Line data Source code
1 : /* mainproc.c - handle packets
2 : * Copyright (C) 1998-2009 Free Software Foundation, Inc.
3 : * Copyright (C) 2013-2014 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <time.h>
26 :
27 : #include "gpg.h"
28 : #include "util.h"
29 : #include "packet.h"
30 : #include "iobuf.h"
31 : #include "options.h"
32 : #include "keydb.h"
33 : #include "filter.h"
34 : #include "main.h"
35 : #include "status.h"
36 : #include "i18n.h"
37 : #include "trustdb.h"
38 : #include "keyserver-internal.h"
39 : #include "photoid.h"
40 : #include "mbox-util.h"
41 : #include "call-dirmngr.h"
42 :
43 : /* Put an upper limit on nested packets. The 32 is an arbitrary
44 : value, a much lower should actually be sufficient. */
45 : #define MAX_NESTING_DEPTH 32
46 :
47 :
48 : /* An object to build a list of keyid related info. */
49 : struct kidlist_item
50 : {
51 : struct kidlist_item *next;
52 : u32 kid[2];
53 : int pubkey_algo;
54 : int reason;
55 : };
56 :
57 :
58 : /*
59 : * Object to hold the processing context.
60 : */
61 : typedef struct mainproc_context *CTX;
62 : struct mainproc_context
63 : {
64 : ctrl_t ctrl;
65 : struct mainproc_context *anchor; /* May be useful in the future. */
66 : PKT_public_key *last_pubkey;
67 : PKT_user_id *last_user_id;
68 : md_filter_context_t mfx;
69 : int sigs_only; /* Process only signatures and reject all other stuff. */
70 : int encrypt_only; /* Process only encryption messages. */
71 :
72 : /* Name of the file with the complete signature or the file with the
73 : detached signature. This is currently only used to deduce the
74 : file name of the data file if that has not been given. */
75 : const char *sigfilename;
76 :
77 : /* A structure to describe the signed data in case of a detached
78 : signature. */
79 : struct
80 : {
81 : /* A file descriptor of the the signed data. Only used if not -1. */
82 : int data_fd;
83 : /* A list of filenames with the data files or NULL. This is only
84 : used if DATA_FD is -1. */
85 : strlist_t data_names;
86 : /* Flag to indicated that either one of the next previous fields
87 : is used. This is only needed for better readability. */
88 : int used;
89 : } signed_data;
90 :
91 : DEK *dek;
92 : int last_was_session_key;
93 : kbnode_t list; /* The current list of packets. */
94 : iobuf_t iobuf; /* Used to get the filename etc. */
95 : int trustletter; /* Temporary usage in list_node. */
96 : ulong symkeys;
97 : struct kidlist_item *pkenc_list; /* List of encryption packets. */
98 : struct {
99 : unsigned int sig_seen:1; /* Set to true if a signature packet
100 : has been seen. */
101 : unsigned int data:1; /* Any data packet seen */
102 : unsigned int uncompress_failed:1;
103 : } any;
104 : };
105 :
106 :
107 : /*** Local prototypes. ***/
108 : static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
109 : static void list_node (CTX c, kbnode_t node);
110 : static void proc_tree (CTX c, kbnode_t node);
111 : static int literals_seen;
112 :
113 :
114 : /*** Functions. ***/
115 :
116 :
117 : void
118 5 : reset_literals_seen(void)
119 : {
120 5 : literals_seen = 0;
121 5 : }
122 :
123 :
124 : static void
125 1267 : release_list( CTX c )
126 : {
127 1267 : proc_tree (c, c->list);
128 1264 : release_kbnode (c->list);
129 2806 : while (c->pkenc_list)
130 : {
131 278 : struct kidlist_item *tmp = c->pkenc_list->next;
132 278 : xfree (c->pkenc_list);
133 278 : c->pkenc_list = tmp;
134 : }
135 1264 : c->pkenc_list = NULL;
136 1264 : c->list = NULL;
137 1264 : c->any.data = 0;
138 1264 : c->any.uncompress_failed = 0;
139 1264 : c->last_was_session_key = 0;
140 1264 : xfree (c->dek);
141 1264 : c->dek = NULL;
142 1264 : }
143 :
144 :
145 : static int
146 155 : add_onepass_sig (CTX c, PACKET *pkt)
147 : {
148 : kbnode_t node;
149 :
150 155 : if (c->list) /* Add another packet. */
151 5 : add_kbnode (c->list, new_kbnode (pkt));
152 : else /* Insert the first one. */
153 150 : c->list = node = new_kbnode (pkt);
154 :
155 155 : return 1;
156 : }
157 :
158 :
159 : static int
160 18 : add_gpg_control (CTX c, PACKET *pkt)
161 : {
162 18 : if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
163 : {
164 : /* New clear text signature.
165 : * Process the last one and reset everything */
166 18 : release_list(c);
167 : }
168 :
169 18 : if (c->list) /* Add another packet. */
170 0 : add_kbnode (c->list, new_kbnode (pkt));
171 : else /* Insert the first one. */
172 18 : c->list = new_kbnode (pkt);
173 :
174 18 : return 1;
175 : }
176 :
177 :
178 : static int
179 0 : add_user_id (CTX c, PACKET *pkt)
180 : {
181 0 : if (!c->list)
182 : {
183 0 : log_error ("orphaned user ID\n");
184 0 : return 0;
185 : }
186 0 : add_kbnode (c->list, new_kbnode (pkt));
187 0 : return 1;
188 : }
189 :
190 :
191 : static int
192 0 : add_subkey (CTX c, PACKET *pkt)
193 : {
194 0 : if (!c->list)
195 : {
196 0 : log_error ("subkey w/o mainkey\n");
197 0 : return 0;
198 : }
199 0 : add_kbnode (c->list, new_kbnode (pkt));
200 0 : return 1;
201 : }
202 :
203 :
204 : static int
205 0 : add_ring_trust (CTX c, PACKET *pkt)
206 : {
207 0 : if (!c->list)
208 : {
209 0 : log_error ("ring trust w/o key\n");
210 0 : return 0;
211 : }
212 0 : add_kbnode (c->list, new_kbnode (pkt));
213 0 : return 1;
214 : }
215 :
216 :
217 : static int
218 201 : add_signature (CTX c, PACKET *pkt)
219 : {
220 : kbnode_t node;
221 :
222 201 : c->any.sig_seen = 1;
223 201 : if (pkt->pkttype == PKT_SIGNATURE && !c->list)
224 : {
225 : /* This is the first signature for the following datafile.
226 : * GPG does not write such packets; instead it always uses
227 : * onepass-sig packets. The drawback of PGP's method
228 : * of prepending the signature to the data is
229 : * that it is not possible to make a signature from data read
230 : * from stdin. (GPG is able to read PGP stuff anyway.) */
231 19 : node = new_kbnode (pkt);
232 19 : c->list = node;
233 19 : return 1;
234 : }
235 182 : else if (!c->list)
236 0 : return 0; /* oops (invalid packet sequence)*/
237 182 : else if (!c->list->pkt)
238 0 : BUG(); /* so nicht */
239 :
240 : /* Add a new signature node item at the end. */
241 182 : node = new_kbnode (pkt);
242 182 : add_kbnode (c->list, node);
243 :
244 182 : return 1;
245 : }
246 :
247 : static int
248 0 : symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
249 : {
250 : gcry_cipher_hd_t hd;
251 :
252 0 : if(slen < 17 || slen > 33)
253 : {
254 0 : log_error ( _("weird size for an encrypted session key (%d)\n"),
255 : (int)slen);
256 0 : return GPG_ERR_BAD_KEY;
257 : }
258 :
259 0 : if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
260 0 : BUG ();
261 0 : if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
262 0 : BUG ();
263 0 : gcry_cipher_setiv ( hd, NULL, 0 );
264 0 : gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
265 0 : gcry_cipher_close ( hd );
266 :
267 : /* Now we replace the dek components with the real session key to
268 : decrypt the contents of the sequencing packet. */
269 :
270 0 : dek->keylen=slen-1;
271 0 : dek->algo=seskey[0];
272 :
273 0 : if(dek->keylen > DIM(dek->key))
274 0 : BUG ();
275 :
276 0 : memcpy(dek->key, seskey + 1, dek->keylen);
277 :
278 : /*log_hexdump( "thekey", dek->key, dek->keylen );*/
279 :
280 0 : return 0;
281 : }
282 :
283 :
284 : static void
285 59 : proc_symkey_enc (CTX c, PACKET *pkt)
286 : {
287 : PKT_symkey_enc *enc;
288 :
289 59 : enc = pkt->pkt.symkey_enc;
290 59 : if (!enc)
291 0 : log_error ("invalid symkey encrypted packet\n");
292 59 : else if(!c->dek)
293 : {
294 57 : int algo = enc->cipher_algo;
295 57 : const char *s = openpgp_cipher_algo_name (algo);
296 :
297 57 : if (!openpgp_cipher_test_algo (algo))
298 : {
299 57 : if (!opt.quiet)
300 : {
301 57 : if (enc->seskeylen)
302 0 : log_info (_("%s encrypted session key\n"), s );
303 : else
304 57 : log_info (_("%s encrypted data\n"), s );
305 : }
306 : }
307 : else
308 0 : log_error (_("encrypted with unknown algorithm %d\n"), algo);
309 :
310 57 : if (openpgp_md_test_algo (enc->s2k.hash_algo))
311 : {
312 0 : log_error(_("passphrase generated with unknown digest"
313 0 : " algorithm %d\n"),enc->s2k.hash_algo);
314 0 : s = NULL;
315 : }
316 :
317 57 : c->last_was_session_key = 2;
318 57 : if (!s || opt.list_only)
319 : goto leave;
320 :
321 57 : if (opt.override_session_key)
322 : {
323 0 : c->dek = xmalloc_clear (sizeof *c->dek);
324 0 : if (get_override_session_key (c->dek, opt.override_session_key))
325 : {
326 0 : xfree (c->dek);
327 0 : c->dek = NULL;
328 : }
329 : }
330 : else
331 : {
332 57 : c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL, NULL);
333 57 : if (c->dek)
334 : {
335 57 : c->dek->symmetric = 1;
336 :
337 : /* FIXME: This doesn't work perfectly if a symmetric key
338 : comes before a public key in the message - if the
339 : user doesn't know the passphrase, then there is a
340 : chance that the "decrypted" algorithm will happen to
341 : be a valid one, which will make the returned dek
342 : appear valid, so we won't try any public keys that
343 : come later. */
344 57 : if (enc->seskeylen)
345 : {
346 0 : if (symkey_decrypt_seskey (c->dek,
347 0 : enc->seskey, enc->seskeylen))
348 : {
349 0 : xfree (c->dek);
350 0 : c->dek = NULL;
351 : }
352 : }
353 : else
354 57 : c->dek->algo_info_printed = 1;
355 : }
356 : }
357 : }
358 :
359 : leave:
360 59 : c->symkeys++;
361 59 : free_packet (pkt);
362 59 : }
363 :
364 :
365 : static void
366 278 : proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
367 : {
368 : PKT_pubkey_enc *enc;
369 278 : int result = 0;
370 :
371 : /* Check whether the secret key is available and store in this case. */
372 278 : c->last_was_session_key = 1;
373 278 : enc = pkt->pkt.pubkey_enc;
374 : /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
375 : /* Hmmm: why do I have this algo check here - anyway there is
376 : * function to check it. */
377 278 : if (opt.verbose)
378 0 : log_info (_("public key is %s\n"), keystr (enc->keyid));
379 :
380 278 : if (is_status_enabled())
381 : {
382 : char buf[50];
383 : /* FIXME: For ECC support we need to map the OpenPGP algo number
384 : to the Libgcrypt defined one. This is due a chicken-egg
385 : problem: We need to have code in Libgcrypt for a new
386 : algorithm so to implement a proposed new algorithm before the
387 : IANA will finally assign an OpenPGP identifier. */
388 0 : snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
389 0 : (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
390 0 : write_status_text (STATUS_ENC_TO, buf);
391 : }
392 :
393 278 : if (!opt.list_only && opt.override_session_key)
394 : {
395 : /* It does not make much sense to store the session key in
396 : * secure memory because it has already been passed on the
397 : * command line and the GCHQ knows about it. */
398 0 : c->dek = xmalloc_clear (sizeof *c->dek);
399 0 : result = get_override_session_key (c->dek, opt.override_session_key);
400 0 : if (result)
401 : {
402 0 : xfree (c->dek);
403 0 : c->dek = NULL;
404 : }
405 : }
406 278 : else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
407 36 : || enc->pubkey_algo == PUBKEY_ALGO_ECDH
408 9 : || enc->pubkey_algo == PUBKEY_ALGO_RSA
409 0 : || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
410 0 : || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
411 : {
412 : /* Note that we also allow type 20 Elgamal keys for decryption.
