2003-06-05 07:14:21 +00:00
|
|
|
/* mainproc.c - handle packets
|
2014-11-13 13:00:46 +01:00
|
|
|
* Copyright (C) 1998-2009 Free Software Foundation, Inc.
|
|
|
|
* Copyright (C) 2013-2014 Werner Koch
|
2024-09-03 18:20:51 +02:00
|
|
|
* Copyright (C) 2020, 2024 g10 Code GmbH
|
2003-06-05 07:14:21 +00:00
|
|
|
*
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
*
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 19:49:40 +00:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-06-05 07:14:21 +00:00
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-06-05 07:14:21 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <time.h>
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
#include "gpg.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
#include "../common/util.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
#include "packet.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
#include "../common/iobuf.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
#include "options.h"
|
|
|
|
#include "keydb.h"
|
|
|
|
#include "filter.h"
|
|
|
|
#include "main.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
#include "../common/status.h"
|
|
|
|
#include "../common/i18n.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
#include "trustdb.h"
|
|
|
|
#include "keyserver-internal.h"
|
|
|
|
#include "photoid.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
#include "../common/mbox-util.h"
|
2015-04-23 15:42:56 +02:00
|
|
|
#include "call-dirmngr.h"
|
2017-05-30 14:30:24 +02:00
|
|
|
#include "../common/compliance.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2013-10-02 09:11:43 +02:00
|
|
|
/* Put an upper limit on nested packets. The 32 is an arbitrary
|
|
|
|
value, a much lower should actually be sufficient. */
|
|
|
|
#define MAX_NESTING_DEPTH 32
|
|
|
|
|
|
|
|
|
2022-08-02 18:36:56 +02:00
|
|
|
/* An object to build a list of symkey packet info. */
|
|
|
|
struct symlist_item
|
|
|
|
{
|
|
|
|
struct symlist_item *next;
|
|
|
|
int cipher_algo;
|
|
|
|
int cfb_mode;
|
|
|
|
int other_error;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
/*
|
|
|
|
* Object to hold the processing context.
|
2003-06-05 07:14:21 +00:00
|
|
|
*/
|
|
|
|
typedef struct mainproc_context *CTX;
|
2006-04-19 11:26:11 +00:00
|
|
|
struct mainproc_context
|
|
|
|
{
|
2010-10-01 20:33:53 +00:00
|
|
|
ctrl_t ctrl;
|
2006-04-19 11:26:11 +00:00
|
|
|
struct mainproc_context *anchor; /* May be useful in the future. */
|
|
|
|
PKT_public_key *last_pubkey;
|
|
|
|
PKT_user_id *last_user_id;
|
|
|
|
md_filter_context_t mfx;
|
|
|
|
int sigs_only; /* Process only signatures and reject all other stuff. */
|
|
|
|
int encrypt_only; /* Process only encryption messages. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2006-12-21 19:40:00 +00:00
|
|
|
/* Name of the file with the complete signature or the file with the
|
|
|
|
detached signature. This is currently only used to deduce the
|
|
|
|
file name of the data file if that has not been given. */
|
2006-04-19 11:26:11 +00:00
|
|
|
const char *sigfilename;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2006-12-21 19:40:00 +00:00
|
|
|
/* A structure to describe the signed data in case of a detached
|
|
|
|
signature. */
|
2011-02-04 12:57:53 +01:00
|
|
|
struct
|
2006-12-21 19:40:00 +00:00
|
|
|
{
|
2017-02-20 16:19:50 -05:00
|
|
|
/* A file descriptor of the signed data. Only used if not -1. */
|
2023-07-05 10:21:23 +09:00
|
|
|
gnupg_fd_t data_fd;
|
2006-12-21 19:40:00 +00:00
|
|
|
/* A list of filenames with the data files or NULL. This is only
|
|
|
|
used if DATA_FD is -1. */
|
|
|
|
strlist_t data_names;
|
2010-03-08 18:19:21 +00:00
|
|
|
/* Flag to indicated that either one of the next previous fields
|
2006-12-21 19:40:00 +00:00
|
|
|
is used. This is only needed for better readability. */
|
|
|
|
int used;
