Line data Source code
1 : /* mainproc.c - handle packets
2 : * Copyright (C) 1998-2009 Free Software Foundation, Inc.
3 : * Copyright (C) 2013-2014 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <time.h>
26 :
27 : #include "gpg.h"
28 : #include "util.h"
29 : #include "packet.h"
30 : #include "iobuf.h"
31 : #include "options.h"
32 : #include "keydb.h"
33 : #include "filter.h"
34 : #include "main.h"
35 : #include "status.h"
36 : #include "i18n.h"
37 : #include "trustdb.h"
38 : #include "keyserver-internal.h"
39 : #include "photoid.h"
40 : #include "mbox-util.h"
41 : #include "call-dirmngr.h"
42 :
43 : /* Put an upper limit on nested packets. The 32 is an arbitrary
44 : value, a much lower should actually be sufficient. */
45 : #define MAX_NESTING_DEPTH 32
46 :
47 :
48 : /* An object to build a list of keyid related info. */
49 : struct kidlist_item
50 : {
51 : struct kidlist_item *next;
52 : u32 kid[2];
53 : int pubkey_algo;
54 : int reason;
55 : };
56 :
57 :
58 : /*
59 : * Object to hold the processing context.
60 : */
61 : typedef struct mainproc_context *CTX;
62 : struct mainproc_context
63 : {
64 : ctrl_t ctrl;
65 : struct mainproc_context *anchor; /* May be useful in the future. */
66 : PKT_public_key *last_pubkey;
67 : PKT_user_id *last_user_id;
68 : md_filter_context_t mfx;
69 : int sigs_only; /* Process only signatures and reject all other stuff. */
70 : int encrypt_only; /* Process only encryption messages. */
71 :
72 : /* Name of the file with the complete signature or the file with the
73 : detached signature. This is currently only used to deduce the
74 : file name of the data file if that has not been given. */
75 : const char *sigfilename;
76 :
77 : /* A structure to describe the signed data in case of a detached
78 : signature. */
79 : struct
80 : {
81 : /* A file descriptor of the the signed data. Only used if not -1. */
82 : int data_fd;
83 : /* A list of filenames with the data files or NULL. This is only
84 : used if DATA_FD is -1. */
85 : strlist_t data_names;
86 : /* Flag to indicated that either one of the next previous fields
87 : is used. This is only needed for better readability. */
88 : int used;
89 : } signed_data;
90 :
91 : DEK *dek;
92 : int last_was_session_key;
93 : kbnode_t list; /* The current list of packets. */
94 : iobuf_t iobuf; /* Used to get the filename etc. */
95 : int trustletter; /* Temporary usage in list_node. */
96 : ulong symkeys;
97 : struct kidlist_item *pkenc_list; /* List of encryption packets. */
98 : struct {
99 : unsigned int sig_seen:1; /* Set to true if a signature packet
100 : has been seen. */
101 : unsigned int data:1; /* Any data packet seen */
102 : unsigned int uncompress_failed:1;
103 : } any;
104 : };
105 :
106 :
107 : /*** Local prototypes. ***/
108 : static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
109 : static void list_node (CTX c, kbnode_t node);
110 : static void proc_tree (CTX c, kbnode_t node);
111 : static int literals_seen;
112 :
113 :
114 : /*** Functions. ***/
115 :
116 :
117 : void
118 0 : reset_literals_seen(void)
119 : {
120 0 : literals_seen = 0;
121 0 : }
122 :
123 :
124 : static void
125 1682 : release_list( CTX c )
126 : {
127 1682 : proc_tree (c, c->list);
128 1679 : release_kbnode (c->list);
129 3626 : while (c->pkenc_list)
130 : {
131 268 : struct kidlist_item *tmp = c->pkenc_list->next;
132 268 : xfree (c->pkenc_list);
133 268 : c->pkenc_list = tmp;
134 : }
135 1679 : c->pkenc_list = NULL;
136 1679 : c->list = NULL;
137 1679 : c->any.data = 0;
138 1679 : c->any.uncompress_failed = 0;
139 1679 : c->last_was_session_key = 0;
140 1679 : xfree (c->dek);
141 1679 : c->dek = NULL;
142 1679 : }
143 :
144 :
145 : static int
146 131 : add_onepass_sig (CTX c, PACKET *pkt)
147 : {
148 : kbnode_t node;
149 :
150 131 : if (c->list) /* Add another packet. */
151 5 : add_kbnode (c->list, new_kbnode (pkt));
152 : else /* Insert the first one. */
153 126 : c->list = node = new_kbnode (pkt);
154 :
155 131 : return 1;
156 : }
157 :
158 :
159 : static int
160 17 : add_gpg_control (CTX c, PACKET *pkt)
161 : {
162 17 : if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
163 : {
164 : /* New clear text signature.
165 : * Process the last one and reset everything */
166 17 : release_list(c);
167 : }
168 :
169 17 : if (c->list) /* Add another packet. */
170 0 : add_kbnode (c->list, new_kbnode (pkt));
171 : else /* Insert the first one. */
172 17 : c->list = new_kbnode (pkt);
173 :
174 17 : return 1;
175 : }
176 :
177 :
178 : static int
179 0 : add_user_id (CTX c, PACKET *pkt)
180 : {
181 0 : if (!c->list)
182 : {
183 0 : log_error ("orphaned user ID\n");
184 0 : return 0;
185 : }
186 0 : add_kbnode (c->list, new_kbnode (pkt));
187 0 : return 1;
188 : }
189 :
190 :
191 : static int
192 0 : add_subkey (CTX c, PACKET *pkt)
193 : {
194 0 : if (!c->list)
195 : {
196 0 : log_error ("subkey w/o mainkey\n");
197 0 : return 0;
198 : }
199 0 : add_kbnode (c->list, new_kbnode (pkt));
200 0 : return 1;
201 : }
202 :
203 :
204 : static int
205 0 : add_ring_trust (CTX c, PACKET *pkt)
206 : {
207 0 : if (!c->list)
208 : {
209 0 : log_error ("ring trust w/o key\n");
210 0 : return 0;
211 : }
212 0 : add_kbnode (c->list, new_kbnode (pkt));
213 0 : return 1;
214 : }
215 :
216 :
217 : static int
218 176 : add_signature (CTX c, PACKET *pkt)
219 : {
220 : kbnode_t node;
221 :
222 176 : c->any.sig_seen = 1;
223 176 : if (pkt->pkttype == PKT_SIGNATURE && !c->list)
224 : {
225 : /* This is the first signature for the following datafile.
226 : * GPG does not write such packets; instead it always uses
227 : * onepass-sig packets. The drawback of PGP's method
228 : * of prepending the signature to the data is
229 : * that it is not possible to make a signature from data read
230 : * from stdin. (GPG is able to read PGP stuff anyway.) */
231 19 : node = new_kbnode (pkt);
232 19 : c->list = node;
233 19 : return 1;
234 : }
235 157 : else if (!c->list)
236 0 : return 0; /* oops (invalid packet sequence)*/
237 157 : else if (!c->list->pkt)
238 0 : BUG(); /* so nicht */
239 :
240 : /* Add a new signature node item at the end. */
241 157 : node = new_kbnode (pkt);
242 157 : add_kbnode (c->list, node);
243 :
244 157 : return 1;
245 : }
246 :
247 : static int
248 0 : symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
249 : {
250 : gcry_cipher_hd_t hd;
251 :
252 0 : if(slen < 17 || slen > 33)
253 : {
254 0 : log_error ( _("weird size for an encrypted session key (%d)\n"),
255 : (int)slen);
256 0 : return GPG_ERR_BAD_KEY;
257 : }
258 :
259 0 : if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
260 0 : BUG ();
261 0 : if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
262 0 : BUG ();
263 0 : gcry_cipher_setiv ( hd, NULL, 0 );
264 0 : gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
265 0 : gcry_cipher_close ( hd );
266 :
267 : /* Now we replace the dek components with the real session key to
268 : decrypt the contents of the sequencing packet. */
269 :
270 0 : dek->keylen=slen-1;
271 0 : dek->algo=seskey[0];
272 :
273 0 : if(dek->keylen > DIM(dek->key))
274 0 : BUG ();
275 :
276 0 : memcpy(dek->key, seskey + 1, dek->keylen);
277 :
278 : /*log_hexdump( "thekey", dek->key, dek->keylen );*/
279 :
280 0 : return 0;
281 : }
282 :
283 :
284 : static void
285 224 : proc_symkey_enc (CTX c, PACKET *pkt)
286 : {
287 : PKT_symkey_enc *enc;
288 :
289 224 : enc = pkt->pkt.symkey_enc;
290 224 : if (!enc)
291 0 : log_error ("invalid symkey encrypted packet\n");
292 224 : else if(!c->dek)
293 : {
294 222 : int algo = enc->cipher_algo;
295 222 : const char *s = openpgp_cipher_algo_name (algo);
296 :
297 222 : if (!openpgp_cipher_test_algo (algo))
298 : {
299 222 : if (!opt.quiet)
300 : {
301 222 : if (enc->seskeylen)
302 0 : log_info (_("%s encrypted session key\n"), s );
303 : else
304 222 : log_info (_("%s encrypted data\n"), s );
305 : }
306 : }
307 : else
308 0 : log_error (_("encrypted with unknown algorithm %d\n"), algo);
309 :
310 222 : if (openpgp_md_test_algo (enc->s2k.hash_algo))
311 : {
312 0 : log_error(_("passphrase generated with unknown digest"
313 0 : " algorithm %d\n"),enc->s2k.hash_algo);
314 0 : s = NULL;
315 : }
316 :
317 222 : c->last_was_session_key = 2;
318 222 : if (!s || opt.list_only)
319 : goto leave;
320 :
321 222 : if (opt.override_session_key)
322 : {
323 0 : c->dek = xmalloc_clear (sizeof *c->dek);
324 0 : if (get_override_session_key (c->dek, opt.override_session_key))
325 : {
326 0 : xfree (c->dek);
327 0 : c->dek = NULL;
328 : }
329 : }
330 : else
331 : {
332 222 : c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL, NULL);
333 222 : if (c->dek)
334 : {
335 222 : c->dek->symmetric = 1;
336 :
337 : /* FIXME: This doesn't work perfectly if a symmetric key
338 : comes before a public key in the message - if the
339 : user doesn't know the passphrase, then there is a
340 : chance that the "decrypted" algorithm will happen to
341 : be a valid one, which will make the returned dek
342 : appear valid, so we won't try any public keys that
343 : come later. */
344 222 : if (enc->seskeylen)
345 : {
346 0 : if (symkey_decrypt_seskey (c->dek,
347 0 : enc->seskey, enc->seskeylen))
348 : {
349 0 : xfree (c->dek);
350 0 : c->dek = NULL;
351 : }
352 : }
353 : else
354 222 : c->dek->algo_info_printed = 1;
355 : }
356 : }
357 : }
358 :
359 : leave:
360 224 : c->symkeys++;
361 224 : free_packet (pkt);
362 224 : }
363 :
364 :
365 : static void
366 268 : proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
367 : {
368 : PKT_pubkey_enc *enc;
369 268 : int result = 0;
370 :
371 : /* Check whether the secret key is available and store in this case. */
372 268 : c->last_was_session_key = 1;
373 268 : enc = pkt->pkt.pubkey_enc;
374 : /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
375 : /* Hmmm: why do I have this algo check here - anyway there is
376 : * function to check it. */
377 268 : if (opt.verbose)
378 0 : log_info (_("public key is %s\n"), keystr (enc->keyid));
379 :
380 268 : if (is_status_enabled())
381 : {
382 : char buf[50];
383 : /* FIXME: For ECC support we need to map the OpenPGP algo number
384 : to the Libgcrypt defined one. This is due a chicken-egg
385 : problem: We need to have code in Libgcrypt for a new
386 : algorithm so to implement a proposed new algorithm before the
387 : IANA will finally assign an OpenPGP identifier. */
388 0 : snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
389 0 : (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
390 0 : write_status_text (STATUS_ENC_TO, buf);
391 : }
392 :
393 268 : if (!opt.list_only && opt.override_session_key)
394 : {
395 : /* It does not make much sense to store the session key in
396 : * secure memory because it has already been passed on the
397 : * command line and the GCHQ knows about it. */
398 0 : c->dek = xmalloc_clear (sizeof *c->dek);
399 0 : result = get_override_session_key (c->dek, opt.override_session_key);
400 0 : if (result)
401 : {
402 0 : xfree (c->dek);
403 0 : c->dek = NULL;
404 : }
405 : }
406 268 : else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
407 36 : || enc->pubkey_algo == PUBKEY_ALGO_ECDH
408 9 : || enc->pubkey_algo == PUBKEY_ALGO_RSA
409 0 : || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
410 0 : || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
411 : {
412 : /* Note that we also allow type 20 Elgamal keys for decryption.
