Line data Source code
1 : /* mainproc.c - handle packets
2 : * Copyright (C) 1998-2009 Free Software Foundation, Inc.
3 : * Copyright (C) 2013-2014 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <assert.h>
26 : #include <time.h>
27 :
28 : #include "gpg.h"
29 : #include "util.h"
30 : #include "packet.h"
31 : #include "iobuf.h"
32 : #include "options.h"
33 : #include "keydb.h"
34 : #include "filter.h"
35 : #include "main.h"
36 : #include "status.h"
37 : #include "i18n.h"
38 : #include "trustdb.h"
39 : #include "keyserver-internal.h"
40 : #include "photoid.h"
41 : #include "mbox-util.h"
42 : #include "call-dirmngr.h"
43 :
44 : /* Put an upper limit on nested packets. The 32 is an arbitrary
45 : value, a much lower should actually be sufficient. */
46 : #define MAX_NESTING_DEPTH 32
47 :
48 :
49 : /* An object to build a list of keyid related info. */
50 : struct kidlist_item
51 : {
52 : struct kidlist_item *next;
53 : u32 kid[2];
54 : int pubkey_algo;
55 : int reason;
56 : };
57 :
58 :
59 : /*
60 : * Object to hold the processing context.
61 : */
62 : typedef struct mainproc_context *CTX;
63 : struct mainproc_context
64 : {
65 : ctrl_t ctrl;
66 : struct mainproc_context *anchor; /* May be useful in the future. */
67 : PKT_public_key *last_pubkey;
68 : PKT_user_id *last_user_id;
69 : md_filter_context_t mfx;
70 : int sigs_only; /* Process only signatures and reject all other stuff. */
71 : int encrypt_only; /* Process only encryption messages. */
72 :
73 : /* Name of the file with the complete signature or the file with the
74 : detached signature. This is currently only used to deduce the
75 : file name of the data file if that has not been given. */
76 : const char *sigfilename;
77 :
78 : /* A structure to describe the signed data in case of a detached
79 : signature. */
80 : struct
81 : {
82 : /* A file descriptor of the the signed data. Only used if not -1. */
83 : int data_fd;
84 : /* A list of filenames with the data files or NULL. This is only
85 : used if DATA_FD is -1. */
86 : strlist_t data_names;
87 : /* Flag to indicated that either one of the next previous fields
88 : is used. This is only needed for better readability. */
89 : int used;
90 : } signed_data;
91 :
92 : DEK *dek;
93 : int last_was_session_key;
94 : kbnode_t list; /* The current list of packets. */
95 : iobuf_t iobuf; /* Used to get the filename etc. */
96 : int trustletter; /* Temporary usage in list_node. */
97 : ulong symkeys;
98 : struct kidlist_item *pkenc_list; /* List of encryption packets. */
99 : struct {
100 : unsigned int sig_seen:1; /* Set to true if a signature packet
101 : has been seen. */
102 : unsigned int data:1; /* Any data packet seen */
103 : unsigned int uncompress_failed:1;
104 : } any;
105 : };
106 :
107 :
108 : /*** Local prototypes. ***/
109 : static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
110 : static void list_node (CTX c, kbnode_t node);
111 : static void proc_tree (CTX c, kbnode_t node);
112 : static int literals_seen;
113 :
114 :
115 : /*** Functions. ***/
116 :
117 :
118 : void
119 0 : reset_literals_seen(void)
120 : {
121 0 : literals_seen = 0;
122 0 : }
123 :
124 :
125 : static void
126 1614 : release_list( CTX c )
127 : {
128 1614 : if (!c->list)
129 2637 : return;
130 587 : proc_tree (c, c->list);
131 583 : release_kbnode (c->list);
132 1166 : while (c->pkenc_list)
133 : {
134 0 : struct kidlist_item *tmp = c->pkenc_list->next;
135 0 : xfree (c->pkenc_list);
136 0 : c->pkenc_list = tmp;
137 : }
138 583 : c->pkenc_list = NULL;
139 583 : c->list = NULL;
140 583 : c->any.data = 0;
141 583 : c->any.uncompress_failed = 0;
142 583 : c->last_was_session_key = 0;
143 583 : xfree (c->dek);
144 583 : c->dek = NULL;
145 : }
146 :
147 :
148 : static int
149 117 : add_onepass_sig (CTX c, PACKET *pkt)
150 : {
151 : kbnode_t node;
152 :
153 117 : if (c->list) /* Add another packet. */
154 6 : add_kbnode (c->list, new_kbnode (pkt));
155 : else /* Insert the first one. */
156 111 : c->list = node = new_kbnode (pkt);
157 :
158 117 : return 1;
159 : }
160 :
161 :
162 : static int
163 16 : add_gpg_control (CTX c, PACKET *pkt)
164 : {
165 16 : if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
166 : {
167 : /* New clear text signature.
168 : * Process the last one and reset everything */
169 16 : release_list(c);
170 : }
171 :
172 16 : if (c->list) /* Add another packet. */
173 0 : add_kbnode (c->list, new_kbnode (pkt));
174 : else /* Insert the first one. */
175 16 : c->list = new_kbnode (pkt);
176 :
177 16 : return 1;
178 : }
179 :
180 :
181 : static int
182 0 : add_user_id (CTX c, PACKET *pkt)
183 : {
184 0 : if (!c->list)
185 : {
186 0 : log_error ("orphaned user ID\n");
187 0 : return 0;
188 : }
189 0 : add_kbnode (c->list, new_kbnode (pkt));
190 0 : return 1;
191 : }
192 :
193 :
194 : static int
195 0 : add_subkey (CTX c, PACKET *pkt)
196 : {
197 0 : if (!c->list)
198 : {
199 0 : log_error ("subkey w/o mainkey\n");
200 0 : return 0;
201 : }
202 0 : add_kbnode (c->list, new_kbnode (pkt));
203 0 : return 1;
204 : }
205 :
206 :
207 : static int
208 0 : add_ring_trust (CTX c, PACKET *pkt)
209 : {
210 0 : if (!c->list)
211 : {
212 0 : log_error ("ring trust w/o key\n");
213 0 : return 0;
214 : }
215 0 : add_kbnode (c->list, new_kbnode (pkt));
216 0 : return 1;
217 : }
218 :
219 :
220 : static int
221 160 : add_signature (CTX c, PACKET *pkt)
222 : {
223 : kbnode_t node;
224 :
225 160 : c->any.sig_seen = 1;
226 160 : if (pkt->pkttype == PKT_SIGNATURE && !c->list)
227 : {
228 : /* This is the first signature for the following datafile.
229 : * GPG does not write such packets; instead it always uses
230 : * onepass-sig packets. The drawback of PGP's method
231 : * of prepending the signature to the data is
232 : * that it is not possible to make a signature from data read
233 : * from stdin. (GPG is able to read PGP stuff anyway.) */
234 19 : node = new_kbnode (pkt);
235 19 : c->list = node;
236 19 : return 1;
237 : }
238 141 : else if (!c->list)
239 0 : return 0; /* oops (invalid packet sequence)*/
240 141 : else if (!c->list->pkt)
241 0 : BUG(); /* so nicht */
242 :
243 : /* Add a new signature node item at the end. */
244 141 : node = new_kbnode (pkt);
245 141 : add_kbnode (c->list, node);
246 :
247 141 : return 1;
248 : }
249 :
250 : static int
251 0 : symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
252 : {
253 : gcry_cipher_hd_t hd;
254 :
255 0 : if(slen < 17 || slen > 33)
256 : {
257 0 : log_error ( _("weird size for an encrypted session key (%d)\n"),
258 : (int)slen);
259 0 : return GPG_ERR_BAD_KEY;
260 : }
261 :
262 0 : if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
263 0 : BUG ();
264 0 : if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
265 0 : BUG ();
266 0 : gcry_cipher_setiv ( hd, NULL, 0 );
267 0 : gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
268 0 : gcry_cipher_close ( hd );
269 :
270 : /* Now we replace the dek components with the real session key to
271 : decrypt the contents of the sequencing packet. */
272 :
273 0 : dek->keylen=slen-1;
274 0 : dek->algo=seskey[0];
275 :
276 0 : if(dek->keylen > DIM(dek->key))
277 0 : BUG ();
278 :
279 0 : memcpy(dek->key, seskey + 1, dek->keylen);
280 :
281 : /*log_hexdump( "thekey", dek->key, dek->keylen );*/
282 :
283 0 : return 0;
284 : }
285 :
286 :
287 : static void
288 218 : proc_symkey_enc (CTX c, PACKET *pkt)
289 : {
290 : PKT_symkey_enc *enc;
291 :
292 218 : enc = pkt->pkt.symkey_enc;
293 218 : if (!enc)
294 0 : log_error ("invalid symkey encrypted packet\n");
295 218 : else if(!c->dek)
296 : {
297 218 : int algo = enc->cipher_algo;
298 218 : const char *s = openpgp_cipher_algo_name (algo);
299 :
300 218 : if (!openpgp_cipher_test_algo (algo))
301 : {
302 218 : if (!opt.quiet)
303 : {
304 218 : if (enc->seskeylen)
305 0 : log_info (_("%s encrypted session key\n"), s );
306 : else
307 218 : log_info (_("%s encrypted data\n"), s );
308 : }
309 : }
310 : else
311 0 : log_error (_("encrypted with unknown algorithm %d\n"), algo);
312 :
313 218 : if (openpgp_md_test_algo (enc->s2k.hash_algo))
314 : {
315 0 : log_error(_("passphrase generated with unknown digest"
316 0 : " algorithm %d\n"),enc->s2k.hash_algo);
317 0 : s = NULL;
318 : }
319 :
320 218 : c->last_was_session_key = 2;
321 218 : if (!s || opt.list_only)
322 : goto leave;
323 :
324 218 : if (opt.override_session_key)
325 : {
326 0 : c->dek = xmalloc_clear (sizeof *c->dek);
327 0 : if (get_override_session_key (c->dek, opt.override_session_key))
328 : {
329 0 : xfree (c->dek);
330 0 : c->dek = NULL;
331 : }
332 : }
333 : else
334 : {
335 218 : c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3, NULL, NULL);
336 218 : if (c->dek)
337 : {
338 218 : c->dek->symmetric = 1;
339 :
340 : /* FIXME: This doesn't work perfectly if a symmetric key
341 : comes before a public key in the message - if the
342 : user doesn't know the passphrase, then there is a
343 : chance that the "decrypted" algorithm will happen to
344 : be a valid one, which will make the returned dek
345 : appear valid, so we won't try any public keys that
346 : come later. */
347 218 : if (enc->seskeylen)
348 : {
349 0 : if (symkey_decrypt_seskey (c->dek,
350 0 : enc->seskey, enc->seskeylen))
351 : {
352 0 : xfree (c->dek);
353 0 : c->dek = NULL;
354 : }
355 : }
356 : else
357 218 : c->dek->algo_info_printed = 1;
358 : }
359 : }
360 : }
361 :
362 : leave:
363 218 : c->symkeys++;
364 218 : free_packet (pkt);
365 218 : }
366 :
367 :
368 : static void
369 253 : proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
370 : {
371 : PKT_pubkey_enc *enc;
372 253 : int result = 0;
373 :
374 : /* Check whether the secret key is available and store in this case. */
375 253 : c->last_was_session_key = 1;
376 253 : enc = pkt->pkt.pubkey_enc;
377 : /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
378 : /* Hmmm: why do I have this algo check here - anyway there is
379 : * function to check it. */
380 253 : if (opt.verbose)
381 0 : log_info (_("public key is %s\n"), keystr (enc->keyid));
382 :
383 253 : if (is_status_enabled())
384 : {
385 : char buf[50];
386 : /* FIXME: For ECC support we need to map the OpenPGP algo number
387 : to the Libgcrypt defined one. This is due a chicken-egg
388 : problem: We need to have code in Libgcrypt for a new
389 : algorithm so to implement a proposed new algorithm before the
390 : IANA will finally assign an OpenPGP indentifier. */
391 0 : snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
392 0 : (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
393 0 : write_status_text (STATUS_ENC_TO, buf);
394 : }
395 :
396 253 : if (!opt.list_only && opt.override_session_key)
397 : {
398 : /* It does not make much sense to store the session key in
399 : * secure memory because it has already been passed on the
400 : * command line and the GCHQ knows about it. */
401 0 : c->dek = xmalloc_clear (sizeof *c->dek);
402 0 : result = get_override_session_key (c->dek, opt.override_session_key);
403 0 : if (result)
404 : {
405 0 : xfree (c->dek);
406 0 : c->dek = NULL;
407 : }
408 : }
409 253 : else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
410 25 : || enc->pubkey_algo == PUBKEY_ALGO_ECDH
411 1 : || enc->pubkey_algo == PUBKEY_ALGO_RSA
412 0 : || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
413 0 : || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
414 : {
415 : /* Note that we also allow type 20 Elgamal keys for decryption.
