search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
agent/
[gnupg.git] / g10 / mainproc.c
blobc3d082c56496e2f44f9cbca5189ad8443d582a33
1 /* mainproc.c - handle packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
26 #include <time.h>
27
28 #include "gpg.h"
29 #include "packet.h"
30 #include "iobuf.h"
31 #include "options.h"
32 #include "util.h"
33 #include "cipher.h"
34 #include "keydb.h"
35 #include "filter.h"
36 #include "main.h"
37 #include "status.h"
38 #include "i18n.h"
39 #include "trustdb.h"
40 #include "keyserver-internal.h"
41 #include "photoid.h"
42 #include "pka.h"
43
44
45 struct kidlist_item {
46 struct kidlist_item *next;
47 u32 kid[2];
48 int pubkey_algo;
49 int reason;
50 };
51
52
53 /****************
54 * Structure to hold the context
55 */
56 typedef struct mainproc_context *CTX;
57 struct mainproc_context
58 {
59 struct mainproc_context *anchor; /* May be useful in the future. */
60 PKT_public_key *last_pubkey;
61 PKT_secret_key *last_seckey;
62 PKT_user_id *last_user_id;
63 md_filter_context_t mfx;
64 int sigs_only; /* Process only signatures and reject all other stuff. */
65 int encrypt_only; /* Process only encryption messages. */
66
67 /* Name of the file with the complete signature or the file with the
68 detached signature. This is currently only used to deduce the
69 file name of the data file if that has not been given. */
70 const char *sigfilename;
71
72 /* A structure to describe the signed data in case of a detached
73 signature. */
74 struct
75 {
76 /* A file descriptor of the the signed data. Only used if not -1. */
77 int data_fd;
78 /* A list of filenames with the data files or NULL. This is only
79 used if DATA_FD is -1. */
80 strlist_t data_names;
81 /* Flag to indicated that either one of the next previous fieldss
82 is used. This is only needed for better readability. */
83 int used;
84 } signed_data;
85
86 DEK *dek;
87 int last_was_session_key;
88 KBNODE list; /* The current list of packets. */
89 int have_data;
90 IOBUF iobuf; /* Used to get the filename etc. */
91 int trustletter; /* Temporary usage in list_node. */
92 ulong symkeys;
93 struct kidlist_item *pkenc_list; /* List of encryption packets. */
94 int any_sig_seen; /* Set to true if a signature packet has been seen. */
95 };
96
97
98 static int do_proc_packets( CTX c, IOBUF a );
99 static void list_node( CTX c, KBNODE node );
100 static void proc_tree( CTX c, KBNODE node );
101 static int literals_seen;
102
103 void
104 reset_literals_seen(void)
105 {
106 literals_seen=0;
107 }
108
109 static void
110 release_list( CTX c )
111 {
112 if( !c->list )
113 return;
114 proc_tree(c, c->list );
115 release_kbnode( c->list );
116 while( c->pkenc_list ) {
117 struct kidlist_item *tmp = c->pkenc_list->next;
118 xfree( c->pkenc_list );
119 c->pkenc_list = tmp;
120 }
121 c->pkenc_list = NULL;
122 c->list = NULL;
123 c->have_data = 0;
124 c->last_was_session_key = 0;
125 xfree(c->dek); c->dek = NULL;
126 }
127
128
129 static int
130 add_onepass_sig( CTX c, PACKET *pkt )
131 {
132 KBNODE node;
133
134 if ( c->list ) /* add another packet */
135 add_kbnode( c->list, new_kbnode( pkt ));
136 else /* insert the first one */
137 c->list = node = new_kbnode( pkt );
138
139 return 1;
140 }
141
142
143 static int
144 add_gpg_control( CTX c, PACKET *pkt )
145 {
146 if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
147 /* New clear text signature.
148 * Process the last one and reset everything */
149 release_list(c);
150 }
151
152 if( c->list ) /* add another packet */
153 add_kbnode( c->list, new_kbnode( pkt ));
154 else /* insert the first one */
155 c->list = new_kbnode( pkt );
156
157 return 1;
158 }
159
160
161
162 static int
163 add_user_id( CTX c, PACKET *pkt )
164 {
165 if( !c->list ) {
166 log_error("orphaned user ID\n" );
167 return 0;
168 }
169 add_kbnode( c->list, new_kbnode( pkt ) );
170 return 1;
171 }
172
173 static int
174 add_subkey( CTX c, PACKET *pkt )
175 {
176 if( !c->list ) {
177 log_error("subkey w/o mainkey\n" );
178 return 0;
179 }
180 add_kbnode( c->list, new_kbnode( pkt ) );
181 return 1;
182 }
183
184 static int
185 add_ring_trust( CTX c, PACKET *pkt )
186 {
187 if( !c->list ) {
188 log_error("ring trust w/o key\n" );
189 return 0;
190 }
191 add_kbnode( c->list, new_kbnode( pkt ) );
192 return 1;
193 }
194
195
196 static int
197 add_signature( CTX c, PACKET *pkt )
198 {
199 KBNODE node;
200
201 c->any_sig_seen = 1;
202 if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
203 /* This is the first signature for the following datafile.
204 * GPG does not write such packets; instead it always uses
205 * onepass-sig packets. The drawback of PGP's method
206 * of prepending the signature to the data is
207 * that it is not possible to make a signature from data read
208 * from stdin. (GPG is able to read PGP stuff anyway.) */
209 node = new_kbnode( pkt );
210 c->list = node;
211 return 1;
212 }
213 else if( !c->list )
214 return 0; /* oops (invalid packet sequence)*/
215 else if( !c->list->pkt )
216 BUG(); /* so nicht */
217
218 /* add a new signature node id at the end */
219 node = new_kbnode( pkt );
220 add_kbnode( c->list, node );
221 return 1;
222 }
223
224 static int
225 symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
226 {
227 gcry_cipher_hd_t hd;
228
229 if(slen < 17 || slen > 33)
230 {
231 log_error ( _("weird size for an encrypted session key (%d)\n"),
232 (int)slen);
233 return G10ERR_BAD_KEY;
234 }
235
236 if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
237 BUG ();
238 if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
239 BUG ();
240 gcry_cipher_setiv ( hd, NULL, 0 );
241 gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
242 gcry_cipher_close ( hd );
243
244 /* Now we replace the dek components with the real session key to
245 decrypt the contents of the sequencing packet. */
246
247 dek->keylen=slen-1;
248 dek->algo=seskey[0];
249
250 if(dek->keylen > DIM(dek->key))
251 BUG ();
252
253 /* This is not completely accurate, since a bad passphrase may have
254 resulted in a garbage algorithm byte, but it's close enough since
255 a bogus byte here will fail later. */
256 if(dek->algo==CIPHER_ALGO_IDEA)
257 idea_cipher_warn(0);
258
259 memcpy(dek->key, seskey + 1, dek->keylen);
260
261 /*log_hexdump( "thekey", dek->key, dek->keylen );*/
262
263 return 0;
264 }
265
266 static void
267 proc_symkey_enc( CTX c, PACKET *pkt )
268 {
269 PKT_symkey_enc *enc;
270
271 enc = pkt->pkt.symkey_enc;
272 if (!enc)
273 log_error ("invalid symkey encrypted packet\n");
274 else if(!c->dek)
275 {
276 int algo = enc->cipher_algo;
277 const char *s = openpgp_cipher_algo_name (algo);
278
279 if (!openpgp_cipher_test_algo (algo))
280 {
281 if(!opt.quiet)
282 {
283 if(enc->seskeylen)
284 log_info(_("%s encrypted session key\n"), s );
285 else
286 log_info(_("%s encrypted data\n"), s );
287 }
288 }
289 else
290 log_error(_("encrypted with unknown algorithm %d\n"), algo );
291
292 if(openpgp_md_test_algo (enc->s2k.hash_algo))
293 {
294 log_error(_("passphrase generated with unknown digest"
295 " algorithm %d\n"),enc->s2k.hash_algo);
296 s=NULL;
297 }
298
299 c->last_was_session_key = 2;
300 if(!s || opt.list_only)
301 goto leave;
302
303 if(opt.override_session_key)
304 {
305 c->dek = xmalloc_clear( sizeof *c->dek );
306 if(get_override_session_key(c->dek, opt.override_session_key))
307 {
308 xfree(c->dek);
309 c->dek = NULL;
310 }
311 }
312 else
313 {
314 c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
315 NULL, NULL);
316 if(c->dek)
317 {
318 c->dek->symmetric=1;
319
320 /* FIXME: This doesn't work perfectly if a symmetric
321 key comes before a public key in the message - if
322 the user doesn't know the passphrase, then there is
323 a chance that the "decrypted" algorithm will happen
324 to be a valid one, which will make the returned dek
325 appear valid, so we won't try any public keys that
326 come later. */
327 if(enc->seskeylen)
328 {
329 if(symkey_decrypt_seskey(c->dek, enc->seskey,
330 enc->seskeylen))
331 {
332 xfree(c->dek);
333 c->dek=NULL;
334 }
335 }
336 else
337 c->dek->algo_info_printed = 1;
338 }
339 }
340 }
341
342 leave:
343 c->symkeys++;
344 free_packet(pkt);
345 }
346
347 static void
348 proc_pubkey_enc( CTX c, PACKET *pkt )
349 {
350 PKT_pubkey_enc *enc;
351 int result = 0;
352
353 /* check whether the secret key is available and store in this case */
354 c->last_was_session_key = 1;
355 enc = pkt->pkt.pubkey_enc;
356 /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
357 /* Hmmm: why do I have this algo check here - anyway there is
358 * function to check it. */
359 if( opt.verbose )
360 log_info(_("public key is %s\n"), keystr(enc->keyid) );
361
362 if( is_status_enabled() ) {
363 char buf[50];
364 sprintf(buf, "%08lX%08lX %d 0",
365 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
366 write_status_text( STATUS_ENC_TO, buf );
367 }
368
369 if( !opt.list_only && opt.override_session_key ) {
370 /* It does not make much sense to store the session key in
371 * secure memory because it has already been passed on the
372 * command line and the GCHQ knows about it. */
373 c->dek = xmalloc_clear( sizeof *c->dek );
374 result = get_override_session_key ( c->dek, opt.override_session_key );
375 if ( result ) {
376 xfree(c->dek); c->dek = NULL;
377 }
378 }
379 else if( is_ELGAMAL(enc->pubkey_algo)
380 || enc->pubkey_algo == PUBKEY_ALGO_DSA
381 || is_RSA(enc->pubkey_algo)
382 || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
383 /* Note that we also allow type 20 Elgamal keys for decryption.