413 : There are still a couple of those keys in active use as a
414 : subkey. */
415 :
416 : /* FIXME: Store this all in a list and process it later so that
417 : we can prioritize what key to use. This gives a better user
418 : experience if wildcard keyids are used. */
419 536 : if (!c->dek && ((!enc->keyid[0] && !enc->keyid[1])
420 259 : || opt.try_all_secrets
421 259 : || have_secret_key_with_kid (enc->keyid)))
422 : {
423 518 : if(opt.list_only)
424 0 : result = -1;
425 : else
426 : {
427 259 : c->dek = xmalloc_secure_clear (sizeof *c->dek);
428 259 : if ((result = get_session_key (ctrl, enc, c->dek)))
429 : {
430 : /* Error: Delete the DEK. */
431 0 : xfree (c->dek);
432 0 : c->dek = NULL;
433 : }
434 : }
435 : }
436 : else
437 9 : result = GPG_ERR_NO_SECKEY;
438 : }
439 : else
440 0 : result = GPG_ERR_PUBKEY_ALGO;
441 :
442 268 : if (result == -1)
443 : ;
444 : else
445 : {
446 : /* Store it for later display. */
447 268 : struct kidlist_item *x = xmalloc (sizeof *x);
448 268 : x->kid[0] = enc->keyid[0];
449 268 : x->kid[1] = enc->keyid[1];
450 268 : x->pubkey_algo = enc->pubkey_algo;
451 268 : x->reason = result;
452 268 : x->next = c->pkenc_list;
453 268 : c->pkenc_list = x;
454 :
455 268 : if (!result && opt.verbose > 1)
456 0 : log_info (_("public key encrypted data: good DEK\n"));
457 : }
458 :
459 268 : free_packet(pkt);
460 268 : }
461 :
462 :
463 : /*
464 : * Print the list of public key encrypted packets which we could
465 : * not decrypt.
466 : */
467 : static void
468 962 : print_pkenc_list (struct kidlist_item *list, int failed)
469 : {
470 1498 : for (; list; list = list->next)
471 : {
472 : PKT_public_key *pk;
473 : const char *algstr;
474 :
475 536 : if (failed && !list->reason)
476 259 : continue;
477 277 : if (!failed && list->reason)
478 9 : continue;
479 :
480 268 : algstr = openpgp_pk_algo_name (list->pubkey_algo);
481 268 : pk = xmalloc_clear (sizeof *pk);
482 :
483 268 : if (!algstr)
484 0 : algstr = "[?]";
485 268 : pk->pubkey_algo = list->pubkey_algo;
486 268 : if (!get_pubkey (pk, list->kid))
487 : {
488 : char *p;
489 264 : log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
490 : nbits_from_pk (pk), algstr, keystr_from_pk(pk),
491 : strtimestamp (pk->timestamp));
492 264 : p = get_user_id_native (list->kid);
493 264 : log_printf (_(" \"%s\"\n"), p);
494 264 : xfree (p);
495 : }
496 : else
497 4 : log_info (_("encrypted with %s key, ID %s\n"),
498 4 : algstr, keystr(list->kid));
499 :
500 268 : free_public_key (pk);
501 :
502 268 : if (gpg_err_code (list->reason) == GPG_ERR_NO_SECKEY)
503 : {
504 9 : if (is_status_enabled())
505 : {
506 : char buf[20];
507 0 : snprintf (buf, sizeof buf, "%08lX%08lX",
508 0 : (ulong)list->kid[0], (ulong)list->kid[1]);
509 0 : write_status_text (STATUS_NO_SECKEY, buf);
510 : }
511 : }
512 259 : else if (list->reason)
513 : {
514 0 : log_info (_("public key decryption failed: %s\n"),
515 0 : gpg_strerror (list->reason));
516 0 : write_status_error ("pkdecrypt_failed", list->reason);
517 : }
518 : }
519 962 : }
520 :
521 :
522 : static void
523 481 : proc_encrypted (CTX c, PACKET *pkt)
524 : {
525 481 : int result = 0;
526 :
527 481 : if (!opt.quiet)
528 : {
529 481 : if (c->symkeys>1)
530 0 : log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
531 481 : else if (c->symkeys == 1)
532 224 : log_info (_("encrypted with 1 passphrase\n"));
533 481 : print_pkenc_list ( c->pkenc_list, 1 );
534 481 : print_pkenc_list ( c->pkenc_list, 0 );
535 : }
536 :
537 : /* FIXME: Figure out the session key by looking at all pkenc packets. */
538 :
539 481 : write_status (STATUS_BEGIN_DECRYPTION);
540 :
541 : /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
542 481 : if (opt.list_only)
543 0 : result = -1;
544 481 : else if (!c->dek && !c->last_was_session_key)
545 0 : {
546 : int algo;
547 : STRING2KEY s2kbuf;
548 0 : STRING2KEY *s2k = NULL;
549 : int canceled;
550 :
551 0 : if (opt.override_session_key)
552 : {
553 0 : c->dek = xmalloc_clear (sizeof *c->dek);
554 0 : result = get_override_session_key (c->dek, opt.override_session_key);
555 0 : if (result)
556 : {
557 0 : xfree (c->dek);
558 0 : c->dek = NULL;
559 : }
560 : }
561 : else
562 : {
563 : /* Assume this is old style conventional encrypted data. */
564 0 : algo = opt.def_cipher_algo;
565 0 : if (algo)
566 0 : log_info (_("assuming %s encrypted data\n"),
567 : openpgp_cipher_algo_name (algo));
568 0 : else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
569 : {
570 0 : algo = opt.def_cipher_algo;
571 0 : if (!algo)
572 0 : algo = opt.s2k_cipher_algo;
573 0 : log_info (_("IDEA cipher unavailable, "
574 : "optimistically attempting to use %s instead\n"),
575 : openpgp_cipher_algo_name (algo));
576 : }
577 : else
578 : {
579 0 : algo = CIPHER_ALGO_IDEA;
580 0 : if (!opt.s2k_digest_algo)
581 : {
582 : /* If no digest is given we assume SHA-1. */
583 0 : s2kbuf.mode = 0;
584 0 : s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
585 0 : s2k = &s2kbuf;
586 : }
587 0 : log_info (_("assuming %s encrypted data\n"), "IDEA");
588 : }
589 :
590 0 : c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL, &canceled);
591 0 : if (c->dek)
592 0 : c->dek->algo_info_printed = 1;
593 0 : else if (canceled)
594 0 : result = gpg_error (GPG_ERR_CANCELED);
595 : else
596 0 : result = gpg_error (GPG_ERR_INV_PASSPHRASE);
597 : }
598 : }
599 481 : else if (!c->dek)
600 0 : result = GPG_ERR_NO_SECKEY;
601 :
602 481 : if (!result)
603 481 : result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
604 :
605 481 : if (result == -1)
606 : ;
607 481 : else if (!result
608 481 : && !opt.ignore_mdc_error
609 481 : && !pkt->pkt.encrypted->mdc_method
610 60 : && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
611 0 : && c->dek->algo != CIPHER_ALGO_TWOFISH)
612 : {
613 : /* The message has been decrypted but has no MDC despite that a
614 : modern cipher (blocklength != 64 bit, except for Twofish) is
615 : used and the option to ignore MDC errors is not used: To
616 : avoid attacks changing an MDC message to a non-MDC message,
617 : we fail here. */
618 0 : log_error (_("WARNING: message was not integrity protected\n"));
619 0 : if (opt.verbose > 1)
620 0 : log_info ("decryption forced to fail\n");
621 0 : write_status (STATUS_DECRYPTION_FAILED);
622 : }
623 481 : else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
624 0 : && opt.ignore_mdc_error))
625 : {
626 481 : write_status (STATUS_DECRYPTION_OKAY);
627 481 : if (opt.verbose > 1)
628 0 : log_info(_("decryption okay\n"));
629 962 : if (pkt->pkt.encrypted->mdc_method && !result)
630 421 : write_status (STATUS_GOODMDC);
631 60 : else if (!opt.no_mdc_warn)
632 60 : log_info (_("WARNING: message was not integrity protected\n"));
633 : }
634 0 : else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE)
635 : {
636 0 : glo_ctrl.lasterr = result;
637 0 : log_error (_("WARNING: encrypted message has been manipulated!\n"));
638 0 : write_status (STATUS_BADMDC);
639 0 : write_status (STATUS_DECRYPTION_FAILED);
640 : }
641 : else
642 : {
643 0 : if (gpg_err_code (result) == GPG_ERR_BAD_KEY
644 0 : && *c->dek->s2k_cacheid != '\0')
645 : {
646 0 : if (opt.debug)
647 0 : log_debug ("cleared passphrase cached with ID: %s\n",
648 0 : c->dek->s2k_cacheid);
649 0 : passphrase_clear_cache (c->dek->s2k_cacheid);
650 : }
651 0 : glo_ctrl.lasterr = result;
652 0 : write_status (STATUS_DECRYPTION_FAILED);
653 0 : log_error (_("decryption failed: %s\n"), gpg_strerror (result));
654 : /* Hmmm: does this work when we have encrypted using multiple
655 : * ways to specify the session key (symmmetric and PK). */
656 : }
657 :
658 481 : xfree (c->dek);
659 481 : c->dek = NULL;
660 481 : free_packet (pkt);
661 481 : c->last_was_session_key = 0;
662 481 : write_status (STATUS_END_DECRYPTION);
663 481 : }
664 :
665 :
666 : static void
667 596 : proc_plaintext( CTX c, PACKET *pkt )
668 : {
669 596 : PKT_plaintext *pt = pkt->pkt.plaintext;
670 : int any, clearsig, rc;
671 : kbnode_t n;
672 :
673 596 : literals_seen++;
674 :
675 596 : if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
676 0 : log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
677 596 : else if (opt.verbose)
678 0 : log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
679 :
680 596 : free_md_filter_context (&c->mfx);
681 596 : if (gcry_md_open (&c->mfx.md, 0, 0))
682 0 : BUG ();
683 : /* fixme: we may need to push the textfilter if we have sigclass 1
684 : * and no armoring - Not yet tested
685 : * Hmmm, why don't we need it at all if we have sigclass 1
686 : * Should we assume that plaintext in mode 't' has always sigclass 1??