413 : There are still a couple of those keys in active use as a
414 : subkey. */
415 :
416 : /* FIXME: Store this all in a list and process it later so that
417 : we can prioritize what key to use. This gives a better user
418 : experience if wildcard keyids are used. */
419 556 : if (!c->dek && ((!enc->keyid[0] && !enc->keyid[1])
420 269 : || opt.try_all_secrets
421 269 : || have_secret_key_with_kid (enc->keyid)))
422 : {
423 538 : if(opt.list_only)
424 0 : result = -1;
425 : else
426 : {
427 269 : c->dek = xmalloc_secure_clear (sizeof *c->dek);
428 269 : if ((result = get_session_key (ctrl, enc, c->dek)))
429 : {
430 : /* Error: Delete the DEK. */
431 0 : xfree (c->dek);
432 0 : c->dek = NULL;
433 : }
434 : }
435 : }
436 : else
437 9 : result = GPG_ERR_NO_SECKEY;
438 : }
439 : else
440 0 : result = GPG_ERR_PUBKEY_ALGO;
441 :
442 278 : if (result == -1)
443 : ;
444 : else
445 : {
446 : /* Store it for later display. */
447 278 : struct kidlist_item *x = xmalloc (sizeof *x);
448 278 : x->kid[0] = enc->keyid[0];
449 278 : x->kid[1] = enc->keyid[1];
450 278 : x->pubkey_algo = enc->pubkey_algo;
451 278 : x->reason = result;
452 278 : x->next = c->pkenc_list;
453 278 : c->pkenc_list = x;
454 :
455 278 : if (!result && opt.verbose > 1)
456 0 : log_info (_("public key encrypted data: good DEK\n"));
457 : }
458 :
459 278 : free_packet(pkt);
460 278 : }
461 :
462 :
463 : /*
464 : * Print the list of public key encrypted packets which we could
465 : * not decrypt.
466 : */
467 : static void
468 652 : print_pkenc_list (struct kidlist_item *list, int failed)
469 : {
470 1208 : for (; list; list = list->next)
471 : {
472 : PKT_public_key *pk;
473 : const char *algstr;
474 :
475 556 : if (failed && !list->reason)
476 269 : continue;
477 287 : if (!failed && list->reason)
478 9 : continue;
479 :
480 278 : algstr = openpgp_pk_algo_name (list->pubkey_algo);
481 278 : pk = xmalloc_clear (sizeof *pk);
482 :
483 278 : if (!algstr)
484 0 : algstr = "[?]";
485 278 : pk->pubkey_algo = list->pubkey_algo;
486 278 : if (!get_pubkey (pk, list->kid))
487 : {
488 : char *p;
489 274 : log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
490 : nbits_from_pk (pk), algstr, keystr_from_pk(pk),
491 : strtimestamp (pk->timestamp));
492 274 : p = get_user_id_native (list->kid);
493 274 : log_printf (_(" \"%s\"\n"), p);
494 274 : xfree (p);
495 : }
496 : else
497 4 : log_info (_("encrypted with %s key, ID %s\n"),
498 4 : algstr, keystr(list->kid));
499 :
500 278 : free_public_key (pk);
501 :
502 278 : if (gpg_err_code (list->reason) == GPG_ERR_NO_SECKEY)
503 : {
504 9 : if (is_status_enabled())
505 : {
506 : char buf[20];
507 0 : snprintf (buf, sizeof buf, "%08lX%08lX",
508 0 : (ulong)list->kid[0], (ulong)list->kid[1]);
509 0 : write_status_text (STATUS_NO_SECKEY, buf);
510 : }
511 : }
512 269 : else if (list->reason)
513 : {
514 0 : log_info (_("public key decryption failed: %s\n"),
515 0 : gpg_strerror (list->reason));
516 0 : write_status_error ("pkdecrypt_failed", list->reason);
517 : }
518 : }
519 652 : }
520 :
521 :
522 : static void
523 326 : proc_encrypted (CTX c, PACKET *pkt)
524 : {
525 326 : int result = 0;
526 :
527 326 : if (!opt.quiet)
528 : {
529 326 : if (c->symkeys>1)
530 0 : log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
531 326 : else if (c->symkeys == 1)
532 59 : log_info (_("encrypted with 1 passphrase\n"));
533 326 : print_pkenc_list ( c->pkenc_list, 1 );
534 326 : print_pkenc_list ( c->pkenc_list, 0 );
535 : }
536 :
537 : /* FIXME: Figure out the session key by looking at all pkenc packets. */
538 :
539 326 : write_status (STATUS_BEGIN_DECRYPTION);
540 :
541 : /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
542 326 : if (opt.list_only)
543 0 : result = -1;
544 326 : else if (!c->dek && !c->last_was_session_key)
545 0 : {
546 : int algo;
547 : STRING2KEY s2kbuf;
548 0 : STRING2KEY *s2k = NULL;
549 : int canceled;
550 :
551 0 : if (opt.override_session_key)
552 : {
553 0 : c->dek = xmalloc_clear (sizeof *c->dek);
554 0 : result = get_override_session_key (c->dek, opt.override_session_key);
555 0 : if (result)
556 : {
557 0 : xfree (c->dek);
558 0 : c->dek = NULL;
559 : }
560 : }
561 : else
562 : {
563 : /* Assume this is old style conventional encrypted data. */
564 0 : algo = opt.def_cipher_algo;
565 0 : if (algo)
566 0 : log_info (_("assuming %s encrypted data\n"),
567 : openpgp_cipher_algo_name (algo));
568 0 : else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
569 : {
570 0 : algo = opt.def_cipher_algo;
571 0 : if (!algo)
572 0 : algo = opt.s2k_cipher_algo;
573 0 : log_info (_("IDEA cipher unavailable, "
574 : "optimistically attempting to use %s instead\n"),
575 : openpgp_cipher_algo_name (algo));
576 : }
577 : else
578 : {
579 0 : algo = CIPHER_ALGO_IDEA;
580 0 : if (!opt.s2k_digest_algo)
581 : {
582 : /* If no digest is given we assume SHA-1. */
583 0 : s2kbuf.mode = 0;
584 0 : s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
585 0 : s2k = &s2kbuf;
586 : }
587 0 : log_info (_("assuming %s encrypted data\n"), "IDEA");
588 : }
589 :
590 0 : c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL, &canceled);
591 0 : if (c->dek)
592 0 : c->dek->algo_info_printed = 1;
593 0 : else if (canceled)
594 0 : result = gpg_error (GPG_ERR_CANCELED);
595 : else
596 0 : result = gpg_error (GPG_ERR_INV_PASSPHRASE);
597 : }
598 : }
599 326 : else if (!c->dek)
600 0 : result = GPG_ERR_NO_SECKEY;
601 :
602 326 : if (!result)
603 326 : result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
604 :
605 326 : if (result == -1)
606 : ;
607 326 : else if (!result
608 326 : && !opt.ignore_mdc_error
609 326 : && !pkt->pkt.encrypted->mdc_method
610 60 : && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
611 0 : && c->dek->algo != CIPHER_ALGO_TWOFISH)
612 : {
613 : /* The message has been decrypted but has no MDC despite that a
614 : modern cipher (blocklength != 64 bit, except for Twofish) is
615 : used and the option to ignore MDC errors is not used: To
616 : avoid attacks changing an MDC message to a non-MDC message,
617 : we fail here. */
618 0 : log_error (_("WARNING: message was not integrity protected\n"));
619 0 : if (opt.verbose > 1)
620 0 : log_info ("decryption forced to fail\n");
621 0 : write_status (STATUS_DECRYPTION_FAILED);
622 : }
623 326 : else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
624 0 : && opt.ignore_mdc_error))
625 : {
626 326 : write_status (STATUS_DECRYPTION_OKAY);
627 326 : if (opt.verbose > 1)
628 0 : log_info(_("decryption okay\n"));
629 652 : if (pkt->pkt.encrypted->mdc_method && !result)
630 266 : write_status (STATUS_GOODMDC);
631 60 : else if (!opt.no_mdc_warn)
632 60 : log_info (_("WARNING: message was not integrity protected\n"));
633 : }
634 0 : else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE)
635 : {
636 0 : glo_ctrl.lasterr = result;
637 0 : log_error (_("WARNING: encrypted message has been manipulated!\n"));
638 0 : write_status (STATUS_BADMDC);
639 0 : write_status (STATUS_DECRYPTION_FAILED);
640 : }
641 : else
642 : {
643 0 : if (gpg_err_code (result) == GPG_ERR_BAD_KEY
644 0 : && *c->dek->s2k_cacheid != '\0')
645 : {
646 0 : if (opt.debug)
647 0 : log_debug ("cleared passphrase cached with ID: %s\n",
648 0 : c->dek->s2k_cacheid);
649 0 : passphrase_clear_cache (c->dek->s2k_cacheid);
650 : }
651 0 : glo_ctrl.lasterr = result;
652 0 : write_status (STATUS_DECRYPTION_FAILED);
653 0 : log_error (_("decryption failed: %s\n"), gpg_strerror (result));
654 : /* Hmmm: does this work when we have encrypted using multiple
655 : * ways to specify the session key (symmmetric and PK). */
656 : }
657 :
658 326 : xfree (c->dek);
659 326 : c->dek = NULL;
660 326 : free_packet (pkt);
661 326 : c->last_was_session_key = 0;
662 326 : write_status (STATUS_END_DECRYPTION);
663 326 : }
664 :
665 :
666 : static void
667 466 : proc_plaintext( CTX c, PACKET *pkt )
668 : {
669 466 : PKT_plaintext *pt = pkt->pkt.plaintext;
670 : int any, clearsig, rc;
671 : kbnode_t n;
672 :
673 466 : literals_seen++;
674 :
675 466 : if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
676 0 : log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
677 466 : else if (opt.verbose)
678 0 : log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
679 :
680 466 : free_md_filter_context (&c->mfx);
681 466 : if (gcry_md_open (&c->mfx.md, 0, 0))
682 0 : BUG ();
683 : /* fixme: we may need to push the textfilter if we have sigclass 1
684 : * and no armoring - Not yet tested
685 : * Hmmm, why don't we need it at all if we have sigclass 1
686 : * Should we assume that plaintext in mode 't' has always sigclass 1??