416 : There are still a couple of those keys in active use as a
417 : subkey. */
418 :
419 : /* FIXME: Store this all in a list and process it later so that
420 : we can prioritize what key to use. This gives a better user
421 : experience if wildcard keyids are used. */
422 506 : if (!c->dek && ((!enc->keyid[0] && !enc->keyid[1])
423 252 : || opt.try_all_secrets
424 252 : || have_secret_key_with_kid (enc->keyid)))
425 : {
426 504 : if(opt.list_only)
427 0 : result = -1;
428 : else
429 : {
430 252 : c->dek = xmalloc_secure_clear (sizeof *c->dek);
431 252 : if ((result = get_session_key (ctrl, enc, c->dek)))
432 : {
433 : /* Error: Delete the DEK. */
434 0 : xfree (c->dek);
435 0 : c->dek = NULL;
436 : }
437 : }
438 : }
439 : else
440 1 : result = GPG_ERR_NO_SECKEY;
441 : }
442 : else
443 0 : result = GPG_ERR_PUBKEY_ALGO;
444 :
445 253 : if (result == -1)
446 : ;
447 : else
448 : {
449 : /* Store it for later display. */
450 253 : struct kidlist_item *x = xmalloc (sizeof *x);
451 253 : x->kid[0] = enc->keyid[0];
452 253 : x->kid[1] = enc->keyid[1];
453 253 : x->pubkey_algo = enc->pubkey_algo;
454 253 : x->reason = result;
455 253 : x->next = c->pkenc_list;
456 253 : c->pkenc_list = x;
457 :
458 253 : if (!result && opt.verbose > 1)
459 0 : log_info (_("public key encrypted data: good DEK\n"));
460 : }
461 :
462 253 : free_packet(pkt);
463 253 : }
464 :
465 :
466 : /*
467 : * Print the list of public key encrypted packets which we could
468 : * not decrypt.
469 : */
470 : static void
471 940 : print_pkenc_list (struct kidlist_item *list, int failed)
472 : {
473 1446 : for (; list; list = list->next)
474 : {
475 : PKT_public_key *pk;
476 : const char *algstr;
477 :
478 506 : if (failed && !list->reason)
479 252 : continue;
480 254 : if (!failed && list->reason)
481 1 : continue;
482 :
483 253 : algstr = openpgp_pk_algo_name (list->pubkey_algo);
484 253 : pk = xmalloc_clear (sizeof *pk);
485 :
486 253 : if (!algstr)
487 0 : algstr = "[?]";
488 253 : pk->pubkey_algo = list->pubkey_algo;
489 253 : if (!get_pubkey (pk, list->kid))
490 : {
491 : char *p;
492 252 : log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
493 : nbits_from_pk (pk), algstr, keystr_from_pk(pk),
494 : strtimestamp (pk->timestamp));
495 252 : p = get_user_id_native (list->kid);
496 252 : log_printf (_(" \"%s\"\n"), p);
497 252 : xfree (p);
498 : }
499 : else
500 1 : log_info (_("encrypted with %s key, ID %s\n"),
501 1 : algstr, keystr(list->kid));
502 :
503 253 : free_public_key (pk);
504 :
505 253 : if (gpg_err_code (list->reason) == GPG_ERR_NO_SECKEY)
506 : {
507 1 : if (is_status_enabled())
508 : {
509 : char buf[20];
510 0 : snprintf (buf, sizeof buf, "%08lX%08lX",
511 0 : (ulong)list->kid[0], (ulong)list->kid[1]);
512 0 : write_status_text (STATUS_NO_SECKEY, buf);
513 : }
514 : }
515 252 : else if (list->reason)
516 : {
517 0 : log_info (_("public key decryption failed: %s\n"),
518 0 : gpg_strerror (list->reason));
519 0 : write_status_error ("pkdecrypt_failed", list->reason);
520 : }
521 : }
522 940 : }
523 :
524 :
525 : static void
526 470 : proc_encrypted (CTX c, PACKET *pkt)
527 : {
528 470 : int result = 0;
529 :
530 470 : if (!opt.quiet)
531 : {
532 470 : if (c->symkeys>1)
533 0 : log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
534 470 : else if (c->symkeys == 1)
535 218 : log_info (_("encrypted with 1 passphrase\n"));
536 470 : print_pkenc_list ( c->pkenc_list, 1 );
537 470 : print_pkenc_list ( c->pkenc_list, 0 );
538 : }
539 :
540 : /* FIXME: Figure out the session key by looking at all pkenc packets. */
541 :
542 470 : write_status (STATUS_BEGIN_DECRYPTION);
543 :
544 : /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
545 470 : if (opt.list_only)
546 0 : result = -1;
547 470 : else if (!c->dek && !c->last_was_session_key)
548 0 : {
549 : int algo;
550 : STRING2KEY s2kbuf;
551 0 : STRING2KEY *s2k = NULL;
552 : int canceled;
553 :
554 0 : if (opt.override_session_key)
555 : {
556 0 : c->dek = xmalloc_clear (sizeof *c->dek);
557 0 : result = get_override_session_key (c->dek, opt.override_session_key);
558 0 : if (result)
559 : {
560 0 : xfree (c->dek);
561 0 : c->dek = NULL;
562 : }
563 : }
564 : else
565 : {
566 : /* Assume this is old style conventional encrypted data. */
567 0 : algo = opt.def_cipher_algo;
568 0 : if (algo)
569 0 : log_info (_("assuming %s encrypted data\n"),
570 : openpgp_cipher_algo_name (algo));
571 0 : else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
572 : {
573 0 : algo = opt.def_cipher_algo;
574 0 : if (!algo)
575 0 : algo = opt.s2k_cipher_algo;
576 0 : log_info (_("IDEA cipher unavailable, "
577 : "optimistically attempting to use %s instead\n"),
578 : openpgp_cipher_algo_name (algo));
579 : }
580 : else
581 : {
582 0 : algo = CIPHER_ALGO_IDEA;
583 0 : if (!opt.s2k_digest_algo)
584 : {
585 : /* If no digest is given we assume SHA-1. */
586 0 : s2kbuf.mode = 0;
587 0 : s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
588 0 : s2k = &s2kbuf;
589 : }
590 0 : log_info (_("assuming %s encrypted data\n"), "IDEA");
591 : }
592 :
593 0 : c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, &canceled);
594 0 : if (c->dek)
595 0 : c->dek->algo_info_printed = 1;
596 0 : else if (canceled)
597 0 : result = gpg_error (GPG_ERR_CANCELED);
598 : else
599 0 : result = gpg_error (GPG_ERR_INV_PASSPHRASE);
600 : }
601 : }
602 470 : else if (!c->dek)
603 0 : result = GPG_ERR_NO_SECKEY;
604 :
605 470 : if (!result)
606 470 : result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
607 :
608 470 : if (result == -1)
609 : ;
610 470 : else if (!result
611 470 : && !opt.ignore_mdc_error
612 470 : && !pkt->pkt.encrypted->mdc_method
613 53 : && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
614 0 : && c->dek->algo != CIPHER_ALGO_TWOFISH)
615 : {
616 : /* The message has been decrypted but has no MDC despite that a
617 : modern cipher (blocklength != 64 bit, except for Twofish) is
618 : used and the option to ignore MDC errors is not used: To
619 : avoid attacks changing an MDC message to a non-MDC message,
620 : we fail here. */
621 0 : log_error (_("WARNING: message was not integrity protected\n"));
622 0 : if (opt.verbose > 1)
623 0 : log_info ("decryption forced to fail\n");
624 0 : write_status (STATUS_DECRYPTION_FAILED);
625 : }
626 470 : else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
627 0 : && opt.ignore_mdc_error))
628 : {
629 470 : write_status (STATUS_DECRYPTION_OKAY);
630 470 : if (opt.verbose > 1)
631 0 : log_info(_("decryption okay\n"));
632 940 : if (pkt->pkt.encrypted->mdc_method && !result)
633 417 : write_status (STATUS_GOODMDC);
634 53 : else if (!opt.no_mdc_warn)
635 53 : log_info (_("WARNING: message was not integrity protected\n"));
636 : }
637 0 : else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE)
638 : {
639 0 : glo_ctrl.lasterr = result;
640 0 : log_error (_("WARNING: encrypted message has been manipulated!\n"));
641 0 : write_status (STATUS_BADMDC);
642 0 : write_status (STATUS_DECRYPTION_FAILED);
643 : }
644 : else
645 : {
646 0 : if (gpg_err_code (result) == GPG_ERR_BAD_KEY
647 0 : && *c->dek->s2k_cacheid != '\0')
648 : {
649 0 : log_debug (_("cleared passphrase cached with ID: %s\n"),
650 0 : c->dek->s2k_cacheid);
651 0 : passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
652 : }
653 0 : glo_ctrl.lasterr = result;
654 0 : write_status (STATUS_DECRYPTION_FAILED);
655 0 : log_error (_("decryption failed: %s\n"), gpg_strerror (result));
656 : /* Hmmm: does this work when we have encrypted using multiple
657 : * ways to specify the session key (symmmetric and PK). */
658 : }
659 :
660 470 : xfree (c->dek);
661 470 : c->dek = NULL;
662 470 : free_packet (pkt);
663 470 : c->last_was_session_key = 0;
664 470 : write_status (STATUS_END_DECRYPTION);
665 470 : }
666 :
667 :
668 : static void
669 579 : proc_plaintext( CTX c, PACKET *pkt )
670 : {
671 579 : PKT_plaintext *pt = pkt->pkt.plaintext;
672 : int any, clearsig, rc;
673 : kbnode_t n;
674 :
675 579 : literals_seen++;
676 :
677 579 : if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
678 0 : log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
679 579 : else if (opt.verbose)
680 0 : log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
681 :
682 579 : free_md_filter_context (&c->mfx);
683 579 : if (gcry_md_open (&c->mfx.md, 0, 0))
684 0 : BUG ();
685 : /* fixme: we may need to push the textfilter if we have sigclass 1
686 : * and no armoring - Not yet tested
687 : * Hmmm, why don't we need it at all if we have sigclass 1
688 : * Should we assume that plaintext in mode 't' has always sigclass 1??