687 : * See: Russ Allbery's mail 1999-02-09
688 : */
689 596 : any = clearsig = 0;
690 748 : for (n=c->list; n; n = n->next )
691 : {
692 169 : if (n->pkt->pkttype == PKT_ONEPASS_SIG)
693 : {
694 : /* The onepass signature case. */
695 135 : if (n->pkt->pkt.onepass_sig->digest_algo)
696 : {
697 135 : gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo);
698 135 : any = 1;
699 : }
700 : }
701 34 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
702 24 : && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
703 : {
704 : /* The clearsigned message case. */
705 17 : size_t datalen = n->pkt->pkt.gpg_control->datalen;
706 17 : const byte *data = n->pkt->pkt.gpg_control->data;
707 :
708 : /* Check that we have at least the sigclass and one hash. */
709 17 : if (datalen < 2)
710 0 : log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n");
711 : /* Note that we don't set the clearsig flag for not-dash-escaped
712 : * documents. */
713 17 : clearsig = (*data == 0x01);
714 34 : for (data++, datalen--; datalen; datalen--, data++)
715 17 : gcry_md_enable (c->mfx.md, *data);
716 17 : any = 1;
717 17 : break; /* Stop here as one-pass signature packets are not
718 : expected. */
719 : }
720 17 : else if (n->pkt->pkttype == PKT_SIGNATURE)
721 : {
722 : /* The SIG+LITERAL case that PGP used to use. */
723 10 : gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
724 10 : any = 1;
725 : }
726 : }
727 :
728 596 : if (!any && !opt.skip_verify)
729 : {
730 : /* This is for the old GPG LITERAL+SIG case. It's not legal
731 : according to 2440, so hopefully it won't come up that often.
732 : There is no good way to specify what algorithms to use in
733 : that case, so these there are the historical answer. */
734 443 : gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
735 443 : gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
736 : }
737 596 : if (DBG_HASHING)
738 : {
739 0 : gcry_md_debug (c->mfx.md, "verify");
740 0 : if (c->mfx.md2)
741 0 : gcry_md_debug (c->mfx.md2, "verify2");
742 : }
743 :
744 596 : rc=0;
745 :
746 596 : if (literals_seen > 1)
747 : {
748 8 : log_info (_("WARNING: multiple plaintexts seen\n"));
749 :
750 8 : if (!opt.flags.allow_multiple_messages)
751 : {
752 6 : write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
753 6 : log_inc_errorcount ();
754 6 : rc = gpg_error (GPG_ERR_UNEXPECTED);
755 : }
756 : }
757 :
758 596 : if (!rc)
759 : {
760 : /* It we are in --verify mode, we do not want to output the
761 : * signed text. However, if --output is also used we do what
762 : * has been requested and write out the signed data. */
763 620 : rc = handle_plaintext (pt, &c->mfx,
764 1180 : (opt.outfp || opt.outfile)? 0 : c->sigs_only,
765 : clearsig);
766 590 : if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
767 : {
768 : /* Can't write output but we hash it anyway to check the
769 : signature. */
770 0 : rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
771 : }
772 : }
773 :
774 596 : if (rc)
775 6 : log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
776 :
777 596 : free_packet(pkt);
778 596 : c->last_was_session_key = 0;
779 :
780 : /* We add a marker control packet instead of the plaintext packet.
781 : * This is so that we can later detect invalid packet sequences. */
782 596 : n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
783 596 : if (c->list)
784 153 : add_kbnode (c->list, n);
785 : else
786 443 : c->list = n;
787 596 : }
788 :
789 :
790 : static int
791 20 : proc_compressed_cb (iobuf_t a, void *info)
792 : {
793 20 : if ( ((CTX)info)->signed_data.used
794 0 : && ((CTX)info)->signed_data.data_fd != -1)
795 0 : return proc_signature_packets_by_fd (((CTX)info)->ctrl, info, a,
796 : ((CTX)info)->signed_data.data_fd);
797 : else
798 20 : return proc_signature_packets (((CTX)info)->ctrl, info, a,
799 : ((CTX)info)->signed_data.data_names,
800 : ((CTX)info)->sigfilename );
801 : }
802 :
803 :
804 : static int
805 2 : proc_encrypt_cb (iobuf_t a, void *info )
806 : {
807 2 : CTX c = info;
808 2 : return proc_encryption_packets (c->ctrl, info, a );
809 : }
810 :
811 :
812 : static int
813 563 : proc_compressed (CTX c, PACKET *pkt)
814 : {
815 563 : PKT_compressed *zd = pkt->pkt.compressed;
816 : int rc;
817 :
818 : /*printf("zip: compressed data packet\n");*/
819 563 : if (c->sigs_only)
820 20 : rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
821 543 : else if( c->encrypt_only )
822 2 : rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
823 : else
824 541 : rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
825 :
826 563 : if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
827 : {
828 0 : if (!c->any.uncompress_failed)
829 : {
830 : CTX cc;
831 :
832 0 : for (cc=c; cc; cc = cc->anchor)
833 0 : cc->any.uncompress_failed = 1;
834 0 : log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
835 : }
836 : }
837 563 : else if (rc)
838 0 : log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
839 :
840 563 : free_packet(pkt);
841 563 : c->last_was_session_key = 0;
842 563 : return rc;
843 : }
844 :
845 :
846 : /*
847 : * Check the signature. If R_PK is not NULL a copy of the public key
848 : * used to verify the signature will be stored tehre, or NULL if not
849 : * found. Returns: 0 = valid signature or an error code
850 : */
851 : static int
852 164 : do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
853 : int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
854 : {
855 : PKT_signature *sig;
856 164 : gcry_md_hd_t md = NULL;
857 164 : gcry_md_hd_t md2 = NULL;
858 164 : gcry_md_hd_t md_good = NULL;
859 : int algo, rc;
860 :
861 164 : if (r_pk)
862 164 : *r_pk = NULL;
863 :
864 164 : log_assert (node->pkt->pkttype == PKT_SIGNATURE);
865 164 : if (is_selfsig)
866 0 : *is_selfsig = 0;
867 164 : sig = node->pkt->pkt.signature;
868 :
869 164 : algo = sig->digest_algo;
870 164 : rc = openpgp_md_test_algo (algo);
871 164 : if (rc)
872 0 : return rc;
873 :
874 164 : if (sig->sig_class == 0x00)
875 : {
876 142 : if (c->mfx.md)
877 : {
878 142 : if (gcry_md_copy (&md, c->mfx.md ))
879 0 : BUG ();
880 : }
881 : else /* detached signature */
882 : {
883 : /* check_signature() will enable the md. */
884 0 : if (gcry_md_open (&md, 0, 0 ))
885 0 : BUG ();
886 : }
887 : }
888 22 : else if (sig->sig_class == 0x01)
889 : {
890 : /* How do we know that we have to hash the (already hashed) text
891 : in canonical mode ??? (calculating both modes???) */
892 22 : if (c->mfx.md)
893 : {
894 22 : if (gcry_md_copy (&md, c->mfx.md ))
895 0 : BUG ();
896 22 : if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2))
897 0 : BUG ();
898 : }
899 : else /* detached signature */
900 : {
901 0 : log_debug ("Do we really need this here?");
902 : /* check_signature() will enable the md*/
903 0 : if (gcry_md_open (&md, 0, 0 ))
904 0 : BUG ();
905 0 : if (gcry_md_open (&md2, 0, 0 ))
906 0 : BUG ();
907 : }
908 : }
909 0 : else if ((sig->sig_class&~3) == 0x10
910 0 : || sig->sig_class == 0x18
911 0 : || sig->sig_class == 0x1f
912 0 : || sig->sig_class == 0x20
913 0 : || sig->sig_class == 0x28
914 0 : || sig->sig_class == 0x30)
915 : {
916 0 : if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
917 0 : || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
918 : {
919 0 : return check_key_signature( c->list, node, is_selfsig );
920 : }
921 0 : else if (sig->sig_class == 0x20)
922 : {
923 0 : log_error (_("standalone revocation - "
924 : "use \"gpg --import\" to apply\n"));
925 0 : return GPG_ERR_NOT_PROCESSED;
926 : }
927 : else
928 : {
929 0 : log_error ("invalid root packet for sigclass %02x\n", sig->sig_class);
930 0 : return GPG_ERR_SIG_CLASS;
931 : }
932 : }
933 : else
934 0 : return GPG_ERR_SIG_CLASS;
935 :
936 : /* We only get here if we are checking the signature of a binary
937 : (0x00) or text document (0x01). */
938 164 : rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, r_pk);
939 164 : if (! rc)
940 160 : md_good = md;
941 4 : else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
942 : {
943 : PKT_public_key *pk2;
944 :
945 0 : rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey,
946 : r_pk? &pk2 : NULL);
947 0 : if (!rc)
948 : {
949 0 : md_good = md2;
950 0 : if (r_pk)
951 : {
952 0 : free_public_key (*r_pk);
953 0 : *r_pk = pk2;
954 : }
955 : }
956 : }
957 :
958 164 : if (md_good)
959 : {
960 160 : unsigned char *buffer = gcry_md_read (md_good, sig->digest_algo);
961 160 : sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
962 160 : memcpy (sig->digest, buffer, sig->digest_len);
963 : }
964 :
965 164 : gcry_md_close (md);
966 164 : gcry_md_close (md2);
967 :
968 164 : return rc;
969 : }
970 :
971 :
972 : static void
973 0 : print_userid (PACKET *pkt)
974 : {
975 0 : if (!pkt)
976 0 : BUG();
977 :
978 0 : if (pkt->pkttype != PKT_USER_ID)
979 : {
980 0 : es_printf ("ERROR: unexpected packet type %d", pkt->pkttype );
981 0 : return;
982 : }
983 0 : if (opt.with_colons)
984 : {
985 0 : if (pkt->pkt.user_id->attrib_data)
986 0 : es_printf("%u %lu",
987 0 : pkt->pkt.user_id->numattribs,
988 0 : pkt->pkt.user_id->attrib_len);
989 : else
990 0 : es_write_sanitized (es_stdout, pkt->pkt.user_id->name,
991 0 : pkt->pkt.user_id->len, ":", NULL);
992 : }
993 : else
994 0 : print_utf8_buffer (es_stdout, pkt->pkt.user_id->name,
995 0 : pkt->pkt.user_id->len );
996 : }
997 :
998 :
999 : /*
1000 : * List the keyblock in a user friendly way
1001 : */
1002 : static void
1003 0 : list_node (CTX c, kbnode_t node)
1004 : {
1005 0 : if (!node)
1006 : ;
1007 0 : else if (node->pkt->pkttype == PKT_PUBLIC_KEY
1008 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1009 0 : {
1010 0 : PKT_public_key *pk = node->pkt->pkt.public_key;
1011 :
1012 0 : if (opt.with_colons)
1013 : {
1014 : u32 keyid[2];
1015 :
1016 0 : keyid_from_pk( pk, keyid );
1017 0 : if (pk->flags.primary)
1018 0 : c->trustletter = (opt.fast_list_mode?