|
|
|
|
} signed_data;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
DEK *dek;
|
|
|
|
int last_was_session_key;
|
2014-11-13 13:00:46 +01:00
|
|
|
kbnode_t list; /* The current list of packets. */
|
|
|
|
iobuf_t iobuf; /* Used to get the filename etc. */
|
2006-04-19 11:26:11 +00:00
|
|
|
int trustletter; /* Temporary usage in list_node. */
|
2017-06-19 17:50:02 +02:00
|
|
|
ulong symkeys; /* Number of symmetrically encrypted session keys. */
|
2018-08-27 13:12:31 +09:00
|
|
|
struct pubkey_enc_list *pkenc_list; /* List of encryption packets. */
|
2022-08-02 18:36:56 +02:00
|
|
|
struct symlist_item *symenc_list; /* List of sym. encryption packets. */
|
2018-11-09 18:07:38 +02:00
|
|
|
int seen_pkt_encrypted_aead; /* PKT_ENCRYPTED_AEAD packet seen. */
|
2022-02-08 18:31:54 +02:00
|
|
|
int seen_pkt_encrypted_mdc; /* PKT_ENCRYPTED_MDC packet seen. */
|
2013-10-04 08:20:49 +02:00
|
|
|
struct {
|
|
|
|
unsigned int sig_seen:1; /* Set to true if a signature packet
|
|
|
|
has been seen. */
|
|
|
|
unsigned int data:1; /* Any data packet seen */
|
|
|
|
unsigned int uncompress_failed:1;
|
|
|
|
} any;
|
2003-06-05 07:14:21 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2018-05-30 21:45:37 +02:00
|
|
|
/* Counter with the number of literal data packets seen. Note that
|
|
|
|
* this is also bumped at the end of an encryption. This counter is
|
|
|
|
* used for a basic consistency check of a received PGP message. */
|
|
|
|
static int literals_seen;
|
|
|
|
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
/*** Local prototypes. ***/
|
2024-09-09 16:41:35 +02:00
|
|
|
static int do_proc_packets (CTX c, iobuf_t a, int keep_dek_and_list);
|
2014-11-13 13:00:46 +01:00
|
|
|
static void list_node (CTX c, kbnode_t node);
|
|
|
|
static void proc_tree (CTX c, kbnode_t node);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/*** Functions. ***/
|
|
|
|
|
2018-05-30 21:45:37 +02:00
|
|
|
/* Reset the literal data counter. This is required to setup a new
|
|
|
|
* decryption or verification context. */
|
2007-05-03 04:44:12 +00:00
|
|
|
void
|
|
|
|
reset_literals_seen(void)
|
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
literals_seen = 0;
|
2007-05-03 04:44:12 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static void
|
|
|
|
release_list( CTX c )
|
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_tree (c, c->list);
|
|
|
|
release_kbnode (c->list);
|
|
|
|
while (c->pkenc_list)
|
|
|
|
{
|
2018-08-27 13:12:31 +09:00
|
|
|
struct pubkey_enc_list *tmp = c->pkenc_list->next;
|
|
|
|
|
2024-09-03 18:20:51 +02:00
|
|
|
release_pubkey_enc_parts (&c->pkenc_list->d);
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (c->pkenc_list);
|
|
|
|
c->pkenc_list = tmp;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
c->pkenc_list = NULL;
|
2022-08-02 18:36:56 +02:00
|
|
|
while (c->symenc_list)
|
|
|
|
{
|
|
|
|
struct symlist_item *tmp = c->symenc_list->next;
|
|
|
|
xfree (c->symenc_list);
|
|
|
|
c->symenc_list = tmp;
|
|
|
|
}
|
|
|
|
c->symenc_list = NULL;
|
2014-11-13 13:00:46 +01:00
|
|
|
c->list = NULL;
|
|
|
|
c->any.data = 0;
|
|
|
|
c->any.uncompress_failed = 0;
|
|
|
|
c->last_was_session_key = 0;
|
2018-11-09 18:07:38 +02:00
|
|
|
c->seen_pkt_encrypted_aead = 0;
|
2022-02-08 18:31:54 +02:00
|
|
|
c->seen_pkt_encrypted_mdc = 0;
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
add_onepass_sig (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
kbnode_t node;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (c->list) /* Add another packet. */
|
|
|
|
add_kbnode (c->list, new_kbnode (pkt));
|
|
|
|
else /* Insert the first one. */
|
|
|
|
c->list = node = new_kbnode (pkt);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
add_gpg_control (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
|
|
|
|
{
|
|
|
|
/* New clear text signature.