689 : * See: Russ Allbery's mail 1999-02-09
690 : */
691 579 : any = clearsig = 0;
692 720 : for (n=c->list; n; n = n->next )
693 : {
694 157 : if (n->pkt->pkttype == PKT_ONEPASS_SIG)
695 : {
696 : /* The onepass signature case. */
697 122 : if (n->pkt->pkt.onepass_sig->digest_algo)
698 : {
699 122 : gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo);
700 122 : any = 1;
701 : }
702 : }
703 35 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
704 24 : && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
705 : {
706 : /* The clearsigned message case. */
707 16 : size_t datalen = n->pkt->pkt.gpg_control->datalen;
708 16 : const byte *data = n->pkt->pkt.gpg_control->data;
709 :
710 : /* Check that we have at least the sigclass and one hash. */
711 16 : if (datalen < 2)
712 0 : log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n");
713 : /* Note that we don't set the clearsig flag for not-dash-escaped
714 : * documents. */
715 16 : clearsig = (*data == 0x01);
716 32 : for (data++, datalen--; datalen; datalen--, data++)
717 16 : gcry_md_enable (c->mfx.md, *data);
718 16 : any = 1;
719 16 : break; /* Stop here as one-pass signature packets are not
720 : expected. */
721 : }
722 19 : else if (n->pkt->pkttype == PKT_SIGNATURE)
723 : {
724 : /* The SIG+LITERAL case that PGP used to use. */
725 11 : gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
726 11 : any = 1;
727 : }
728 : }
729 :
730 579 : if (!any && !opt.skip_verify)
731 : {
732 : /* This is for the old GPG LITERAL+SIG case. It's not legal
733 : according to 2440, so hopefully it won't come up that often.
734 : There is no good way to specify what algorithms to use in
735 : that case, so these there are the historical answer. */
736 441 : gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
737 441 : gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
738 : }
739 579 : if (DBG_HASHING)
740 : {
741 0 : gcry_md_debug (c->mfx.md, "verify");
742 0 : if (c->mfx.md2)
743 0 : gcry_md_debug (c->mfx.md2, "verify2");
744 : }
745 :
746 579 : rc=0;
747 :
748 579 : if (literals_seen > 1)
749 : {
750 10 : log_info (_("WARNING: multiple plaintexts seen\n"));
751 :
752 10 : if (!opt.flags.allow_multiple_messages)
753 : {
754 8 : write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
755 8 : log_inc_errorcount ();
756 8 : rc = gpg_error (GPG_ERR_UNEXPECTED);
757 : }
758 : }
759 :
760 579 : if (!rc)
761 : {
762 571 : rc = handle_plaintext (pt, &c->mfx, c->sigs_only, clearsig);
763 571 : if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
764 : {
765 : /* Can't write output but we hash it anyway to check the
766 : signature. */
767 0 : rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
768 : }
769 : }
770 :
771 579 : if (rc)
772 8 : log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
773 :
774 579 : free_packet(pkt);
775 579 : c->last_was_session_key = 0;
776 :
777 : /* We add a marker control packet instead of the plaintext packet.
778 : * This is so that we can later detect invalid packet sequences. */
779 579 : n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
780 579 : if (c->list)
781 138 : add_kbnode (c->list, n);
782 : else
783 441 : c->list = n;
784 579 : }
785 :
786 :
787 : static int
788 10 : proc_compressed_cb (iobuf_t a, void *info)
789 : {
790 10 : if ( ((CTX)info)->signed_data.used
791 0 : && ((CTX)info)->signed_data.data_fd != -1)
792 0 : return proc_signature_packets_by_fd (((CTX)info)->ctrl, info, a,
793 : ((CTX)info)->signed_data.data_fd);
794 : else
795 10 : return proc_signature_packets (((CTX)info)->ctrl, info, a,
796 : ((CTX)info)->signed_data.data_names,
797 : ((CTX)info)->sigfilename );
798 : }
799 :
800 :
801 : static int
802 0 : proc_encrypt_cb (iobuf_t a, void *info )
803 : {
804 0 : CTX c = info;
805 0 : return proc_encryption_packets (c->ctrl, info, a );
806 : }
807 :
808 :
809 : static int
810 540 : proc_compressed (CTX c, PACKET *pkt)
811 : {
812 540 : PKT_compressed *zd = pkt->pkt.compressed;
813 : int rc;
814 :
815 : /*printf("zip: compressed data packet\n");*/
816 540 : if (c->sigs_only)
817 10 : rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
818 530 : else if( c->encrypt_only )
819 0 : rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
820 : else
821 530 : rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
822 :
823 540 : if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
824 : {
825 0 : if (!c->any.uncompress_failed)
826 : {
827 : CTX cc;
828 :
829 0 : for (cc=c; cc; cc = cc->anchor)
830 0 : cc->any.uncompress_failed = 1;
831 0 : log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
832 : }
833 : }
834 540 : else if (rc)
835 0 : log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
836 :
837 540 : free_packet(pkt);
838 540 : c->last_was_session_key = 0;
839 540 : return rc;
840 : }
841 :
842 :
843 : /*
844 : * check the signature
845 : * Returns: 0 = valid signature or an error code
846 : */
847 : static int
848 147 : do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
849 : int *is_expkey, int *is_revkey)
850 : {
851 : PKT_signature *sig;
852 147 : gcry_md_hd_t md = NULL;
853 147 : gcry_md_hd_t md2 = NULL;
854 147 : gcry_md_hd_t md_good = NULL;
855 : int algo, rc;
856 :
857 147 : assert (node->pkt->pkttype == PKT_SIGNATURE);
858 147 : if (is_selfsig)
859 0 : *is_selfsig = 0;
860 147 : sig = node->pkt->pkt.signature;
861 :
862 147 : algo = sig->digest_algo;
863 147 : rc = openpgp_md_test_algo (algo);
864 147 : if (rc)
865 0 : return rc;
866 :
867 147 : if (sig->sig_class == 0x00)
868 : {
869 127 : if (c->mfx.md)
870 : {
871 127 : if (gcry_md_copy (&md, c->mfx.md ))
872 0 : BUG ();
873 : }
874 : else /* detached signature */
875 : {
876 : /* check_signature() will enable the md. */
877 0 : if (gcry_md_open (&md, 0, 0 ))
878 0 : BUG ();
879 : }
880 : }
881 20 : else if (sig->sig_class == 0x01)
882 : {
883 : /* How do we know that we have to hash the (already hashed) text
884 : in canonical mode ??? (calculating both modes???) */
885 20 : if (c->mfx.md)
886 : {
887 20 : if (gcry_md_copy (&md, c->mfx.md ))
888 0 : BUG ();
889 20 : if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2))
890 0 : BUG ();
891 : }
892 : else /* detached signature */
893 : {
894 0 : log_debug ("Do we really need this here?");
895 : /* check_signature() will enable the md*/
896 0 : if (gcry_md_open (&md, 0, 0 ))
897 0 : BUG ();
898 0 : if (gcry_md_open (&md2, 0, 0 ))
899 0 : BUG ();
900 : }
901 : }
902 0 : else if ((sig->sig_class&~3) == 0x10
903 0 : || sig->sig_class == 0x18
904 0 : || sig->sig_class == 0x1f
905 0 : || sig->sig_class == 0x20
906 0 : || sig->sig_class == 0x28
907 0 : || sig->sig_class == 0x30)
908 : {
909 0 : if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
910 0 : || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
911 : {
912 0 : return check_key_signature( c->list, node, is_selfsig );
913 : }
914 0 : else if (sig->sig_class == 0x20)
915 : {
916 0 : log_error (_("standalone revocation - "
917 : "use \"gpg --import\" to apply\n"));
918 0 : return GPG_ERR_NOT_PROCESSED;
919 : }
920 : else
921 : {
922 0 : log_error ("invalid root packet for sigclass %02x\n", sig->sig_class);
923 0 : return GPG_ERR_SIG_CLASS;
924 : }
925 : }
926 : else
927 0 : return GPG_ERR_SIG_CLASS;
928 :
929 : /* We only get here if we are checking the signature of a binary
930 : (0x00) or text document (0x01). */
931 147 : rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, NULL);
932 147 : if (! rc)
933 143 : md_good = md;
934 4 : else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
935 : {
936 0 : rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey, NULL);
937 0 : if (! rc)
938 0 : md_good = md2;
939 : }
940 :
941 147 : if (md_good)
942 : {
943 143 : unsigned char *buffer = gcry_md_read (md_good, 0);
944 143 : sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
945 143 : memcpy (sig->digest, buffer, sig->digest_len);
946 : }
947 :
948 147 : gcry_md_close (md);
949 147 : gcry_md_close (md2);
950 :
951 147 : return rc;
952 : }
953 :
954 :
955 : static void
956 0 : print_userid (PACKET *pkt)
957 : {
958 0 : if (!pkt)
959 0 : BUG();
960 :
961 0 : if (pkt->pkttype != PKT_USER_ID)
962 : {
963 0 : es_printf ("ERROR: unexpected packet type %d", pkt->pkttype );
964 0 : return;
965 : }
966 0 : if (opt.with_colons)
967 : {
968 0 : if (pkt->pkt.user_id->attrib_data)
969 0 : es_printf("%u %lu",
970 0 : pkt->pkt.user_id->numattribs,
971 0 : pkt->pkt.user_id->attrib_len);
972 : else
973 0 : es_write_sanitized (es_stdout, pkt->pkt.user_id->name,
974 0 : pkt->pkt.user_id->len, ":", NULL);
975 : }
976 : else
977 0 : print_utf8_buffer (es_stdout, pkt->pkt.user_id->name,
978 0 : pkt->pkt.user_id->len );
979 : }
980 :
981 :
982 : /*
983 : * List the keyblock in a user friendly way
984 : */
985 : static void
986 0 : list_node (CTX c, kbnode_t node)
987 : {
988 : int mainkey;
989 : char pkstrbuf[PUBKEY_STRING_SIZE];
990 :
991 0 : if (!node)
992 : ;
993 0 : else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY))
994 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
995 0 : {
996 0 : PKT_public_key *pk = node->pkt->pkt.public_key;
997 :
998 0 : if (opt.with_colons)
999 : {
1000 : u32 keyid[2];
1001 :
1002 0 : keyid_from_pk( pk, keyid );
1003 0 : if (mainkey)
1004 0 : c->trustletter = (opt.fast_list_mode?