687 : * See: Russ Allbery's mail 1999-02-09
688 : */
689 466 : any = clearsig = 0;
690 642 : for (n=c->list; n; n = n->next )
691 : {
692 194 : if (n->pkt->pkttype == PKT_ONEPASS_SIG)
693 : {
694 : /* The onepass signature case. */
695 159 : if (n->pkt->pkt.onepass_sig->digest_algo)
696 : {
697 159 : gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo);
698 159 : any = 1;
699 : }
700 : }
701 35 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
702 25 : && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
703 : {
704 : /* The clearsigned message case. */
705 18 : size_t datalen = n->pkt->pkt.gpg_control->datalen;
706 18 : const byte *data = n->pkt->pkt.gpg_control->data;
707 :
708 : /* Check that we have at least the sigclass and one hash. */
709 18 : if (datalen < 2)
710 0 : log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n");
711 : /* Note that we don't set the clearsig flag for not-dash-escaped
712 : * documents. */
713 18 : clearsig = (*data == 0x01);
714 36 : for (data++, datalen--; datalen; datalen--, data++)
715 18 : gcry_md_enable (c->mfx.md, *data);
716 18 : any = 1;
717 18 : break; /* Stop here as one-pass signature packets are not
718 : expected. */
719 : }
720 17 : else if (n->pkt->pkttype == PKT_SIGNATURE)
721 : {
722 : /* The SIG+LITERAL case that PGP used to use. */
723 10 : gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
724 10 : any = 1;
725 : }
726 : }
727 :
728 466 : if (!any && !opt.skip_verify)
729 : {
730 : /* This is for the old GPG LITERAL+SIG case. It's not legal
731 : according to 2440, so hopefully it won't come up that often.
732 : There is no good way to specify what algorithms to use in
733 : that case, so these there are the historical answer. */
734 288 : gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
735 288 : gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
736 : }
737 466 : if (DBG_HASHING)
738 : {
739 0 : gcry_md_debug (c->mfx.md, "verify");
740 0 : if (c->mfx.md2)
741 0 : gcry_md_debug (c->mfx.md2, "verify2");
742 : }
743 :
744 466 : rc=0;
745 :
746 466 : if (literals_seen > 1)
747 : {
748 8 : log_info (_("WARNING: multiple plaintexts seen\n"));
749 :
750 8 : if (!opt.flags.allow_multiple_messages)
751 : {
752 6 : write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
753 6 : log_inc_errorcount ();
754 6 : rc = gpg_error (GPG_ERR_UNEXPECTED);
755 : }
756 : }
757 :
758 466 : if (!rc)
759 : {
760 : /* It we are in --verify mode, we do not want to output the
761 : * signed text. However, if --output is also used we do what
762 : * has been requested and write out the signed data. */
763 518 : rc = handle_plaintext (pt, &c->mfx,
764 920 : (opt.outfp || opt.outfile)? 0 : c->sigs_only,
765 : clearsig);
766 460 : if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
767 : {
768 : /* Can't write output but we hash it anyway to check the
769 : signature. */
770 0 : rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
771 : }
772 : }
773 :
774 466 : if (rc)
775 6 : log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
776 :
777 466 : free_packet(pkt);
778 466 : c->last_was_session_key = 0;
779 :
780 : /* We add a marker control packet instead of the plaintext packet.
781 : * This is so that we can later detect invalid packet sequences. */
782 466 : n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
783 466 : if (c->list)
784 178 : add_kbnode (c->list, n);
785 : else
786 288 : c->list = n;
787 466 : }
788 :
789 :
790 : static int
791 44 : proc_compressed_cb (iobuf_t a, void *info)
792 : {
793 44 : if ( ((CTX)info)->signed_data.used
794 0 : && ((CTX)info)->signed_data.data_fd != -1)
795 0 : return proc_signature_packets_by_fd (((CTX)info)->ctrl, info, a,
796 : ((CTX)info)->signed_data.data_fd);
797 : else
798 44 : return proc_signature_packets (((CTX)info)->ctrl, info, a,
799 : ((CTX)info)->signed_data.data_names,
800 : ((CTX)info)->sigfilename );
801 : }
802 :
803 :
804 : static int
805 2 : proc_encrypt_cb (iobuf_t a, void *info )
806 : {
807 2 : CTX c = info;
808 2 : return proc_encryption_packets (c->ctrl, info, a );
809 : }
810 :
811 :
812 : static int
813 432 : proc_compressed (CTX c, PACKET *pkt)
814 : {
815 432 : PKT_compressed *zd = pkt->pkt.compressed;
816 : int rc;
817 :
818 : /*printf("zip: compressed data packet\n");*/
819 432 : if (c->sigs_only)
820 44 : rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
821 388 : else if( c->encrypt_only )
822 2 : rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
823 : else
824 386 : rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
825 :
826 432 : if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
827 : {
828 0 : if (!c->any.uncompress_failed)
829 : {
830 : CTX cc;
831 :
832 0 : for (cc=c; cc; cc = cc->anchor)
833 0 : cc->any.uncompress_failed = 1;
834 0 : log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
835 : }
836 : }
837 432 : else if (rc)
838 0 : log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
839 :
840 432 : free_packet(pkt);
841 432 : c->last_was_session_key = 0;
842 432 : return rc;
843 : }
844 :
845 :
846 : /*
847 : * Check the signature. If R_PK is not NULL a copy of the public key
848 : * used to verify the signature will be stored tehre, or NULL if not
849 : * found. Returns: 0 = valid signature or an error code
850 : */
851 : static int
852 189 : do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
853 : int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
854 : {
855 : PKT_signature *sig;
856 189 : gcry_md_hd_t md = NULL;
857 189 : gcry_md_hd_t md2 = NULL;
858 189 : gcry_md_hd_t md_good = NULL;
859 : int algo, rc;
860 :
861 189 : if (r_pk)
862 189 : *r_pk = NULL;
863 :
864 189 : log_assert (node->pkt->pkttype == PKT_SIGNATURE);
865 189 : if (is_selfsig)
866 0 : *is_selfsig = 0;
867 189 : sig = node->pkt->pkt.signature;
868 :
869 189 : algo = sig->digest_algo;
870 189 : rc = openpgp_md_test_algo (algo);
871 189 : if (rc)
872 0 : return rc;
873 :
874 189 : if (sig->sig_class == 0x00)
875 : {
876 166 : if (c->mfx.md)
877 : {
878 166 : if (gcry_md_copy (&md, c->mfx.md ))
879 0 : BUG ();
880 : }
881 : else /* detached signature */
882 : {
883 : /* check_signature() will enable the md. */
884 0 : if (gcry_md_open (&md, 0, 0 ))
885 0 : BUG ();
886 : }
887 : }
888 23 : else if (sig->sig_class == 0x01)
889 : {
890 : /* How do we know that we have to hash the (already hashed) text
891 : in canonical mode ??? (calculating both modes???) */
892 23 : if (c->mfx.md)
893 : {
894 23 : if (gcry_md_copy (&md, c->mfx.md ))
895 0 : BUG ();
896 23 : if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2))
897 0 : BUG ();
898 : }
899 : else /* detached signature */
900 : {
901 0 : log_debug ("Do we really need this here?");
902 : /* check_signature() will enable the md*/
903 0 : if (gcry_md_open (&md, 0, 0 ))
904 0 : BUG ();
905 0 : if (gcry_md_open (&md2, 0, 0 ))
906 0 : BUG ();
907 : }
908 : }
909 0 : else if ((sig->sig_class&~3) == 0x10
910 0 : || sig->sig_class == 0x18
911 0 : || sig->sig_class == 0x1f
912 0 : || sig->sig_class == 0x20
913 0 : || sig->sig_class == 0x28
914 0 : || sig->sig_class == 0x30)
915 : {
916 0 : if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
917 0 : || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
918 : {
919 0 : return check_key_signature( c->list, node, is_selfsig );
920 : }
921 0 : else if (sig->sig_class == 0x20)
922 : {
923 0 : log_error (_("standalone revocation - "
924 : "use \"gpg --import\" to apply\n"));
925 0 : return GPG_ERR_NOT_PROCESSED;
926 : }
927 : else
928 : {
929 0 : log_error ("invalid root packet for sigclass %02x\n", sig->sig_class);
930 0 : return GPG_ERR_SIG_CLASS;
931 : }
932 : }
933 : else
934 0 : return GPG_ERR_SIG_CLASS;
935 :
936 : /* We only get here if we are checking the signature of a binary
937 : (0x00) or text document (0x01). */
938 189 : rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, r_pk);
939 189 : if (! rc)
940 185 : md_good = md;
941 4 : else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
942 : {
943 : PKT_public_key *pk2;
944 :
945 0 : rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey,
946 : r_pk? &pk2 : NULL);
947 0 : if (!rc)
948 : {
949 0 : md_good = md2;
950 0 : if (r_pk)
951 : {
952 0 : free_public_key (*r_pk);
953 0 : *r_pk = pk2;
954 : }
955 : }
956 : }
957 :
958 189 : if (md_good)
959 : {
960 185 : unsigned char *buffer = gcry_md_read (md_good, sig->digest_algo);
961 185 : sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
962 185 : memcpy (sig->digest, buffer, sig->digest_len);
963 : }
964 :
965 189 : gcry_md_close (md);
966 189 : gcry_md_close (md2);
967 :
968 189 : return rc;
969 : }
970 :
971 :
972 : static void
973 0 : print_userid (PACKET *pkt)
974 : {
975 0 : if (!pkt)
976 0 : BUG();
977 :
978 0 : if (pkt->pkttype != PKT_USER_ID)
979 : {
980 0 : es_printf ("ERROR: unexpected packet type %d", pkt->pkttype );
981 0 : return;
982 : }
983 0 : if (opt.with_colons)
984 : {