384 There are still a couple of those keys in active use as a
385 subkey. */
386
387 /* FIXME: Store this all in a list and process it later so that
388 we can prioritize what key to use. This gives a better user
389 experience if wildcard keyids are used. */
390 if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
391 || opt.try_all_secrets
392 || !seckey_available( enc->keyid )) ) {
393 if( opt.list_only )
394 result = -1;
395 else {
396 c->dek = xmalloc_secure_clear( sizeof *c->dek );
397 if( (result = get_session_key( enc, c->dek )) ) {
398 /* error: delete the DEK */
399 xfree(c->dek); c->dek = NULL;
400 }
401 }
402 }
403 else
404 result = G10ERR_NO_SECKEY;
405 }
406 else
407 result = G10ERR_PUBKEY_ALGO;
408
409 if( result == -1 )
410 ;
411 else
412 {
413 /* store it for later display */
414 struct kidlist_item *x = xmalloc( sizeof *x );
415 x->kid[0] = enc->keyid[0];
416 x->kid[1] = enc->keyid[1];
417 x->pubkey_algo = enc->pubkey_algo;
418 x->reason = result;
419 x->next = c->pkenc_list;
420 c->pkenc_list = x;
421
422 if( !result && opt.verbose > 1 )
423 log_info( _("public key encrypted data: good DEK\n") );
424 }
425
426 free_packet(pkt);
427 }
428
429
430
431 /****************
432 * Print the list of public key encrypted packets which we could
433 * not decrypt.
434 */
435 static void
436 print_pkenc_list( struct kidlist_item *list, int failed )
437 {
438 for( ; list; list = list->next ) {
439 PKT_public_key *pk;
440 const char *algstr;
441
442 if ( failed && !list->reason )
443 continue;
444 if ( !failed && list->reason )
445 continue;
446
447 algstr = gcry_pk_algo_name ( list->pubkey_algo );
448 pk = xmalloc_clear( sizeof *pk );
449
450 if( !algstr )
451 algstr = "[?]";
452 pk->pubkey_algo = list->pubkey_algo;
453 if( !get_pubkey( pk, list->kid ) )
454 {
455 char *p;
456 log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
457 nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
458 strtimestamp(pk->timestamp) );
459 p=get_user_id_native(list->kid);
460 log_printf (_(" \"%s\"\n"),p);
461 xfree(p);
462 }
463 else
464 log_info(_("encrypted with %s key, ID %s\n"),
465 algstr,keystr(list->kid));
466
467 free_public_key( pk );
468
469 if( list->reason == G10ERR_NO_SECKEY ) {
470 if( is_status_enabled() ) {
471 char buf[20];
472 snprintf (buf, sizeof buf, "%08lX%08lX",
473 (ulong)list->kid[0], (ulong)list->kid[1]);
474 write_status_text( STATUS_NO_SECKEY, buf );
475 }
476 }
477 else if (list->reason)
478 log_info(_("public key decryption failed: %s\n"),
479 g10_errstr(list->reason));
480 }
481 }
482
483
484 static void
485 proc_encrypted( CTX c, PACKET *pkt )
486 {
487 int result = 0;
488
489 if (!opt.quiet)
490 {
491 if(c->symkeys>1)
492 log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
493 else if(c->symkeys==1)
494 log_info(_("encrypted with 1 passphrase\n"));
495 print_pkenc_list ( c->pkenc_list, 1 );
496 print_pkenc_list ( c->pkenc_list, 0 );
497 }
498
499 /* FIXME: Figure out the session key by looking at all pkenc packets. */
500
501
502 write_status( STATUS_BEGIN_DECRYPTION );
503
504 /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
505 if( opt.list_only )
506 result = -1;
507 else if( !c->dek && !c->last_was_session_key ) {
508 int algo;
509 STRING2KEY s2kbuf, *s2k = NULL;
510
511 if(opt.override_session_key)
512 {
513 c->dek = xmalloc_clear( sizeof *c->dek );
514 result=get_override_session_key(c->dek, opt.override_session_key);
515 if(result)
516 {
517 xfree(c->dek);
518 c->dek = NULL;
519 }
520 }
521 else
522 {
523 /* Assume this is old style conventional encrypted data. */
524 algo = opt.def_cipher_algo;
525 if ( algo )
526 log_info (_("assuming %s encrypted data\n"),
527 openpgp_cipher_algo_name (algo));
528 else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
529 {
530 algo = opt.def_cipher_algo;
531 if (!algo)
532 algo = opt.s2k_cipher_algo;
533 idea_cipher_warn(1);
534 log_info (_("IDEA cipher unavailable, "
535 "optimistically attempting to use %s instead\n"),
536 openpgp_cipher_algo_name (algo));
537 }
538 else
539 {
540 algo = CIPHER_ALGO_IDEA;
541 if (!opt.s2k_digest_algo)
542 {
543 /* If no digest is given we assume MD5 */
544 s2kbuf.mode = 0;
545 s2kbuf.hash_algo = DIGEST_ALGO_MD5;
546 s2k = &s2kbuf;
547 }
548 log_info (_("assuming %s encrypted data\n"), "IDEA");
549 }
550
551 c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
552 if (c->dek)
553 c->dek->algo_info_printed = 1;
554 }
555 }
556 else if( !c->dek )
557 result = G10ERR_NO_SECKEY;
558 if( !result )
559 result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
560
561 if( result == -1 )
562 ;
563 else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
564 && opt.ignore_mdc_error)) {
565 write_status( STATUS_DECRYPTION_OKAY );
566 if( opt.verbose > 1 )
567 log_info(_("decryption okay\n"));
568 if( pkt->pkt.encrypted->mdc_method && !result )
569 write_status( STATUS_GOODMDC );
570 else if(!opt.no_mdc_warn)
571 log_info (_("WARNING: message was not integrity protected\n"));
572 if(opt.show_session_key)
573 {
574 int i;
575 char *buf = xmalloc ( c->dek->keylen*2 + 20 );
576 sprintf ( buf, "%d:", c->dek->algo );
577 for(i=0; i < c->dek->keylen; i++ )
578 sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
579 log_info( "session key: `%s'\n", buf );
580 write_status_text ( STATUS_SESSION_KEY, buf );
581 }
582 }
583 else if( result == G10ERR_BAD_SIGN ) {
584 glo_ctrl.lasterr = result;
585 log_error(_("WARNING: encrypted message has been manipulated!\n"));
586 write_status( STATUS_BADMDC );
587 write_status( STATUS_DECRYPTION_FAILED );
588 }
589 else {
590 if (gpg_err_code (result) == GPG_ERR_BAD_KEY
591 && *c->dek->s2k_cacheid != '\0')
592 {
593 log_debug(_("cleared passphrase cached with ID: %s\n"),
594 c->dek->s2k_cacheid);
595 passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
596 }
597 glo_ctrl.lasterr = result;
598 write_status( STATUS_DECRYPTION_FAILED );
599 log_error(_("decryption failed: %s\n"), g10_errstr(result));
600 /* Hmmm: does this work when we have encrypted using multiple
601 * ways to specify the session key (symmmetric and PK)*/
602 }
603 xfree(c->dek); c->dek = NULL;
604 free_packet(pkt);
605 c->last_was_session_key = 0;
606 write_status( STATUS_END_DECRYPTION );
607 }
608
609
610 static void
611 proc_plaintext( CTX c, PACKET *pkt )
612 {
613 PKT_plaintext *pt = pkt->pkt.plaintext;
614 int any, clearsig, only_md5, rc;
615 KBNODE n;
616
617 literals_seen++;
618
619 if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
620 log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
621 else if( opt.verbose )
622 log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
623 free_md_filter_context( &c->mfx );
624 if (gcry_md_open (&c->mfx.md, 0, 0))
625 BUG ();
626 /* fixme: we may need to push the textfilter if we have sigclass 1
627 * and no armoring - Not yet tested
628 * Hmmm, why don't we need it at all if we have sigclass 1
629 * Should we assume that plaintext in mode 't' has always sigclass 1??