1005 0 : 0 : get_validity_info( pk, NULL));
1006 0 : es_printf ("%s:", mainkey? "pub":"sub" );
1007 0 : if (c->trustletter)
1008 0 : es_putc (c->trustletter, es_stdout);
1009 0 : es_printf (":%u:%d:%08lX%08lX:%s:%s::",
1010 : nbits_from_pk( pk ),
1011 0 : pk->pubkey_algo,
1012 0 : (ulong)keyid[0],(ulong)keyid[1],
1013 : colon_datestr_from_pk( pk ),
1014 : colon_strtime (pk->expiredate) );
1015 0 : if (mainkey && !opt.fast_list_mode)
1016 0 : es_putc (get_ownertrust_info (pk), es_stdout);
1017 0 : es_putc (':', es_stdout);
1018 : }
1019 : else
1020 0 : es_printf ("%s %s/%s %s",
1021 : mainkey? "pub":"sub",
1022 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
1023 : keystr_from_pk (pk),
1024 : datestr_from_pk (pk));
1025 :
1026 0 : if (pk->flags.revoked)
1027 : {
1028 0 : es_printf (" [");
1029 0 : es_printf (_("revoked: %s"), revokestr_from_pk (pk));
1030 0 : es_printf ("]\n");
1031 : }
1032 0 : else if( pk->expiredate && !opt.with_colons)
1033 : {
1034 0 : es_printf (" [");
1035 0 : es_printf (_("expires: %s"), expirestr_from_pk (pk));
1036 0 : es_printf ("]\n");
1037 : }
1038 : else
1039 0 : es_putc ('\n', es_stdout);
1040 :
1041 0 : if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
1042 0 : print_fingerprint (NULL, pk, 0);
1043 :
1044 0 : if (opt.with_colons)
1045 : {
1046 0 : if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
1047 0 : es_printf ("rtv:1:%u:\n",
1048 0 : node->next->pkt->pkt.ring_trust->trustval);
1049 : }
1050 :
1051 0 : if (mainkey)
1052 : {
1053 : /* Now list all userids with their signatures. */
1054 0 : for (node = node->next; node; node = node->next)
1055 : {
1056 0 : if (node->pkt->pkttype == PKT_SIGNATURE)
1057 : {
1058 0 : list_node (c, node );
1059 : }
1060 0 : else if (node->pkt->pkttype == PKT_USER_ID)
1061 : {
1062 0 : if (opt.with_colons)
1063 0 : es_printf ("%s:::::::::",
1064 0 : node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1065 : else
1066 0 : es_printf ("uid%*s",
1067 0 : (int)keystrlen ()+(opt.legacy_list_mode? 9:11),
1068 : "" );
1069 0 : print_userid (node->pkt);
1070 0 : if (opt.with_colons)
1071 0 : es_putc (':', es_stdout);
1072 0 : es_putc ('\n', es_stdout);
1073 0 : if (opt.with_colons
1074 0 : && node->next
1075 0 : && node->next->pkt->pkttype == PKT_RING_TRUST)
1076 : {
1077 0 : es_printf ("rtv:2:%u:\n",
1078 0 : node->next->pkt->pkt.ring_trust?
1079 0 : node->next->pkt->pkt.ring_trust->trustval : 0);
1080 : }
1081 : }
1082 0 : else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1083 : {
1084 0 : list_node(c, node );
1085 : }
1086 : }
1087 : }
1088 : }
1089 0 : else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1090 0 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1091 : {
1092 :
1093 0 : log_debug ("FIXME: No way to print secret key packets here\n");
1094 : /* fixme: We may use a fucntion to turn a secret key packet into
1095 : a public key one and use that here. */
1096 : }
1097 0 : else if (node->pkt->pkttype == PKT_SIGNATURE)
1098 : {
1099 0 : PKT_signature *sig = node->pkt->pkt.signature;
1100 0 : int is_selfsig = 0;
1101 0 : int rc2 = 0;
1102 : size_t n;
1103 : char *p;
1104 0 : int sigrc = ' ';
1105 :
1106 0 : if (!opt.verbose)
1107 0 : return;
1108 :
1109 0 : if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
1110 0 : es_fputs ("rev", es_stdout);
1111 : else
1112 0 : es_fputs ("sig", es_stdout);
1113 0 : if (opt.check_sigs)
1114 : {
1115 0 : fflush (stdout);
1116 0 : rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL);
1117 0 : switch (gpg_err_code (rc2))
1118 : {
1119 0 : case 0: sigrc = '!'; break;
1120 0 : case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1121 : case GPG_ERR_NO_PUBKEY:
1122 0 : case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1123 0 : default: sigrc = '%'; break;
1124 : }
1125 : }
1126 : else /* Check whether this is a self signature. */
1127 : {
1128 : u32 keyid[2];
1129 :
1130 0 : if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
1131 0 : || c->list->pkt->pkttype == PKT_SECRET_KEY )
1132 : {
1133 0 : keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
1134 :
1135 0 : if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
1136 0 : is_selfsig = 1;
1137 : }
1138 : }
1139 :
1140 0 : if (opt.with_colons)
1141 : {
1142 0 : es_putc (':', es_stdout);
1143 0 : if (sigrc != ' ')
1144 0 : es_putc (sigrc, es_stdout);
1145 0 : es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1146 0 : (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1147 : colon_datestr_from_sig (sig),
1148 : colon_expirestr_from_sig (sig));
1149 :
1150 0 : if (sig->trust_depth || sig->trust_value)
1151 0 : es_printf ("%d %d",sig->trust_depth,sig->trust_value);
1152 0 : es_putc (':', es_stdout);
1153 :
1154 0 : if (sig->trust_regexp)
1155 0 : es_write_sanitized (es_stdout, sig->trust_regexp,
1156 0 : strlen (sig->trust_regexp), ":", NULL);
1157 0 : es_putc (':', es_stdout);
1158 : }
1159 : else
1160 0 : es_printf ("%c %s %s ",
1161 0 : sigrc, keystr (sig->keyid), datestr_from_sig(sig));
1162 0 : if (sigrc == '%')
1163 0 : es_printf ("[%s] ", gpg_strerror (rc2) );
1164 0 : else if (sigrc == '?')
1165 : ;
1166 0 : else if (is_selfsig)
1167 : {
1168 0 : if (opt.with_colons)
1169 0 : es_putc (':', es_stdout);
1170 0 : es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
1171 0 : if (opt.with_colons)
1172 0 : es_putc (':', es_stdout);
1173 : }
1174 0 : else if (!opt.fast_list_mode)
1175 : {
1176 0 : p = get_user_id (sig->keyid, &n);
1177 0 : es_write_sanitized (es_stdout, p, n,
1178 0 : opt.with_colons?":":NULL, NULL );
1179 0 : xfree (p);
1180 : }
1181 0 : if (opt.with_colons)
1182 0 : es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1183 0 : es_putc ('\n', es_stdout);
1184 : }
1185 : else
1186 0 : log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
1187 : }
1188 :
1189 :
1190 : int
1191 1546 : proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1192 : {
1193 : int rc;
1194 1546 : CTX c = xmalloc_clear (sizeof *c);
1195 :
1196 1546 : c->ctrl = ctrl;
1197 1546 : c->anchor = anchor;
1198 1546 : rc = do_proc_packets (ctrl, c, a);
1199 1546 : xfree (c);
1200 :
1201 1546 : return rc;
1202 : }
1203 :
1204 :
1205 : int
1206 52 : proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
1207 : strlist_t signedfiles, const char *sigfilename )
1208 : {
1209 52 : CTX c = xmalloc_clear (sizeof *c);
1210 : int rc;
1211 :
1212 52 : c->ctrl = ctrl;
1213 52 : c->anchor = anchor;
1214 52 : c->sigs_only = 1;
1215 :
1216 52 : c->signed_data.data_fd = -1;
1217 52 : c->signed_data.data_names = signedfiles;
1218 52 : c->signed_data.used = !!signedfiles;
1219 :
1220 52 : c->sigfilename = sigfilename;
1221 52 : rc = do_proc_packets (ctrl, c, a);
1222 :
1223 : /* If we have not encountered any signature we print an error
1224 : messages, send a NODATA status back and return an error code.