1019 0 : 0 : get_validity_info (c->ctrl, pk, NULL));
1020 0 : es_printf ("%s:", pk->flags.primary? "pub":"sub" );
1021 0 : if (c->trustletter)
1022 0 : es_putc (c->trustletter, es_stdout);
1023 0 : es_printf (":%u:%d:%08lX%08lX:%s:%s::",
1024 : nbits_from_pk( pk ),
1025 0 : pk->pubkey_algo,
1026 0 : (ulong)keyid[0],(ulong)keyid[1],
1027 : colon_datestr_from_pk( pk ),
1028 : colon_strtime (pk->expiredate) );
1029 0 : if (pk->flags.primary && !opt.fast_list_mode)
1030 0 : es_putc (get_ownertrust_info (pk), es_stdout);
1031 0 : es_putc (':', es_stdout);
1032 0 : es_putc ('\n', es_stdout);
1033 : }
1034 : else
1035 : {
1036 0 : print_key_line (es_stdout, pk, 0);
1037 : }
1038 :
1039 0 : if (opt.keyid_format == KF_NONE && !opt.with_colons)
1040 : ; /* Already printed. */
1041 0 : else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
1042 0 : print_fingerprint (NULL, pk, 0);
1043 :
1044 0 : if (opt.with_colons)
1045 : {
1046 0 : if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
1047 0 : es_printf ("rtv:1:%u:\n",
1048 0 : node->next->pkt->pkt.ring_trust->trustval);
1049 : }
1050 :
1051 0 : if (pk->flags.primary)
1052 : {
1053 0 : int kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
1054 :
1055 : /* Now list all userids with their signatures. */
1056 0 : for (node = node->next; node; node = node->next)
1057 : {
1058 0 : if (node->pkt->pkttype == PKT_SIGNATURE)
1059 : {
1060 0 : list_node (c, node );
1061 : }
1062 0 : else if (node->pkt->pkttype == PKT_USER_ID)
1063 : {
1064 0 : if (opt.with_colons)
1065 0 : es_printf ("%s:::::::::",
1066 0 : node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1067 : else
1068 0 : es_printf ("uid%*s",
1069 0 : kl + (opt.legacy_list_mode? 9:11),
1070 : "" );
1071 0 : print_userid (node->pkt);
1072 0 : if (opt.with_colons)
1073 0 : es_putc (':', es_stdout);
1074 0 : es_putc ('\n', es_stdout);
1075 0 : if (opt.with_colons
1076 0 : && node->next
1077 0 : && node->next->pkt->pkttype == PKT_RING_TRUST)
1078 : {
1079 0 : es_printf ("rtv:2:%u:\n",
1080 0 : node->next->pkt->pkt.ring_trust?
1081 0 : node->next->pkt->pkt.ring_trust->trustval : 0);
1082 : }
1083 : }
1084 0 : else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1085 : {
1086 0 : list_node(c, node );
1087 : }
1088 : }
1089 : }
1090 : }
1091 0 : else if (node->pkt->pkttype == PKT_SECRET_KEY
1092 0 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1093 : {
1094 :
1095 0 : log_debug ("FIXME: No way to print secret key packets here\n");
1096 : /* fixme: We may use a function to turn a secret key packet into
1097 : a public key one and use that here. */
1098 : }
1099 0 : else if (node->pkt->pkttype == PKT_SIGNATURE)
1100 : {
1101 0 : PKT_signature *sig = node->pkt->pkt.signature;
1102 0 : int is_selfsig = 0;
1103 0 : int rc2 = 0;
1104 : size_t n;
1105 : char *p;
1106 0 : int sigrc = ' ';
1107 :
1108 0 : if (!opt.verbose)
1109 0 : return;
1110 :
1111 0 : if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
1112 0 : es_fputs ("rev", es_stdout);
1113 : else
1114 0 : es_fputs ("sig", es_stdout);
1115 0 : if (opt.check_sigs)
1116 : {
1117 0 : fflush (stdout);
1118 0 : rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL, NULL);
1119 0 : switch (gpg_err_code (rc2))
1120 : {
1121 0 : case 0: sigrc = '!'; break;
1122 0 : case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1123 : case GPG_ERR_NO_PUBKEY:
1124 0 : case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1125 0 : default: sigrc = '%'; break;
1126 : }
1127 : }
1128 : else /* Check whether this is a self signature. */
1129 : {
1130 : u32 keyid[2];
1131 :
1132 0 : if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
1133 0 : || c->list->pkt->pkttype == PKT_SECRET_KEY )
1134 : {
1135 0 : keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
1136 :
1137 0 : if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
1138 0 : is_selfsig = 1;
1139 : }
1140 : }
1141 :
1142 0 : if (opt.with_colons)
1143 : {
1144 0 : es_putc (':', es_stdout);
1145 0 : if (sigrc != ' ')
1146 0 : es_putc (sigrc, es_stdout);
1147 0 : es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1148 0 : (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1149 : colon_datestr_from_sig (sig),
1150 : colon_expirestr_from_sig (sig));
1151 :
1152 0 : if (sig->trust_depth || sig->trust_value)
1153 0 : es_printf ("%d %d",sig->trust_depth,sig->trust_value);
1154 0 : es_putc (':', es_stdout);
1155 :
1156 0 : if (sig->trust_regexp)
1157 0 : es_write_sanitized (es_stdout, sig->trust_regexp,
1158 0 : strlen (sig->trust_regexp), ":", NULL);
1159 0 : es_putc (':', es_stdout);
1160 : }
1161 : else
1162 0 : es_printf ("%c %s %s ",
1163 0 : sigrc, keystr (sig->keyid), datestr_from_sig(sig));
1164 0 : if (sigrc == '%')
1165 0 : es_printf ("[%s] ", gpg_strerror (rc2) );
1166 0 : else if (sigrc == '?')
1167 : ;
1168 0 : else if (is_selfsig)
1169 : {
1170 0 : if (opt.with_colons)
1171 0 : es_putc (':', es_stdout);
1172 0 : es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
1173 0 : if (opt.with_colons)
1174 0 : es_putc (':', es_stdout);
1175 : }
1176 0 : else if (!opt.fast_list_mode)
1177 : {
1178 0 : p = get_user_id (sig->keyid, &n);
1179 0 : es_write_sanitized (es_stdout, p, n,
1180 0 : opt.with_colons?":":NULL, NULL );
1181 0 : xfree (p);
1182 : }
1183 0 : if (opt.with_colons)
1184 0 : es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1185 0 : es_putc ('\n', es_stdout);
1186 : }
1187 : else
1188 0 : log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
1189 : }
1190 :
1191 :
1192 : int
1193 1586 : proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1194 : {
1195 : int rc;
1196 1586 : CTX c = xmalloc_clear (sizeof *c);
1197 :
1198 1586 : c->ctrl = ctrl;
1199 1586 : c->anchor = anchor;
1200 1586 : rc = do_proc_packets (ctrl, c, a);
1201 1586 : xfree (c);
1202 :
1203 1586 : return rc;
1204 : }
1205 :
1206 :
1207 : int
1208 65 : proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
1209 : strlist_t signedfiles, const char *sigfilename )
1210 : {
1211 65 : CTX c = xmalloc_clear (sizeof *c);
1212 : int rc;
1213 :
1214 65 : c->ctrl = ctrl;
1215 65 : c->anchor = anchor;
1216 65 : c->sigs_only = 1;
1217 :
1218 65 : c->signed_data.data_fd = -1;
1219 65 : c->signed_data.data_names = signedfiles;
1220 65 : c->signed_data.used = !!signedfiles;
1221 :
1222 65 : c->sigfilename = sigfilename;
1223 65 : rc = do_proc_packets (ctrl, c, a);
1224 :
1225 : /* If we have not encountered any signature we print an error
1226 : messages, send a NODATA status back and return an error code.
1227 : Using log_error is required because verify_files does not check
1228 : error codes for each file but we want to terminate the process
1229 : with an error. */
1230 62 : if (!rc && !c->any.sig_seen)
1231 : {
1232 1 : write_status_text (STATUS_NODATA, "4");
1233 1 : log_error (_("no signature found\n"));
1234 1 : rc = GPG_ERR_NO_DATA;
1235 : }
1236 :
1237 : /* Propagate the signature seen flag upward. Do this only on success
1238 : so that we won't issue the nodata status several times. */
1239 62 : if (!rc && c->anchor && c->any.sig_seen)
1240 20 : c->anchor->any.sig_seen = 1;
1241 :
1242 62 : xfree (c);
1243 62 : return rc;
1244 : }
1245 :
1246 :
1247 : int
1248 0 : proc_signature_packets_by_fd (ctrl_t ctrl,
1249 : void *anchor, iobuf_t a, int signed_data_fd )
1250 : {
1251 : int rc;
1252 : CTX c;
1253 :
1254 0 : c = xtrycalloc (1, sizeof *c);
1255 0 : if (!c)
1256 0 : return gpg_error_from_syserror ();
1257 :
1258 0 : c->ctrl = ctrl;
1259 0 : c->anchor = anchor;
1260 0 : c->sigs_only = 1;
1261 :
1262 0 : c->signed_data.data_fd = signed_data_fd;
1263 0 : c->signed_data.data_names = NULL;
1264 0 : c->signed_data.used = (signed_data_fd != -1);
1265 :
1266 0 : rc = do_proc_packets (ctrl, c, a);
1267 :
1268 : /* If we have not encountered any signature we print an error
1269 : messages, send a NODATA status back and return an error code.
