPTION_FAILED );
587 }
588 else {
589 write_status( STATUS_DECRYPTION_FAILED );
590 log_error(_("decryption failed: %s\n"), g10_errstr(result));
591 /* Hmmm: does this work when we have encrypted using multiple
592 * ways to specify the session key (symmmetric and PK)*/
593 }
594 xfree(c->dek); c->dek = NULL;
595 free_packet(pkt);
596 c->last_was_session_key = 0;
597 write_status( STATUS_END_DECRYPTION );
598 }
599
600
601 static void
602 proc_plaintext( CTX c, PACKET *pkt )
603 {
604 PKT_plaintext *pt = pkt->pkt.plaintext;
605 int any, clearsig, only_md5, rc;
606 KBNODE n;
607
608 literals_seen++;
609
610 if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
611 log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
612 else if( opt.verbose )
613 log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
614 free_md_filter_context( &c->mfx );
615 if (gcry_md_open (&c->mfx.md, 0, 0))
616 BUG ();
617 /* fixme: we may need to push the textfilter if we have sigclass 1
618 * and no armoring - Not yet tested
619 * Hmmm, why don't we need it at all if we have sigclass 1
620 * Should we assume that plaintext in mode 't' has always sigclass 1??
621 * See: Russ Allbery's mail 1999-02-09
622 */
623 any = clearsig = only_md5 = 0;
624 for(n=c->list; n; n = n->next )
625 {
626 if( n->pkt->pkttype == PKT_ONEPASS_SIG )
627 {
628 /* For the onepass signature case */
629 if( n->pkt->pkt.onepass_sig->digest_algo )
630 {
631 gcry_md_enable (c->mfx.md,
632 n->pkt->pkt.onepass_sig->digest_algo);
633 if( !any && n->pkt->pkt.onepass_sig->digest_algo
634 == DIGEST_ALGO_MD5 )
635 only_md5 = 1;
636 else
637 only_md5 = 0;
638 any = 1;
639 }
640 if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
641 only_md5 = 0;
642 }
643 else if( n->pkt->pkttype == PKT_GPG_CONTROL
644 && n->pkt->pkt.gpg_control->control
645 == CTRLPKT_CLEARSIGN_START )
646 {
647 /* For the clearsigned message case */
648 size_t datalen = n->pkt->pkt.gpg_control->datalen;
649 const byte *data = n->pkt->pkt.gpg_control->data;
650
651 /* check that we have at least the sigclass and one hash */
652 if ( datalen < 2 )
653 log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
654 /* Note that we don't set the clearsig flag for not-dash-escaped
655 * documents */
656 clearsig = (*data == 0x01);
657 for( data++, datalen--; datalen; datalen--, data++ )
658 gcry_md_enable (c->mfx.md, *data);
659 any = 1;
660 break; /* Stop here as one-pass signature packets are not
661 expected. */
662 }
663 else if(n->pkt->pkttype==PKT_SIGNATURE)
664 {
665 /* For the SIG+LITERAL case that PGP used to use. */
666 gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
667 any=1;
668 }
669 }
670
671 if( !any && !opt.skip_verify )
672 {
673 /* This is for the old GPG LITERAL+SIG case. It's not legal
674 according to 2440, so hopefully it won't come up that
675 often. There is no good way to specify what algorithms to
676 use in that case, so these three are the historical
677 answer. */
678 gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
679 gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
680 gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
681 }
682 if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
683 /* This is a kludge to work around a bug in pgp2. It does only
684 * catch those mails which are armored. To catch the non-armored
685 * pgp mails we could see whether there is the signature packet
686 * in front of the plaintext. If someone needs this, send me a patch.
687 */
688 if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
689 BUG ();
690 }
691 if ( DBG_HASHING ) {
692 gcry_md_start_debug ( c->mfx.md, "verify" );
693 if ( c->mfx.md2 )
694 gcry_md_start_debug ( c->mfx.md2, "verify2" );
695 }
696
697 rc=0;
698
699 if (literals_seen>1)
700 {
701 log_info (_("WARNING: multiple plaintexts seen\n"));
702
703 if (!opt.flags.allow_multiple_messages)
704 {
705 write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
706 log_inc_errorcount ();
707 rc = gpg_error (GPG_ERR_UNEXPECTED);
708 }
709 }
710
711 if(!rc)
712 {
713 rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
714 if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
715 {
716 /* Can't write output but we hash it anyway to check the
717 signature. */
718 rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
719 }
720 }
721
722 if( rc )
723 log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
724 free_packet(pkt);
725 c->last_was_session_key = 0;
726
727 /* We add a marker control packet instead of the plaintext packet.
728 * This is so that we can later detect invalid packet sequences.