985 0 : if (pkt->pkt.user_id->attrib_data)
986 0 : es_printf("%u %lu",
987 0 : pkt->pkt.user_id->numattribs,
988 0 : pkt->pkt.user_id->attrib_len);
989 : else
990 0 : es_write_sanitized (es_stdout, pkt->pkt.user_id->name,
991 0 : pkt->pkt.user_id->len, ":", NULL);
992 : }
993 : else
994 0 : print_utf8_buffer (es_stdout, pkt->pkt.user_id->name,
995 0 : pkt->pkt.user_id->len );
996 : }
997 :
998 :
999 : /*
1000 : * List the keyblock in a user friendly way
1001 : */
1002 : static void
1003 0 : list_node (CTX c, kbnode_t node)
1004 : {
1005 0 : if (!node)
1006 : ;
1007 0 : else if (node->pkt->pkttype == PKT_PUBLIC_KEY
1008 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1009 0 : {
1010 0 : PKT_public_key *pk = node->pkt->pkt.public_key;
1011 :
1012 0 : if (opt.with_colons)
1013 : {
1014 : u32 keyid[2];
1015 :
1016 0 : keyid_from_pk( pk, keyid );
1017 0 : if (pk->flags.primary)
1018 0 : c->trustletter = (opt.fast_list_mode
1019 : ? 0
1020 0 : : get_validity_info
1021 : (c->ctrl,
1022 0 : node->pkt->pkttype == PKT_PUBLIC_KEY
1023 : ? node : NULL,
1024 : pk, NULL));
1025 0 : es_printf ("%s:", pk->flags.primary? "pub":"sub" );
1026 0 : if (c->trustletter)
1027 0 : es_putc (c->trustletter, es_stdout);
1028 0 : es_printf (":%u:%d:%08lX%08lX:%s:%s::",
1029 : nbits_from_pk( pk ),
1030 0 : pk->pubkey_algo,
1031 0 : (ulong)keyid[0],(ulong)keyid[1],
1032 : colon_datestr_from_pk( pk ),
1033 : colon_strtime (pk->expiredate) );
1034 0 : if (pk->flags.primary && !opt.fast_list_mode)
1035 0 : es_putc (get_ownertrust_info (pk), es_stdout);
1036 0 : es_putc (':', es_stdout);
1037 0 : es_putc ('\n', es_stdout);
1038 : }
1039 : else
1040 : {
1041 0 : print_key_line (es_stdout, pk, 0);
1042 : }
1043 :
1044 0 : if (opt.keyid_format == KF_NONE && !opt.with_colons)
1045 : ; /* Already printed. */
1046 0 : else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
1047 0 : print_fingerprint (NULL, pk, 0);
1048 :
1049 0 : if (opt.with_colons)
1050 : {
1051 0 : if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
1052 0 : es_printf ("rtv:1:%u:\n",
1053 0 : node->next->pkt->pkt.ring_trust->trustval);
1054 : }
1055 :
1056 0 : if (pk->flags.primary)
1057 : {
1058 0 : int kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
1059 :
1060 : /* Now list all userids with their signatures. */
1061 0 : for (node = node->next; node; node = node->next)
1062 : {
1063 0 : if (node->pkt->pkttype == PKT_SIGNATURE)
1064 : {
1065 0 : list_node (c, node );
1066 : }
1067 0 : else if (node->pkt->pkttype == PKT_USER_ID)
1068 : {
1069 0 : if (opt.with_colons)
1070 0 : es_printf ("%s:::::::::",
1071 0 : node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1072 : else
1073 0 : es_printf ("uid%*s",
1074 0 : kl + (opt.legacy_list_mode? 9:11),
1075 : "" );
1076 0 : print_userid (node->pkt);
1077 0 : if (opt.with_colons)
1078 0 : es_putc (':', es_stdout);
1079 0 : es_putc ('\n', es_stdout);
1080 0 : if (opt.with_colons
1081 0 : && node->next
1082 0 : && node->next->pkt->pkttype == PKT_RING_TRUST)
1083 : {
1084 0 : es_printf ("rtv:2:%u:\n",
1085 0 : node->next->pkt->pkt.ring_trust?
1086 0 : node->next->pkt->pkt.ring_trust->trustval : 0);
1087 : }
1088 : }
1089 0 : else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1090 : {
1091 0 : list_node(c, node );
1092 : }
1093 : }
1094 : }
1095 : }
1096 0 : else if (node->pkt->pkttype == PKT_SECRET_KEY
1097 0 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1098 : {
1099 :
1100 0 : log_debug ("FIXME: No way to print secret key packets here\n");
1101 : /* fixme: We may use a function to turn a secret key packet into
1102 : a public key one and use that here. */
1103 : }
1104 0 : else if (node->pkt->pkttype == PKT_SIGNATURE)
1105 : {
1106 0 : PKT_signature *sig = node->pkt->pkt.signature;
1107 0 : int is_selfsig = 0;
1108 0 : int rc2 = 0;
1109 : size_t n;
1110 : char *p;
1111 0 : int sigrc = ' ';
1112 :
1113 0 : if (!opt.verbose)
1114 0 : return;
1115 :
1116 0 : if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
1117 0 : es_fputs ("rev", es_stdout);
1118 : else
1119 0 : es_fputs ("sig", es_stdout);
1120 0 : if (opt.check_sigs)
1121 : {
1122 0 : fflush (stdout);
1123 0 : rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL, NULL);
1124 0 : switch (gpg_err_code (rc2))
1125 : {
1126 0 : case 0: sigrc = '!'; break;
1127 0 : case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1128 : case GPG_ERR_NO_PUBKEY:
1129 0 : case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1130 0 : default: sigrc = '%'; break;
1131 : }
1132 : }
1133 : else /* Check whether this is a self signature. */
1134 : {
1135 : u32 keyid[2];
1136 :
1137 0 : if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
1138 0 : || c->list->pkt->pkttype == PKT_SECRET_KEY )
1139 : {
1140 0 : keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
1141 :
1142 0 : if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
1143 0 : is_selfsig = 1;
1144 : }
1145 : }
1146 :
1147 0 : if (opt.with_colons)
1148 : {
1149 0 : es_putc (':', es_stdout);
1150 0 : if (sigrc != ' ')
1151 0 : es_putc (sigrc, es_stdout);
1152 0 : es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1153 0 : (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1154 : colon_datestr_from_sig (sig),
1155 : colon_expirestr_from_sig (sig));
1156 :
1157 0 : if (sig->trust_depth || sig->trust_value)
1158 0 : es_printf ("%d %d",sig->trust_depth,sig->trust_value);
1159 0 : es_putc (':', es_stdout);
1160 :
1161 0 : if (sig->trust_regexp)
1162 0 : es_write_sanitized (es_stdout, sig->trust_regexp,
1163 0 : strlen (sig->trust_regexp), ":", NULL);
1164 0 : es_putc (':', es_stdout);
1165 : }
1166 : else
1167 0 : es_printf ("%c %s %s ",
1168 0 : sigrc, keystr (sig->keyid), datestr_from_sig(sig));
1169 0 : if (sigrc == '%')
1170 0 : es_printf ("[%s] ", gpg_strerror (rc2) );
1171 0 : else if (sigrc == '?')
1172 : ;
1173 0 : else if (is_selfsig)
1174 : {
1175 0 : if (opt.with_colons)
1176 0 : es_putc (':', es_stdout);
1177 0 : es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
1178 0 : if (opt.with_colons)
1179 0 : es_putc (':', es_stdout);
1180 : }
1181 0 : else if (!opt.fast_list_mode)
1182 : {
1183 0 : p = get_user_id (sig->keyid, &n);
1184 0 : es_write_sanitized (es_stdout, p, n,
1185 0 : opt.with_colons?":":NULL, NULL );
1186 0 : xfree (p);
1187 : }
1188 0 : if (opt.with_colons)
1189 0 : es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1190 0 : es_putc ('\n', es_stdout);
1191 : }
1192 : else
1193 0 : log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
1194 : }
1195 :
1196 :
1197 : int
1198 1121 : proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1199 : {
1200 : int rc;
1201 1121 : CTX c = xmalloc_clear (sizeof *c);
1202 :
1203 1121 : c->ctrl = ctrl;
1204 1121 : c->anchor = anchor;
1205 1121 : rc = do_proc_packets (ctrl, c, a);
1206 1121 : xfree (c);
1207 :
1208 1121 : return rc;
1209 : }
1210 :
1211 :
1212 : int
1213 114 : proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
1214 : strlist_t signedfiles, const char *sigfilename )
1215 : {
1216 114 : CTX c = xmalloc_clear (sizeof *c);
1217 : int rc;
1218 :
1219 114 : c->ctrl = ctrl;
1220 114 : c->anchor = anchor;
1221 114 : c->sigs_only = 1;
1222 :
1223 114 : c->signed_data.data_fd = -1;
1224 114 : c->signed_data.data_names = signedfiles;
1225 114 : c->signed_data.used = !!signedfiles;
1226 :
1227 114 : c->sigfilename = sigfilename;
1228 114 : rc = do_proc_packets (ctrl, c, a);
1229 :
1230 : /* If we have not encountered any signature we print an error
1231 : messages, send a NODATA status back and return an error code.
1232 : Using log_error is required because verify_files does not check
1233 : error codes for each file but we want to terminate the process
1234 : with an error. */
1235 111 : if (!rc && !c->any.sig_seen)
1236 : {
1237 1 : write_status_text (STATUS_NODATA, "4");
1238 1 : log_error (_("no signature found\n"));
1239 1 : rc = GPG_ERR_NO_DATA;
1240 : }
1241 :
1242 : /* Propagate the signature seen flag upward. Do this only on success
1243 : so that we won't issue the nodata status several times. */
1244 111 : if (!rc && c->anchor && c->any.sig_seen)
1245 44 : c->anchor->any.sig_seen = 1;
1246 :
1247 111 : xfree (c);
1248 111 : return rc;
1249 : }
1250 :
1251 :
1252 : int
1253 0 : proc_signature_packets_by_fd (ctrl_t ctrl,
1254 : void *anchor, iobuf_t a, int signed_data_fd )
1255 : {
1256 : int rc;
1257 : CTX c;
1258 :
1259 0 : c = xtrycalloc (1, sizeof *c);
1260 0 : if (!c)
1261 0 : return gpg_error_from_syserror ();
1262 :
1263 0 : c->ctrl = ctrl;
1264 0 : c->anchor = anchor;
1265 0 : c->sigs_only = 1;
1266 :
1267 0 : c->signed_data.data_fd = signed_data_fd;
1268 0 : c->signed_data.data_names = NULL;
1269 0 : c->signed_data.used = (signed_data_fd != -1);
1270 :
1271 0 : rc = do_proc_packets (ctrl, c, a);
1272 :
1273 : /* If we have not encountered any signature we print an error
1274 : messages, send a NODATA status back and return an error code.