1225 : Using log_error is required because verify_files does not check
1226 : error codes for each file but we want to terminate the process
1227 : with an error. */
1228 48 : if (!rc && !c->any.sig_seen)
1229 : {
1230 1 : write_status_text (STATUS_NODATA, "4");
1231 1 : log_error (_("no signature found\n"));
1232 1 : rc = GPG_ERR_NO_DATA;
1233 : }
1234 :
1235 : /* Propagate the signature seen flag upward. Do this only on success
1236 : so that we won't issue the nodata status several times. */
1237 48 : if (!rc && c->anchor && c->any.sig_seen)
1238 10 : c->anchor->any.sig_seen = 1;
1239 :
1240 48 : xfree (c);
1241 48 : return rc;
1242 : }
1243 :
1244 :
1245 : int
1246 0 : proc_signature_packets_by_fd (ctrl_t ctrl,
1247 : void *anchor, iobuf_t a, int signed_data_fd )
1248 : {
1249 : int rc;
1250 : CTX c;
1251 :
1252 0 : c = xtrycalloc (1, sizeof *c);
1253 0 : if (!c)
1254 0 : return gpg_error_from_syserror ();
1255 :
1256 0 : c->ctrl = ctrl;
1257 0 : c->anchor = anchor;
1258 0 : c->sigs_only = 1;
1259 :
1260 0 : c->signed_data.data_fd = signed_data_fd;
1261 0 : c->signed_data.data_names = NULL;
1262 0 : c->signed_data.used = (signed_data_fd != -1);
1263 :
1264 0 : rc = do_proc_packets (ctrl, c, a);
1265 :
1266 : /* If we have not encountered any signature we print an error
1267 : messages, send a NODATA status back and return an error code.
1268 : Using log_error is required because verify_files does not check
1269 : error codes for each file but we want to terminate the process
1270 : with an error. */
1271 0 : if (!rc && !c->any.sig_seen)
1272 : {
1273 0 : write_status_text (STATUS_NODATA, "4");
1274 0 : log_error (_("no signature found\n"));
1275 0 : rc = gpg_error (GPG_ERR_NO_DATA);
1276 : }
1277 :
1278 : /* Propagate the signature seen flag upward. Do this only on success
1279 : so that we won't issue the nodata status several times. */
1280 0 : if (!rc && c->anchor && c->any.sig_seen)
1281 0 : c->anchor->any.sig_seen = 1;
1282 :
1283 0 : xfree ( c );
1284 0 : return rc;
1285 : }
1286 :
1287 :
1288 : int
1289 0 : proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1290 : {
1291 0 : CTX c = xmalloc_clear (sizeof *c);
1292 : int rc;
1293 :
1294 0 : c->ctrl = ctrl;
1295 0 : c->anchor = anchor;
1296 0 : c->encrypt_only = 1;
1297 0 : rc = do_proc_packets (ctrl, c, a);
1298 0 : xfree (c);
1299 0 : return rc;
1300 : }
1301 :
1302 :
1303 : static int
1304 1598 : check_nesting (CTX c)
1305 : {
1306 : int level;
1307 :
1308 4676 : for (level=0; c; c = c->anchor)
1309 3078 : level++;
1310 :
1311 1598 : if (level > MAX_NESTING_DEPTH)
1312 : {
1313 0 : log_error ("input data with too deeply nested packets\n");
1314 0 : write_status_text (STATUS_UNEXPECTED, "1");
1315 0 : return GPG_ERR_BAD_DATA;
1316 : }
1317 :
1318 1598 : return 0;
1319 : }
1320 :
1321 :
1322 : static int
1323 1598 : do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
1324 : {
1325 : PACKET *pkt;
1326 1598 : int rc = 0;
1327 1598 : int any_data = 0;
1328 : int newpkt;
1329 :
1330 1598 : rc = check_nesting (c);
1331 1598 : if (rc)
1332 0 : return rc;
1333 :
1334 1598 : pkt = xmalloc( sizeof *pkt );
1335 1598 : c->iobuf = a;
1336 1598 : init_packet(pkt);
1337 5558 : while ((rc=parse_packet(a, pkt)) != -1)
1338 : {
1339 2363 : any_data = 1;
1340 2363 : if (rc)
1341 : {
1342 1 : free_packet (pkt);
1343 : /* Stop processing when an invalid packet has been encountered
1344 : * but don't do so when we are doing a --list-packets. */
1345 1 : if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1346 1 : && opt.list_packets != 2 )
1347 1 : break;
1348 0 : continue;
1349 : }
1350 2362 : newpkt = -1;
1351 2362 : if (opt.list_packets)
1352 : {
1353 4 : switch (pkt->pkttype)
1354 : {
1355 0 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1356 0 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1357 : case PKT_ENCRYPTED:
1358 0 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1359 1 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1360 3 : default: newpkt = 0; break;
1361 : }
1362 : }
1363 2358 : else if (c->sigs_only)
1364 : {
1365 153 : switch (pkt->pkttype)
1366 : {
1367 : case PKT_PUBLIC_KEY:
1368 : case PKT_SECRET_KEY:
1369 : case PKT_USER_ID:
1370 : case PKT_SYMKEY_ENC:
1371 : case PKT_PUBKEY_ENC:
1372 : case PKT_ENCRYPTED:
1373 : case PKT_ENCRYPTED_MDC:
1374 0 : write_status_text( STATUS_UNEXPECTED, "0" );
1375 0 : rc = GPG_ERR_UNEXPECTED;
1376 0 : goto leave;
1377 :
1378 51 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1379 50 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1380 10 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1381 24 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1382 16 : case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1383 2 : default: newpkt = 0; break;
1384 : }
1385 : }
1386 2205 : else if (c->encrypt_only)
1387 : {
1388 0 : switch (pkt->pkttype)
1389 : {
1390 : case PKT_PUBLIC_KEY:
1391 : case PKT_SECRET_KEY:
1392 : case PKT_USER_ID:
1393 0 : write_status_text (STATUS_UNEXPECTED, "0");
1394 0 : rc = GPG_ERR_UNEXPECTED;
1395 0 : goto leave;
1396 :
1397 0 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1398 0 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1399 0 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1400 : case PKT_ENCRYPTED:
1401 0 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1402 0 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1403 0 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1404 0 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1405 0 : case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1406 0 : default: newpkt = 0; break;
1407 : }
1408 : }
1409 : else
1410 : {
1411 2205 : switch (pkt->pkttype)
1412 : {
1413 : case PKT_PUBLIC_KEY:
1414 : case PKT_SECRET_KEY:
1415 0 : release_list (c);
1416 0 : c->list = new_kbnode (pkt);
1417 0 : newpkt = 1;
1418 0 : break;
1419 : case PKT_PUBLIC_SUBKEY:
1420 : case PKT_SECRET_SUBKEY:
1421 0 : newpkt = add_subkey (c, pkt);
1422 0 : break;
1423 0 : case PKT_USER_ID: newpkt = add_user_id (c, pkt); break;
1424 109 : case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1425 253 : case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1426 218 : case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1427 : case PKT_ENCRYPTED:
1428 470 : case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1429 529 : case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1430 529 : case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1431 93 : case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1432 0 : case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1433 0 : case PKT_RING_TRUST: newpkt = add_ring_trust (c, pkt); break;
1434 4 : default: newpkt = 0; break;
1435 : }
1436 : }
1437 :
1438 2362 : if (rc)
1439 0 : goto leave;
1440 :
1441 : /* This is a very ugly construct and frankly, I don't remember why
1442 : * I used it. Adding the MDC check here is a hack.
1443 : * The right solution is to initiate another context for encrypted
1444 : * packet and not to reuse the current one ... It works right
1445 : * when there is a compression packet inbetween which adds just
1446 : * an extra layer.
1447 : * Hmmm: Rewrite this whole module here??