729 */
730 n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
731 if (c->list)
732 add_kbnode (c->list, n);
733 else
734 c->list = n;
735 }
736
737
738 static int
739 proc_compressed_cb( IOBUF a, void *info )
740 {
741 if ( ((CTX)info)->signed_data.used
742 && ((CTX)info)->signed_data.data_fd != -1)
743 return proc_signature_packets_by_fd (info, a,
744 ((CTX)info)->signed_data.data_fd);
745 else
746 return proc_signature_packets (info, a,
747 ((CTX)info)->signed_data.data_names,
748 ((CTX)info)->sigfilename );
749 }
750
751 static int
752 proc_encrypt_cb( IOBUF a, void *info )
753 {
754 return proc_encryption_packets( info, a );
755 }
756
757 static void
758 proc_compressed( CTX c, PACKET *pkt )
759 {
760 PKT_compressed *zd = pkt->pkt.compressed;
761 int rc;
762
763 /*printf("zip: compressed data packet\n");*/
764 if( !zd->algorithm )
765 rc=G10ERR_COMPR_ALGO;
766 else if( c->sigs_only )
767 rc = handle_compressed( c, zd, proc_compressed_cb, c );
768 else if( c->encrypt_only )
769 rc = handle_compressed( c, zd, proc_encrypt_cb, c );
770 else
771 rc = handle_compressed( c, zd, NULL, NULL );
772 if( rc )
773 log_error("uncompressing failed: %s\n", g10_errstr(rc));
774 free_packet(pkt);
775 c->last_was_session_key = 0;
776 }
777
778 /****************
779 * check the signature
780 * Returns: 0 = valid signature or an error code
781 */
782 static int
783 do_check_sig( CTX c, KBNODE node, int *is_selfsig,
784 int *is_expkey, int *is_revkey )
785 {
786 PKT_signature *sig;
787 gcry_md_hd_t md = NULL, md2 = NULL;
788 int algo, rc;
789
790 assert( node->pkt->pkttype == PKT_SIGNATURE );
791 if( is_selfsig )
792 *is_selfsig = 0;
793 sig = node->pkt->pkt.signature;
794
795 algo = sig->digest_algo;
796 rc = openpgp_md_test_algo(algo);
797 if (rc)
798 return rc;
799
800 if( sig->sig_class == 0x00 ) {
801 if( c->mfx.md )
802 {
803 if (gcry_md_copy (&md, c->mfx.md ))
804 BUG ();
805 }
806 else /* detached signature */
807 {
808 /* signature_check() will enable the md*/
809 if (gcry_md_open (&md, 0, 0 ))
810 BUG ();
811 }
812 }
813 else if( sig->sig_class == 0x01 ) {
814 /* how do we know that we have to hash the (already hashed) text
815 * in canonical mode ??? (calculating both modes???) */
816 if( c->mfx.md ) {
817 if (gcry_md_copy (&md, c->mfx.md ))
818 BUG ();
819 if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
820 BUG ();
821 }
822 else { /* detached signature */
823 log_debug("Do we really need this here?");
824 /* signature_check() will enable the md*/
825 if (gcry_md_open (&md, 0, 0 ))
826 BUG ();
827 if (gcry_md_open (&md2, 0, 0 ))
828 BUG ();
829 }
830 }
831 else if( (sig->sig_class&~3) == 0x10
832 || sig->sig_class == 0x18
833 || sig->sig_class == 0x1f
834 || sig->sig_class == 0x20
835 || sig->sig_class == 0x28
836 || sig->sig_class == 0x30 ) {
837 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
838 || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
839 return check_key_signature( c->list, node, is_selfsig );
840 }
841 else if( sig->sig_class == 0x20 ) {
842 log_error (_("standalone revocation - "
843 "use \"gpg --import\" to apply\n"));
844 return G10ERR_NOT_PROCESSED;
845 }
846 else {
847 log_error("invalid root packet for sigclass %02x\n",
848 sig->sig_class);
849 return G10ERR_SIG_CLASS;
850 }
851 }
852 else
853 return G10ERR_SIG_CLASS;
854 rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
855 if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
856 rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
857 gcry_md_close(md);
858 gcry_md_close(md2);
859
860 return rc;
861 }
862
863
864 static void
865 print_userid( PACKET *pkt )
866 {
867 if( !pkt )
868 BUG();
869 if( pkt->pkttype != PKT_USER_ID ) {
870 printf("ERROR: unexpected packet type %d", pkt->pkttype );
871 return;
872 }
873 if( opt.with_colons )
874 {
875 if(pkt->pkt.user_id->attrib_data)
876 printf("%u %lu",
877 pkt->pkt.user_id->numattribs,
878 pkt->pkt.user_id->attrib_len);
879 else
880 print_string( stdout, pkt->pkt.user_id->name,
881 pkt->pkt.user_id->len, ':');
882 }
883 else
884 print_utf8_string( stdout, pkt->pkt.user_id->name,
885 pkt->pkt.user_id->len );
886 }
887
888
889 /****************
890 * List the certificate in a user friendly way
891 */
892
893 static void
894 list_node( CTX c, KBNODE node )
895 {
896 int any=0;
897 int mainkey;
898
899 if( !node )
900 ;
901 else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
902 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
903 PKT_public_key *pk = node->pkt->pkt.public_key;
904
905 if( opt.with_colons )
906 {
907 u32 keyid[2];
908 keyid_from_pk( pk, keyid );
909 if( mainkey )
910 c->trustletter = opt.fast_list_mode?
911 0 : get_validity_info( pk, NULL );
912 printf("%s:", mainkey? "pub":"sub" );
913 if( c->trustletter )
914 putchar( c->trustletter );
915 printf(":%u:%d:%08lX%08lX:%s:%s::",
916 nbits_from_pk( pk ),
917 pk->pubkey_algo,
918 (ulong)keyid[0],(ulong)keyid[1],
919 colon_datestr_from_pk( pk ),
920 colon_strtime (pk->expiredate) );
921 if( mainkey && !opt.fast_list_mode )
922 putchar( get_ownertrust_info (pk) );
923 putchar(':');
924 if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
925 putchar('\n'); any=1;
926 if( opt.fingerprint )
927 print_fingerprint( pk, NULL, 0 );
928 printf("rtv:1:%u:\n",
929 node->next->pkt->pkt.ring_trust->trustval );
930 }
931 }
932 else
933 printf("%s %4u%c/%s %s%s",
934 mainkey? "pub":"sub", nbits_from_pk( pk ),
935 pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
936 datestr_from_pk( pk ), mainkey?" ":"");
937
938 if( mainkey ) {
939 /* and now list all userids with their signatures */
940 for( node = node->next; node; node = node->next ) {
941 if( node->pkt->pkttype == PKT_SIGNATURE ) {
942 if( !any ) {
943 if( node->pkt->pkt.signature->sig_class == 0x20 )
944 puts("[revoked]");
945 else
946 putchar('\n');
947 any = 1;
948 }
949 list_node(c, node );
950 }
951 else if( node->pkt->pkttype == PKT_USER_ID ) {
952 if( any ) {
953 if( opt.with_colons )
954 printf("%s:::::::::",
955 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
956 else
957 printf( "uid%*s", 28, "" );
958 }
959 print_userid( node->pkt );
960 if( opt.with_colons )
961 putchar(':');
962 putchar('\n');
963 if( opt.fingerprint && !any )
964 print_fingerprint( pk, NULL, 0 );
965 if( opt.with_colons
966 && node->next
967 && node->next->pkt->pkttype == PKT_RING_TRUST ) {
968 printf("rtv:2:%u:\n",
969 node->next->pkt->pkt.ring_trust?