1275 : Using log_error is required because verify_files does not check
1276 : error codes for each file but we want to terminate the process
1277 : with an error. */
1278 0 : if (!rc && !c->any.sig_seen)
1279 : {
1280 0 : write_status_text (STATUS_NODATA, "4");
1281 0 : log_error (_("no signature found\n"));
1282 0 : rc = gpg_error (GPG_ERR_NO_DATA);
1283 : }
1284 :
1285 : /* Propagate the signature seen flag upward. Do this only on success
1286 : so that we won't issue the nodata status several times. */
1287 0 : if (!rc && c->anchor && c->any.sig_seen)
1288 0 : c->anchor->any.sig_seen = 1;
1289 :
1290 0 : xfree ( c );
1291 0 : return rc;
1292 : }
1293 :
1294 :
1295 : int
1296 14 : proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1297 : {
1298 14 : CTX c = xmalloc_clear (sizeof *c);
1299 : int rc;
1300 :
1301 14 : c->ctrl = ctrl;
1302 14 : c->anchor = anchor;
1303 14 : c->encrypt_only = 1;
1304 14 : rc = do_proc_packets (ctrl, c, a);
1305 14 : xfree (c);
1306 14 : return rc;
1307 : }
1308 :
1309 :
1310 : static int
1311 1249 : check_nesting (CTX c)
1312 : {
1313 : int level;
1314 :
1315 3582 : for (level=0; c; c = c->anchor)
1316 2333 : level++;
1317 :
1318 1249 : if (level > MAX_NESTING_DEPTH)
1319 : {
1320 0 : log_error ("input data with too deeply nested packets\n");
1321 0 : write_status_text (STATUS_UNEXPECTED, "1");
1322 0 : return GPG_ERR_BAD_DATA;
1323 : }
1324 :
1325 1249 : return 0;
1326 : }
1327 :
1328 :
1329 : static int
1330 1249 : do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
1331 : {
1332 : PACKET *pkt;
1333 1249 : int rc = 0;
1334 1249 : int any_data = 0;
1335 : int newpkt;
1336 :
1337 1249 : rc = check_nesting (c);
1338 1249 : if (rc)
1339 0 : return rc;
1340 :
1341 1249 : pkt = xmalloc( sizeof *pkt );
1342 1249 : c->iobuf = a;
1343 1249 : init_packet(pkt);
1344 4476 : while ((rc=parse_packet(a, pkt)) != -1)
1345 : {
1346 1979 : any_data = 1;
1347 1979 : if (rc)
1348 : {
1349 2 : free_packet (pkt);
1350 : /* Stop processing when an invalid packet has been encountered
1351 : * but don't do so when we are doing a --list-packets. */
1352 2 : if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1353 2 : && opt.list_packets == 0)
1354 1 : break;
1355 1 : continue;
1356 : }
1357 1977 : newpkt = -1;
1358 1977 : if (opt.list_packets)
1359 : {
1360 57 : switch (pkt->pkttype)
1361 : {
1362 10 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1363 0 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1364 : case PKT_ENCRYPTED:
1365 5 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1366 6 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1367 36 : default: newpkt = 0; break;
1368 : }
1369 : }
1370 1920 : else if (c->sigs_only)
1371 : {
1372 260 : switch (pkt->pkttype)
1373 : {
1374 : case PKT_PUBLIC_KEY:
1375 : case PKT_SECRET_KEY:
1376 : case PKT_USER_ID:
1377 : case PKT_SYMKEY_ENC:
1378 : case PKT_PUBKEY_ENC:
1379 : case PKT_ENCRYPTED:
1380 : case PKT_ENCRYPTED_MDC:
1381 0 : write_status_text( STATUS_UNEXPECTED, "0" );
1382 0 : rc = GPG_ERR_UNEXPECTED;
1383 0 : goto leave;
1384 :
1385 76 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1386 74 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1387 44 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1388 56 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1389 8 : case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1390 2 : default: newpkt = 0; break;
1391 : }
1392 : }
1393 1660 : else if (c->encrypt_only)
1394 : {
1395 30 : switch (pkt->pkttype)
1396 : {
1397 : case PKT_PUBLIC_KEY:
1398 : case PKT_SECRET_KEY:
1399 : case PKT_USER_ID:
1400 0 : write_status_text (STATUS_UNEXPECTED, "0");
1401 0 : rc = GPG_ERR_UNEXPECTED;
1402 0 : goto leave;
1403 :
1404 2 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1405 6 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1406 6 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1407 : case PKT_ENCRYPTED:
1408 10 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1409 2 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1410 2 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1411 2 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1412 0 : case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1413 0 : default: newpkt = 0; break;
1414 : }
1415 : }
1416 : else
1417 : {
1418 1630 : switch (pkt->pkttype)
1419 : {
1420 : case PKT_PUBLIC_KEY:
1421 : case PKT_SECRET_KEY:
1422 0 : release_list (c);
1423 0 : c->list = new_kbnode (pkt);
1424 0 : newpkt = 1;
1425 0 : break;
1426 : case PKT_PUBLIC_SUBKEY:
1427 : case PKT_SECRET_SUBKEY:
1428 0 : newpkt = add_subkey (c, pkt);
1429 0 : break;
1430 0 : case PKT_USER_ID: newpkt = add_user_id (c, pkt); break;
1431 123 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1432 262 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1433 53 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1434 : case PKT_ENCRYPTED:
1435 311 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1436 390 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1437 380 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1438 97 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1439 10 : case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1440 0 : case PKT_RING_TRUST: newpkt = add_ring_trust (c, pkt); break;
1441 4 : default: newpkt = 0; break;
1442 : }
1443 : }
1444 :
1445 1977 : if (rc)
1446 0 : goto leave;
1447 :
1448 : /* This is a very ugly construct and frankly, I don't remember why
1449 : * I used it. Adding the MDC check here is a hack.
1450 : * The right solution is to initiate another context for encrypted
1451 : * packet and not to reuse the current one ... It works right
1452 : * when there is a compression packet between which adds just
1453 : * an extra layer.
1454 : * Hmmm: Rewrite this whole module here??
1455 : */
1456 1977 : if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
1457 1763 : c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
1458 :
1459 1977 : if (newpkt == -1)
1460 : ;
1461 416 : else if (newpkt)
1462 : {
1463 374 : pkt = xmalloc (sizeof *pkt);
1464 374 : init_packet (pkt);
1465 : }
1466 : else
1467 42 : free_packet(pkt);
1468 : }
1469 :
1470 1249 : if (rc == GPG_ERR_INV_PACKET)
1471 1 : write_status_text (STATUS_NODATA, "3");
1472 :
1473 1249 : if (any_data)
1474 1246 : rc = 0;
1475 3 : else if (rc == -1)
1476 3 : write_status_text (STATUS_NODATA, "2");
1477 :
1478 :
1479 : leave:
1480 1249 : release_list (c);
1481 1246 : xfree(c->dek);
1482 1246 : free_packet (pkt);
1483 1246 : xfree (pkt);
1484 1246 : free_md_filter_context (&c->mfx);
1485 1246 : return rc;
1486 : }
1487 :
1488 :
1489 : /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1490 : of the notation data. */
1491 : static pka_info_t *
1492 0 : get_pka_address (PKT_signature *sig)
1493 : {
1494 0 : pka_info_t *pka = NULL;
1495 : struct notation *nd,*notation;
1496 :
1497 0 : notation=sig_to_notation(sig);
1498 :
1499 0 : for(nd=notation;nd;nd=nd->next)
1500 : {
1501 0 : if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1502 0 : continue; /* Not the notation we want. */
1503 :
1504 : /* For now we only use the first valid PKA notation. In future
1505 : we might want to keep additional PKA notations in a linked
1506 : list. */
1507 0 : if (is_valid_mailbox (nd->value))
1508 : {
1509 0 : pka = xmalloc (sizeof *pka + strlen(nd->value));
1510 0 : pka->valid = 0;
1511 0 : pka->checked = 0;
1512 0 : pka->uri = NULL;
1513 0 : strcpy (pka->email, nd->value);
1514 0 : break;
1515 : }
1516 : }
1517 :
1518 0 : free_notation(notation);
1519 :
1520 0 : return pka;
1521 : }
1522 :
1523 :
1524 : /* Return the URI from a DNS PKA record. If this record has already
1525 : be retrieved for the signature we merely return it; if not we go
1526 : out and try to get that DNS record. */
1527 : static const char *
1528 0 : pka_uri_from_sig (CTX c, PKT_signature *sig)
1529 : {
1530 0 : if (!sig->flags.pka_tried)
1531 : {
1532 0 : log_assert (!sig->pka_info);
1533 0 : sig->flags.pka_tried = 1;
1534 0 : sig->pka_info = get_pka_address (sig);
1535 0 : if (sig->pka_info)
1536 : {
1537 : char *url;
1538 : unsigned char *fpr;
1539 : size_t fprlen;
1540 :
1541 0 : if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
1542 : &fpr, &fprlen, &url))
1543 : {
1544 0 : if (fpr && fprlen == sizeof sig->pka_info->fpr)
1545 : {
1546 0 : memcpy (sig->pka_info->fpr, fpr, fprlen);
1547 0 : if (url)
1548 : {
1549 0 : sig->pka_info->valid = 1;
1550 0 : if (!*url)
1551 0 : xfree (url);
1552 : else
1553 0 : sig->pka_info->uri = url;
1554 0 : url = NULL;
1555 : }
1556 : }
1557 0 : xfree (fpr);
1558 0 : xfree (url);
1559 : }
1560 : }
1561 : }
1562 0 : return sig->pka_info? sig->pka_info->uri : NULL;
1563 : }
1564 :
1565 :
1566 : /* Return true if the AKL has the WKD method specified. */
1567 : static int
1568 0 : akl_has_wkd_method (void)
1569 : {
1570 : struct akl *akl;
1571 :
1572 0 : for (akl = opt.auto_key_locate; akl; akl = akl->next)
1573 0 : if (akl->type == AKL_WKD)
1574 0 : return 1;
1575 0 : return 0;
1576 : }
1577 :
1578 :
1579 : /* Return the ISSUER fingerprint string in human readbale format if
1580 : * available. Caller must release the string. */
1581 : static char *
1582 189 : issuer_fpr_string (PKT_signature *sig)
1583 : {
1584 : const byte *p;
1585 : size_t n;
1586 :
1587 189 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
1588 189 : if (p && n == 21 && p[0] == 4)
1589 136 : return bin2hex (p+1, n-1, NULL);
1590 53 : return NULL;
1591 : }
1592 :
1593 :
1594 : static void
1595 188 : print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
1596 : PKT_signature *sig, int rc)
1597 : {
1598 : char *p;
1599 :
1600 564 : write_status_text_and_buffer (statno, keyid_str,
1601 188 : un? un->pkt->pkt.user_id->name:"[?]",
1602 188 : un? un->pkt->pkt.user_id->len:3,
1603 : -1);
1604 :
1605 188 : if (un)
1606 188 : p = utf8_to_native (un->pkt->pkt.user_id->name,
1607 188 : un->pkt->pkt.user_id->len, 0);
1608 : else
1609 0 : p = xstrdup ("[?]");
1610 :
1611 188 : if (rc)
1612 3 : log_info (_("BAD signature from \"%s\""), p);
1613 185 : else if (sig->flags.expired)
1614 0 : log_info (_("Expired signature from \"%s\""), p);
1615 : else
1616 185 : log_info (_("Good signature from \"%s\""), p);
1617 :
1618 188 : xfree (p);
1619 188 : }
1620 :
1621 :
1622 : static int
1623 199 : check_sig_and_print (CTX c, kbnode_t node)
1624 : {
1625 199 : PKT_signature *sig = node->pkt->pkt.signature;
1626 : const char *astr;
1627 : int rc;
1628 199 : int is_expkey = 0;
1629 199 : int is_revkey = 0;
1630 : char *issuer_fpr;
1631 199 : PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
1632 :
1633 199 : if (opt.skip_verify)
1634 : {
1635 0 : log_info(_("signature verification suppressed\n"));
1636 0 : return 0;
1637 : }
1638 :
1639 : /* Check that the message composition is valid.