1448 : */
1449 2362 : if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
1450 2201 : c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
1451 :
1452 2362 : if (newpkt == -1)
1453 : ;
1454 302 : else if (newpkt)
1455 : {
1456 293 : pkt = xmalloc (sizeof *pkt);
1457 293 : init_packet (pkt);
1458 : }
1459 : else
1460 9 : free_packet(pkt);
1461 : }
1462 :
1463 1598 : if (rc == GPG_ERR_INV_PACKET)
1464 1 : write_status_text (STATUS_NODATA, "3");
1465 :
1466 1598 : if (any_data)
1467 1597 : rc = 0;
1468 1 : else if (rc == -1)
1469 1 : write_status_text (STATUS_NODATA, "2");
1470 :
1471 :
1472 : leave:
1473 1598 : release_list (c);
1474 1594 : xfree(c->dek);
1475 1594 : free_packet (pkt);
1476 1594 : xfree (pkt);
1477 1594 : free_md_filter_context (&c->mfx);
1478 1594 : return rc;
1479 : }
1480 :
1481 :
1482 : /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1483 : of the notation data. */
1484 : static pka_info_t *
1485 0 : get_pka_address (PKT_signature *sig)
1486 : {
1487 0 : pka_info_t *pka = NULL;
1488 : struct notation *nd,*notation;
1489 :
1490 0 : notation=sig_to_notation(sig);
1491 :
1492 0 : for(nd=notation;nd;nd=nd->next)
1493 : {
1494 0 : if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1495 0 : continue; /* Not the notation we want. */
1496 :
1497 : /* For now we only use the first valid PKA notation. In future
1498 : we might want to keep additional PKA notations in a linked
1499 : list. */
1500 0 : if (is_valid_mailbox (nd->value))
1501 : {
1502 0 : pka = xmalloc (sizeof *pka + strlen(nd->value));
1503 0 : pka->valid = 0;
1504 0 : pka->checked = 0;
1505 0 : pka->uri = NULL;
1506 0 : strcpy (pka->email, nd->value);
1507 0 : break;
1508 : }
1509 : }
1510 :
1511 0 : free_notation(notation);
1512 :
1513 0 : return pka;
1514 : }
1515 :
1516 :
1517 : /* Return the URI from a DNS PKA record. If this record has already
1518 : be retrieved for the signature we merely return it; if not we go
1519 : out and try to get that DNS record. */
1520 : static const char *
1521 0 : pka_uri_from_sig (CTX c, PKT_signature *sig)
1522 : {
1523 0 : if (!sig->flags.pka_tried)
1524 : {
1525 0 : assert (!sig->pka_info);
1526 0 : sig->flags.pka_tried = 1;
1527 0 : sig->pka_info = get_pka_address (sig);
1528 0 : if (sig->pka_info)
1529 : {
1530 : char *url;
1531 : unsigned char *fpr;
1532 : size_t fprlen;
1533 :
1534 0 : if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
1535 : &fpr, &fprlen, &url))
1536 : {
1537 0 : if (fpr && fprlen == sizeof sig->pka_info->fpr)
1538 : {
1539 0 : memcpy (sig->pka_info->fpr, fpr, fprlen);
1540 0 : if (url)
1541 : {
1542 0 : sig->pka_info->valid = 1;
1543 0 : if (!*url)
1544 0 : xfree (url);
1545 : else
1546 0 : sig->pka_info->uri = url;
1547 0 : url = NULL;
1548 : }
1549 : }
1550 0 : xfree (fpr);
1551 0 : xfree (url);
1552 : }
1553 : }
1554 : }
1555 0 : return sig->pka_info? sig->pka_info->uri : NULL;
1556 : }
1557 :
1558 :
1559 : static void
1560 147 : print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
1561 : PKT_signature *sig, int rc)
1562 : {
1563 : char *p;
1564 :
1565 441 : write_status_text_and_buffer (statno, keyid_str,
1566 147 : un? un->pkt->pkt.user_id->name:"[?]",
1567 147 : un? un->pkt->pkt.user_id->len:3,
1568 : -1);
1569 :
1570 147 : if (un)
1571 147 : p = utf8_to_native (un->pkt->pkt.user_id->name,
1572 147 : un->pkt->pkt.user_id->len, 0);
1573 : else
1574 0 : p = xstrdup ("[?]");
1575 :
1576 147 : if (rc)
1577 4 : log_info (_("BAD signature from \"%s\""), p);
1578 143 : else if (sig->flags.expired)
1579 0 : log_info (_("Expired signature from \"%s\""), p);
1580 : else
1581 143 : log_info (_("Good signature from \"%s\""), p);
1582 :
1583 147 : xfree (p);
1584 147 : }
1585 :
1586 :
1587 : static int
1588 157 : check_sig_and_print (CTX c, kbnode_t node)
1589 : {
1590 157 : PKT_signature *sig = node->pkt->pkt.signature;
1591 : const char *astr;
1592 : int rc;
1593 157 : int is_expkey = 0;
1594 157 : int is_revkey = 0;
1595 : char pkstrbuf[PUBKEY_STRING_SIZE];
1596 :
1597 157 : *pkstrbuf = 0;
1598 :
1599 157 : if (opt.skip_verify)
1600 : {
1601 0 : log_info(_("signature verification suppressed\n"));
1602 0 : return 0;
1603 : }
1604 :
1605 : /* Check that the message composition is valid.
1606 :
1607 : Per RFC-2440bis (-15) allowed:
1608 :
1609 : S{1,n} -- detached signature.
1610 : S{1,n} P -- old style PGP2 signature
1611 : O{1,n} P S{1,n} -- standard OpenPGP signature.
1612 : C P S{1,n} -- cleartext signature.
1613 :
1614 :
1615 : O = One-Pass Signature packet.
1616 : S = Signature packet.
1617 : P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1618 : (Note that the current rfc2440bis draft also allows
1619 : for a signed message but that does not work as it
1620 : introduces ambiguities.)
1621 : We keep track of these packages using the marker packet
1622 : CTRLPKT_PLAINTEXT_MARK.
1623 : C = Marker packet for cleartext signatures.
1624 :
1625 : We reject all other messages.
1626 :
1627 : Actually we are calling this too often, i.e. for verification of
1628 : each message but better have some duplicate work than to silently
1629 : introduce a bug here.
1630 : */
1631 : {
1632 : kbnode_t n;
1633 : int n_onepass, n_sig;
1634 :
1635 : /* log_debug ("checking signature packet composition\n"); */
1636 : /* dump_kbnode (c->list); */
1637 :
1638 157 : n = c->list;
1639 157 : assert (n);
1640 157 : if ( n->pkt->pkttype == PKT_SIGNATURE )
1641 : {
1642 : /* This is either "S{1,n}" case (detached signature) or
1643 : "S{1,n} P" (old style PGP2 signature). */
1644 20 : for (n = n->next; n; n = n->next)
1645 4 : if (n->pkt->pkttype != PKT_SIGNATURE)
1646 4 : break;
1647 20 : if (!n)
1648 : ; /* Okay, this is a detached signature. */
1649 4 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
1650 4 : && (n->pkt->pkt.gpg_control->control
1651 : == CTRLPKT_PLAINTEXT_MARK) )
1652 : {
1653 4 : if (n->next)
1654 2 : goto ambiguous; /* We only allow one P packet. */
1655 : }
1656 : else
1657 : goto ambiguous;
1658 : }
1659 137 : else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1660 : {
1661 : /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1662 229 : for (n_onepass=1, n = n->next;
1663 119 : n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1664 3 : n_onepass++;
1665 226 : if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1666 113 : && (n->pkt->pkt.gpg_control->control
1667 : == CTRLPKT_PLAINTEXT_MARK)))
1668 : goto ambiguous;
1669 341 : for (n_sig=0, n = n->next;
1670 236 : n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1671 115 : n_sig++;
1672 113 : if (!n_sig)
1673 0 : goto ambiguous;
1674 :
1675 : /* If we wanted to disallow multiple sig verification, we'd do
1676 : something like this:
1677 :
1678 : if (n && !opt.allow_multisig_verification)
1679 : goto ambiguous;
1680 :
1681 : However, now that we have --allow-multiple-messages, this
1682 : can stay allowable as we can't get here unless multiple
1683 : messages (i.e. multiple literals) are allowed. */
1684 :
1685 113 : if (n_onepass != n_sig)
1686 : {
1687 1 : log_info ("number of one-pass packets does not match "
1688 : "number of signature packets\n");
1689 1 : goto ambiguous;
1690 : }
1691 : }
1692 24 : else if (n->pkt->pkttype == PKT_GPG_CONTROL
1693 24 : && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1694 : {
1695 : /* This is the "C P S{1,n}" case (clear text signature). */
1696 17 : n = n->next;
1697 34 : if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1698 17 : && (n->pkt->pkt.gpg_control->control
1699 : == CTRLPKT_PLAINTEXT_MARK)))
1700 : goto ambiguous;
1701 55 : for (n_sig=0, n = n->next;
1702 42 : n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1703 21 : n_sig++;
1704 17 : if (n || !n_sig)
1705 : goto ambiguous;
1706 : }
1707 : else
1708 : {
1709 : ambiguous:
1710 10 : log_error(_("can't handle this ambiguous signature data\n"));
1711 10 : return 0;
1712 : }
1713 : }
1714 :
1715 147 : write_status_text (STATUS_NEWSIG, NULL);
1716 :
1717 147 : astr = openpgp_pk_algo_name ( sig->pubkey_algo );
1718 147 : if (keystrlen () > 8)
1719 : {
1720 0 : log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1721 0 : log_info (_(" using %s key %s\n"),
1722 0 : astr? astr: "?",keystr(sig->keyid));
1723 : }
1724 : else
1725 147 : log_info (_("Signature made %s using %s key ID %s\n"),
1726 : asctimestamp(sig->timestamp), astr? astr: "?",
1727 147 : keystr(sig->keyid));
1728 :
1729 147 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
1730 :
1731 : /* If the key isn't found, check for a preferred keyserver */
1732 :
1733 147 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks)
1734 : {
1735 : const byte *p;
1736 0 : int seq = 0;
1737 : size_t n;
1738 :
1739 0 : while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1740 : {
1741 : /* According to my favorite copy editor, in English grammar,
1742 : you say "at" if the key is located on a web page, but
1743 : "from" if it is located on a keyserver. I'm not going to
1744 : even try to make two strings here :) */
1745 0 : log_info(_("Key available at: ") );
1746 0 : print_utf8_buffer (log_get_stream(), p, n);
1747 0 : log_printf ("\n");
1748 :
1749 0 : if (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1750 0 : && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1751 : {
1752 : struct keyserver_spec *spec;
1753 :
1754 0 : spec = parse_preferred_keyserver (sig);
1755 0 : if (spec)
1756 : {
1757 : int res;
1758 :
1759 0 : glo_ctrl.in_auto_key_retrieve++;
1760 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid,spec);
1761 0 : glo_ctrl.in_auto_key_retrieve--;
1762 0 : if (!res)
1763 0 : rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1764 0 : free_keyserver_spec (spec);
1765 :
1766 0 : if (!rc)
1767 0 : break;
1768 : }
1769 : }
1770 : }
1771 : }
1772 :
1773 : /* If the preferred keyserver thing above didn't work, our second
1774 : try is to use the URI from a DNS PKA record. */
1775 147 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1776 0 : && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1777 0 : && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
1778 : {
1779 0 : const char *uri = pka_uri_from_sig (c, sig);
1780 :
1781 0 : if (uri)
1782 : {
1783 : /* FIXME: We might want to locate the key using the
1784 : fingerprint instead of the keyid. */
1785 : int res;
1786 : struct keyserver_spec *spec;
1787 :
1788 0 : spec = parse_keyserver_uri (uri, 1);
1789 0 : if (spec)