630 * See: Russ Allbery's mail 1999-02-09
631 */
632 any = clearsig = only_md5 = 0;
633 for(n=c->list; n; n = n->next )
634 {
635 if( n->pkt->pkttype == PKT_ONEPASS_SIG )
636 {
637 /* For the onepass signature case */
638 if( n->pkt->pkt.onepass_sig->digest_algo )
639 {
640 gcry_md_enable (c->mfx.md,
641 n->pkt->pkt.onepass_sig->digest_algo);
642 if( !any && n->pkt->pkt.onepass_sig->digest_algo
643 == DIGEST_ALGO_MD5 )
644 only_md5 = 1;
645 else
646 only_md5 = 0;
647 any = 1;
648 }
649 if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
650 only_md5 = 0;
651 }
652 else if( n->pkt->pkttype == PKT_GPG_CONTROL
653 && n->pkt->pkt.gpg_control->control
654 == CTRLPKT_CLEARSIGN_START )
655 {
656 /* For the clearsigned message case */
657 size_t datalen = n->pkt->pkt.gpg_control->datalen;
658 const byte *data = n->pkt->pkt.gpg_control->data;
659
660 /* check that we have at least the sigclass and one hash */
661 if ( datalen < 2 )
662 log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
663 /* Note that we don't set the clearsig flag for not-dash-escaped
664 * documents */
665 clearsig = (*data == 0x01);
666 for( data++, datalen--; datalen; datalen--, data++ )
667 gcry_md_enable (c->mfx.md, *data);
668 any = 1;
669 break; /* Stop here as one-pass signature packets are not
670 expected. */
671 }
672 else if(n->pkt->pkttype==PKT_SIGNATURE)
673 {
674 /* For the SIG+LITERAL case that PGP used to use. */
675 gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
676 any=1;
677 }
678 }
679
680 if( !any && !opt.skip_verify )
681 {
682 /* This is for the old GPG LITERAL+SIG case. It's not legal
683 according to 2440, so hopefully it won't come up that
684 often. There is no good way to specify what algorithms to
685 use in that case, so these three are the historical
686 answer. */
687 gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
688 gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
689 gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
690 }
691 if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
692 /* This is a kludge to work around a bug in pgp2. It does only
693 * catch those mails which are armored. To catch the non-armored
694 * pgp mails we could see whether there is the signature packet
695 * in front of the plaintext. If someone needs this, send me a patch.
696 */
697 if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
698 BUG ();
699 }
700 if ( DBG_HASHING ) {
701 gcry_md_start_debug ( c->mfx.md, "verify" );
702 if ( c->mfx.md2 )
703 gcry_md_start_debug ( c->mfx.md2, "verify2" );
704 }
705
706 rc=0;
707
708 if (literals_seen>1)
709 {
710 log_info (_("WARNING: multiple plaintexts seen\n"));
711
712 if (!opt.flags.allow_multiple_messages)
713 {
714 write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
715 log_inc_errorcount ();
716 rc = gpg_error (GPG_ERR_UNEXPECTED);
717 }
718 }
719
720 if(!rc)
721 {
722 rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
723 if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
724 {
725 /* Can't write output but we hash it anyway to check the
726 signature. */
727 rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
728 }
729 }
730
731 if( rc )
732 log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
733 free_packet(pkt);
734 c->last_was_session_key = 0;
735
736 /* We add a marker control packet instead of the plaintext packet.
737 * This is so that we can later detect invalid packet sequences.
738 */
739 n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
740 if (c->list)
741 add_kbnode (c->list, n);
742 else
743 c->list = n;
744 }
745
746
747 static int
748 proc_compressed_cb( IOBUF a, void *info )
749 {
750 if ( ((CTX)info)->signed_data.used
751 && ((CTX)info)->signed_data.data_fd != -1)
752 return proc_signature_packets_by_fd (info, a,
753 ((CTX)info)->signed_data.data_fd);
754 else
755 return proc_signature_packets (info, a,
756 ((CTX)info)->signed_data.data_names,
757 ((CTX)info)->sigfilename );
758 }
759
760 static int
761 proc_encrypt_cb( IOBUF a, void *info )
762 {
763 return proc_encryption_packets( info, a );
764 }
765
766 static void
767 proc_compressed( CTX c, PACKET *pkt )
768 {
769 PKT_compressed *zd = pkt->pkt.compressed;
770 int rc;
771
772 /*printf("zip: compressed data packet\n");*/
773 if( !zd->algorithm )
774 rc=G10ERR_COMPR_ALGO;
775 else if( c->sigs_only )
776 rc = handle_compressed( c, zd, proc_compressed_cb, c );
777 else if( c->encrypt_only )
778 rc = handle_compressed( c, zd, proc_encrypt_cb, c );
779 else
780 rc = handle_compressed( c, zd, NULL, NULL );
781 if( rc )
782 log_error("uncompressing failed: %s\n", g10_errstr(rc));
783 free_packet(pkt);
784 c->last_was_session_key = 0;
785 }
786
787 /****************
788 * check the signature
789 * Returns: 0 = valid signature or an error code
790 */
791 static int
792 do_check_sig( CTX c, KBNODE node, int *is_selfsig,
793 int *is_expkey, int *is_revkey )
794 {
795 PKT_signature *sig;
796 gcry_md_hd_t md = NULL, md2 = NULL;
797 int algo, rc;
798
799 assert( node->pkt->pkttype == PKT_SIGNATURE );
800 if( is_selfsig )
801 *is_selfsig = 0;
802 sig = node->pkt->pkt.signature;
803
804 algo = sig->digest_algo;
805 rc = openpgp_md_test_algo(algo);
806 if (rc)
807 return rc;
808
809 if( sig->sig_class == 0x00 ) {
810 if( c->mfx.md )
811 {
812 if (gcry_md_copy (&md, c->mfx.md ))
813 BUG ();
814 }
815 else /* detached signature */
816 {
817 /* signature_check() will enable the md*/
818 if (gcry_md_open (&md, 0, 0 ))
819 BUG ();
820 }
821 }
822 else if( sig->sig_class == 0x01 ) {
823 /* how do we know that we have to hash the (already hashed) text
824 * in canonical mode ??? (calculating both modes???) */
825 if( c->mfx.md ) {
826 if (gcry_md_copy (&md, c->mfx.md ))
827 BUG ();
828 if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
829 BUG ();
830 }
831 else { /* detached signature */
832 log_debug("Do we really need this here?");
833 /* signature_check() will enable the md*/
834 if (gcry_md_open (&md, 0, 0 ))
835 BUG ();
836 if (gcry_md_open (&md2, 0, 0 ))
837 BUG ();
838 }
839 }
840 else if( (sig->sig_class&~3) == 0x10
841 || sig->sig_class == 0x18
842 || sig->sig_class == 0x1f
843 || sig->sig_class == 0x20
844 || sig->sig_class == 0x28
845 || sig->sig_class == 0x30 ) {
846 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
847 || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
848 return check_key_signature( c->list, node, is_selfsig );
849 }
850 else if( sig->sig_class == 0x20 ) {
851 log_error (_("standalone revocation - "
852 "use \"gpg --import\" to apply\n"));
853 return G10ERR_NOT_PROCESSED;
854 }
855 else {
856 log_error("invalid root packet for sigclass %02x\n",
857 sig->sig_class);
858 return G10ERR_SIG_CLASS;
859 }
860 }
861 else
862 return G10ERR_SIG_CLASS;
863 rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
864 if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
865 rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
866 gcry_md_close(md);
867 gcry_md_close(md2);
868
869 return rc;
870 }
871
872
873 static void
874 print_userid( PACKET *pkt )
875 {
876 if( !pkt )
877 BUG();
878 if( pkt->pkttype != PKT_USER_ID ) {
879 printf("ERROR: unexpected packet type %d", pkt->pkttype );
880 return;
881 }
882 if( opt.with_colons )
883 {
884 if(pkt->pkt.user_id->attrib_data)
885 printf("%u %lu",
886 pkt->pkt.user_id->numattribs,
887 pkt->pkt.user_id->attrib_len);
888 else
889 print_string( stdout, pkt->pkt.user_id->name,
890 pkt->pkt.user_id->len, ':');
891 }
892 else
893 print_utf8_string( stdout, pkt->pkt.user_id->name,
894 pkt->pkt.user_id->len );
895 }
896
897
898 /****************
899 * List the certificate in a user friendly way
900 */
901
902 static void
903 list_node( CTX c, KBNODE node )
904 {
905 int any=0;
906 int mainkey;
907
908 if( !node )
909 ;
910 else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
911 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
912 PKT_public_key *pk = node->pkt->pkt.public_key;
913
914 if( opt.with_colons )
915 {
916 u32 keyid[2];
917 keyid_from_pk( pk, keyid );
918 if( mainkey )
919 c->trustletter = opt.fast_list_mode?