1640 : *
1641 : * Per RFC-2440bis (-15) allowed:
1642 : *
1643 : * S{1,n} -- detached signature.
1644 : * S{1,n} P -- old style PGP2 signature
1645 : * O{1,n} P S{1,n} -- standard OpenPGP signature.
1646 : * C P S{1,n} -- cleartext signature.
1647 : *
1648 : *
1649 : * O = One-Pass Signature packet.
1650 : * S = Signature packet.
1651 : * P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1652 : * (Note that the current rfc2440bis draft also allows
1653 : * for a signed message but that does not work as it
1654 : * introduces ambiguities.)
1655 : * We keep track of these packages using the marker packet
1656 : * CTRLPKT_PLAINTEXT_MARK.
1657 : * C = Marker packet for cleartext signatures.
1658 : *
1659 : * We reject all other messages.
1660 : *
1661 : * Actually we are calling this too often, i.e. for verification of
1662 : * each message but better have some duplicate work than to silently
1663 : * introduce a bug here.
1664 : */
1665 : {
1666 : kbnode_t n;
1667 : int n_onepass, n_sig;
1668 :
1669 : /* log_debug ("checking signature packet composition\n"); */
1670 : /* dump_kbnode (c->list); */
1671 :
1672 199 : n = c->list;
1673 199 : log_assert (n);
1674 199 : if ( n->pkt->pkttype == PKT_SIGNATURE )
1675 : {
1676 : /* This is either "S{1,n}" case (detached signature) or
1677 : "S{1,n} P" (old style PGP2 signature). */
1678 20 : for (n = n->next; n; n = n->next)
1679 4 : if (n->pkt->pkttype != PKT_SIGNATURE)
1680 4 : break;
1681 20 : if (!n)
1682 : ; /* Okay, this is a detached signature. */
1683 4 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
1684 4 : && (n->pkt->pkt.gpg_control->control
1685 : == CTRLPKT_PLAINTEXT_MARK) )
1686 : {
1687 4 : if (n->next)
1688 2 : goto ambiguous; /* We only allow one P packet. */
1689 : }
1690 : else
1691 : goto ambiguous;
1692 : }
1693 179 : else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1694 : {
1695 : /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1696 307 : for (n_onepass=1, n = n->next;
1697 158 : n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1698 3 : n_onepass++;
1699 304 : if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1700 152 : && (n->pkt->pkt.gpg_control->control
1701 : == CTRLPKT_PLAINTEXT_MARK)))
1702 : goto ambiguous;
1703 458 : for (n_sig=0, n = n->next;
1704 313 : n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1705 154 : n_sig++;
1706 152 : if (!n_sig)
1707 0 : goto ambiguous;
1708 :
1709 : /* If we wanted to disallow multiple sig verification, we'd do
1710 : something like this:
1711 :
1712 : if (n && !opt.allow_multisig_verification)
1713 : goto ambiguous;
1714 :
1715 : However, now that we have --allow-multiple-messages, this
1716 : can stay allowable as we can't get here unless multiple
1717 : messages (i.e. multiple literals) are allowed. */
1718 :
1719 152 : if (n_onepass != n_sig)
1720 : {
1721 1 : log_info ("number of one-pass packets does not match "
1722 : "number of signature packets\n");
1723 1 : goto ambiguous;
1724 : }
1725 : }
1726 27 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
1727 27 : && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1728 : {
1729 : /* This is the "C P S{1,n}" case (clear text signature). */
1730 20 : n = n->next;
1731 40 : if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1732 20 : && (n->pkt->pkt.gpg_control->control
1733 : == CTRLPKT_PLAINTEXT_MARK)))
1734 : goto ambiguous;
1735 64 : for (n_sig=0, n = n->next;
1736 48 : n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1737 24 : n_sig++;
1738 20 : if (n || !n_sig)
1739 : goto ambiguous;
1740 : }
1741 : else
1742 : {
1743 : ambiguous:
1744 10 : log_error(_("can't handle this ambiguous signature data\n"));
1745 10 : return 0;
1746 : }
1747 : }
1748 :
1749 189 : if (sig->signers_uid)
1750 62 : write_status_buffer (STATUS_NEWSIG,
1751 62 : sig->signers_uid, strlen (sig->signers_uid), 0);
1752 : else
1753 158 : write_status_text (STATUS_NEWSIG, NULL);
1754 :
1755 189 : astr = openpgp_pk_algo_name ( sig->pubkey_algo );
1756 189 : if ((issuer_fpr = issuer_fpr_string (sig)))
1757 : {
1758 136 : log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1759 136 : log_info (_(" using %s key %s\n"),
1760 : astr? astr: "?", issuer_fpr);
1761 :
1762 136 : xfree (issuer_fpr);
1763 : }
1764 53 : else if (!keystrlen () || keystrlen () > 8)
1765 : {
1766 53 : log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1767 53 : log_info (_(" using %s key %s\n"),
1768 53 : astr? astr: "?", keystr(sig->keyid));
1769 : }
1770 : else /* Legacy format. */
1771 0 : log_info (_("Signature made %s using %s key ID %s\n"),
1772 : asctimestamp(sig->timestamp), astr? astr: "?",
1773 0 : keystr(sig->keyid));
1774 :
1775 : /* In verbose mode print the signers UID. */
1776 189 : if (sig->signers_uid)
1777 31 : log_info (_(" issuer \"%s\"\n"), sig->signers_uid);
1778 :
1779 189 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1780 :
1781 : /* If the key isn't found, check for a preferred keyserver. */
1782 189 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks)
1783 : {
1784 : const byte *p;
1785 0 : int seq = 0;
1786 : size_t n;
1787 :
1788 0 : while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1789 : {
1790 : /* According to my favorite copy editor, in English grammar,
1791 : you say "at" if the key is located on a web page, but
1792 : "from" if it is located on a keyserver. I'm not going to
1793 : even try to make two strings here :) */
1794 0 : log_info(_("Key available at: ") );
1795 0 : print_utf8_buffer (log_get_stream(), p, n);
1796 0 : log_printf ("\n");
1797 :
1798 0 : if (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1799 0 : && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1800 : {
1801 : struct keyserver_spec *spec;
1802 :
1803 0 : spec = parse_preferred_keyserver (sig);
1804 0 : if (spec)
1805 : {
1806 : int res;
1807 :
1808 0 : free_public_key (pk);
1809 0 : pk = NULL;
1810 0 : glo_ctrl.in_auto_key_retrieve++;
1811 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid,spec, 1);
1812 0 : glo_ctrl.in_auto_key_retrieve--;
1813 0 : if (!res)
1814 0 : rc = do_check_sig (c, node, NULL,
1815 : &is_expkey, &is_revkey, &pk);
1816 0 : free_keyserver_spec (spec);
1817 :
1818 0 : if (!rc)
1819 0 : break;
1820 : }
1821 : }
1822 : }
1823 : }
1824 :
1825 : /* If the avove methods didn't work, our next try is to use the URI
1826 : * from a DNS PKA record. */
1827 189 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1828 0 : && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1829 0 : && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
1830 : {
1831 0 : const char *uri = pka_uri_from_sig (c, sig);
1832 :
1833 0 : if (uri)
1834 : {
1835 : /* FIXME: We might want to locate the key using the
1836 : fingerprint instead of the keyid. */
1837 : int res;
1838 : struct keyserver_spec *spec;
1839 :
1840 0 : spec = parse_keyserver_uri (uri, 1);
1841 0 : if (spec)
1842 : {
1843 0 : free_public_key (pk);
1844 0 : pk = NULL;
1845 0 : glo_ctrl.in_auto_key_retrieve++;
1846 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid, spec, 1);
1847 0 : glo_ctrl.in_auto_key_retrieve--;
1848 0 : free_keyserver_spec (spec);
1849 0 : if (!res)
1850 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1851 : }
1852 : }
1853 : }
1854 :
1855 : /* If the above methods didn't work, our next try is to locate
1856 : * the key via its fingerprint from a keyserver. This requires
1857 : * that the signers fingerprint is encoded in the signature. We
1858 : * favor this over the WKD method (to be tried next), because an
1859 : * arbitrary keyserver is less subject to web bug like monitoring. */
1860 189 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1861 0 : && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1862 0 : && keyserver_any_configured (c->ctrl))
1863 : {
1864 : int res;
1865 : const byte *p;
1866 : size_t n;
1867 :
1868 0 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
1869 0 : if (p && n == 21 && p[0] == 4)
1870 : {
1871 : /* v4 packet with a SHA-1 fingerprint. */
1872 0 : free_public_key (pk);
1873 0 : pk = NULL;
1874 0 : glo_ctrl.in_auto_key_retrieve++;
1875 0 : res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
1876 0 : glo_ctrl.in_auto_key_retrieve--;
1877 0 : if (!res)
1878 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1879 : }
1880 : }
1881 :
1882 : /* If the above methods didn't work, our next try is to retrieve the
1883 : * key from the WKD. */
1884 189 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1885 0 : && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1886 0 : && !opt.flags.disable_signer_uid
1887 0 : && akl_has_wkd_method ()
1888 0 : && sig->signers_uid)
1889 : {
1890 : int res;
1891 :
1892 0 : free_public_key (pk);
1893 0 : pk = NULL;
1894 0 : glo_ctrl.in_auto_key_retrieve++;
1895 0 : res = keyserver_import_wkd (c->ctrl, sig->signers_uid, 1, NULL, NULL);
1896 0 : glo_ctrl.in_auto_key_retrieve--;
1897 : /* Fixme: If the fingerprint is embedded in the signature,
1898 : * compare it to the fingerprint of the returned key. */
1899 0 : if (!res)
1900 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1901 : }
1902 :
1903 : /* If the above methods did't work, our next try is to use a
1904 : * keyserver. */
1905 189 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1906 0 : && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1907 0 : && keyserver_any_configured (c->ctrl))