970 node->next->pkt->pkt.ring_trust->trustval : 0);
971 }
972 any=1;
973 }
974 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
975 if( !any ) {
976 putchar('\n');
977 any = 1;
978 }
979 list_node(c, node );
980 }
981 }
982 }
983 else
984 {
985 /* of subkey */
986 if( pk->is_revoked )
987 {
988 printf(" [");
989 printf(_("revoked: %s"),revokestr_from_pk(pk));
990 printf("]");
991 }
992 else if( pk->expiredate )
993 {
994 printf(" [");
995 printf(_("expires: %s"),expirestr_from_pk(pk));
996 printf("]");
997 }
998 }
999
1000 if( !any )
1001 putchar('\n');
1002 if( !mainkey && opt.fingerprint > 1 )
1003 print_fingerprint( pk, NULL, 0 );
1004 }
1005 else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1006 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1007 PKT_secret_key *sk = node->pkt->pkt.secret_key;
1008
1009 if( opt.with_colons )
1010 {
1011 u32 keyid[2];
1012 keyid_from_sk( sk, keyid );
1013 printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
1014 mainkey? "sec":"ssb",
1015 nbits_from_sk( sk ),
1016 sk->pubkey_algo,
1017 (ulong)keyid[0],(ulong)keyid[1],
1018 colon_datestr_from_sk( sk ),
1019 colon_strtime (sk->expiredate)
1020 /* fixme: add LID */ );
1021 }
1022 else
1023 printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
1024 nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
1025 keystr_from_sk( sk ), datestr_from_sk( sk ));
1026 if( mainkey ) {
1027 /* and now list all userids with their signatures */
1028 for( node = node->next; node; node = node->next ) {
1029 if( node->pkt->pkttype == PKT_SIGNATURE ) {
1030 if( !any ) {
1031 if( node->pkt->pkt.signature->sig_class == 0x20 )
1032 puts("[revoked]");
1033 else
1034 putchar('\n');
1035 any = 1;
1036 }
1037 list_node(c, node );
1038 }
1039 else if( node->pkt->pkttype == PKT_USER_ID ) {
1040 if( any ) {
1041 if( opt.with_colons )
1042 printf("%s:::::::::",
1043 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1044 else
1045 printf( "uid%*s", 28, "" );
1046 }
1047 print_userid( node->pkt );
1048 if( opt.with_colons )
1049 putchar(':');
1050 putchar('\n');
1051 if( opt.fingerprint && !any )
1052 print_fingerprint( NULL, sk, 0 );
1053 any=1;
1054 }
1055 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1056 if( !any ) {
1057 putchar('\n');
1058 any = 1;
1059 }
1060 list_node(c, node );
1061 }
1062 }
1063 }
1064 if( !any )
1065 putchar('\n');
1066 if( !mainkey && opt.fingerprint > 1 )
1067 print_fingerprint( NULL, sk, 0 );
1068 }
1069 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
1070 PKT_signature *sig = node->pkt->pkt.signature;
1071 int is_selfsig = 0;
1072 int rc2=0;
1073 size_t n;
1074 char *p;
1075 int sigrc = ' ';
1076
1077 if( !opt.verbose )
1078 return;
1079
1080 if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
1081 fputs("rev", stdout);
1082 else
1083 fputs("sig", stdout);
1084 if( opt.check_sigs ) {
1085 fflush(stdout);
1086 rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
1087 switch (gpg_err_code (rc2)) {
1088 case 0: sigrc = '!'; break;
1089 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1090 case GPG_ERR_NO_PUBKEY:
1091 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1092 default: sigrc = '%'; break;
1093 }
1094 }
1095 else { /* check whether this is a self signature */
1096 u32 keyid[2];
1097
1098 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
1099 || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
1100 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
1101 keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
1102 else
1103 keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
1104
1105 if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
1106 is_selfsig = 1;
1107 }
1108 }
1109 if( opt.with_colons ) {
1110 putchar(':');
1111 if( sigrc != ' ' )
1112 putchar(sigrc);
1113 printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1114 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1115 colon_datestr_from_sig(sig),
1116 colon_expirestr_from_sig(sig));
1117
1118 if(sig->trust_depth || sig->trust_value)
1119 printf("%d %d",sig->trust_depth,sig->trust_value);
1120 printf(":");
1121
1122 if(sig->trust_regexp)
1123 print_string(stdout,sig->trust_regexp,
1124 strlen(sig->trust_regexp),':');
1125 printf(":");
1126 }
1127 else
1128 printf("%c %s %s ",
1129 sigrc, keystr(sig->keyid), datestr_from_sig(sig));
1130 if( sigrc == '%' )
1131 printf("[%s] ", g10_errstr(rc2) );
1132 else if( sigrc == '?' )
1133 ;
1134 else if( is_selfsig ) {
1135 if( opt.with_colons )
1136 putchar(':');
1137 fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
1138 if( opt.with_colons )
1139 putchar(':');
1140 }
1141 else if( !opt.fast_list_mode ) {
1142 p = get_user_id( sig->keyid, &n );
1143 print_string( stdout, p, n, opt.with_colons );
1144 xfree(p);
1145 }
1146 if( opt.with_colons )
1147 printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1148 putchar('\n');
1149 }
1150 else
1151 log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
1152 }
1153
1154
1155
1156 int
1157 proc_packets( void *anchor, IOBUF a )
1158 {
1159 int rc;
1160 CTX c = xmalloc_clear( sizeof *c );
1161
1162 c->anchor = anchor;
1163 rc = do_proc_packets( c, a );
1164 xfree( c );
1165 return rc;
1166 }
1167
1168
1169
1170 int
1171 proc_signature_packets( void *anchor, IOBUF a,
1172 strlist_t signedfiles, const char *sigfilename )
1173 {
1174 CTX c = xmalloc_clear( sizeof *c );
1175 int rc;
1176
1177 c->anchor = anchor;
1178 c->sigs_only = 1;
1179
1180 c->signed_data.data_fd = -1;
1181 c->signed_data.data_names = signedfiles;
1182 c->signed_data.used = !!signedfiles;
1183
1184 c->sigfilename = sigfilename;
1185 rc = do_proc_packets( c, a );
1186
1187 /* If we have not encountered any signature we print an error
1188 messages, send a NODATA status back and return an error code.