920 0 : get_validity_info( pk, NULL );
921 printf("%s:", mainkey? "pub":"sub" );
922 if( c->trustletter )
923 putchar( c->trustletter );
924 printf(":%u:%d:%08lX%08lX:%s:%s::",
925 nbits_from_pk( pk ),
926 pk->pubkey_algo,
927 (ulong)keyid[0],(ulong)keyid[1],
928 colon_datestr_from_pk( pk ),
929 colon_strtime (pk->expiredate) );
930 if( mainkey && !opt.fast_list_mode )
931 putchar( get_ownertrust_info (pk) );
932 putchar(':');
933 if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
934 putchar('\n'); any=1;
935 if( opt.fingerprint )
936 print_fingerprint( pk, NULL, 0 );
937 printf("rtv:1:%u:\n",
938 node->next->pkt->pkt.ring_trust->trustval );
939 }
940 }
941 else
942 printf("%s %4u%c/%s %s%s",
943 mainkey? "pub":"sub", nbits_from_pk( pk ),
944 pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
945 datestr_from_pk( pk ), mainkey?" ":"");
946
947 if( mainkey ) {
948 /* and now list all userids with their signatures */
949 for( node = node->next; node; node = node->next ) {
950 if( node->pkt->pkttype == PKT_SIGNATURE ) {
951 if( !any ) {
952 if( node->pkt->pkt.signature->sig_class == 0x20 )
953 puts("[revoked]");
954 else
955 putchar('\n');
956 any = 1;
957 }
958 list_node(c, node );
959 }
960 else if( node->pkt->pkttype == PKT_USER_ID ) {
961 if( any ) {
962 if( opt.with_colons )
963 printf("%s:::::::::",
964 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
965 else
966 printf( "uid%*s", 28, "" );
967 }
968 print_userid( node->pkt );
969 if( opt.with_colons )
970 putchar(':');
971 putchar('\n');
972 if( opt.fingerprint && !any )
973 print_fingerprint( pk, NULL, 0 );
974 if( opt.with_colons
975 && node->next
976 && node->next->pkt->pkttype == PKT_RING_TRUST ) {
977 printf("rtv:2:%u:\n",
978 node->next->pkt->pkt.ring_trust?
979 node->next->pkt->pkt.ring_trust->trustval : 0);
980 }
981 any=1;
982 }
983 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
984 if( !any ) {
985 putchar('\n');
986 any = 1;
987 }
988 list_node(c, node );
989 }
990 }
991 }
992 else
993 {
994 /* of subkey */
995 if( pk->is_revoked )
996 {
997 printf(" [");
998 printf(_("revoked: %s"),revokestr_from_pk(pk));
999 printf("]");
1000 }
1001 else if( pk->expiredate )
1002 {
1003 printf(" [");
1004 printf(_("expires: %s"),expirestr_from_pk(pk));
1005 printf("]");
1006 }
1007 }
1008
1009 if( !any )
1010 putchar('\n');
1011 if( !mainkey && opt.fingerprint > 1 )
1012 print_fingerprint( pk, NULL, 0 );
1013 }
1014 else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1015 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1016 PKT_secret_key *sk = node->pkt->pkt.secret_key;
1017
1018 if( opt.with_colons )
1019 {
1020 u32 keyid[2];
1021 keyid_from_sk( sk, keyid );
1022 printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
1023 mainkey? "sec":"ssb",
1024 nbits_from_sk( sk ),
1025 sk->pubkey_algo,
1026 (ulong)keyid[0],(ulong)keyid[1],
1027 colon_datestr_from_sk( sk ),
1028 colon_strtime (sk->expiredate)
1029 /* fixme: add LID */ );
1030 }
1031 else
1032 printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
1033 nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
1034 keystr_from_sk( sk ), datestr_from_sk( sk ));
1035 if( mainkey ) {
1036 /* and now list all userids with their signatures */
1037 for( node = node->next; node; node = node->next ) {
1038 if( node->pkt->pkttype == PKT_SIGNATURE ) {
1039 if( !any ) {
1040 if( node->pkt->pkt.signature->sig_class == 0x20 )
1041 puts("[revoked]");
1042 else
1043 putchar('\n');
1044 any = 1;
1045 }
1046 list_node(c, node );
1047 }
1048 else if( node->pkt->pkttype == PKT_USER_ID ) {
1049 if( any ) {
1050 if( opt.with_colons )
1051 printf("%s:::::::::",
1052 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1053 else
1054 printf( "uid%*s", 28, "" );
1055 }
1056 print_userid( node->pkt );
1057 if( opt.with_colons )
1058 putchar(':');
1059 putchar('\n');
1060 if( opt.fingerprint && !any )
1061 print_fingerprint( NULL, sk, 0 );
1062 any=1;
1063 }
1064 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1065 if( !any ) {
1066 putchar('\n');
1067 any = 1;
1068 }
1069 list_node(c, node );
1070 }
1071 }
1072 }
1073 if( !any )
1074 putchar('\n');
1075 if( !mainkey && opt.fingerprint > 1 )
1076 print_fingerprint( NULL, sk, 0 );
1077 }
1078 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
1079 PKT_signature *sig = node->pkt->pkt.signature;
1080 int is_selfsig = 0;
1081 int rc2=0;
1082 size_t n;
1083 char *p;
1084 int sigrc = ' ';
1085
1086 if( !opt.verbose )
1087 return;
1088
1089 if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
1090 fputs("rev", stdout);
1091 else
1092 fputs("sig", stdout);
1093 if( opt.check_sigs ) {
1094 fflush(stdout);
1095 rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
1096 switch (gpg_err_code (rc2)) {
1097 case 0: sigrc = '!'; break;
1098 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1099 case GPG_ERR_NO_PUBKEY:
1100 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1101 default: sigrc = '%'; break;
1102 }
1103 }
1104 else { /* check whether this is a self signature */
1105 u32 keyid[2];
1106
1107 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
1108 || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
1109 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
1110 keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
1111 else
1112 keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
1113
1114 if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
1115 is_selfsig = 1;
1116 }
1117 }
1118 if( opt.with_colons ) {
1119 putchar(':');
1120 if( sigrc != ' ' )
1121 putchar(sigrc);
1122 printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1123 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1124 colon_datestr_from_sig(sig),
1125 colon_expirestr_from_sig(sig));
1126
1127 if(sig->trust_depth || sig->trust_value)
1128 printf("%d %d",sig->trust_depth,sig->trust_value);
1129 printf(":");
1130
1131 if(sig->trust_regexp)
1132 print_string(stdout,sig->trust_regexp,
1133 strlen(sig->trust_regexp),':');
1134 printf(":");
1135 }
1136 else
1137 printf("%c %s %s ",
1138 sigrc, keystr(sig->keyid), datestr_from_sig(sig));
1139 if( sigrc == '%' )
1140 printf("[%s] ", g10_errstr(rc2) );
1141 else if( sigrc == '?' )
1142 ;
1143 else if( is_selfsig ) {
1144 if( opt.with_colons )
1145 putchar(':');
1146 fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
1147 if( opt.with_colons )
1148 putchar(':');
1149 }
1150 else if( !opt.fast_list_mode ) {
1151 p = get_user_id( sig->keyid, &n );
1152 print_string( stdout, p, n, opt.with_colons );
1153 xfree(p);
1154 }
1155 if( opt.with_colons )
1156 printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1157 putchar('\n');
1158 }
1159 else
1160 log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
1161 }
1162
1163
1164
1165 int
1166 proc_packets( void *anchor, IOBUF a )
1167 {
1168 int rc;
1169 CTX c = xmalloc_clear( sizeof *c );
1170
1171 c->anchor = anchor;
1172 rc = do_proc_packets( c, a );
1173 xfree( c );
1174 return rc;
1175 }
1176
1177
1178
1179 int
1180 proc_signature_packets( void *anchor, IOBUF a,
1181 strlist_t signedfiles, const char *sigfilename )
1182 {
1183 CTX c = xmalloc_clear( sizeof *c );
1184 int rc;
1185
1186 c->anchor = anchor;
1187 c->sigs_only = 1;
1188
1189 c->signed_data.data_fd = -1;
1190 c->signed_data.data_names = signedfiles;
1191 c->signed_data.used = !!signedfiles;
1192
1193 c->sigfilename = sigfilename;
1194 rc = do_proc_packets( c, a );
1195
1196 /* If we have not encountered any signature we print an error
1197 messages, send a NODATA status back and return an error code.