1908 : {
1909 : int res;
1910 :
1911 0 : free_public_key (pk);
1912 0 : pk = NULL;
1913 0 : glo_ctrl.in_auto_key_retrieve++;
1914 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver, 1);
1915 0 : glo_ctrl.in_auto_key_retrieve--;
1916 0 : if (!res)
1917 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1918 : }
1919 :
1920 189 : if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
1921 185 : {
1922 : kbnode_t un, keyblock;
1923 188 : int count = 0;
1924 : int statno;
1925 : char keyid_str[50];
1926 188 : PKT_public_key *mainpk = NULL;
1927 :
1928 188 : if (rc)
1929 3 : statno = STATUS_BADSIG;
1930 185 : else if (sig->flags.expired)
1931 0 : statno = STATUS_EXPSIG;
1932 185 : else if (is_expkey)
1933 0 : statno = STATUS_EXPKEYSIG;
1934 185 : else if(is_revkey)
1935 0 : statno = STATUS_REVKEYSIG;
1936 : else
1937 185 : statno = STATUS_GOODSIG;
1938 :
1939 : /* FIXME: We should have the public key in PK and thus the
1940 : * keyboock has already been fetched. Thus we could use the
1941 : * fingerprint or PK itself to lookup the entire keyblock. That
1942 : * would best be done with a cache. */
1943 188 : keyblock = get_pubkeyblock (sig->keyid);
1944 :
1945 376 : snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
1946 376 : (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1947 :
1948 : /* Find and print the primary user ID along with the
1949 : "Good|Expired|Bad signature" line. */
1950 1627 : for (un=keyblock; un; un = un->next)
1951 : {
1952 : int valid;
1953 :
1954 1439 : if (un->pkt->pkttype==PKT_PUBLIC_KEY)
1955 : {
1956 188 : mainpk = un->pkt->pkt.public_key;
1957 188 : continue;
1958 : }
1959 1251 : if (un->pkt->pkttype != PKT_USER_ID)
1960 859 : continue;
1961 392 : if (!un->pkt->pkt.user_id->created)
1962 0 : continue;
1963 392 : if (un->pkt->pkt.user_id->is_revoked)
1964 0 : continue;
1965 392 : if (un->pkt->pkt.user_id->is_expired)
1966 0 : continue;
1967 392 : if (!un->pkt->pkt.user_id->is_primary)
1968 204 : continue;
1969 : /* We want the textual primary user ID here */
1970 188 : if (un->pkt->pkt.user_id->attrib_data)
1971 0 : continue;
1972 :
1973 188 : log_assert (mainpk);
1974 :
1975 : /* Since this is just informational, don't actually ask the
1976 : user to update any trust information. (Note: we register
1977 : the signature later.) Because print_good_bad_signature
1978 : does not print a LF we need to compute the validity
1979 : before calling that function. */
1980 188 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1981 188 : valid = get_validity (c->ctrl, keyblock, mainpk,
1982 188 : un->pkt->pkt.user_id, NULL, 0);
1983 : else
1984 0 : valid = 0; /* Not used. */
1985 :
1986 188 : keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1987 :
1988 188 : print_good_bad_signature (statno, keyid_str, un, sig, rc);
1989 :
1990 188 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1991 188 : log_printf (" [%s]\n",trust_value_to_string(valid));
1992 : else
1993 0 : log_printf ("\n");
1994 :
1995 188 : count++;
1996 : }
1997 :
1998 188 : log_assert (mainpk);
1999 :
2000 : /* In case we did not found a valid valid textual userid above
2001 : we print the first user id packet or a "[?]" instead along
2002 : with the "Good|Expired|Bad signature" line. */
2003 188 : if (!count)
2004 : {
2005 : /* Try for an invalid textual userid */
2006 0 : for (un=keyblock; un; un = un->next)
2007 : {
2008 0 : if (un->pkt->pkttype == PKT_USER_ID
2009 0 : && !un->pkt->pkt.user_id->attrib_data)
2010 0 : break;
2011 : }
2012 :
2013 : /* Try for any userid at all */
2014 0 : if (!un)
2015 : {
2016 0 : for (un=keyblock; un; un = un->next)
2017 : {
2018 0 : if (un->pkt->pkttype == PKT_USER_ID)
2019 0 : break;
2020 : }
2021 : }
2022 :
2023 0 : if (opt.trust_model==TM_ALWAYS || !un)
2024 0 : keyid_str[17] = 0; /* cut off the "[uncertain]" part */
2025 :
2026 0 : print_good_bad_signature (statno, keyid_str, un, sig, rc);
2027 :
2028 0 : if (opt.trust_model != TM_ALWAYS && un)
2029 0 : log_printf (" %s",_("[uncertain]") );
2030 0 : log_printf ("\n");
2031 : }
2032 :
2033 : /* If we have a good signature and already printed
2034 : * the primary user ID, print all the other user IDs */
2035 188 : if (count
2036 188 : && !rc
2037 185 : && !(opt.verify_options & VERIFY_SHOW_PRIMARY_UID_ONLY))
2038 : {
2039 : char *p;
2040 1605 : for( un=keyblock; un; un = un->next)
2041 : {
2042 1420 : if (un->pkt->pkttype != PKT_USER_ID)
2043 1033 : continue;
2044 387 : if ((un->pkt->pkt.user_id->is_revoked
2045 387 : || un->pkt->pkt.user_id->is_expired)
2046 0 : && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
2047 0 : continue;
2048 : /* Skip textual primary user ids which we printed above. */
2049 387 : if (un->pkt->pkt.user_id->is_primary
2050 185 : && !un->pkt->pkt.user_id->attrib_data )
2051 185 : continue;
2052 :
2053 : /* If this user id has attribute data, print that. */
2054 202 : if (un->pkt->pkt.user_id->attrib_data)
2055 : {
2056 0 : dump_attribs (un->pkt->pkt.user_id, mainpk);
2057 :
2058 0 : if (opt.verify_options&VERIFY_SHOW_PHOTOS)
2059 0 : show_photos (c->ctrl,
2060 0 : un->pkt->pkt.user_id->attribs,
2061 0 : un->pkt->pkt.user_id->numattribs,
2062 0 : mainpk ,un->pkt->pkt.user_id);
2063 : }
2064 :
2065 202 : p = utf8_to_native (un->pkt->pkt.user_id->name,
2066 202 : un->pkt->pkt.user_id->len, 0);
2067 202 : log_info (_(" aka \"%s\""), p);
2068 202 : xfree (p);
2069 :
2070 202 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
2071 : {
2072 : const char *valid;
2073 :
2074 202 : if (un->pkt->pkt.user_id->is_revoked)
2075 0 : valid = _("revoked");
2076 202 : else if (un->pkt->pkt.user_id->is_expired)
2077 0 : valid = _("expired");
2078 : else
2079 : /* Since this is just informational, don't
2080 : actually ask the user to update any trust
2081 : information. */
2082 202 : valid = (trust_value_to_string
2083 : (get_validity (c->ctrl, keyblock, mainpk,
2084 202 : un->pkt->pkt.user_id, NULL, 0)));
2085 202 : log_printf (" [%s]\n",valid);
2086 : }
2087 : else
2088 0 : log_printf ("\n");
2089 : }
2090 : }
2091 :
2092 : /* For good signatures print notation data. */
2093 188 : if (!rc)
2094 : {
2095 185 : if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
2096 185 : show_policy_url (sig, 0, 1);
2097 : else
2098 0 : show_policy_url (sig, 0, 2);
2099 :
2100 185 : if ((opt.verify_options & VERIFY_SHOW_KEYSERVER_URLS))
2101 185 : show_keyserver_url (sig, 0, 1);
2102 : else
2103 0 : show_keyserver_url (sig, 0, 2);
2104 :
2105 185 : if ((opt.verify_options & VERIFY_SHOW_NOTATIONS))
2106 185 : show_notation
2107 : (sig, 0, 1,
2108 185 : (((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)
2109 185 : + ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0)));
2110 : else
2111 0 : show_notation (sig, 0, 2, 0);
2112 : }
2113 :
2114 : /* For good signatures print the VALIDSIG status line. */
2115 188 : if (!rc && is_status_enabled () && pk)
2116 : {
2117 : char pkhex[MAX_FINGERPRINT_LEN*2+1];
2118 : char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
2119 :
2120 15 : hexfingerprint (pk, pkhex, sizeof pkhex);
2121 15 : hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
2122 :
2123 : /* TODO: Replace the reserved '0' in the field below with
2124 : bits for status flags (policy url, notation, etc.). */
2125 90 : write_status_printf (STATUS_VALIDSIG,
2126 : "%s %s %lu %lu %d 0 %d %d %02X %s",
2127 : pkhex,
2128 : strtimestamp (sig->timestamp),
2129 15 : (ulong)sig->timestamp,
2130 15 : (ulong)sig->expiredate,
2131 30 : sig->version, sig->pubkey_algo,
2132 15 : sig->digest_algo,
2133 15 : sig->sig_class,
2134 : mainpkhex);
2135 : }
2136 :
2137 : /* For good signatures compute and print the trust information.
2138 : Note that in the Tofu trust model this may ask the user on
2139 : how to resolve a conflict. */
2140 188 : if (!rc)
2141 : {
2142 185 : if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
2143 0 : pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
2144 185 : rc = check_signatures_trust (c->ctrl, sig);
2145 : }
2146 :
2147 : /* Print extra information about the signature. */
2148 188 : if (sig->flags.expired)
2149 : {
2150 0 : log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
2151 0 : rc = GPG_ERR_GENERAL; /* Need a better error here? */
2152 : }
2153 188 : else if (sig->expiredate)
2154 0 : log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
2155 :
2156 188 : if (opt.verbose)
2157 : {
2158 : char pkstrbuf[PUBKEY_STRING_SIZE];
2159 :
2160 0 : if (pk)
2161 0 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
2162 : else
2163 0 : *pkstrbuf = 0;
2164 :
2165 0 : log_info (_("%s signature, digest algorithm %s%s%s\n"),
2166 0 : sig->sig_class==0x00?_("binary"):
2167 0 : sig->sig_class==0x01?_("textmode"):_("unknown"),
2168 0 : gcry_md_algo_name (sig->digest_algo),
2169 0 : *pkstrbuf?_(", key algorithm "):"", pkstrbuf);
2170 : }
2171 :
2172 : /* Print final warnings. */
2173 188 : if (!rc && !c->signed_data.used)
2174 : {
2175 : /* Signature is basically good but we test whether the
2176 : deprecated command
2177 : gpg --verify FILE.sig
2178 : was used instead of
2179 : gpg --verify FILE.sig FILE
2180 : to verify a detached signature. If we figure out that a
2181 : data file with a matching name exists, we print a warning.