|
|
|
|
* Process the last one and reset everything */
|
|
|
|
release_list(c);
|
2011-02-04 12:57:53 +01:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (c->list) /* Add another packet. */
|
|
|
|
add_kbnode (c->list, new_kbnode (pkt));
|
|
|
|
else /* Insert the first one. */
|
|
|
|
c->list = new_kbnode (pkt);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
add_user_id (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!c->list)
|
|
|
|
{
|
|
|
|
log_error ("orphaned user ID\n");
|
|
|
|
return 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
add_kbnode (c->list, new_kbnode (pkt));
|
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
add_subkey (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!c->list)
|
|
|
|
{
|
|
|
|
log_error ("subkey w/o mainkey\n");
|
|
|
|
return 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
add_kbnode (c->list, new_kbnode (pkt));
|
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
add_ring_trust (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!c->list)
|
|
|
|
{
|
|
|
|
log_error ("ring trust w/o key\n");
|
|
|
|
return 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
add_kbnode (c->list, new_kbnode (pkt));
|
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
add_signature (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
kbnode_t node;
|
|
|
|
|
|
|
|
c->any.sig_seen = 1;
|
|
|
|
if (pkt->pkttype == PKT_SIGNATURE && !c->list)
|
|
|
|
{
|
|
|
|
/* This is the first signature for the following datafile.
|
|
|
|
* GPG does not write such packets; instead it always uses
|
|
|
|
* onepass-sig packets. The drawback of PGP's method
|
|
|
|
* of prepending the signature to the data is
|
|
|
|
* that it is not possible to make a signature from data read
|
|
|
|
* from stdin. (GPG is able to read PGP stuff anyway.) */
|
|
|
|
node = new_kbnode (pkt);
|
|
|
|
c->list = node;
|
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (!c->list)
|
|
|
|
return 0; /* oops (invalid packet sequence)*/
|
|
|
|
else if (!c->list->pkt)
|
|
|
|
BUG(); /* so nicht */
|
|
|
|
|
|
|
|
/* Add a new signature node item at the end. */
|
|
|
|
node = new_kbnode (pkt);
|
|
|
|
add_kbnode (c->list, node);
|
|
|
|
|
|
|
|
return 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2018-01-23 12:07:25 +01:00
|
|
|
static gpg_error_t
|
2014-11-13 13:00:46 +01:00
|
|
|
symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2018-01-23 12:07:25 +01:00
|
|
|
gpg_error_t err;
|
2006-04-19 11:26:11 +00:00
|
|
|
gcry_cipher_hd_t hd;
|
2018-01-23 12:07:25 +01:00
|
|
|
unsigned int noncelen, keylen;
|
|
|
|
enum gcry_cipher_modes ciphermode;
|
|
|
|
|
|
|
|
if (dek->use_aead)
|
|
|
|
{
|
|
|
|
err = openpgp_aead_algo_info (dek->use_aead, &ciphermode, &noncelen);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ciphermode = GCRY_CIPHER_MODE_CFB;
|
|
|
|
noncelen = 0;
|
|
|
|
}
|
2003-08-18 21:25:03 +00:00
|
|
|
|
2018-01-23 12:07:25 +01:00
|
|
|
/* Check that the session key has a size of 16 to 32 bytes. */
|
|
|
|
if ((dek->use_aead && (slen < (noncelen + 16 + 16)
|
|
|
|
|| slen > (noncelen + 32 + 16)))
|
|
|
|
|| (!dek->use_aead && (slen < 17 || slen > 33)))
|
2003-08-18 21:25:03 +00:00
|
|
|
{
|
|
|
|
log_error ( _("weird size for an encrypted session key (%d)\n"),
|
2006-04-19 11:26:11 +00:00
|
|
|
(int)slen);
|
2018-01-23 12:07:25 +01:00
|
|
|
return gpg_error (GPG_ERR_BAD_KEY);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2018-01-23 12:07:25 +01:00
|
|
|
err = openpgp_cipher_open (&hd, dek->algo, ciphermode, GCRY_CIPHER_SECURE);
|
|
|
|
if (!err)
|
|
|
|