1198 Using log_error is required because verify_files does not check
1199 error codes for each file but we want to terminate the process
1200 with an error. */
1201 if (!rc && !c->any_sig_seen)
1202 {
1203 write_status_text (STATUS_NODATA, "4");
1204 log_error (_("no signature found\n"));
1205 rc = G10ERR_NO_DATA;
1206 }
1207
1208 /* Propagate the signature seen flag upward. Do this only on
1209 success so that we won't issue the nodata status several
1210 times. */
1211 if (!rc && c->anchor && c->any_sig_seen)
1212 c->anchor->any_sig_seen = 1;
1213
1214 xfree( c );
1215 return rc;
1216 }
1217
1218 int
1219 proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
1220 {
1221 int rc;
1222 CTX c = xcalloc (1, sizeof *c);
1223
1224 c->anchor = anchor;
1225 c->sigs_only = 1;
1226
1227 c->signed_data.data_fd = signed_data_fd;
1228 c->signed_data.data_names = NULL;
1229 c->signed_data.used = (signed_data_fd != -1);
1230
1231 rc = do_proc_packets ( c, a );
1232
1233 /* If we have not encountered any signature we print an error
1234 messages, send a NODATA status back and return an error code.
1235 Using log_error is required because verify_files does not check
1236 error codes for each file but we want to terminate the process
1237 with an error. */
1238 if (!rc && !c->any_sig_seen)
1239 {
1240 write_status_text (STATUS_NODATA, "4");
1241 log_error (_("no signature found\n"));
1242 rc = gpg_error (GPG_ERR_NO_DATA);
1243 }
1244
1245 /* Propagate the signature seen flag upward. Do this only on success
1246 so that we won't issue the nodata status several times. */
1247 if (!rc && c->anchor && c->any_sig_seen)
1248 c->anchor->any_sig_seen = 1;
1249
1250 xfree ( c );
1251 return rc;
1252 }
1253
1254
1255 int
1256 proc_encryption_packets( void *anchor, IOBUF a )
1257 {
1258 CTX c = xmalloc_clear( sizeof *c );
1259 int rc;
1260
1261 c->anchor = anchor;
1262 c->encrypt_only = 1;
1263 rc = do_proc_packets( c, a );
1264 xfree( c );
1265 return rc;
1266 }
1267
1268
1269 int
1270 do_proc_packets( CTX c, IOBUF a )
1271 {
1272 PACKET *pkt = xmalloc( sizeof *pkt );
1273 int rc=0;
1274 int any_data=0;
1275 int newpkt;
1276
1277 c->iobuf = a;
1278 init_packet(pkt);
1279 while( (rc=parse_packet(a, pkt)) != -1 ) {
1280 any_data = 1;
1281 if( rc ) {
1282 free_packet(pkt);
1283 /* stop processing when an invalid packet has been encountered
1284 * but don't do so when we are doing a --list-packets. */
1285 if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1286 && opt.list_packets != 2 )
1287 break;
1288 continue;
1289 }
1290 newpkt = -1;
1291 if( opt.list_packets ) {
1292 switch( pkt->pkttype ) {
1293 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1294 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1295 case PKT_ENCRYPTED:
1296 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1297 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1298 default: newpkt = 0; break;
1299 }
1300 }
1301 else if( c->sigs_only ) {
1302 switch( pkt->pkttype ) {
1303 case PKT_PUBLIC_KEY:
1304 case PKT_SECRET_KEY:
1305 case PKT_USER_ID:
1306 case PKT_SYMKEY_ENC:
1307 case PKT_PUBKEY_ENC:
1308 case PKT_ENCRYPTED:
1309 case PKT_ENCRYPTED_MDC:
1310 write_status_text( STATUS_UNEXPECTED, "0" );
1311 rc = G10ERR_UNEXPECTED;
1312 goto leave;
1313 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1314 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1315 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1316 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1317 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1318 default: newpkt = 0; break;
1319 }
1320 }
1321 else if( c->encrypt_only ) {
1322 switch( pkt->pkttype ) {
1323 case PKT_PUBLIC_KEY:
1324 case PKT_SECRET_KEY:
1325 case PKT_USER_ID:
1326 write_status_text( STATUS_UNEXPECTED, "0" );
1327 rc = G10ERR_UNEXPECTED;
1328 goto leave;
1329 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1330 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1331 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1332 case PKT_ENCRYPTED:
1333 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1334 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1335 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1336 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1337 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1338 default: newpkt = 0; break;
1339 }
1340 }
1341 else {
1342 switch( pkt->pkttype ) {
1343 case PKT_PUBLIC_KEY:
1344 case PKT_SECRET_KEY:
1345 release_list( c );
1346 c->list = new_kbnode( pkt );
1347 newpkt = 1;
1348 break;
1349 case PKT_PUBLIC_SUBKEY:
1350 case PKT_SECRET_SUBKEY:
1351 newpkt = add_subkey( c, pkt );
1352 break;
1353 case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
1354 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1355 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1356 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1357 case PKT_ENCRYPTED:
1358 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1359 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1360 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1361 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1362 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1363 case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
1364 default: newpkt = 0; break;
1365 }
1366 }
1367 /* This is a very ugly construct and frankly, I don't remember why
1368 * I used it. Adding the MDC check here is a hack.
1369 * The right solution is to initiate another context for encrypted
1370 * packet and not to reuse the current one ... It works right
1371 * when there is a compression packet inbetween which adds just
1372 * an extra layer.
1373 * Hmmm: Rewrite this whole module here??