1270 : Using log_error is required because verify_files does not check
1271 : error codes for each file but we want to terminate the process
1272 : with an error. */
1273 0 : if (!rc && !c->any.sig_seen)
1274 : {
1275 0 : write_status_text (STATUS_NODATA, "4");
1276 0 : log_error (_("no signature found\n"));
1277 0 : rc = gpg_error (GPG_ERR_NO_DATA);
1278 : }
1279 :
1280 : /* Propagate the signature seen flag upward. Do this only on success
1281 : so that we won't issue the nodata status several times. */
1282 0 : if (!rc && c->anchor && c->any.sig_seen)
1283 0 : c->anchor->any.sig_seen = 1;
1284 :
1285 0 : xfree ( c );
1286 0 : return rc;
1287 : }
1288 :
1289 :
1290 : int
1291 14 : proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1292 : {
1293 14 : CTX c = xmalloc_clear (sizeof *c);
1294 : int rc;
1295 :
1296 14 : c->ctrl = ctrl;
1297 14 : c->anchor = anchor;
1298 14 : c->encrypt_only = 1;
1299 14 : rc = do_proc_packets (ctrl, c, a);
1300 14 : xfree (c);
1301 14 : return rc;
1302 : }
1303 :
1304 :
1305 : static int
1306 1665 : check_nesting (CTX c)
1307 : {
1308 : int level;
1309 :
1310 4855 : for (level=0; c; c = c->anchor)
1311 3190 : level++;
1312 :
1313 1665 : if (level > MAX_NESTING_DEPTH)
1314 : {
1315 0 : log_error ("input data with too deeply nested packets\n");
1316 0 : write_status_text (STATUS_UNEXPECTED, "1");
1317 0 : return GPG_ERR_BAD_DATA;
1318 : }
1319 :
1320 1665 : return 0;
1321 : }
1322 :
1323 :
1324 : static int
1325 1665 : do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
1326 : {
1327 : PACKET *pkt;
1328 1665 : int rc = 0;
1329 1665 : int any_data = 0;
1330 : int newpkt;
1331 :
1332 1665 : rc = check_nesting (c);
1333 1665 : if (rc)
1334 0 : return rc;
1335 :
1336 1665 : pkt = xmalloc( sizeof *pkt );
1337 1665 : c->iobuf = a;
1338 1665 : init_packet(pkt);
1339 5829 : while ((rc=parse_packet(a, pkt)) != -1)
1340 : {
1341 2500 : any_data = 1;
1342 2500 : if (rc)
1343 : {
1344 2 : free_packet (pkt);
1345 : /* Stop processing when an invalid packet has been encountered
1346 : * but don't do so when we are doing a --list-packets. */
1347 2 : if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1348 2 : && opt.list_packets == 0)
1349 1 : break;
1350 1 : continue;
1351 : }
1352 2498 : newpkt = -1;
1353 2498 : if (opt.list_packets)
1354 : {
1355 57 : switch (pkt->pkttype)
1356 : {
1357 10 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1358 0 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1359 : case PKT_ENCRYPTED:
1360 5 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1361 6 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1362 36 : default: newpkt = 0; break;
1363 : }
1364 : }
1365 2441 : else if (c->sigs_only)
1366 : {
1367 161 : switch (pkt->pkttype)
1368 : {
1369 : case PKT_PUBLIC_KEY:
1370 : case PKT_SECRET_KEY:
1371 : case PKT_USER_ID:
1372 : case PKT_SYMKEY_ENC:
1373 : case PKT_PUBKEY_ENC:
1374 : case PKT_ENCRYPTED:
1375 : case PKT_ENCRYPTED_MDC:
1376 0 : write_status_text( STATUS_UNEXPECTED, "0" );
1377 0 : rc = GPG_ERR_UNEXPECTED;
1378 0 : goto leave;
1379 :
1380 51 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1381 49 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1382 20 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1383 32 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1384 7 : case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1385 2 : default: newpkt = 0; break;
1386 : }
1387 : }
1388 2280 : else if (c->encrypt_only)
1389 : {
1390 30 : switch (pkt->pkttype)
1391 : {
1392 : case PKT_PUBLIC_KEY:
1393 : case PKT_SECRET_KEY:
1394 : case PKT_USER_ID:
1395 0 : write_status_text (STATUS_UNEXPECTED, "0");
1396 0 : rc = GPG_ERR_UNEXPECTED;
1397 0 : goto leave;
1398 :
1399 2 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1400 6 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1401 6 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1402 : case PKT_ENCRYPTED:
1403 10 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1404 2 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1405 2 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1406 2 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1407 0 : case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1408 0 : default: newpkt = 0; break;
1409 : }
1410 : }
1411 : else
1412 : {
1413 2250 : switch (pkt->pkttype)
1414 : {
1415 : case PKT_PUBLIC_KEY:
1416 : case PKT_SECRET_KEY:
1417 0 : release_list (c);
1418 0 : c->list = new_kbnode (pkt);
1419 0 : newpkt = 1;
1420 0 : break;
1421 : case PKT_PUBLIC_SUBKEY:
1422 : case PKT_SECRET_SUBKEY:
1423 0 : newpkt = add_subkey (c, pkt);
1424 0 : break;
1425 0 : case PKT_USER_ID: newpkt = add_user_id (c, pkt); break;
1426 123 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1427 252 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1428 218 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1429 : case PKT_ENCRYPTED:
1430 466 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1431 545 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1432 535 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1433 97 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1434 10 : case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1435 0 : case PKT_RING_TRUST: newpkt = add_ring_trust (c, pkt); break;
1436 4 : default: newpkt = 0; break;
1437 : }
1438 : }
1439 :
1440 2498 : if (rc)
1441 0 : goto leave;
1442 :
1443 : /* This is a very ugly construct and frankly, I don't remember why
1444 : * I used it. Adding the MDC check here is a hack.
1445 : * The right solution is to initiate another context for encrypted
1446 : * packet and not to reuse the current one ... It works right
1447 : * when there is a compression packet between which adds just
1448 : * an extra layer.
1449 : * Hmmm: Rewrite this whole module here??
1450 : */
1451 2498 : if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
1452 2309 : c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
1453 :
1454 2498 : if (newpkt == -1)
1455 : ;
1456 366 : else if (newpkt)
1457 : {
1458 324 : pkt = xmalloc (sizeof *pkt);
1459 324 : init_packet (pkt);
1460 : }
1461 : else
1462 42 : free_packet(pkt);
1463 : }
1464 :
1465 1665 : if (rc == GPG_ERR_INV_PACKET)
1466 1 : write_status_text (STATUS_NODATA, "3");
1467 :
1468 1665 : if (any_data)
1469 1662 : rc = 0;
1470 3 : else if (rc == -1)
1471 3 : write_status_text (STATUS_NODATA, "2");
1472 :
1473 :
1474 : leave:
1475 1665 : release_list (c);
1476 1662 : xfree(c->dek);
1477 1662 : free_packet (pkt);
1478 1662 : xfree (pkt);
1479 1662 : free_md_filter_context (&c->mfx);
1480 1662 : return rc;
1481 : }
1482 :
1483 :
1484 : /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1485 : of the notation data. */
1486 : static pka_info_t *
1487 0 : get_pka_address (PKT_signature *sig)
1488 : {
1489 0 : pka_info_t *pka = NULL;
1490 : struct notation *nd,*notation;
1491 :
1492 0 : notation=sig_to_notation(sig);
1493 :
1494 0 : for(nd=notation;nd;nd=nd->next)
1495 : {
1496 0 : if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1497 0 : continue; /* Not the notation we want. */
1498 :
1499 : /* For now we only use the first valid PKA notation. In future
1500 : we might want to keep additional PKA notations in a linked
1501 : list. */
1502 0 : if (is_valid_mailbox (nd->value))
1503 : {
1504 0 : pka = xmalloc (sizeof *pka + strlen(nd->value));
1505 0 : pka->valid = 0;
1506 0 : pka->checked = 0;
1507 0 : pka->uri = NULL;
1508 0 : strcpy (pka->email, nd->value);
1509 0 : break;
1510 : }
1511 : }
1512 :
1513 0 : free_notation(notation);
1514 :
1515 0 : return pka;
1516 : }
1517 :
1518 :
1519 : /* Return the URI from a DNS PKA record. If this record has already
1520 : be retrieved for the signature we merely return it; if not we go
1521 : out and try to get that DNS record. */
1522 : static const char *
1523 0 : pka_uri_from_sig (CTX c, PKT_signature *sig)
1524 : {
1525 0 : if (!sig->flags.pka_tried)
1526 : {
1527 0 : log_assert (!sig->pka_info);
1528 0 : sig->flags.pka_tried = 1;
1529 0 : sig->pka_info = get_pka_address (sig);
1530 0 : if (sig->pka_info)
1531 : {
1532 : char *url;
1533 : unsigned char *fpr;
1534 : size_t fprlen;
1535 :
1536 0 : if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
1537 : &fpr, &fprlen, &url))
1538 : {
1539 0 : if (fpr && fprlen == sizeof sig->pka_info->fpr)
1540 : {
1541 0 : memcpy (sig->pka_info->fpr, fpr, fprlen);
1542 0 : if (url)
1543 : {
1544 0 : sig->pka_info->valid = 1;
1545 0 : if (!*url)
1546 0 : xfree (url);
1547 : else
1548 0 : sig->pka_info->uri = url;
1549 0 : url = NULL;
1550 : }
1551 : }
1552 0 : xfree (fpr);
1553 0 : xfree (url);
1554 : }
1555 : }
1556 : }
1557 0 : return sig->pka_info? sig->pka_info->uri : NULL;
1558 : }
1559 :
1560 :
1561 : /* Return true if the AKL has the WKD method specified. */
1562 : static int
1563 0 : akl_has_wkd_method (void)
1564 : {
1565 : struct akl *akl;
1566 :
1567 0 : for (akl = opt.auto_key_locate; akl; akl = akl->next)
1568 0 : if (akl->type == AKL_WKD)
1569 0 : return 1;
1570 0 : return 0;
1571 : }
1572 :
1573 :
1574 : /* Return the ISSUER fingerprint string in human readbale format if
1575 : * available. Caller must release the string. */
1576 : static char *
1577 0 : issuer_fpr_string (PKT_signature *sig)
1578 : {
1579 : const byte *p;
1580 : size_t n;
1581 :
1582 0 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
1583 0 : if (p && n == 21 && p[0] == 4)
1584 0 : return bin2hex (p+1, n-1, NULL);
1585 0 : return NULL;
1586 : }
1587 :
1588 :
1589 : static void
1590 163 : print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
1591 : PKT_signature *sig, int rc)
1592 : {
1593 : char *p;
1594 :
1595 489 : write_status_text_and_buffer (statno, keyid_str,
1596 163 : un? un->pkt->pkt.user_id->name:"[?]",
1597 163 : un? un->pkt->pkt.user_id->len:3,
1598 : -1);
1599 :
1600 163 : if (un)
1601 163 : p = utf8_to_native (un->pkt->pkt.user_id->name,
1602 163 : un->pkt->pkt.user_id->len, 0);
1603 : else
1604 0 : p = xstrdup ("[?]");
1605 :
1606 163 : if (rc)
1607 3 : log_info (_("BAD signature from \"%s\""), p);
1608 160 : else if (sig->flags.expired)
1609 0 : log_info (_("Expired signature from \"%s\""), p);
1610 : else
1611 160 : log_info (_("Good signature from \"%s\""), p);
1612 :
1613 163 : xfree (p);
1614 163 : }
1615 :
1616 :
1617 : static int
1618 174 : check_sig_and_print (CTX c, kbnode_t node)
1619 : {
1620 174 : PKT_signature *sig = node->pkt->pkt.signature;
1621 : const char *astr;
1622 : int rc;
1623 174 : int is_expkey = 0;
1624 174 : int is_revkey = 0;
1625 : char *issuer_fpr;
1626 174 : PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
1627 :
1628 174 : if (opt.skip_verify)
1629 : {
1630 0 : log_info(_("signature verification suppressed\n"));
1631 0 : return 0;
1632 : }
1633 :
1634 : /* Check that the message composition is valid.