1790 : {
1791 0 : glo_ctrl.in_auto_key_retrieve++;
1792 0 : res = keyserver_import_keyid (c->ctrl, sig->keyid, spec);
1793 0 : glo_ctrl.in_auto_key_retrieve--;
1794 0 : free_keyserver_spec (spec);
1795 0 : if (!res)
1796 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
1797 : }
1798 : }
1799 : }
1800 :
1801 : /* If the preferred keyserver thing above didn't work and we got
1802 : no information from the DNS PKA, this is a third try. */
1803 :
1804 147 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1805 0 : && opt.keyserver
1806 0 : && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
1807 : {
1808 : int res;
1809 :
1810 0 : glo_ctrl.in_auto_key_retrieve++;
1811 0 : res=keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver );
1812 0 : glo_ctrl.in_auto_key_retrieve--;
1813 0 : if (!res)
1814 0 : rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
1815 : }
1816 :
1817 147 : if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
1818 143 : {
1819 : kbnode_t un, keyblock;
1820 147 : int count = 0;
1821 : int statno;
1822 : char keyid_str[50];
1823 147 : PKT_public_key *pk = NULL;
1824 :
1825 147 : if (rc)
1826 4 : statno = STATUS_BADSIG;
1827 143 : else if (sig->flags.expired)
1828 0 : statno = STATUS_EXPSIG;
1829 143 : else if (is_expkey)
1830 0 : statno = STATUS_EXPKEYSIG;
1831 143 : else if(is_revkey)
1832 0 : statno = STATUS_REVKEYSIG;
1833 : else
1834 143 : statno = STATUS_GOODSIG;
1835 :
1836 147 : keyblock = get_pubkeyblock (sig->keyid);
1837 :
1838 294 : snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
1839 294 : (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1840 :
1841 : /* Find and print the primary user ID along with the
1842 : "Good|Expired|Bad signature" line. */
1843 1211 : for (un=keyblock; un; un = un->next)
1844 : {
1845 : int valid;
1846 :
1847 1064 : if (un->pkt->pkttype==PKT_PUBLIC_KEY)
1848 : {
1849 147 : pk=un->pkt->pkt.public_key;
1850 147 : continue;
1851 : }
1852 917 : if (un->pkt->pkttype != PKT_USER_ID)
1853 600 : continue;
1854 317 : if (!un->pkt->pkt.user_id->created)
1855 0 : continue;
1856 317 : if (un->pkt->pkt.user_id->is_revoked)
1857 0 : continue;
1858 317 : if (un->pkt->pkt.user_id->is_expired)
1859 0 : continue;
1860 317 : if (!un->pkt->pkt.user_id->is_primary)
1861 170 : continue;
1862 : /* We want the textual primary user ID here */
1863 147 : if (un->pkt->pkt.user_id->attrib_data)
1864 0 : continue;
1865 :
1866 147 : assert (pk);
1867 :
1868 : /* Since this is just informational, don't actually ask the
1869 : user to update any trust information. (Note: we register
1870 : the signature later.) Because print_good_bad_signature
1871 : does not print a LF we need to compute the validity
1872 : before calling that function. */
1873 147 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1874 147 : valid = get_validity (pk, un->pkt->pkt.user_id, NULL, 0);
1875 : else
1876 0 : valid = 0; /* Not used. */
1877 :
1878 147 : keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1879 :
1880 147 : print_good_bad_signature (statno, keyid_str, un, sig, rc);
1881 :
1882 147 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1883 147 : log_printf (" [%s]\n",trust_value_to_string(valid));
1884 : else
1885 0 : log_printf ("\n");
1886 :
1887 : /* Get a string description of the algo for informational
1888 : output we want to print later. It is convenient to do it
1889 : here because we already have the right public key. */
1890 147 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
1891 147 : count++;
1892 : }
1893 :
1894 : /* In case we did not found a valid valid textual userid above
1895 : we print the first user id packet or a "[?]" instead along
1896 : with the "Good|Expired|Bad signature" line. */
1897 147 : if (!count)
1898 : {
1899 : /* Try for an invalid textual userid */
1900 0 : for (un=keyblock; un; un = un->next)
1901 : {
1902 0 : if (un->pkt->pkttype == PKT_USER_ID
1903 0 : && !un->pkt->pkt.user_id->attrib_data)
1904 0 : break;
1905 : }
1906 :
1907 : /* Try for any userid at all */
1908 0 : if (!un)
1909 : {
1910 0 : for (un=keyblock; un; un = un->next)
1911 : {
1912 0 : if (un->pkt->pkttype == PKT_USER_ID)
1913 0 : break;
1914 : }
1915 : }
1916 :
1917 0 : if (opt.trust_model==TM_ALWAYS || !un)
1918 0 : keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1919 :
1920 0 : print_good_bad_signature (statno, keyid_str, un, sig, rc);
1921 :
1922 0 : if (opt.trust_model != TM_ALWAYS && un)
1923 0 : log_printf (" %s",_("[uncertain]") );
1924 0 : log_printf ("\n");
1925 : }
1926 :
1927 : /* If we have a good signature and already printed
1928 : * the primary user ID, print all the other user IDs */
1929 147 : if (count
1930 147 : && !rc
1931 143 : && !(opt.verify_options & VERIFY_SHOW_PRIMARY_UID_ONLY))
1932 : {
1933 : char *p;
1934 1179 : for( un=keyblock; un; un = un->next)
1935 : {
1936 1036 : if (un->pkt->pkttype != PKT_USER_ID)
1937 727 : continue;
1938 309 : if ((un->pkt->pkt.user_id->is_revoked
1939 309 : || un->pkt->pkt.user_id->is_expired)
1940 0 : && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
1941 0 : continue;
1942 : /* Skip textual primary user ids which we printed above. */
1943 309 : if (un->pkt->pkt.user_id->is_primary
1944 143 : && !un->pkt->pkt.user_id->attrib_data )
1945 143 : continue;
1946 :
1947 : /* If this user id has attribute data, print that. */
1948 166 : if (un->pkt->pkt.user_id->attrib_data)
1949 : {
1950 0 : dump_attribs (un->pkt->pkt.user_id, pk);
1951 :
1952 0 : if (opt.verify_options&VERIFY_SHOW_PHOTOS)
1953 0 : show_photos (un->pkt->pkt.user_id->attribs,
1954 0 : un->pkt->pkt.user_id->numattribs,
1955 0 : pk ,un->pkt->pkt.user_id);
1956 : }
1957 :
1958 166 : p = utf8_to_native (un->pkt->pkt.user_id->name,
1959 166 : un->pkt->pkt.user_id->len, 0);
1960 166 : log_info (_(" aka \"%s\""), p);
1961 166 : xfree (p);
1962 :
1963 166 : if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
1964 : {
1965 : const char *valid;
1966 :
1967 166 : if (un->pkt->pkt.user_id->is_revoked)
1968 0 : valid = _("revoked");
1969 166 : else if (un->pkt->pkt.user_id->is_expired)
1970 0 : valid = _("expired");
1971 : else
1972 : /* Since this is just informational, don't
1973 : actually ask the user to update any trust
1974 : information. */
1975 166 : valid = (trust_value_to_string
1976 166 : (get_validity (pk, un->pkt->pkt.user_id, sig, 0)));
1977 166 : log_printf (" [%s]\n",valid);
1978 : }
1979 : else
1980 0 : log_printf ("\n");
1981 : }
1982 : }
1983 147 : release_kbnode( keyblock );
1984 :
1985 : /* For good signatures print notation data. */
1986 147 : if (!rc)
1987 : {
1988 143 : if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
1989 143 : show_policy_url (sig, 0, 1);
1990 : else
1991 0 : show_policy_url (sig, 0, 2);
1992 :
1993 143 : if ((opt.verify_options & VERIFY_SHOW_KEYSERVER_URLS))
1994 143 : show_keyserver_url (sig, 0, 1);
1995 : else
1996 0 : show_keyserver_url (sig, 0, 2);
1997 :
1998 143 : if ((opt.verify_options & VERIFY_SHOW_NOTATIONS))
1999 143 : show_notation
2000 : (sig, 0, 1,
2001 143 : (((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)
2002 143 : + ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0)));
2003 : else
2004 0 : show_notation (sig, 0, 2, 0);
2005 : }
2006 :
2007 : /* For good signatures print the VALIDSIG status line. */
2008 147 : if (!rc && is_status_enabled ())
2009 : {
2010 0 : PKT_public_key *vpk = xmalloc_clear (sizeof *vpk);
2011 :
2012 0 : if (!get_pubkey (vpk, sig->keyid))
2013 : {
2014 : byte array[MAX_FINGERPRINT_LEN], *p;
2015 : char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
2016 : size_t i, n;
2017 :
2018 0 : bufp = buf;
2019 0 : fingerprint_from_pk (vpk, array, &n);
2020 0 : p = array;
2021 0 : for(i=0; i < n ; i++, p++, bufp += 2)
2022 0 : sprintf (bufp, "%02X", *p );
2023 : /* TODO: Replace the reserved '0' in the field below
2024 : with bits for status flags (policy url, notation,
2025 : etc.). Remember to make the buffer larger to match! */
2026 0 : sprintf (bufp, " %s %lu %lu %d 0 %d %d %02X ",
2027 : strtimestamp( sig->timestamp ),
2028 0 : (ulong)sig->timestamp,(ulong)sig->expiredate,
2029 0 : sig->version,sig->pubkey_algo,sig->digest_algo,
2030 0 : sig->sig_class);
2031 0 : bufp = bufp + strlen (bufp);
2032 0 : if (!vpk->flags.primary)
2033 : {
2034 : u32 akid[2];
2035 :
2036 0 : akid[0] = vpk->main_keyid[0];
2037 0 : akid[1] = vpk->main_keyid[1];
2038 0 : free_public_key (vpk);
2039 0 : vpk = xmalloc_clear (sizeof *vpk);
2040 0 : if (get_pubkey (vpk, akid))
2041 : {
2042 : /* Impossible error, we simply return a zeroed out fpr */
2043 0 : n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
2044 0 : memset (array, 0, n);
2045 : }
2046 : else
2047 0 : fingerprint_from_pk( vpk, array, &n );
2048 : }
2049 0 : p = array;
2050 0 : for (i=0; i < n ; i++, p++, bufp += 2)
2051 0 : sprintf(bufp, "%02X", *p );
2052 0 : write_status_text (STATUS_VALIDSIG, buf);
2053 : }
2054 0 : free_public_key (vpk);
2055 : }
2056 :
2057 : /* For good signatures compute and print the trust information.
2058 : Note that in the Tofu trust model this may ask the user on
2059 : how to resolve a conflict. */
2060 147 : if (!rc)
2061 : {
2062 143 : if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
2063 0 : pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
2064 143 : rc = check_signatures_trust (sig);
2065 : }
2066 :
2067 : /* Print extra information about the signature. */
2068 147 : if (sig->flags.expired)
2069 : {
2070 0 : log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
2071 0 : rc = GPG_ERR_GENERAL; /* Need a better error here? */
2072 : }
2073 147 : else if (sig->expiredate)
2074 0 : log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
2075 :
2076 147 : if (opt.verbose)
2077 0 : log_info (_("%s signature, digest algorithm %s%s%s\n"),
2078 0 : sig->sig_class==0x00?_("binary"):
2079 0 : sig->sig_class==0x01?_("textmode"):_("unknown"),
2080 0 : gcry_md_algo_name (sig->digest_algo),
2081 0 : *pkstrbuf?_(", key algorithm "):"",
2082 : pkstrbuf);
2083 :
2084 : /* Print final warnings. */
2085 147 : if (!rc && !c->signed_data.used)
2086 : {
2087 : /* Signature is basically good but we test whether the
2088 : deprecated command
2089 : gpg --verify FILE.sig
2090 : was used instead of
2091 : gpg --verify FILE.sig FILE
2092 : to verify a detached signature. If we figure out that a
2093 : data file with a matching name exists, we print a warning.