1374 */
1375 if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
1376 c->have_data = pkt->pkttype == PKT_PLAINTEXT;
1377
1378 if( newpkt == -1 )
1379 ;
1380 else if( newpkt ) {
1381 pkt = xmalloc( sizeof *pkt );
1382 init_packet(pkt);
1383 }
1384 else
1385 free_packet(pkt);
1386 }
1387 if( rc == G10ERR_INVALID_PACKET )
1388 write_status_text( STATUS_NODATA, "3" );
1389 if( any_data )
1390 rc = 0;
1391 else if( rc == -1 )
1392 write_status_text( STATUS_NODATA, "2" );
1393
1394
1395 leave:
1396 release_list( c );
1397 xfree(c->dek);
1398 free_packet( pkt );
1399 xfree( pkt );
1400 free_md_filter_context( &c->mfx );
1401 return rc;
1402 }
1403
1404
1405 /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1406 of the notation data. */
1407 static pka_info_t *
1408 get_pka_address (PKT_signature *sig)
1409 {
1410 pka_info_t *pka = NULL;
1411 struct notation *nd,*notation;
1412
1413 notation=sig_to_notation(sig);
1414
1415 for(nd=notation;nd;nd=nd->next)
1416 {
1417 if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1418 continue; /* Not the notation we want. */
1419
1420 /* For now we only use the first valid PKA notation. In future
1421 we might want to keep additional PKA notations in a linked
1422 list. */
1423 if (is_valid_mailbox (nd->value))
1424 {
1425 pka = xmalloc (sizeof *pka + strlen(nd->value));
1426 pka->valid = 0;
1427 pka->checked = 0;
1428 pka->uri = NULL;
1429 strcpy (pka->email, nd->value);
1430 break;
1431 }
1432 }
1433
1434 free_notation(notation);
1435
1436 return pka;
1437 }
1438
1439
1440 /* Return the URI from a DNS PKA record. If this record has already
1441 be retrieved for the signature we merely return it; if not we go
1442 out and try to get that DNS record. */
1443 static const char *
1444 pka_uri_from_sig (PKT_signature *sig)
1445 {
1446 if (!sig->flags.pka_tried)
1447 {
1448 assert (!sig->pka_info);
1449 sig->flags.pka_tried = 1;
1450 sig->pka_info = get_pka_address (sig);
1451 if (sig->pka_info)
1452 {
1453 char *uri;
1454
1455 uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
1456 if (uri)
1457 {
1458 sig->pka_info->valid = 1;
1459 if (!*uri)
1460 xfree (uri);
1461 else
1462 sig->pka_info->uri = uri;
1463 }
1464 }
1465 }
1466 return sig->pka_info? sig->pka_info->uri : NULL;
1467 }
1468
1469
1470 static int
1471 check_sig_and_print( CTX c, KBNODE node )
1472 {
1473 PKT_signature *sig = node->pkt->pkt.signature;
1474 const char *astr;
1475 int rc, is_expkey=0, is_revkey=0;
1476
1477 if (opt.skip_verify)
1478 {
1479 log_info(_("signature verification suppressed\n"));
1480 return 0;
1481 }
1482
1483 /* Check that the message composition is valid.
1484
1485 Per RFC-2440bis (-15) allowed:
1486
1487 S{1,n} -- detached signature.
1488 S{1,n} P -- old style PGP2 signature
1489 O{1,n} P S{1,n} -- standard OpenPGP signature.
1490 C P S{1,n} -- cleartext signature.
1491
1492
1493 O = One-Pass Signature packet.
1494 S = Signature packet.
1495 P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1496 (Note that the current rfc2440bis draft also allows
1497 for a signed message but that does not work as it
1498 introduces ambiguities.)
1499 We keep track of these packages using the marker packet
1500 CTRLPKT_PLAINTEXT_MARK.
1501 C = Marker packet for cleartext signatures.
1502
1503 We reject all other messages.
1504
1505 Actually we are calling this too often, i.e. for verification of
1506 each message but better have some duplicate work than to silently
1507 introduce a bug here.
1508 */
1509 {
1510 KBNODE n;
1511 int n_onepass, n_sig;
1512
1513 /* log_debug ("checking signature packet composition\n"); */
1514 /* dump_kbnode (c->list); */
1515
1516 n = c->list;
1517 assert (n);
1518 if ( n->pkt->pkttype == PKT_SIGNATURE )
1519 {
1520 /* This is either "S{1,n}" case (detached signature) or
1521 "S{1,n} P" (old style PGP2 signature). */
1522 for (n = n->next; n; n = n->next)
1523 if (n->pkt->pkttype != PKT_SIGNATURE)
1524 break;
1525 if (!n)
1526 ; /* Okay, this is a detached signature. */
1527 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1528 && (n->pkt->pkt.gpg_control->control
1529 == CTRLPKT_PLAINTEXT_MARK) )
1530 {
1531 if (n->next)
1532 goto ambiguous; /* We only allow one P packet. */
1533 }
1534 else
1535 goto ambiguous;
1536 }
1537 else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1538 {
1539 /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1540 for (n_onepass=1, n = n->next;
1541 n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1542 n_onepass++;
1543 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1544 && (n->pkt->pkt.gpg_control->control
1545 == CTRLPKT_PLAINTEXT_MARK)))
1546 goto ambiguous;
1547 for (n_sig=0, n = n->next;
1548 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1549 n_sig++;
1550 if (!n_sig)
1551 goto ambiguous;
1552
1553 /* If we wanted to disallow multiple sig verification, we'd do
1554 something like this:
1555
1556 if (n && !opt.allow_multisig_verification)
1557 goto ambiguous;
1558
1559 However, now that we have --allow-multiple-messages, this
1560 can stay allowable as we can't get here unless multiple
1561 messages (i.e. multiple literals) are allowed. */
1562
1563 if (n_onepass != n_sig)
1564 {
1565 log_info ("number of one-pass packets does not match "
1566 "number of signature packets\n");
1567 goto ambiguous;
1568 }
1569 }
1570 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1571 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1572 {
1573 /* This is the "C P S{1,n}" case (clear text signature). */
1574 n = n->next;
1575 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1576 && (n->pkt->pkt.gpg_control->control
1577 == CTRLPKT_PLAINTEXT_MARK)))
1578 goto ambiguous;
1579 for (n_sig=0, n = n->next;
1580 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1581 n_sig++;
1582 if (n || !n_sig)
1583 goto ambiguous;
1584 }
1585 else
1586 {
1587 ambiguous:
1588 log_error(_("can't handle this ambiguous signature data\n"));
1589 return 0;
1590 }
1591
1592 }
1593
1594 /* (Indendation below not yet changed to GNU style.) */
1595
1596 astr = gcry_pk_algo_name ( sig->pubkey_algo );
1597 if(keystrlen()>8)
1598 {
1599 log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
1600 log_info(_(" using %s key %s\n"),
1601 astr? astr: "?",keystr(sig->keyid));
1602 }
1603 else
1604 log_info(_("Signature made %s using %s key ID %s\n"),
1605 asctimestamp(sig->timestamp), astr? astr: "?",
1606 keystr(sig->keyid));
1607
1608 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1609
1610 /* If the key isn't found, check for a preferred keyserver */
1611
1612 if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
1613 {
1614 const byte *p;
1615 int seq=0;
1616 size_t n;
1617
1618 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1619 {
1620 /* According to my favorite copy editor, in English
1621 grammar, you say "at" if the key is located on a web
1622 page, but "from" if it is located on a keyserver. I'm
1623 not going to even try to make two strings here :) */
1624 log_info(_("Key available at: ") );
1625 print_utf8_string( log_get_stream(), p, n );
1626 log_printf ("\n");
1627
1628 if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1629 && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1630 {
1631 struct keyserver_spec *spec;
1632
1633 spec=parse_preferred_keyserver(sig);
1634 if(spec)
1635 {
1636 int res;
1637
1638 glo_ctrl.in_auto_key_retrieve++;
1639 res=keyserver_import_keyid(sig->keyid,spec);
1640 glo_ctrl.in_auto_key_retrieve--;
1641 if(!res)
1642 rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1643 free_keyserver_spec(spec);
1644
1645 if(!rc)
1646 break;
1647 }
1648 }
1649 }
1650 }
1651
1652 /* If the preferred keyserver thing above didn't work, our second
1653 try is to use the URI from a DNS PKA record. */
1654 if ( rc == G10ERR_NO_PUBKEY
1655 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1656 && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