2182 :
2183 : The problem is that the first form would also verify a
2184 : standard signature. This behavior could be used to
2185 : create a made up .sig file for a tarball by creating a
2186 : standard signature from a valid detached signature packet
2187 : (for example from a signed git tag). Then replace the
2188 : sig file on the FTP server along with a changed tarball.
2189 : Using the first form the verify command would correctly
2190 : verify the signature but don't even consider the tarball. */
2191 : kbnode_t n;
2192 : char *dfile;
2193 :
2194 185 : dfile = get_matching_datafile (c->sigfilename);
2195 185 : if (dfile)
2196 : {
2197 0 : for (n = c->list; n; n = n->next)
2198 0 : if (n->pkt->pkttype != PKT_SIGNATURE)
2199 0 : break;
2200 0 : if (n)
2201 : {
2202 : /* Not only signature packets in the tree thus this
2203 : is not a detached signature. */
2204 0 : log_info (_("WARNING: not a detached signature; "
2205 : "file '%s' was NOT verified!\n"), dfile);
2206 : }
2207 0 : xfree (dfile);
2208 : }
2209 : }
2210 :
2211 188 : free_public_key (pk);
2212 188 : pk = NULL;
2213 188 : release_kbnode( keyblock );
2214 188 : if (rc)
2215 3 : g10_errors_seen = 1;
2216 188 : if (opt.batch && rc)
2217 3 : g10_exit (1);
2218 : }
2219 : else
2220 : {
2221 : char buf[50];
2222 :
2223 6 : snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
2224 2 : (ulong)sig->keyid[0], (ulong)sig->keyid[1],
2225 2 : sig->pubkey_algo, sig->digest_algo,
2226 2 : sig->sig_class, (ulong)sig->timestamp, rc);
2227 1 : write_status_text (STATUS_ERRSIG, buf);
2228 1 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
2229 : {
2230 0 : buf[16] = 0;
2231 0 : write_status_text (STATUS_NO_PUBKEY, buf);
2232 : }
2233 1 : if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
2234 1 : log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
2235 : }
2236 :
2237 186 : return rc;
2238 : }
2239 :
2240 :
2241 : /*
2242 : * Process the tree which starts at node
2243 : */
2244 : static void
2245 1267 : proc_tree (CTX c, kbnode_t node)
2246 : {
2247 : kbnode_t n1;
2248 : int rc;
2249 :
2250 1267 : if (opt.list_packets || opt.list_only)
2251 24 : return;
2252 :
2253 : /* We must skip our special plaintext marker packets here because
2254 : they may be the root packet. These packets are only used in
2255 : additional checks and skipping them here doesn't matter. */
2256 2774 : while (node
2257 480 : && node->pkt->pkttype == PKT_GPG_CONTROL
2258 306 : && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
2259 : {
2260 288 : node = node->next;
2261 : }
2262 1243 : if (!node)
2263 1051 : return;
2264 :
2265 192 : c->trustletter = ' ';
2266 192 : if (node->pkt->pkttype == PKT_PUBLIC_KEY
2267 192 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2268 : {
2269 0 : merge_keys_and_selfsig (node);
2270 0 : list_node (c, node);
2271 : }
2272 192 : else if (node->pkt->pkttype == PKT_SECRET_KEY)
2273 : {
2274 0 : merge_keys_and_selfsig (node);
2275 0 : list_node (c, node);
2276 : }
2277 192 : else if (node->pkt->pkttype == PKT_ONEPASS_SIG)
2278 : {
2279 : /* Check all signatures. */
2280 151 : if (!c->any.data)
2281 : {
2282 0 : int use_textmode = 0;
2283 :
2284 0 : free_md_filter_context (&c->mfx);
2285 : /* Prepare to create all requested message digests. */
2286 0 : rc = gcry_md_open (&c->mfx.md, 0, 0);
2287 0 : if (rc)
2288 0 : goto hash_err;
2289 :
2290 : /* Fixme: why looking for the signature packet and not the
2291 : one-pass packet? */
2292 0 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2293 0 : gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo);
2294 :
2295 0 : if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2296 0 : use_textmode = 1;
2297 :
2298 : /* Ask for file and hash it. */
2299 0 : if (c->sigs_only)
2300 : {
2301 0 : if (c->signed_data.used && c->signed_data.data_fd != -1)
2302 0 : rc = hash_datafile_by_fd (c->mfx.md, NULL,
2303 : c->signed_data.data_fd,
2304 : use_textmode);
2305 : else
2306 0 : rc = hash_datafiles (c->mfx.md, NULL,
2307 : c->signed_data.data_names,
2308 : c->sigfilename,
2309 : use_textmode);
2310 : }
2311 : else
2312 : {
2313 0 : rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2314 : iobuf_get_real_fname (c->iobuf),
2315 : use_textmode);
2316 : }
2317 :
2318 : hash_err:
2319 0 : if (rc)
2320 : {
2321 0 : log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2322 0 : return;
2323 : }
2324 : }
2325 151 : else if (c->signed_data.used)
2326 : {
2327 0 : log_error (_("not a detached signature\n"));
2328 0 : return;
2329 : }
2330 :
2331 452 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2332 153 : check_sig_and_print (c, n1);
2333 :
2334 : }
2335 59 : else if (node->pkt->pkttype == PKT_GPG_CONTROL
2336 18 : && node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
2337 : {
2338 : /* Clear text signed message. */
2339 18 : if (!c->any.data)
2340 : {
2341 0 : log_error ("cleartext signature without data\n");
2342 0 : return;
2343 : }
2344 18 : else if (c->signed_data.used)
2345 : {
2346 0 : log_error (_("not a detached signature\n"));
2347 0 : return;
2348 : }
2349 :
2350 56 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2351 20 : check_sig_and_print (c, n1);
2352 :
2353 : }
2354 23 : else if (node->pkt->pkttype == PKT_SIGNATURE)
2355 : {
2356 23 : PKT_signature *sig = node->pkt->pkt.signature;
2357 23 : int multiple_ok = 1;
2358 :
2359 23 : n1 = find_next_kbnode (node, PKT_SIGNATURE);
2360 23 : if (n1)
2361 : {
2362 3 : byte class = sig->sig_class;
2363 3 : byte hash = sig->digest_algo;
2364 :
2365 6 : for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2366 : {
2367 : /* We can't currently handle multiple signatures of
2368 : * different classes (we'd pretty much have to run a
2369 : * different hash context for each), but if they are all
2370 : * the same and it is detached signature, we make an
2371 : * exception. Note that the old code also disallowed
2372 : * multiple signatures if the digest algorithms are
2373 : * different. We softened this restriction only for
2374 : * detached signatures, to be on the safe side. */
2375 3 : if (n1->pkt->pkt.signature->sig_class != class
2376 3 : || (c->any.data
2377 3 : && n1->pkt->pkt.signature->digest_algo != hash))
2378 : {
2379 0 : multiple_ok = 0;
2380 0 : log_info (_("WARNING: multiple signatures detected. "
2381 : "Only the first will be checked.\n"));
2382 0 : break;
2383 : }
2384 : }
2385 : }
2386 :
2387 23 : if (sig->sig_class != 0x00 && sig->sig_class != 0x01)
2388 : {
2389 0 : log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class);
2390 : }
2391 23 : else if (!c->any.data)
2392 : {
2393 : /* Detached signature */
2394 16 : free_md_filter_context (&c->mfx);
2395 16 : rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0);
2396 16 : if (rc)
2397 0 : goto detached_hash_err;
2398 :
2399 16 : if (multiple_ok)
2400 : {
2401 : /* If we have and want to handle multiple signatures we
2402 : * need to enable all hash algorithms for the context. */
2403 32 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE)); )
2404 0 : if (!openpgp_md_test_algo (n1->pkt->pkt.signature->digest_algo))
2405 0 : gcry_md_enable (c->mfx.md,
2406 0 : map_md_openpgp_to_gcry
2407 0 : (n1->pkt->pkt.signature->digest_algo));
2408 : }
2409 :
2410 16 : if (RFC2440 || RFC4880)
2411 : ; /* Strict RFC mode. */
2412 16 : else if (sig->digest_algo == DIGEST_ALGO_SHA1
2413 16 : && sig->pubkey_algo == PUBKEY_ALGO_DSA
2414 16 : && sig->sig_class == 0x01)
2415 : {
2416 : /* Enable a workaround for a pgp5 bug when the detached
2417 : * signature has been created in textmode. Note that we
2418 : * do not implement this for multiple signatures with
2419 : * different hash algorithms. */
2420 0 : rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
2421 0 : if (rc)
2422 0 : goto detached_hash_err;
2423 : }
2424 :
2425 : /* Here we used to have another hack to work around a pgp
2426 : * 2 bug: It worked by not using the textmode for detached
2427 : * signatures; this would let the first signature check
2428 : * (on md) fail but the second one (on md2), which adds an
2429 : * extra CR would then have produced the "correct" hash.
2430 : * This is very, very ugly hack but it may haved help in
2431 : * some cases (and break others).
2432 : * c->mfx.md2? 0 :(sig->sig_class == 0x01)
2433 : */
2434 :
2435 16 : if (DBG_HASHING)
2436 : {
2437 0 : gcry_md_debug (c->mfx.md, "verify");
2438 0 : if (c->mfx.md2)
2439 0 : gcry_md_debug (c->mfx.md2, "verify2");
2440 : }
2441 :
2442 16 : if (c->sigs_only)
2443 : {
2444 0 : if (c->signed_data.used && c->signed_data.data_fd != -1)
2445 0 : rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2446 : c->signed_data.data_fd,
2447 0 : (sig->sig_class == 0x01));
2448 : else
2449 0 : rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2450 : c->signed_data.data_names,
2451 : c->sigfilename,
2452 0 : (sig->sig_class == 0x01));
2453 : }
2454 : else
2455 : {
2456 16 : rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2457 : iobuf_get_real_fname(c->iobuf),
2458 16 : (sig->sig_class == 0x01));
2459 : }
2460 :
2461 : detached_hash_err:
2462 16 : if (rc)
2463 : {
2464 0 : log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2465 0 : return;
2466 : }
2467 : }
2468 7 : else if (c->signed_data.used)
2469 : {
2470 0 : log_error (_("not a detached signature\n"));
2471 0 : return;
2472 : }
2473 7 : else if (!opt.quiet)
2474 7 : log_info (_("old style (PGP 2.x) signature\n"));
2475 :
2476 23 : if (multiple_ok)
2477 : {
2478 49 : for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2479 26 : check_sig_and_print (c, n1);
2480 : }
2481 : else
2482 0 : check_sig_and_print (c, node);
2483 :
2484 : }
2485 : else
2486 : {
2487 0 : dump_kbnode (c->list);
2488 0 : log_error ("invalid root packet detected in proc_tree()\n");
2489 0 : dump_kbnode (node);
2490 : }
2491 : }
|