1635 : *
1636 : * Per RFC-2440bis (-15) allowed:
1637 : *
1638 : * S{1,n} -- detached signature.
1639 : * S{1,n} P -- old style PGP2 signature
1640 : * O{1,n} P S{1,n} -- standard OpenPGP signature.
1641 : * C P S{1,n} -- cleartext signature.
1642 : *
1643 : *
1644 : * O = One-Pass Signature packet.
1645 : * S = Signature packet.
1646 : * P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1647 : * (Note that the current rfc2440bis draft also allows
1648 : * for a signed message but that does not work as it
1649 : * introduces ambiguities.)
1650 : * We keep track of these packages using the marker packet
1651 : * CTRLPKT_PLAINTEXT_MARK.
1652 : * C = Marker packet for cleartext signatures.
1653 : *
1654 : * We reject all other messages.
1655 : *
1656 : * Actually we are calling this too often, i.e. for verification of
1657 : * each message but better have some duplicate work than to silently
1658 : * introduce a bug here.
1659 : */
1660 : {
1661 : kbnode_t n;
1662 : int n_onepass, n_sig;
1663 :
1664 : /* log_debug ("checking signature packet composition\n"); */
1665 : /* dump_kbnode (c->list); */
1666 :
1667 174 : n = c->list;
1668 174 : log_assert (n);
1669 174 : if ( n->pkt->pkttype == PKT_SIGNATURE )
1670 : {
1671 : /* This is either "S{1,n}" case (detached signature) or
1672 : "S{1,n} P" (old style PGP2 signature). */
1673 20 : for (n = n->next; n; n = n->next)
1674 4 : if (n->pkt->pkttype != PKT_SIGNATURE)
1675 4 : break;
1676 20 : if (!n)
1677 : ; /* Okay, this is a detached signature. */
1678 4 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
1679 4 : && (n->pkt->pkt.gpg_control->control
1680 : == CTRLPKT_PLAINTEXT_MARK) )
1681 : {
1682 4 : if (n->next)
1683 2 : goto ambiguous; /* We only allow one P packet. */
1684 : }
1685 : else
1686 : goto ambiguous;
1687 : }
1688 154 : else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1689 : {
1690 : /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1691 259 : for (n_onepass=1, n = n->next;
1692 134 : n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1693 3 : n_onepass++;
1694 256 : if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1695 128 : && (n->pkt->pkt.gpg_control->control
1696 : == CTRLPKT_PLAINTEXT_MARK)))
1697 : goto ambiguous;
1698 386 : for (n_sig=0, n = n->next;
1699 265 : n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1700 130 : n_sig++;
1701 128 : if (!n_sig)
1702 0 : goto ambiguous;
1703 :
1704 : /* If we wanted to disallow multiple sig verification, we'd do
1705 : something like this:
1706 :
1707 : if (n && !opt.allow_multisig_verification)
1708 : goto ambiguous;
1709 :
1710 : However, now that we have --allow-multiple-messages, this
1711 : can stay allowable as we can't get here unless multiple
1712 : messages (i.e. multiple literals) are allowed. */
1713 :
1714 128 : if (n_onepass != n_sig)
1715 : {
1716 1 : log_info ("number of one-pass packets does not match "
1717 : "number of signature packets\n");
1718 1 : goto ambiguous;
1719 : }
1720 : }
1721 26 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
1722 26 : && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1723 : {
1724 : /* This is the "C P S{1,n}" case (clear text signature). */
1725 19 : n = n->next;
1726 38 : if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1727 19 : && (n->pkt->pkt.gpg_control->control
1728 : == CTRLPKT_PLAINTEXT_MARK)))
1729 : goto ambiguous;
1730 61 : for (n_sig=0, n = n->next;
1731 46 : n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1732 23 : n_sig++;
1733 19 : if (n || !n_sig)
1734 : goto ambiguous;
1735 : }
1736 : else
1737 : {
1738 : ambiguous:
1739 10 : log_error(_("can't handle this ambiguous signature data\n"));
1740 10 : return 0;
1741 : }
1742 : }
1743 :
1744 164 : if (sig->signers_uid)
1745 34 : write_status_buffer (STATUS_NEWSIG,
1746 34 : sig->signers_uid, strlen (sig->signers_uid), 0);
1747 : else
1748 147 : write_status_text (STATUS_NEWSIG, NULL);
1749 :
1750 164 : astr = openpgp_pk_algo_name ( sig->pubkey_algo );
1751 164 : if (opt.flags.rfc4880bis && (issuer_fpr = issuer_fpr_string (sig)))
1752 : {
1753 0 : log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1754 0 : log_info (_(" using %s key %s\n"),
1755 : astr? astr: "?", issuer_fpr);
1756 :
1757 0 : xfree (issuer_fpr);
1758 : }
1759 164 : else if (!keystrlen () || keystrlen () > 8)
1760 : {
1761 164 : log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1762 164 : log_info (_(" using %s key %s\n"),
1763 164 : astr? astr: "?", keystr(sig->keyid));
1764 : }
1765 : else /* Legacy format. */
1766 0 : log_info (_("Signature made %s using %s key ID %s\n"),
1767 : asctimestamp(sig->timestamp), astr? astr: "?",
1768 0 : keystr(sig->keyid));
1769 :
1770 : /* In verbose mode print the signers UID. */
1771 164 : if (sig->signers_uid)
1772 17 : log_info (_(" issuer \"%s\"\n"), sig->signers_uid);
1773 :
1774 164 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1775 :
1776 : /* If the key isn't found, check for a preferred keyserver. */
1777 164 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks)
1778 : {
1779 : const byte *p;
1780 0 : int seq = 0;
1781 : size_t n;
1782 :
1783 0 : while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1784 : {
1785 : /* According to my favorite copy editor, in English grammar,
1786 : you say "at" if the key is located on a web page, but
1787 : "from" if it is located on a keyserver. I'm not going to
1788 : even try to make two strings here :) */
1789 0 : log_info(_("Key available at: ") );
1790 0 : print_utf8_buffer (log_get_stream(), p, n);
1791 0 : log_printf ("\n");
1792 :
1793 0 : if (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1794 0 : && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1795 : {
1796 : struct keyserver_spec *spec;
1797 :
1798 0 : spec = parse_preferred_keyserver (sig);
1799 0 : if (spec)
1800 : {
1801 : int res;
1802 :
1803 0 : free_public_key (pk);
1804 0 : pk = NULL;
1805 0 : glo_ctrl.in_auto_key_retrieve++;
1806 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid,spec);
1807 0 : glo_ctrl.in_auto_key_retrieve--;
1808 0 : if (!res)
1809 0 : rc = do_check_sig (c, node, NULL,
1810 : &is_expkey, &is_revkey, &pk);
1811 0 : free_keyserver_spec (spec);
1812 :
1813 0 : if (!rc)
1814 0 : break;
1815 : }
1816 : }
1817 : }
1818 : }
1819 :
1820 : /* If the avove methods didn't work, our next try is to use the URI
1821 : * from a DNS PKA record. */
1822 164 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1823 0 : && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1824 0 : && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
1825 : {
1826 0 : const char *uri = pka_uri_from_sig (c, sig);
1827 :
1828 0 : if (uri)
1829 : {
1830 : /* FIXME: We might want to locate the key using the
1831 : fingerprint instead of the keyid. */
1832 : int res;
1833 : struct keyserver_spec *spec;
1834 :
1835 0 : spec = parse_keyserver_uri (uri, 1);
1836 0 : if (spec)
1837 : {
1838 0 : free_public_key (pk);
1839 0 : pk = NULL;
1840 0 : glo_ctrl.in_auto_key_retrieve++;
1841 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid, spec);
1842 0 : glo_ctrl.in_auto_key_retrieve--;
1843 0 : free_keyserver_spec (spec);
1844 0 : if (!res)
1845 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1846 : }
1847 : }
1848 : }
1849 :
1850 : /* If the above methods didn't work, our next try is to use locate
1851 : * the key via its fingerprint from a keyserver. This requires
1852 : * that the signers fingerprint is encoded in the signature. We
1853 : * favor this over the WKD method (to be tried next), because an
1854 : * arbitrary keyserver is less subject to web bug like
1855 : * monitoring. */
1856 164 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1857 0 : && opt.flags.rfc4880bis
1858 0 : && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1859 0 : && keyserver_any_configured (c->ctrl))
1860 : {
1861 : int res;
1862 : const byte *p;
1863 : size_t n;
1864 :
1865 0 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
1866 0 : if (p && n == 21 && p[0] == 4)
1867 : {
1868 : /* v4 packet with a SHA-1 fingerprint. */
1869 0 : free_public_key (pk);
1870 0 : pk = NULL;
1871 0 : glo_ctrl.in_auto_key_retrieve++;
1872 0 : res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver);
1873 0 : glo_ctrl.in_auto_key_retrieve--;
1874 0 : if (!res)
1875 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1876 : }
1877 : }
1878 :
1879 : /* If the above methods didn't work, our next try is to retrieve the
1880 : * key from the WKD. */
1881 164 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1882 0 : && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1883 0 : && !opt.flags.disable_signer_uid
1884 0 : && akl_has_wkd_method ()
1885 0 : && sig->signers_uid)
1886 : {
1887 : int res;
1888 :
1889 0 : free_public_key (pk);
1890 0 : pk = NULL;
1891 0 : glo_ctrl.in_auto_key_retrieve++;
1892 0 : res = keyserver_import_wkd (c->ctrl, sig->signers_uid, NULL, NULL);
1893 0 : glo_ctrl.in_auto_key_retrieve--;
1894 : /* Fixme: If the fingerprint is embedded in the signature,
1895 : * compare it to the fingerprint of the returned key. */
1896 0 : if (!res)
1897 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1898 : }
1899 :
1900 : /* If the above methods did't work, our next try is to use a
1901 : * keyserver. */