1657 {
1658 const char *uri = pka_uri_from_sig (sig);
1659
1660 if (uri)
1661 {
1662 /* FIXME: We might want to locate the key using the
1663 fingerprint instead of the keyid. */
1664 int res;
1665 struct keyserver_spec *spec;
1666
1667 spec = parse_keyserver_uri (uri, 1, NULL, 0);
1668 if (spec)
1669 {
1670 glo_ctrl.in_auto_key_retrieve++;
1671 res = keyserver_import_keyid (sig->keyid, spec);
1672 glo_ctrl.in_auto_key_retrieve--;
1673 free_keyserver_spec (spec);
1674 if (!res)
1675 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1676 }
1677 }
1678 }
1679
1680 /* If the preferred keyserver thing above didn't work and we got
1681 no information from the DNS PKA, this is a third try. */
1682
1683 if( rc == G10ERR_NO_PUBKEY && opt.keyserver
1684 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1685 {
1686 int res;
1687
1688 glo_ctrl.in_auto_key_retrieve++;
1689 res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
1690 glo_ctrl.in_auto_key_retrieve--;
1691 if(!res)
1692 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1693 }
1694
1695 if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
1696 KBNODE un, keyblock;
1697 int count=0, statno;
1698 char keyid_str[50];
1699 PKT_public_key *pk=NULL;
1700
1701 if(rc)
1702 statno=STATUS_BADSIG;
1703 else if(sig->flags.expired)
1704 statno=STATUS_EXPSIG;
1705 else if(is_expkey)
1706 statno=STATUS_EXPKEYSIG;
1707 else if(is_revkey)
1708 statno=STATUS_REVKEYSIG;
1709 else
1710 statno=STATUS_GOODSIG;
1711
1712 keyblock = get_pubkeyblock( sig->keyid );
1713
1714 sprintf (keyid_str, "%08lX%08lX [uncertain] ",
1715 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1716
1717 /* find and print the primary user ID */
1718 for( un=keyblock; un; un = un->next ) {
1719 char *p;
1720 int valid;
1721 if(un->pkt->pkttype==PKT_PUBLIC_KEY)
1722 {
1723 pk=un->pkt->pkt.public_key;
1724 continue;
1725 }
1726 if( un->pkt->pkttype != PKT_USER_ID )
1727 continue;
1728 if ( !un->pkt->pkt.user_id->created )
1729 continue;
1730 if ( un->pkt->pkt.user_id->is_revoked )
1731 continue;
1732 if ( un->pkt->pkt.user_id->is_expired )
1733 continue;
1734 if ( !un->pkt->pkt.user_id->is_primary )
1735 continue;
1736 /* We want the textual primary user ID here */
1737 if ( un->pkt->pkt.user_id->attrib_data )
1738 continue;
1739
1740 assert(pk);
1741
1742 /* Get it before we print anything to avoid interrupting
1743 the output with the "please do a --check-trustdb"
1744 line. */
1745 valid=get_validity(pk,un->pkt->pkt.user_id);
1746
1747 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1748 write_status_text_and_buffer (statno, keyid_str,
1749 un->pkt->pkt.user_id->name,
1750 un->pkt->pkt.user_id->len,
1751 -1 );
1752
1753 p=utf8_to_native(un->pkt->pkt.user_id->name,
1754 un->pkt->pkt.user_id->len,0);
1755
1756 if(rc)
1757 log_info(_("BAD signature from \"%s\""),p);
1758 else if(sig->flags.expired)
1759 log_info(_("Expired signature from \"%s\""),p);
1760 else
1761 log_info(_("Good signature from \"%s\""),p);
1762
1763 xfree(p);
1764
1765 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1766 log_printf (" [%s]\n",trust_value_to_string(valid));
1767 else
1768 log_printf ("\n");
1769 count++;
1770 }
1771 if( !count ) { /* just in case that we have no valid textual
1772 userid */
1773 char *p;
1774
1775 /* Try for an invalid textual userid */
1776 for( un=keyblock; un; un = un->next ) {
1777 if( un->pkt->pkttype == PKT_USER_ID &&
1778 !un->pkt->pkt.user_id->attrib_data )
1779 break;
1780 }
1781
1782 /* Try for any userid at all */
1783 if(!un) {
1784 for( un=keyblock; un; un = un->next ) {
1785 if( un->pkt->pkttype == PKT_USER_ID )
1786 break;
1787 }
1788 }
1789
1790 if (opt.trust_model==TM_ALWAYS || !un)
1791 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1792
1793 write_status_text_and_buffer (statno, keyid_str,
1794 un? un->pkt->pkt.user_id->name:"[?]",
1795 un? un->pkt->pkt.user_id->len:3,
1796 -1 );
1797
1798 if(un)
1799 p=utf8_to_native(un->pkt->pkt.user_id->name,
1800 un->pkt->pkt.user_id->len,0);
1801 else
1802 p=xstrdup("[?]");
1803
1804 if(rc)
1805 log_info(_("BAD signature from \"%s\""),p);
1806 else if(sig->flags.expired)
1807 log_info(_("Expired signature from \"%s\""),p);
1808 else
1809 log_info(_("Good signature from \"%s\""),p);
1810 if (opt.trust_model!=TM_ALWAYS && un)
1811 log_printf (" %s",_("[uncertain]") );
1812 log_printf ("\n");
1813 }
1814
1815 /* If we have a good signature and already printed
1816 * the primary user ID, print all the other user IDs */
1817 if ( count && !rc
1818 && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
1819 char *p;
1820 for( un=keyblock; un; un = un->next ) {
1821 if( un->pkt->pkttype != PKT_USER_ID )
1822 continue;
1823 if((un->pkt->pkt.user_id->is_revoked
1824 || un->pkt->pkt.user_id->is_expired)
1825 && !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
1826 continue;
1827 /* Only skip textual primaries */
1828 if ( un->pkt->pkt.user_id->is_primary &&
1829 !un->pkt->pkt.user_id->attrib_data )
1830 continue;
1831
1832 if(un->pkt->pkt.user_id->attrib_data)
1833 {
1834 dump_attribs(un->pkt->pkt.user_id,pk,NULL);
1835
1836 if(opt.verify_options&VERIFY_SHOW_PHOTOS)
1837 show_photos(un->pkt->pkt.user_id->attribs,
1838 un->pkt->pkt.user_id->numattribs,
1839 pk,NULL,un->pkt->pkt.user_id);
1840 }
1841
1842 p=utf8_to_native(un->pkt->pkt.user_id->name,
1843 un->pkt->pkt.user_id->len,0);
1844 log_info(_(" aka \"%s\""),p);
1845 xfree(p);
1846
1847 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1848 {
1849 const char *valid;
1850 if(un->pkt->pkt.user_id->is_revoked)
1851 valid=_("revoked");
1852 else if(un->pkt->pkt.user_id->is_expired)
1853 valid=_("expired");
1854 else
1855 valid=trust_value_to_string(get_validity(pk,
1856 un->pkt->
1857 pkt.user_id));
1858 log_printf (" [%s]\n",valid);
1859 }
1860 else
1861 log_printf ("\n");
1862 }
1863 }
1864 release_kbnode( keyblock );
1865
1866 if( !rc )
1867 {
1868 if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
1869 show_policy_url(sig,0,1);
1870 else
1871 show_policy_url(sig,0,2);
1872
1873 if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
1874 show_keyserver_url(sig,0,1);
1875 else
1876 show_keyserver_url(sig,0,2);
1877
1878 if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
1879 show_notation(sig,0,1,
1880 ((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
1881 ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
1882 else
1883 show_notation(sig,0,2,0);
1884 }
1885
1886 if( !rc && is_status_enabled() ) {
1887 /* print a status response with the fingerprint */
1888 PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
1889
1890 if( !get_pubkey( vpk, sig->keyid ) ) {
1891 byte array[MAX_FINGERPRINT_LEN], *p;
1892 char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
1893 size_t i, n;
1894
1895 bufp = buf;
1896 fingerprint_from_pk( vpk, array, &n );
1897 p = array;
1898 for(i=0; i < n ; i++, p++, bufp += 2)
1899 sprintf(bufp, "%02X", *p );
1900 /* TODO: Replace the reserved '0' in the field below
1901 with bits for status flags (policy url, notation,
1902 etc.). Remember to make the buffer larger to
1903 match! */
1904 sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
1905 strtimestamp( sig->timestamp ),
1906 (ulong)sig->timestamp,(ulong)sig->expiredate,
1907 sig->version,sig->pubkey_algo,sig->digest_algo,
1908 sig->sig_class);
1909 bufp = bufp + strlen (bufp);
1910 if (!vpk->is_primary) {
1911 u32 akid[2];
1912
1913 akid[0] = vpk->main_keyid[0];
1914 akid[1] = vpk->main_keyid[1];
1915 free_public_key (vpk);
1916 vpk = xmalloc_clear( sizeof *vpk );
1917 if (get_pubkey (vpk, akid)) {
1918 /* impossible error, we simply return a zeroed out fpr */
1919 n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
1920 memset (array, 0, n);
1921 }
1922 else
1923 fingerprint_from_pk( vpk, array, &n );
1924 }
1925 p = array;
1926 for(i=0; i < n ; i++, p++, bufp += 2)