1189 Using log_error is required because verify_files does not check
1190 error codes for each file but we want to terminate the process
1191 with an error. */
1192 if (!rc && !c->any_sig_seen)
1193 {
1194 write_status_text (STATUS_NODATA, "4");
1195 log_error (_("no signature found\n"));
1196 rc = G10ERR_NO_DATA;
1197 }
1198
1199 /* Propagate the signature seen flag upward. Do this only on
1200 success so that we won't issue the nodata status several
1201 times. */
1202 if (!rc && c->anchor && c->any_sig_seen)
1203 c->anchor->any_sig_seen = 1;
1204
1205 xfree( c );
1206 return rc;
1207 }
1208
1209 int
1210 proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
1211 {
1212 int rc;
1213 CTX c = xcalloc (1, sizeof *c);
1214
1215 c->anchor = anchor;
1216 c->sigs_only = 1;
1217
1218 c->signed_data.data_fd = signed_data_fd;
1219 c->signed_data.data_names = NULL;
1220 c->signed_data.used = (signed_data_fd != -1);
1221
1222 rc = do_proc_packets ( c, a );
1223
1224 /* If we have not encountered any signature we print an error
1225 messages, send a NODATA status back and return an error code.
1226 Using log_error is required because verify_files does not check
1227 error codes for each file but we want to terminate the process
1228 with an error. */
1229 if (!rc && !c->any_sig_seen)
1230 {
1231 write_status_text (STATUS_NODATA, "4");
1232 log_error (_("no signature found\n"));
1233 rc = gpg_error (GPG_ERR_NO_DATA);
1234 }
1235
1236 /* Propagate the signature seen flag upward. Do this only on success
1237 so that we won't issue the nodata status several times. */
1238 if (!rc && c->anchor && c->any_sig_seen)
1239 c->anchor->any_sig_seen = 1;
1240
1241 xfree ( c );
1242 return rc;
1243 }
1244
1245
1246 int
1247 proc_encryption_packets( void *anchor, IOBUF a )
1248 {
1249 CTX c = xmalloc_clear( sizeof *c );
1250 int rc;
1251
1252 c->anchor = anchor;
1253 c->encrypt_only = 1;
1254 rc = do_proc_packets( c, a );
1255 xfree( c );
1256 return rc;
1257 }
1258
1259
1260 int
1261 do_proc_packets( CTX c, IOBUF a )
1262 {
1263 PACKET *pkt = xmalloc( sizeof *pkt );
1264 int rc=0;
1265 int any_data=0;
1266 int newpkt;
1267
1268 c->iobuf = a;
1269 init_packet(pkt);
1270 while( (rc=parse_packet(a, pkt)) != -1 ) {
1271 any_data = 1;
1272 if( rc ) {
1273 free_packet(pkt);
1274 /* stop processing when an invalid packet has been encountered
1275 * but don't do so when we are doing a --list-packets. */
1276 if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1277 && opt.list_packets != 2 )
1278 break;
1279 continue;
1280 }
1281 newpkt = -1;
1282 if( opt.list_packets ) {
1283 switch( pkt->pkttype ) {
1284 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1285 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1286 case PKT_ENCRYPTED:
1287 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1288 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1289 default: newpkt = 0; break;
1290 }
1291 }
1292 else if( c->sigs_only ) {
1293 switch( pkt->pkttype ) {
1294 case PKT_PUBLIC_KEY:
1295 case PKT_SECRET_KEY:
1296 case PKT_USER_ID:
1297 case PKT_SYMKEY_ENC:
1298 case PKT_PUBKEY_ENC:
1299 case PKT_ENCRYPTED:
1300 case PKT_ENCRYPTED_MDC:
1301 write_status_text( STATUS_UNEXPECTED, "0" );
1302 rc = G10ERR_UNEXPECTED;
1303 goto leave;
1304 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1305 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1306 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1307 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1308 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1309 default: newpkt = 0; break;
1310 }
1311 }
1312 else if( c->encrypt_only ) {
1313 switch( pkt->pkttype ) {
1314 case PKT_PUBLIC_KEY:
1315 case PKT_SECRET_KEY:
1316 case PKT_USER_ID:
1317 write_status_text( STATUS_UNEXPECTED, "0" );
1318 rc = G10ERR_UNEXPECTED;
1319 goto leave;
1320 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1321 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1322 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1323 case PKT_ENCRYPTED:
1324 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1325 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1326 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1327 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1328 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1329 default: newpkt = 0; break;
1330 }
1331 }
1332 else {
1333 switch( pkt->pkttype ) {
1334 case PKT_PUBLIC_KEY:
1335 case PKT_SECRET_KEY:
1336 release_list( c );
1337 c->list = new_kbnode( pkt );
1338 newpkt = 1;
1339 break;
1340 case PKT_PUBLIC_SUBKEY:
1341 case PKT_SECRET_SUBKEY:
1342 newpkt = add_subkey( c, pkt );
1343 break;
1344 case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
1345 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1346 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1347 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1348 case PKT_ENCRYPTED:
1349 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1350 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1351 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1352 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1353 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1354 case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
1355 default: newpkt = 0; break;
1356 }
1357 }
1358 /* This is a very ugly construct and frankly, I don't remember why
1359 * I used it. Adding the MDC check here is a hack.
1360 * The right solution is to initiate another context for encrypted
1361 * packet and not to reuse the current one ... It works right
1362 * when there is a compression packet inbetween which adds just
1363 * an extra layer.
1364 * Hmmm: Rewrite this whole module here??