1902 164 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1903 0 : && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1904 0 : && keyserver_any_configured (c->ctrl))
1905 : {
1906 : int res;
1907 :
1908 0 : free_public_key (pk);
1909 0 : pk = NULL;
1910 0 : glo_ctrl.in_auto_key_retrieve++;
1911 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver );
1912 0 : glo_ctrl.in_auto_key_retrieve--;
1913 0 : if (!res)
1914 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1915 : }
1916 :
1917 164 : if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
1918 160 : {
1919 : kbnode_t un, keyblock;
1920 163 : int count = 0;
1921 : int statno;
1922 : char keyid_str[50];
1923 163 : PKT_public_key *mainpk = NULL;
1924 :
1925 163 : if (rc)
1926 3 : statno = STATUS_BADSIG;
1927 160 : else if (sig->flags.expired)
1928 0 : statno = STATUS_EXPSIG;
1929 160 : else if (is_expkey)
1930 0 : statno = STATUS_EXPKEYSIG;
1931 160 : else if(is_revkey)
1932 0 : statno = STATUS_REVKEYSIG;
1933 : else
1934 160 : statno = STATUS_GOODSIG;
1935 :
1936 : /* FIXME: We should have the public key in PK and thus the
1937 : * keyboock has already been fetched. Thus we could use the
1938 : * fingerprint or PK itself to lookup the entire keyblock. That
1939 : * would best be done with a cache. */
1940 163 : keyblock = get_pubkeyblock (sig->keyid);
1941 :
1942 326 : snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
1943 326 : (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1944 :
1945 : /* Find and print the primary user ID along with the
1946 : "Good|Expired|Bad signature" line. */
1947 1437 : for (un=keyblock; un; un = un->next)
1948 : {
1949 : int valid;
1950 :
1951 1274 : if (un->pkt->pkttype==PKT_PUBLIC_KEY)
1952 : {
1953 163 : mainpk = un->pkt->pkt.public_key;
1954 163 : continue;
1955 : }
1956 1111 : if (un->pkt->pkttype != PKT_USER_ID)
1957 752 : continue;
1958 359 : if (!un->pkt->pkt.user_id->created)
1959 0 : continue;
1960 359 : if (un->pkt->pkt.user_id->is_revoked)
1961 0 : continue;
1962 359 : if (un->pkt->pkt.user_id->is_expired)
1963 0 : continue;
1964 359 : if (!un->pkt->pkt.user_id->is_primary)
1965 196 : continue;
1966 : /* We want the textual primary user ID here */
1967 163 : if (un->pkt->pkt.user_id->attrib_data)
1968 0 : continue;
1969 :
1970 163 : log_assert (mainpk);
1971 :
1972 : /* Since this is just informational, don't actually ask the
1973 : user to update any trust information. (Note: we register
1974 : the signature later.) Because print_good_bad_signature
1975 : does not print a LF we need to compute the validity
1976 : before calling that function. */
1977 163 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1978 163 : valid = get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id,
1979 : sig, 0);
1980 : else
1981 0 : valid = 0; /* Not used. */
1982 :
1983 163 : keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1984 :
1985 163 : print_good_bad_signature (statno, keyid_str, un, sig, rc);
1986 :
1987 163 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1988 163 : log_printf (" [%s]\n",trust_value_to_string(valid));
1989 : else
1990 0 : log_printf ("\n");
1991 :
1992 163 : count++;
1993 : }
1994 :
1995 163 : log_assert (mainpk);
1996 :
1997 : /* In case we did not found a valid valid textual userid above
1998 : we print the first user id packet or a "[?]" instead along
1999 : with the "Good|Expired|Bad signature" line. */
2000 163 : if (!count)
2001 : {
2002 : /* Try for an invalid textual userid */
2003 0 : for (un=keyblock; un; un = un->next)
2004 : {
2005 0 : if (un->pkt->pkttype == PKT_USER_ID
2006 0 : && !un->pkt->pkt.user_id->attrib_data)
2007 0 : break;
2008 : }
2009 :
2010 : /* Try for any userid at all */
2011 0 : if (!un)
2012 : {
2013 0 : for (un=keyblock; un; un = un->next)
2014 : {
2015 0 : if (un->pkt->pkttype == PKT_USER_ID)
2016 0 : break;
2017 : }
2018 : }
2019 :
2020 0 : if (opt.trust_model==TM_ALWAYS || !un)
2021 0 : keyid_str[17] = 0; /* cut off the "[uncertain]" part */
2022 :
2023 0 : print_good_bad_signature (statno, keyid_str, un, sig, rc);
2024 :
2025 0 : if (opt.trust_model != TM_ALWAYS && un)
2026 0 : log_printf (" %s",_("[uncertain]") );
2027 0 : log_printf ("\n");
2028 : }
2029 :
2030 : /* If we have a good signature and already printed
2031 : * the primary user ID, print all the other user IDs */
2032 163 : if (count
2033 163 : && !rc
2034 160 : && !(opt.verify_options & VERIFY_SHOW_PRIMARY_UID_ONLY))
2035 : {
2036 : char *p;
2037 1415 : for( un=keyblock; un; un = un->next)
2038 : {
2039 1255 : if (un->pkt->pkttype != PKT_USER_ID)
2040 901 : continue;
2041 354 : if ((un->pkt->pkt.user_id->is_revoked
2042 354 : || un->pkt->pkt.user_id->is_expired)
2043 0 : && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
2044 0 : continue;
2045 : /* Skip textual primary user ids which we printed above. */
2046 354 : if (un->pkt->pkt.user_id->is_primary
2047 160 : && !un->pkt->pkt.user_id->attrib_data )
2048 160 : continue;
2049 :
2050 : /* If this user id has attribute data, print that. */
2051 194 : if (un->pkt->pkt.user_id->attrib_data)
2052 : {
2053 0 : dump_attribs (un->pkt->pkt.user_id, mainpk);
2054 :
2055 0 : if (opt.verify_options&VERIFY_SHOW_PHOTOS)
2056 0 : show_photos (c->ctrl,
2057 0 : un->pkt->pkt.user_id->attribs,
2058 0 : un->pkt->pkt.user_id->numattribs,
2059 0 : mainpk ,un->pkt->pkt.user_id);
2060 : }
2061 :
2062 194 : p = utf8_to_native (un->pkt->pkt.user_id->name,
2063 194 : un->pkt->pkt.user_id->len, 0);
2064 194 : log_info (_(" aka \"%s\""), p);
2065 194 : xfree (p);
2066 :
2067 194 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
2068 : {
2069 : const char *valid;
2070 :
2071 194 : if (un->pkt->pkt.user_id->is_revoked)
2072 0 : valid = _("revoked");
2073 194 : else if (un->pkt->pkt.user_id->is_expired)
2074 0 : valid = _("expired");
2075 : else
2076 : /* Since this is just informational, don't
2077 : actually ask the user to update any trust
2078 : information. */
2079 194 : valid = (trust_value_to_string
2080 : (get_validity (c->ctrl, mainpk,
2081 194 : un->pkt->pkt.user_id, sig, 0)));
2082 194 : log_printf (" [%s]\n",valid);
2083 : }
2084 : else
2085 0 : log_printf ("\n");
2086 : }
2087 : }
2088 :
2089 : /* For good signatures print notation data. */
2090 163 : if (!rc)
2091 : {
2092 160 : if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
2093 160 : show_policy_url (sig, 0, 1);
2094 : else
2095 0 : show_policy_url (sig, 0, 2);
2096 :
2097 160 : if ((opt.verify_options & VERIFY_SHOW_KEYSERVER_URLS))
2098 160 : show_keyserver_url (sig, 0, 1);
2099 : else
2100 0 : show_keyserver_url (sig, 0, 2);
2101 :
2102 160 : if ((opt.verify_options & VERIFY_SHOW_NOTATIONS))
2103 160 : show_notation
2104 : (sig, 0, 1,
2105 160 : (((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)
2106 160 : + ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0)));
2107 : else
2108 0 : show_notation (sig, 0, 2, 0);
2109 : }
2110 :
2111 : /* For good signatures print the VALIDSIG status line. */
2112 163 : if (!rc && is_status_enabled () && pk)
2113 : {
2114 : char pkhex[MAX_FINGERPRINT_LEN*2+1];
2115 : char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
2116 :
2117 13 : hexfingerprint (pk, pkhex, sizeof pkhex);
2118 13 : hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
2119 :
2120 : /* TODO: Replace the reserved '0' in the field below with
2121 : bits for status flags (policy url, notation, etc.). */
2122 78 : write_status_printf (STATUS_VALIDSIG,
2123 : "%s %s %lu %lu %d 0 %d %d %02X %s",
2124 : pkhex,
2125 : strtimestamp (sig->timestamp),
2126 13 : (ulong)sig->timestamp,
2127 13 : (ulong)sig->expiredate,
2128 26 : sig->version, sig->pubkey_algo,
2129 13 : sig->digest_algo,
2130 13 : sig->sig_class,
2131 : mainpkhex);
2132 : }
2133 :
2134 : /* For good signatures compute and print the trust information.
2135 : Note that in the Tofu trust model this may ask the user on
2136 : how to resolve a conflict. */
2137 163 : if (!rc)
2138 : {
2139 160 : if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
2140 0 : pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
2141 160 : rc = check_signatures_trust (c->ctrl, sig);
2142 : }
2143 :
2144 : /* Print extra information about the signature. */
2145 163 : if (sig->flags.expired)
2146 : {
2147 0 : log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
2148 0 : rc = GPG_ERR_GENERAL; /* Need a better error here? */
2149 : }
2150 163 : else if (sig->expiredate)
2151 0 : log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
2152 :
2153 163 : if (opt.verbose)
2154 : {
2155 : char pkstrbuf[PUBKEY_STRING_SIZE];
2156 :
2157 0 : if (pk)
2158 0 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
2159 : else
2160 0 : *pkstrbuf = 0;
2161 :
2162 0 : log_info (_("%s signature, digest algorithm %s%s%s\n"),
2163 0 : sig->sig_class==0x00?_("binary"):
2164 0 : sig->sig_class==0x01?_("textmode"):_("unknown"),
2165 0 : gcry_md_algo_name (sig->digest_algo),
2166 0 : *pkstrbuf?_(", key algorithm "):"", pkstrbuf);
2167 : }
2168 :
2169 : /* Print final warnings. */
2170 163 : if (!rc && !c->signed_data.used)
2171 : {
2172 : /* Signature is basically good but we test whether the
2173 : deprecated command
2174 : gpg --verify FILE.sig
2175 : was used instead of
2176 : gpg --verify FILE.sig FILE
2177 : to verify a detached signature. If we figure out that a
2178 : data file with a matching name exists, we print a warning.