1927 sprintf(bufp, "%02X", *p );
1928 write_status_text( STATUS_VALIDSIG, buf );
1929 }
1930 free_public_key( vpk );
1931 }
1932
1933 if (!rc)
1934 {
1935 if(opt.verify_options&VERIFY_PKA_LOOKUPS)
1936 pka_uri_from_sig (sig); /* Make sure PKA info is available. */
1937 rc = check_signatures_trust( sig );
1938 }
1939
1940 if(sig->flags.expired)
1941 {
1942 log_info(_("Signature expired %s\n"),
1943 asctimestamp(sig->expiredate));
1944 rc=G10ERR_GENERAL; /* need a better error here? */
1945 }
1946 else if(sig->expiredate)
1947 log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
1948
1949 if(opt.verbose)
1950 log_info(_("%s signature, digest algorithm %s\n"),
1951 sig->sig_class==0x00?_("binary"):
1952 sig->sig_class==0x01?_("textmode"):_("unknown"),
1953 gcry_md_algo_name (sig->digest_algo));
1954
1955 if( rc )
1956 g10_errors_seen = 1;
1957 if( opt.batch && rc )
1958 g10_exit(1);
1959 }
1960 else {
1961 char buf[50];
1962 sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
1963 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1964 sig->pubkey_algo, sig->digest_algo,
1965 sig->sig_class, (ulong)sig->timestamp, rc );
1966 write_status_text( STATUS_ERRSIG, buf );
1967 if( rc == G10ERR_NO_PUBKEY ) {
1968 buf[16] = 0;
1969 write_status_text( STATUS_NO_PUBKEY, buf );
1970 }
1971 if( rc != G10ERR_NOT_PROCESSED )
1972 log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
1973 }
1974 return rc;
1975 }
1976
1977
1978 /****************
1979 * Process the tree which starts at node
1980 */
1981 static void
1982 proc_tree( CTX c, KBNODE node )
1983 {
1984 KBNODE n1;
1985 int rc;
1986
1987 if( opt.list_packets || opt.list_only )
1988 return;
1989
1990 /* we must skip our special plaintext marker packets here becuase
1991 they may be the root packet. These packets are only used in
1992 addionla checks and skipping them here doesn't matter */
1993 while ( node
1994 && node->pkt->pkttype == PKT_GPG_CONTROL
1995 && node->pkt->pkt.gpg_control->control
1996 == CTRLPKT_PLAINTEXT_MARK ) {
1997 node = node->next;
1998 }
1999 if (!node)
2000 return;
2001
2002 c->trustletter = ' ';
2003 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2004 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2005 merge_keys_and_selfsig( node );
2006 list_node( c, node );
2007 }
2008 else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
2009 merge_keys_and_selfsig( node );
2010 list_node( c, node );
2011 }
2012 else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
2013 /* check all signatures */
2014 if( !c->have_data ) {
2015 int use_textmode = 0;
2016
2017 free_md_filter_context( &c->mfx );
2018 /* prepare to create all requested message digests */
2019 if (gcry_md_open (&c->mfx.md, 0, 0))
2020 BUG ();
2021
2022 /* fixme: why looking for the signature packet and not the
2023 one-pass packet? */
2024 for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2025 {
2026 gcry_md_enable (c->mfx.md,
2027 n1->pkt->pkt.signature->digest_algo);
2028 }
2029
2030 if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2031 use_textmode = 1;
2032
2033 /* Ask for file and hash it. */
2034 if( c->sigs_only ) {
2035 if (c->signed_data.used && c->signed_data.data_fd != -1)
2036 rc = hash_datafile_by_fd (c->mfx.md, NULL,
2037 c->signed_data.data_fd,
2038 use_textmode);
2039 else
2040 rc = hash_datafiles (c->mfx.md, NULL,
2041 c->signed_data.data_names,
2042 c->sigfilename,
2043 use_textmode );
2044 }
2045 else {
2046 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2047 iobuf_get_real_fname(c->iobuf),
2048 use_textmode );
2049 }
2050 if( rc ) {
2051 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2052 return;
2053 }
2054 }
2055 else if ( c->signed_data.used ) {
2056 log_error (_("not a detached signature\n") );
2057 return;
2058 }
2059
2060 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2061 check_sig_and_print( c, n1 );
2062 }
2063 else if( node->pkt->pkttype == PKT_GPG_CONTROL
2064 && node->pkt->pkt.gpg_control->control
2065 == CTRLPKT_CLEARSIGN_START ) {
2066 /* clear text signed message */
2067 if( !c->have_data ) {
2068 log_error("cleartext signature without data\n" );
2069 return;
2070 }
2071 else if ( c->signed_data.used ) {
2072 log_error (_("not a detached signature\n") );
2073 return;
2074 }
2075
2076 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2077 check_sig_and_print( c, n1 );
2078 }
2079 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2080 PKT_signature *sig = node->pkt->pkt.signature;
2081 int multiple_ok=1;
2082
2083 n1=find_next_kbnode(node, PKT_SIGNATURE);
2084 if(n1)
2085 {
2086 byte class=sig->sig_class;
2087 byte hash=sig->digest_algo;
2088
2089 for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2090 {
2091 /* We can't currently handle multiple signatures of
2092 different classes or digests (we'd pretty much have
2093 to run a different hash context for each), but if
2094 they are all the same, make an exception. */
2095 if(n1->pkt->pkt.signature->sig_class!=class
2096 || n1->pkt->pkt.signature->digest_algo!=hash)
2097 {
2098 multiple_ok=0;
2099 log_info(_("WARNING: multiple signatures detected. "
2100 "Only the first will be checked.\n"));
2101 break;
2102 }
2103 }
2104 }
2105
2106 if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
2107 log_info(_("standalone signature of class 0x%02x\n"),
2108 sig->sig_class);
2109 else if( !c->have_data ) {
2110 /* detached signature */
2111 free_md_filter_context( &c->mfx );
2112 if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
2113 BUG ();
2114
2115 if( !opt.pgp2_workarounds )
2116 ;
2117 else if( sig->digest_algo == DIGEST_ALGO_MD5
2118 && is_RSA( sig->pubkey_algo ) ) {
2119 /* enable a workaround for a pgp2 bug */
2120 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
2121 BUG ();
2122 }
2123 else if( sig->digest_algo == DIGEST_ALGO_SHA1
2124 && sig->pubkey_algo == PUBKEY_ALGO_DSA
2125 && sig->sig_class == 0x01 ) {
2126 /* enable the workaround also for pgp5 when the detached
2127 * signature has been created in textmode */
2128 if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
2129 BUG ();
2130 }
2131 #if 0 /* workaround disabled */
2132 /* Here we have another hack to work around a pgp 2 bug
2133 * It works by not using the textmode for detached signatures;
2134 * this will let the first signature check (on md) fail
2135 * but the second one (on md2) which adds an extra CR should
2136 * then produce the "correct" hash. This is very, very ugly
2137 * hack but it may help in some cases (and break others)
2138 */
2139 /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
2140 #endif
2141 if ( DBG_HASHING ) {
2142 gcry_md_start_debug( c->mfx.md, "verify" );
2143 if ( c->mfx.md2 )
2144 gcry_md_start_debug( c->mfx.md2, "verify2" );
2145 }
2146 if( c->sigs_only ) {
2147 if (c->signed_data.used && c->signed_data.data_fd != -1)
2148 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2149 c->signed_data.data_fd,
2150 (sig->sig_class == 0x01));
2151 else
2152 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2153 c->signed_data.data_names,
2154 c->sigfilename,
2155 (sig->sig_class == 0x01));
2156 }
2157 else {
2158 rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
2159 iobuf_get_real_fname(c->iobuf),
2160 (sig->sig_class == 0x01) );
2161 }
2162 if( rc ) {
2163 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2164 return;
2165 }
2166 }
2167 else if ( c->signed_data.used ) {
2168 log_error (_("not a detached signature\n") );
2169 return;
2170 }
2171 else if (!opt.quiet)
2172 log_info(_("old style (PGP 2.x) signature\n"));
2173
2174 if(multiple_ok)
2175 for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
2176 check_sig_and_print( c, n1 );
2177 else
2178 check_sig_and_print( c, node );
2179 }
2180 else {
2181 dump_kbnode (c->list);
2182 log_error(_("invalid root packet detected in proc_tree()\n"));
2183 dump_kbnode (node);
2184 }
2185 }
gnupg svn clone