2094 :
2095 : The problem is that the first form would also verify a
2096 : standard signature. This behavior could be used to
2097 : create a made up .sig file for a tarball by creating a
2098 : standard signature from a valid detached signature packet
2099 : (for example from a signed git tag). Then replace the
2100 : sig file on the FTP server along with a changed tarball.
2101 : Using the first form the verify command would correctly
2102 : verify the signature but don't even consider the tarball. */
2103 : kbnode_t n;
2104 : char *dfile;
2105 :
2106 143 : dfile = get_matching_datafile (c->sigfilename);
2107 143 : if (dfile)
2108 : {
2109 0 : for (n = c->list; n; n = n->next)
2110 0 : if (n->pkt->pkttype != PKT_SIGNATURE)
2111 0 : break;
2112 0 : if (n)
2113 : {
2114 : /* Not only signature packets in the tree thus this
2115 : is not a detached signature. */
2116 0 : log_info (_("WARNING: not a detached signature; "
2117 : "file '%s' was NOT verified!\n"), dfile);
2118 : }
2119 0 : xfree (dfile);
2120 : }
2121 : }
2122 :
2123 147 : if (rc)
2124 4 : g10_errors_seen = 1;
2125 147 : if (opt.batch && rc)
2126 4 : g10_exit (1);
2127 : }
2128 : else
2129 : {
2130 : char buf[50];
2131 :
2132 0 : snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
2133 0 : (ulong)sig->keyid[0], (ulong)sig->keyid[1],
2134 0 : sig->pubkey_algo, sig->digest_algo,
2135 0 : sig->sig_class, (ulong)sig->timestamp, rc);
2136 0 : write_status_text (STATUS_ERRSIG, buf);
2137 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
2138 : {
2139 0 : buf[16] = 0;
2140 0 : write_status_text (STATUS_NO_PUBKEY, buf);
2141 : }
2142 0 : if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
2143 0 : log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
2144 : }
2145 :
2146 143 : return rc;
2147 : }
2148 :
2149 :
2150 : /*
2151 : * Process the tree which starts at node
2152 : */
2153 : static void
2154 587 : proc_tree (CTX c, kbnode_t node)
2155 : {
2156 : kbnode_t n1;
2157 : int rc;
2158 :
2159 587 : if (opt.list_packets || opt.list_only)
2160 0 : return;
2161 :
2162 : /* We must skip our special plaintext marker packets here because
2163 : they may be the root packet. These packets are only used in
2164 : addional checks and skipping them here doesn't matter. */
2165 1615 : while (node
2166 592 : && node->pkt->pkttype == PKT_GPG_CONTROL
2167 457 : && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
2168 : {
2169 441 : node = node->next;
2170 : }
2171 587 : if (!node)
2172 436 : return;
2173 :
2174 151 : c->trustletter = ' ';
2175 151 : if (node->pkt->pkttype == PKT_PUBLIC_KEY
2176 151 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2177 : {
2178 0 : merge_keys_and_selfsig (node);
2179 0 : list_node (c, node);
2180 : }
2181 151 : else if (node->pkt->pkttype == PKT_SECRET_KEY)
2182 : {
2183 0 : merge_keys_and_selfsig (node);
2184 0 : list_node (c, node);
2185 : }
2186 151 : else if (node->pkt->pkttype == PKT_ONEPASS_SIG)
2187 : {
2188 : /* Check all signatures. */
2189 112 : if (!c->any.data)
2190 : {
2191 0 : int use_textmode = 0;
2192 :
2193 0 : free_md_filter_context (&c->mfx);
2194 : /* Prepare to create all requested message digests. */
2195 0 : rc = gcry_md_open (&c->mfx.md, 0, 0);
2196 0 : if (rc)
2197 0 : goto hash_err;
2198 :
2199 : /* Fixme: why looking for the signature packet and not the
2200 : one-pass packet? */
2201 0 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2202 0 : gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo);
2203 :
2204 0 : if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2205 0 : use_textmode = 1;
2206 :
2207 : /* Ask for file and hash it. */
2208 0 : if (c->sigs_only)
2209 : {
2210 0 : if (c->signed_data.used && c->signed_data.data_fd != -1)
2211 0 : rc = hash_datafile_by_fd (c->mfx.md, NULL,
2212 : c->signed_data.data_fd,
2213 : use_textmode);
2214 : else
2215 0 : rc = hash_datafiles (c->mfx.md, NULL,
2216 : c->signed_data.data_names,
2217 : c->sigfilename,
2218 : use_textmode);
2219 : }
2220 : else
2221 : {
2222 0 : rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2223 : iobuf_get_real_fname (c->iobuf),
2224 : use_textmode);
2225 : }
2226 :
2227 : hash_err:
2228 0 : if (rc)
2229 : {
2230 0 : log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2231 0 : return;
2232 : }
2233 : }
2234 112 : else if (c->signed_data.used)
2235 : {
2236 0 : log_error (_("not a detached signature\n"));
2237 0 : return;
2238 : }
2239 :
2240 334 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2241 114 : check_sig_and_print (c, n1);
2242 :
2243 : }
2244 55 : else if (node->pkt->pkttype == PKT_GPG_CONTROL
2245 16 : && node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
2246 : {
2247 : /* Clear text signed message. */
2248 16 : if (!c->any.data)
2249 : {
2250 0 : log_error ("cleartext signature without data\n");
2251 0 : return;
2252 : }
2253 16 : else if (c->signed_data.used)
2254 : {
2255 0 : log_error (_("not a detached signature\n"));
2256 0 : return;
2257 : }
2258 :
2259 49 : for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2260 17 : check_sig_and_print (c, n1);
2261 :
2262 : }
2263 23 : else if (node->pkt->pkttype == PKT_SIGNATURE)
2264 : {
2265 23 : PKT_signature *sig = node->pkt->pkt.signature;
2266 23 : int multiple_ok = 1;
2267 :
2268 23 : n1 = find_next_kbnode (node, PKT_SIGNATURE);
2269 23 : if (n1)
2270 : {
2271 3 : byte class = sig->sig_class;
2272 3 : byte hash = sig->digest_algo;
2273 :
2274 6 : for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2275 : {
2276 : /* We can't currently handle multiple signatures of
2277 : different classes or digests (we'd pretty much have
2278 : to run a different hash context for each), but if
2279 : they are all the same, make an exception. */
2280 3 : if (n1->pkt->pkt.signature->sig_class != class
2281 3 : || n1->pkt->pkt.signature->digest_algo != hash)
2282 : {
2283 0 : multiple_ok = 0;
2284 0 : log_info (_("WARNING: multiple signatures detected. "
2285 : "Only the first will be checked.\n"));
2286 0 : break;
2287 : }
2288 : }
2289 : }
2290 :
2291 23 : if (sig->sig_class != 0x00 && sig->sig_class != 0x01)
2292 : {
2293 0 : log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class);
2294 : }
2295 23 : else if (!c->any.data)
2296 : {
2297 : /* Detached signature */
2298 16 : free_md_filter_context (&c->mfx);
2299 16 : rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0);
2300 16 : if (rc)
2301 0 : goto detached_hash_err;
2302 :
2303 16 : if (RFC2440 || RFC4880)
2304 : ; /* Strict RFC mode. */
2305 16 : else if (sig->digest_algo == DIGEST_ALGO_SHA1
2306 16 : && sig->pubkey_algo == PUBKEY_ALGO_DSA
2307 16 : && sig->sig_class == 0x01)
2308 : {
2309 : /* Enable a workaround for a pgp5 bug when the detached
2310 : * signature has been created in textmode. */
2311 0 : rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
2312 0 : if (rc)
2313 0 : goto detached_hash_err;
2314 : }
2315 :
2316 : /* Here we used to have another hack to work around a pgp
2317 : * 2 bug: It worked by not using the textmode for detached
2318 : * signatures; this would let the first signature check
2319 : * (on md) fail but the second one (on md2), which adds an
2320 : * extra CR would then have produced the "correct" hash.
2321 : * This is very, very ugly hack but it may haved help in
2322 : * some cases (and break others).
2323 : * c->mfx.md2? 0 :(sig->sig_class == 0x01)
2324 : */
2325 :
2326 16 : if (DBG_HASHING)
2327 : {
2328 0 : gcry_md_debug (c->mfx.md, "verify");
2329 0 : if (c->mfx.md2)
2330 0 : gcry_md_debug (c->mfx.md2, "verify2");
2331 : }
2332 :
2333 16 : if (c->sigs_only)
2334 : {
2335 0 : if (c->signed_data.used && c->signed_data.data_fd != -1)
2336 0 : rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2337 : c->signed_data.data_fd,
2338 0 : (sig->sig_class == 0x01));
2339 : else
2340 0 : rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2341 : c->signed_data.data_names,
2342 : c->sigfilename,
2343 0 : (sig->sig_class == 0x01));
2344 : }
2345 : else
2346 : {
2347 16 : rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2348 : iobuf_get_real_fname(c->iobuf),
2349 16 : (sig->sig_class == 0x01));
2350 : }
2351 :
2352 : detached_hash_err:
2353 16 : if (rc)
2354 : {
2355 0 : log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2356 0 : return;
2357 : }
2358 : }
2359 7 : else if (c->signed_data.used)
2360 : {
2361 0 : log_error (_("not a detached signature\n"));
2362 0 : return;
2363 : }
2364 7 : else if (!opt.quiet)
2365 7 : log_info (_("old style (PGP 2.x) signature\n"));
2366 :
2367 23 : if (multiple_ok)
2368 : {
2369 49 : for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2370 26 : check_sig_and_print (c, n1);
2371 : }
2372 : else
2373 0 : check_sig_and_print (c, node);
2374 :
2375 : }
2376 : else
2377 : {
2378 0 : dump_kbnode (c->list);
2379 0 : log_error ("invalid root packet detected in proc_tree()\n");
2380 0 : dump_kbnode (node);
2381 : }
2382 : }
|