1365 */
1366 if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
1367 c->have_data = pkt->pkttype == PKT_PLAINTEXT;
1368
1369 if( newpkt == -1 )
1370 ;
1371 else if( newpkt ) {
1372 pkt = xmalloc( sizeof *pkt );
1373 init_packet(pkt);
1374 }
1375 else
1376 free_packet(pkt);
1377 }
1378 if( rc == G10ERR_INVALID_PACKET )
1379 write_status_text( STATUS_NODATA, "3" );
1380 if( any_data )
1381 rc = 0;
1382 else if( rc == -1 )
1383 write_status_text( STATUS_NODATA, "2" );
1384
1385
1386 leave:
1387 release_list( c );
1388 xfree(c->dek);
1389 free_packet( pkt );
1390 xfree( pkt );
1391 free_md_filter_context( &c->mfx );
1392 return rc;
1393 }
1394
1395
1396 /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1397 of the notation data. */
1398 static pka_info_t *
1399 get_pka_address (PKT_signature *sig)
1400 {
1401 pka_info_t *pka = NULL;
1402 struct notation *nd,*notation;
1403
1404 notation=sig_to_notation(sig);
1405
1406 for(nd=notation;nd;nd=nd->next)
1407 {
1408 if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1409 continue; /* Not the notation we want. */
1410
1411 /* For now we only use the first valid PKA notation. In future
1412 we might want to keep additional PKA notations in a linked
1413 list. */
1414 if (is_valid_mailbox (nd->value))
1415 {
1416 pka = xmalloc (sizeof *pka + strlen(nd->value));
1417 pka->valid = 0;
1418 pka->checked = 0;
1419 pka->uri = NULL;
1420 strcpy (pka->email, nd->value);
1421 break;
1422 }
1423 }
1424
1425 free_notation(notation);
1426
1427 return pka;
1428 }
1429
1430
1431 /* Return the URI from a DNS PKA record. If this record has already
1432 be retrieved for the signature we merely return it; if not we go
1433 out and try to get that DNS record. */
1434 static const char *
1435 pka_uri_from_sig (PKT_signature *sig)
1436 {
1437 if (!sig->flags.pka_tried)
1438 {
1439 assert (!sig->pka_info);
1440 sig->flags.pka_tried = 1;
1441 sig->pka_info = get_pka_address (sig);
1442 if (sig->pka_info)
1443 {
1444 char *uri;
1445
1446 uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
1447 if (uri)
1448 {
1449 sig->pka_info->valid = 1;
1450 if (!*uri)
1451 xfree (uri);
1452 else
1453 sig->pka_info->uri = uri;
1454 }
1455 }
1456 }
1457 return sig->pka_info? sig->pka_info->uri : NULL;
1458 }
1459
1460
1461 static int
1462 check_sig_and_print( CTX c, KBNODE node )
1463 {
1464 PKT_signature *sig = node->pkt->pkt.signature;
1465 const char *astr;
1466 int rc, is_expkey=0, is_revkey=0;
1467
1468 if (opt.skip_verify)
1469 {
1470 log_info(_("signature verification suppressed\n"));
1471 return 0;
1472 }
1473
1474 /* Check that the message composition is valid.
1475
1476 Per RFC-2440bis (-15) allowed:
1477
1478 S{1,n} -- detached signature.
1479 S{1,n} P -- old style PGP2 signature
1480 O{1,n} P S{1,n} -- standard OpenPGP signature.
1481 C P S{1,n} -- cleartext signature.
1482
1483
1484 O = One-Pass Signature packet.
1485 S = Signature packet.
1486 P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1487 (Note that the current rfc2440bis draft also allows
1488 for a signed message but that does not work as it
1489 introduces ambiguities.)
1490 We keep track of these packages using the marker packet
1491 CTRLPKT_PLAINTEXT_MARK.
1492 C = Marker packet for cleartext signatures.
1493
1494 We reject all other messages.
1495
1496 Actually we are calling this too often, i.e. for verification of
1497 each message but better have some duplicate work than to silently
1498 introduce a bug here.
1499 */
1500 {
1501 KBNODE n;
1502 int n_onepass, n_sig;
1503
1504 /* log_debug ("checking signature packet composition\n"); */
1505 /* dump_kbnode (c->list); */
1506
1507 n = c->list;
1508 assert (n);
1509 if ( n->pkt->pkttype == PKT_SIGNATURE )
1510 {
1511 /* This is either "S{1,n}" case (detached signature) or
1512 "S{1,n} P" (old style PGP2 signature). */
1513 for (n = n->next; n; n = n->next)
1514 if (n->pkt->pkttype != PKT_SIGNATURE)
1515 break;
1516 if (!n)
1517 ; /* Okay, this is a detached signature. */
1518 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1519 && (n->pkt->pkt.gpg_control->control
1520 == CTRLPKT_PLAINTEXT_MARK) )
1521 {
1522 if (n->next)
1523 goto ambiguous; /* We only allow one P packet. */
1524 }
1525 else
1526 goto ambiguous;
1527 }
1528 else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1529 {
1530 /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1531 for (n_onepass=1, n = n->next;
1532 n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1533 n_onepass++;
1534 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1535 && (n->pkt->pkt.gpg_control->control
1536 == CTRLPKT_PLAINTEXT_MARK)))
1537 goto ambiguous;
1538 for (n_sig=0, n = n->next;
1539 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1540 n_sig++;
1541 if (!n_sig)
1542 goto ambiguous;
1543
1544 /* If we wanted to disallow multiple sig verification, we'd do
1545 something like this:
1546
1547 if (n && !opt.allow_multisig_verification)
1548 goto ambiguous;
1549
1550 However, now that we have --allow-multiple-messages, this
1551 can stay allowable as we can't get here unless multiple
1552 messages (i.e. multiple literals) are allowed. */
1553
1554 if (n_onepass != n_sig)
1555 {
1556 log_info ("number of one-pass packets does not match "
1557 "number of signature packets\n");
1558 goto ambiguous;
1559 }
1560 }
1561 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1562 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1563 {
1564 /* This is the "C P S{1,n}" case (clear text signature). */
1565 n = n->next;
1566 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1567 && (n->pkt->pkt.gpg_control->control
1568 == CTRLPKT_PLAINTEXT_MARK)))
1569 goto ambiguous;
1570 for (n_sig=0, n = n->next;
1571 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1572 n_sig++;
1573 if (n || !n_sig)
1574 goto ambiguous;
1575 }
1576 else
1577 {
1578 ambiguous:
1579 log_error(_("can't handle this ambiguous signature data\n"));