2179 :
2180 : The problem is that the first form would also verify a
2181 : standard signature. This behavior could be used to
2182 : create a made up .sig file for a tarball by creating a
2183 : standard signature from a valid detached signature packet
2184 : (for example from a signed git tag). Then replace the
2185 : sig file on the FTP server along with a changed tarball.
2186 : Using the first form the verify command would correctly
2187 : verify the signature but don't even consider the tarball. */
2188 : kbnode_t n;
2189 : char *dfile;
2190 :
2191 160 : dfile = get_matching_datafile (c->sigfilename);
2192 160 : if (dfile)
2193 : {
2194 0 : for (n = c->list; n; n = n->next)
2195 0 : if (n->pkt->pkttype != PKT_SIGNATURE)
2196 0 : break;
2197 0 : if (n)
2198 : {
2199 : /* Not only signature packets in the tree thus this
2200 : is not a detached signature. */
2201 0 : log_info (_("WARNING: not a detached signature; "
2202 : "file '%s' was NOT verified!\n"), dfile);
2203 : }
2204 0 : xfree (dfile);
2205 : }
2206 : }
2207 :
2208 163 : release_kbnode( keyblock );
2209 163 : if (rc)
2210 3 : g10_errors_seen = 1;
2211 163 : if (opt.batch && rc)
2212 3 : g10_exit (1);
2213 : }
2214 : else
2215 : {
2216 : char buf[50];
2217 :
2218 6 : snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
2219 2 : (ulong)sig->keyid[0], (ulong)sig->keyid[1],
2220 2 : sig->pubkey_algo, sig->digest_algo,
2221 2 : sig->sig_class, (ulong)sig->timestamp, rc);
2222 1 : write_status_text (STATUS_ERRSIG, buf);
2223 1 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
2224 : {
2225 0 : buf[16] = 0;
2226 0 : write_status_text (STATUS_NO_PUBKEY, buf);
2227 : }
2228 1 : if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
2229 1 : log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
2230 : }
2231 :
2232 161 : return rc;
2233 : }
2234 :
2235 :
2236 : /*
2237 : * Process the tree which starts at node
2238 : */
2239 : static void
2240 1682 : proc_tree (CTX c, kbnode_t node)
2241 : {
2242 : kbnode_t n1;
2243 : int rc;
2244 :
2245 1682 : if (opt.list_packets || opt.list_only)
2246 24 : return;
2247 :
2248 : /* We must skip our special plaintext marker packets here because
2249 : they may be the root packet. These packets are only used in
2250 : addional checks and skipping them here doesn't matter. */
2251 3759 : while (node
2252 610 : && node->pkt->pkttype == PKT_GPG_CONTROL
2253 460 : && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
2254 : {
2255 443 : node = node->next;
2256 : }
2257 1658 : if (!node)
2258 1491 : return;
2259 :
2260 167 : c->trustletter = ' ';
2261 167 : if (node->pkt->pkttype == PKT_PUBLIC_KEY
2262 167 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2263 : {
2264 0 : merge_keys_and_selfsig (node);
2265 0 : list_node (c, node);
2266 : }
2267 167 : else if (node->pkt->pkttype == PKT_SECRET_KEY)
2268 : {
2269 0 : merge_keys_and_selfsig (node);
2270 0 : list_node (c, node);
2271 : }
2272 167 : else if (node->pkt->pkttype == PKT_ONEPASS_SIG)
2273 : {
2274 : /* Check all signatures. */
2275 127 : if (!c->any.data)
2276 : {
2277 0 : int use_textmode = 0;
2278 :
2279 0 : free_md_filter_context (&c->mfx);
2280 : /* Prepare to create all requested message digests. */
2281 0 : rc = gcry_md_open (&c->mfx.md, 0, 0);
2282 0 : if (rc)
2283 0 : goto hash_err;
2284 :
2285 : /* Fixme: why looking for the signature packet and not the
2286 : one-pass packet? */
2287 0 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2288 0 : gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo);
2289 :
2290 0 : if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2291 0 : use_textmode = 1;
2292 :
2293 : /* Ask for file and hash it. */
2294 0 : if (c->sigs_only)
2295 : {
2296 0 : if (c->signed_data.used && c->signed_data.data_fd != -1)
2297 0 : rc = hash_datafile_by_fd (c->mfx.md, NULL,
2298 : c->signed_data.data_fd,
2299 : use_textmode);
2300 : else
2301 0 : rc = hash_datafiles (c->mfx.md, NULL,
2302 : c->signed_data.data_names,
2303 : c->sigfilename,
2304 : use_textmode);
2305 : }
2306 : else
2307 : {
2308 0 : rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2309 : iobuf_get_real_fname (c->iobuf),
2310 : use_textmode);
2311 : }
2312 :
2313 : hash_err:
2314 0 : if (rc)
2315 : {
2316 0 : log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2317 0 : return;
2318 : }
2319 : }
2320 127 : else if (c->signed_data.used)
2321 : {
2322 0 : log_error (_("not a detached signature\n"));
2323 0 : return;
2324 : }
2325 :
2326 380 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2327 129 : check_sig_and_print (c, n1);
2328 :
2329 : }
2330 57 : else if (node->pkt->pkttype == PKT_GPG_CONTROL
2331 17 : && node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
2332 : {
2333 : /* Clear text signed message. */
2334 17 : if (!c->any.data)
2335 : {
2336 0 : log_error ("cleartext signature without data\n");
2337 0 : return;
2338 : }
2339 17 : else if (c->signed_data.used)
2340 : {
2341 0 : log_error (_("not a detached signature\n"));
2342 0 : return;
2343 : }
2344 :
2345 53 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2346 19 : check_sig_and_print (c, n1);
2347 :
2348 : }
2349 23 : else if (node->pkt->pkttype == PKT_SIGNATURE)
2350 : {
2351 23 : PKT_signature *sig = node->pkt->pkt.signature;
2352 23 : int multiple_ok = 1;
2353 :
2354 23 : n1 = find_next_kbnode (node, PKT_SIGNATURE);
2355 23 : if (n1)
2356 : {
2357 3 : byte class = sig->sig_class;
2358 3 : byte hash = sig->digest_algo;
2359 :
2360 6 : for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2361 : {
2362 : /* We can't currently handle multiple signatures of
2363 : different classes or digests (we'd pretty much have
2364 : to run a different hash context for each), but if
2365 : they are all the same, make an exception. */
2366 3 : if (n1->pkt->pkt.signature->sig_class != class
2367 3 : || n1->pkt->pkt.signature->digest_algo != hash)
2368 : {
2369 0 : multiple_ok = 0;
2370 0 : log_info (_("WARNING: multiple signatures detected. "
2371 : "Only the first will be checked.\n"));
2372 0 : break;
2373 : }
2374 : }
2375 : }
2376 :
2377 23 : if (sig->sig_class != 0x00 && sig->sig_class != 0x01)
2378 : {
2379 0 : log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class);
2380 : }
2381 23 : else if (!c->any.data)
2382 : {
2383 : /* Detached signature */
2384 16 : free_md_filter_context (&c->mfx);
2385 16 : rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0);
2386 16 : if (rc)
2387 0 : goto detached_hash_err;
2388 :
2389 16 : if (RFC2440 || RFC4880)
2390 : ; /* Strict RFC mode. */
2391 16 : else if (sig->digest_algo == DIGEST_ALGO_SHA1
2392 16 : && sig->pubkey_algo == PUBKEY_ALGO_DSA
2393 16 : && sig->sig_class == 0x01)
2394 : {
2395 : /* Enable a workaround for a pgp5 bug when the detached
2396 : * signature has been created in textmode. */
2397 0 : rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
2398 0 : if (rc)
2399 0 : goto detached_hash_err;
2400 : }
2401 :
2402 : /* Here we used to have another hack to work around a pgp
2403 : * 2 bug: It worked by not using the textmode for detached
2404 : * signatures; this would let the first signature check
2405 : * (on md) fail but the second one (on md2), which adds an
2406 : * extra CR would then have produced the "correct" hash.
2407 : * This is very, very ugly hack but it may haved help in
2408 : * some cases (and break others).
2409 : * c->mfx.md2? 0 :(sig->sig_class == 0x01)
2410 : */
2411 :
2412 16 : if (DBG_HASHING)
2413 : {
2414 0 : gcry_md_debug (c->mfx.md, "verify");
2415 0 : if (c->mfx.md2)
2416 0 : gcry_md_debug (c->mfx.md2, "verify2");
2417 : }
2418 :
2419 16 : if (c->sigs_only)
2420 : {
2421 0 : if (c->signed_data.used && c->signed_data.data_fd != -1)
2422 0 : rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2423 : c->signed_data.data_fd,
2424 0 : (sig->sig_class == 0x01));
2425 : else
2426 0 : rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2427 : c->signed_data.data_names,
2428 : c->sigfilename,
2429 0 : (sig->sig_class == 0x01));
2430 : }
2431 : else
2432 : {
2433 16 : rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2434 : iobuf_get_real_fname(c->iobuf),
2435 16 : (sig->sig_class == 0x01));
2436 : }
2437 :
2438 : detached_hash_err:
2439 16 : if (rc)
2440 : {
2441 0 : log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2442 0 : return;
2443 : }
2444 : }
2445 7 : else if (c->signed_data.used)
2446 : {
2447 0 : log_error (_("not a detached signature\n"));
2448 0 : return;
2449 : }
2450 7 : else if (!opt.quiet)
2451 7 : log_info (_("old style (PGP 2.x) signature\n"));
2452 :
2453 23 : if (multiple_ok)
2454 : {
2455 49 : for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2456 26 : check_sig_and_print (c, n1);
2457 : }
2458 : else
2459 0 : check_sig_and_print (c, node);
2460 :
2461 : }
2462 : else
2463 : {
2464 0 : dump_kbnode (c->list);
2465 0 : log_error ("invalid root packet detected in proc_tree()\n");
2466 0 : dump_kbnode (node);
2467 : }
2468 : }
|