1580 return 0;
1581 }
1582
1583 }
1584
1585 /* (Indendation below not yet changed to GNU style.) */
1586
1587 astr = gcry_pk_algo_name ( sig->pubkey_algo );
1588 if(keystrlen()>8)
1589 {
1590 log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
1591 log_info(_(" using %s key %s\n"),
1592 astr? astr: "?",keystr(sig->keyid));
1593 }
1594 else
1595 log_info(_("Signature made %s using %s key ID %s\n"),
1596 asctimestamp(sig->timestamp), astr? astr: "?",
1597 keystr(sig->keyid));
1598
1599 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1600
1601 /* If the key isn't found, check for a preferred keyserver */
1602
1603 if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
1604 {
1605 const byte *p;
1606 int seq=0;
1607 size_t n;
1608
1609 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1610 {
1611 /* According to my favorite copy editor, in English
1612 grammar, you say "at" if the key is located on a web
1613 page, but "from" if it is located on a keyserver. I'm
1614 not going to even try to make two strings here :) */
1615 log_info(_("Key available at: ") );
1616 print_utf8_string( log_get_stream(), p, n );
1617 log_printf ("\n");
1618
1619 if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1620 && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1621 {
1622 struct keyserver_spec *spec;
1623
1624 spec=parse_preferred_keyserver(sig);
1625 if(spec)
1626 {
1627 int res;
1628
1629 glo_ctrl.in_auto_key_retrieve++;
1630 res=keyserver_import_keyid(sig->keyid,spec);
1631 glo_ctrl.in_auto_key_retrieve--;
1632 if(!res)
1633 rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1634 free_keyserver_spec(spec);
1635
1636 if(!rc)
1637 break;
1638 }
1639 }
1640 }
1641 }
1642
1643 /* If the preferred keyserver thing above didn't work, our second
1644 try is to use the URI from a DNS PKA record. */
1645 if ( rc == G10ERR_NO_PUBKEY
1646 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1647 && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
1648 {
1649 const char *uri = pka_uri_from_sig (sig);
1650
1651 if (uri)
1652 {
1653 /* FIXME: We might want to locate the key using the
1654 fingerprint instead of the keyid. */
1655 int res;
1656 struct keyserver_spec *spec;
1657
1658 spec = parse_keyserver_uri (uri, 1, NULL, 0);
1659 if (spec)
1660 {
1661 glo_ctrl.in_auto_key_retrieve++;
1662 res = keyserver_import_keyid (sig->keyid, spec);
1663 glo_ctrl.in_auto_key_retrieve--;
1664 free_keyserver_spec (spec);
1665 if (!res)
1666 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1667 }
1668 }
1669 }
1670
1671 /* If the preferred keyserver thing above didn't work and we got
1672 no information from the DNS PKA, this is a third try. */
1673
1674 if( rc == G10ERR_NO_PUBKEY && opt.keyserver
1675 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1676 {
1677 int res;
1678
1679 glo_ctrl.in_auto_key_retrieve++;
1680 res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
1681 glo_ctrl.in_auto_key_retrieve--;
1682 if(!res)
1683 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1684 }
1685
1686 if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
1687 KBNODE un, keyblock;
1688 int count=0, statno;
1689 char keyid_str[50];
1690 PKT_public_key *pk=NULL;
1691
1692 if(rc)
1693 statno=STATUS_BADSIG;
1694 else if(sig->flags.expired)
1695 statno=STATUS_EXPSIG;
1696 else if(is_expkey)
1697 statno=STATUS_EXPKEYSIG;
1698 else if(is_revkey)
1699 statno=STATUS_REVKEYSIG;
1700 else
1701 statno=STATUS_GOODSIG;
1702
1703 keyblock = get_pubkeyblock( sig->keyid );
1704
1705 sprintf (keyid_str, "%08lX%08lX [uncertain] ",
1706 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1707
1708 /* find and print the primary user ID */
1709 for( un=keyblock; un; un = un->next ) {
1710 char *p;
1711 int valid;
1712 if(un->pkt->pkttype==PKT_PUBLIC_KEY)
1713 {
1714 pk=un->pkt->pkt.public_key;
1715 continue;
1716 }
1717 if( un->pkt->pkttype != PKT_USER_ID )
1718 continue;
1719 if ( !un->pkt->pkt.user_id->created )
1720 continue;
1721 if ( un->pkt->pkt.user_id->is_revoked )
1722 continue;
1723 if ( un->pkt->pkt.user_id->is_expired )
1724 continue;
1725 if ( !un->pkt->pkt.user_id->is_primary )
1726 continue;
1727 /* We want the textual primary user ID here */
1728 if ( un->pkt->pkt.user_id->attrib_data )
1729 continue;
1730
1731 assert(pk);
1732
1733 /* Get it before we print anything to avoid interrupting
1734 the output with the "please do a --check-trustdb"
1735 line. */
1736 valid=get_validity(pk,un->pkt->pkt.user_id);
1737
1738 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1739 write_status_text_and_buffer (statno, keyid_str,
1740 un->pkt->pkt.user_id->name,
1741 un->pkt->pkt.user_id->len,
1742 -1 );
1743
1744 p=utf8_to_native(un->pkt->pkt.user_id->name,
1745 un->pkt->pkt.user_id->len,0);
1746
1747 if(rc)
1748 log_info(_("BAD signature from \"%s\""),p);
1749 else if(sig->flags.expired)
1750 log_info(_("Expired signature from \"%s\""),p);
1751 else
1752 log_info(_("Good signature from \"%s\""),p);
1753
1754 xfree(p);
1755
1756 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1757 log_printf (" [%s]\n",trust_value_to_string(valid));
1758 else
1759 log_printf ("\n");
1760 count++;
1761 }
1762 if( !count ) { /* just in case that we have no valid textual
1763 userid */
1764 char *p;
1765
1766 /* Try for an invalid textual userid */
1767 for( un=keyblock; un; un = un->next ) {
1768 if( un->pkt->pkttype == PKT_USER_ID &&
1769 !un->pkt->pkt.user_id->attrib_data )
1770 break;
1771 }
1772
1773 /* Try for any userid at all */
1774 if(!un) {
1775 for( un=keyblock; un; un = un->next ) {
1776 if( un->pkt->pkttype == PKT_USER_ID )
1777 break;
1778 }
1779 }
1780
1781 if (opt.trust_model==TM_ALWAYS || !un)
1782 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1783
1784 write_status_text_and_buffer (statno, keyid_str,
1785 un? un->pkt->pkt.user_id->name:"[?]",
1786 un? un->pkt->pkt.user_id->len:3,
1787 -1 );
1788
1789 if(un)
1790 p=utf8_to_native(un->pkt->pkt.user_id->name,
1791 un->pkt->pkt.user_id->len,0);
1792 else
1793 p=xstrdup("[?]");
1794
1795 if(rc)
1796 log_info(_("BAD signature from \"%s\""),p);
1797 else if(sig->flags.expired)
1798 log_info(_("Expired signature from \"%s\""),p);
1799 else
1800 log_info(_("Good signature from \"%s\""),p);
1801 if (opt.trust_model!=TM_ALWAYS && un)
1802 log_printf (" %s",_("[uncertain]") );
1803 log_printf ("\n");
1804 }
1805
1806 /* If we have a good signature and already printed
1807 * the primary user ID, print all the other user IDs */
1808 if ( count && !rc
1809 && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
1810 char *p;
1811 for( un=keyblock; un; un = un->next ) {
1812 if( un->pkt->pkttype != PKT_USER_ID )
1813 continue;
1814 if((un->pkt->pkt.user_id->is_revoked
1815 || un->pkt->pkt.user_id->is_expired)
1816 && !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
1817 continue;
1818 /* Only skip textual primaries */
1819 if ( un->pkt->pkt.user_id->is_primary &&
1820 !un->pkt->pkt.user_id->attrib_data )
1821 continue;
1822
1823 if(un->pkt->pkt.user_id->attrib_data)
1824 {
1825 dump_attribs(un->pkt->pkt.user_id,pk,NULL);
1826
1827 if(opt.verify_options&VERIFY_SHOW_PHOTOS)
1828 show_photos(un->pkt->pkt.user_id->attribs,
1829 un->pkt->pkt.user_id->numattribs,
1830 pk,NULL,un->pkt->pkt.user_id);
1831 }
1832
1833 p=utf8_to_native(un->pkt->pkt.user_id->name,
1834 un->pkt->pkt.user_id->len,0);
1835 log_info(_(" aka \"%s\""),p);
1836 xfree(p);
1837
1838 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1839 {
1840 const char *valid;
1841 if(un->pkt->pkt.user_id->is_revoked)
1842 valid=_("revoked");
1843 else if(un->pkt->pkt.user_id->is_expired)
1844 valid=_("expired");
1845 else
1846 valid=trust_value_to_string(get_validity(pk,
1847 un->pkt->
1848 pkt.user_id));
1849 log_printf (" [%s]\n",valid);
1850 }
1851 else
1852 log_printf ("\n");
1853 }
1854 }
1855 release_kbnode( keyblock );
1856
1857 if( !rc )
1858 {
1859 if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
1860 show_policy_url(sig,0,1);
1861 else
1862 show_policy_url(sig,0,2);
1863
1864 if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
1865 show_keyserver_url(sig,0,1);
1866 else
1867 show_keyserver_url(sig,0,2);
1868
1869 if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
1870 show_notation(sig,0,1,
1871 ((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
1872 ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
1873 else
1874 show_notation(sig,0,2,0);
1875 }
1876
1877 if( !rc && is_status_enabled() ) {
1878 /* print a status response with the fingerprint */
1879 PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
1880
1881 if( !get_pubkey( vpk, sig->keyid ) ) {
1882 byte array[MAX_FINGERPRINT_LEN], *p;
1883 char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
1884 size_t i, n;
1885
1886 bufp = buf;
1887 fingerprint_from_pk( vpk, array, &n );
1888 p = array;
1889 for(i=0; i < n ; i++, p++, bufp += 2)
1890 sprintf(bufp, "%02X", *p );
1891 /* TODO: Replace the reserved '0' in the field below
1892 with bits for status flags (policy url, notation,
1893 etc.). Remember to make the buffer larger to
1894 match! */
1895 sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
1896 strtimestamp( sig->timestamp ),
1897 (ulong)sig->timestamp,(ulong)sig->expiredate,
1898 sig->version,sig->pubkey_algo,sig->digest_algo,
1899 sig->sig_class);
1900 bufp = bufp + strlen (bufp);
1901 if (!vpk->is_primary) {
1902 u32 akid[2];
1903
1904 akid[0] = vpk->main_keyid[0];
1905 akid[1] = vpk->main_keyid[1];
1906 free_public_key (vpk);
1907 vpk = xmalloc_clear( sizeof *vpk );
1908 if (get_pubkey (vpk, akid)) {
1909 /* impossible error, we simply return a zeroed out fpr */
1910 n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
1911 memset (array, 0, n);
1912 }
1913 else
1914 fingerprint_from_pk( vpk, array, &n );
1915 }
1916 p = array;
1917 for(i=0; i < n ; i++, p++, bufp += 2)
1918 sprintf(bufp, "%02X", *p );
1919 write_status_text( STATUS_VALIDSIG, buf );
1920 }
1921 free_public_key( vpk );
1922 }
1923
1924 if (!rc)
1925 {
1926 if(opt.verify_options&VERIFY_PKA_LOOKUPS)
1927 pka_uri_from_sig (sig); /* Make sure PKA info is available. */
1928 rc = check_signatures_trust( sig );
1929 }
1930
1931 if(sig->flags.expired)
1932 {
1933 log_info(_("Signature expired %s\n"),
1934 asctimestamp(sig->expiredate));
1935 rc=G10ERR_GENERAL; /* need a better error here? */
1936 }
1937 else if(sig->expiredate)
1938 log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
1939
1940 if(opt.verbose)
1941 log_info(_("%s signature, digest algorithm %s\n"),
1942 sig->sig_class==0x00?_("binary"):
1943 sig->sig_class==0x01?_("textmode"):_("unknown"),
1944 gcry_md_algo_name (sig->digest_algo));
1945
1946 if( rc )
1947 g10_errors_seen = 1;
1948 if( opt.batch && rc )
1949 g10_exit(1);
1950 }
1951 else {
1952 char buf[50];
1953 sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
1954 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1955 sig->pubkey_algo, sig->digest_algo,
1956 sig->sig_class, (ulong)sig->timestamp, rc );
1957 write_status_text( STATUS_ERRSIG, buf );
1958 if( rc == G10ERR_NO_PUBKEY ) {
1959 buf[16] = 0;
1960 write_status_text( STATUS_NO_PUBKEY, buf );
1961 }
1962 if( rc != G10ERR_NOT_PROCESSED )
1963 log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
1964 }
1965 return rc;
1966 }
1967
1968
1969 /****************
1970 * Process the tree which starts at node
1971 */
1972 static void
1973 proc_tree( CTX c, KBNODE node )
1974 {
1975 KBNODE n1;
1976 int rc;
1977
1978 if( opt.list_packets || opt.list_only )
1979 return;
1980
1981 /* we must skip our special plaintext marker packets here becuase
1982 they may be the root packet. These packets are only used in
1983 addionla checks and skipping them here doesn't matter */
1984 while ( node
1985 && node->pkt->pkttype == PKT_GPG_CONTROL
1986 && node->pkt->pkt.gpg_control->control
1987 == CTRLPKT_PLAINTEXT_MARK ) {
1988 node = node->next;
1989 }
1990 if (!node)
1991 return;
1992
1993 c->trustletter = ' ';
1994 if( node->pkt->pkttype == PKT_PUBLIC_KEY
1995 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
1996 merge_keys_and_selfsig( node );
1997 list_node( c, node );
1998 }
1999 else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
2000 merge_keys_and_selfsig( node );
2001 list_node( c, node );
2002 }
2003 else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
2004 /* check all signatures */
2005 if( !c->have_data ) {
2006 int use_textmode = 0;
2007
2008 free_md_filter_context( &c->mfx );
2009 /* prepare to create all requested message digests */
2010 if (gcry_md_open (&c->mfx.md, 0, 0))
2011 BUG ();
2012
2013 /* fixme: why looking for the signature packet and not the
2014 one-pass packet? */
2015 for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2016 {
2017 gcry_md_enable (c->mfx.md,
2018 n1->pkt->pkt.signature->digest_algo);
2019 }
2020
2021 if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2022 use_textmode = 1;
2023
2024 /* Ask for file and hash it. */
2025 if( c->sigs_only ) {
2026 if (c->signed_data.used && c->signed_data.data_fd != -1)
2027 rc = hash_datafile_by_fd (c->mfx.md, NULL,
2028 c->signed_data.data_fd,
2029 use_textmode);
2030 else
2031 rc = hash_datafiles (c->mfx.md, NULL,
2032 c->signed_data.data_names,
2033 c->sigfilename,
2034 use_textmode );
2035 }
2036 else {
2037 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2038 iobuf_get_real_fname(c->iobuf),
2039 use_textmode );
2040 }
2041 if( rc ) {
2042 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2043 return;
2044 }
2045 }
2046 else if ( c->signed_data.used ) {
2047 log_error (_("not a detached signature\n") );
2048 return;
2049 }
2050
2051 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2052 check_sig_and_print( c, n1 );
2053 }
2054 else if( node->pkt->pkttype == PKT_GPG_CONTROL
2055 && node->pkt->pkt.gpg_control->control
2056 == CTRLPKT_CLEARSIGN_START ) {
2057 /* clear text signed message */
2058 if( !c->have_data ) {
2059 log_error("cleartext signature without data\n" );
2060 return;
2061 }
2062 else if ( c->signed_data.used ) {
2063 log_error (_("not a detached signature\n") );
2064 return;
2065 }
2066
2067 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2068 check_sig_and_print( c, n1 );
2069 }
2070 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2071 PKT_signature *sig = node->pkt->pkt.signature;
2072 int multiple_ok=1;
2073
2074 n1=find_next_kbnode(node, PKT_SIGNATURE);
2075 if(n1)
2076 {
2077 byte class=sig->sig_class;
2078 byte hash=sig->digest_algo;
2079
2080 for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2081 {
2082 /* We can't currently handle multiple signatures of
2083 different classes or digests (we'd pretty much have
2084 to run a different hash context for each), but if
2085 they are all the same, make an exception. */
2086 if(n1->pkt->pkt.signature->sig_class!=class
2087 || n1->pkt->pkt.signature->digest_algo!=hash)
2088 {
2089 multiple_ok=0;
2090 log_info(_("WARNING: multiple signatures detected. "
2091 "Only the first will be checked.\n"));
2092 break;
2093 }
2094 }
2095 }
2096
2097 if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
2098 log_info(_("standalone signature of class 0x%02x\n"),
2099 sig->sig_class);
2100 else if( !c->have_data ) {
2101 /* detached signature */
2102 free_md_filter_context( &c->mfx );
2103 if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
2104 BUG ();
2105
2106 if( !opt.pgp2_workarounds )
2107 ;
2108 else if( sig->digest_algo == DIGEST_ALGO_MD5
2109 && is_RSA( sig->pubkey_algo ) ) {
2110 /* enable a workaround for a pgp2 bug */
2111 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
2112 BUG ();
2113 }
2114 else if( sig->digest_algo == DIGEST_ALGO_SHA1
2115 && sig->pubkey_algo == PUBKEY_ALGO_DSA
2116 && sig->sig_class == 0x01 ) {
2117 /* enable the workaround also for pgp5 when the detached
2118 * signature has been created in textmode */
2119 if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
2120 BUG ();
2121 }
2122 #if 0 /* workaround disabled */
2123 /* Here we have another hack to work around a pgp 2 bug
2124 * It works by not using the textmode for detached signatures;
2125 * this will let the first signature check (on md) fail
2126 * but the second one (on md2) which adds an extra CR should
2127 * then produce the "correct" hash. This is very, very ugly
2128 * hack but it may help in some cases (and break others)
2129 */
2130 /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
2131 #endif
2132 if ( DBG_HASHING ) {
2133 gcry_md_start_debug( c->mfx.md, "verify" );
2134 if ( c->mfx.md2 )
2135 gcry_md_start_debug( c->mfx.md2, "verify2" );
2136 }
2137 if( c->sigs_only ) {
2138 if (c->signed_data.used && c->signed_data.data_fd != -1)
2139 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2140 c->signed_data.data_fd,
2141 (sig->sig_class == 0x01));
2142 else
2143 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2144 c->signed_data.data_names,
2145 c->sigfilename,
2146 (sig->sig_class == 0x01));
2147 }
2148 else {
2149 rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
2150 iobuf_get_real_fname(c->iobuf),
2151 (sig->sig_class == 0x01) );
2152 }
2153 if( rc ) {
2154 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2155 return;
2156 }
2157 }
2158 else if ( c->signed_data.used ) {
2159 log_error (_("not a detached signature\n") );
2160 return;
2161 }
2162 else if (!opt.quiet)
2163 log_info(_("old style (PGP 2.x) signature\n"));
2164
2165 if(multiple_ok)
2166 for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
2167 check_sig_and_print( c, n1 );
2168 else
2169 check_sig_and_print( c, node );
2170 }
2171 else {
2172 dump_kbnode (c->list);
2173 log_error(_("invalid root packet detected in proc_tree()\n"));
2174 dump_kbnode (node);
2175 }
2176 }
gnupg svn clone