err = gcry_cipher_setkey (hd, dek->key, dek->keylen);
|
|
|
|
if (!err)
|
|
|
|
err = gcry_cipher_setiv (hd, noncelen? seskey : NULL, noncelen);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2018-01-23 12:07:25 +01:00
|
|
|
if (dek->use_aead)
|
|
|
|
{
|
|
|
|
byte ad[4];
|
|
|
|
|
|
|
|
ad[0] = (0xc0 | PKT_SYMKEY_ENC);
|
|
|
|
ad[1] = 5;
|
|
|
|
ad[2] = dek->algo;
|
|
|
|
ad[3] = dek->use_aead;
|
|
|
|
err = gcry_cipher_authenticate (hd, ad, 4);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
gcry_cipher_final (hd);
|
|
|
|
keylen = slen - noncelen - 16;
|
|
|
|
err = gcry_cipher_decrypt (hd, seskey+noncelen, keylen, NULL, 0);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
err = gcry_cipher_checktag (hd, seskey+noncelen+keylen, 16);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
/* Now we replace the dek components with the real session key to
|
|
|
|
* decrypt the contents of the sequencing packet. */
|
|
|
|
if (keylen > DIM(dek->key))
|
|
|
|
{
|
|
|
|
err = gpg_error (GPG_ERR_TOO_LARGE);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
dek->keylen = keylen;
|
|
|
|
memcpy (dek->key, seskey + noncelen, dek->keylen);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
gcry_cipher_decrypt (hd, seskey, slen, NULL, 0 );
|
2018-02-23 10:49:19 +01:00
|
|
|
/* Here we can only test whether the algo given in decrypted
|
|
|
|
* session key is a valid OpenPGP algo. With 11 defined
|
|
|
|
* symmetric algorithms we will miss 4.3% of wrong passphrases
|
|
|
|
* here. The actual checking is done later during bulk
|
|
|
|
* decryption; we can't bring this check forward easily. We
|
|
|
|
* need to use the GPG_ERR_CHECKSUM so that we won't run into
|
|
|
|
* the gnupg < 2.2 bug compatible case which would terminate the
|
|
|
|
* process on GPG_ERR_CIPHER_ALGO. Note that with AEAD (above)
|
|
|
|
* we will have a reliable test here. */
|
2019-07-18 10:59:29 +09:00
|
|
|
if (openpgp_cipher_test_algo (seskey[0])
|
|
|
|
|| openpgp_cipher_get_algo_keylen (seskey[0]) != slen - 1)
|
2018-02-23 10:49:19 +01:00
|
|
|
{
|
|
|
|
err = gpg_error (GPG_ERR_CHECKSUM);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
2018-01-23 12:07:25 +01:00
|
|
|
/* Now we replace the dek components with the real session key to
|
|
|
|
* decrypt the contents of the sequencing packet. */
|
|
|
|
keylen = slen-1;
|
|
|
|
if (keylen > DIM(dek->key))
|
|
|
|
{
|
|
|
|
err = gpg_error (GPG_ERR_TOO_LARGE);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
dek->algo = seskey[0];
|
|
|
|
dek->keylen = keylen;
|
|
|
|
memcpy (dek->key, seskey + 1, dek->keylen);
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
|
|
|
|
|
2018-01-23 12:07:25 +01:00
|
|
|
leave:
|
|
|
|
gcry_cipher_close (hd);
|
|
|
|
return err;
|
2011-02-04 12:57:53 +01:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static void
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_symkey_enc (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2018-01-23 12:07:25 +01:00
|
|
|
gpg_error_t err;
|
2014-11-13 13:00:46 +01:00
|
|
|
PKT_symkey_enc *enc;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
enc = pkt->pkt.symkey_enc;
|
|
|
|
if (!enc)
|
|
|
|
log_error ("invalid symkey encrypted packet\n");
|
|
|
|
else if(!c->dek)
|
|
|
|
{
|
|
|
|
int algo = enc->cipher_algo;
|
|
|
|
const char *s = openpgp_cipher_algo_name (algo);
|
2018-01-23 12:07:25 +01:00
|
|
|
const char *a = (enc->aead_algo ? openpgp_aead_algo_name (enc->aead_algo)
|
|
|
|
/**/ : "CFB");
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
if (!openpgp_cipher_test_algo (algo))
|
|
|
|
{
|
|
|
|
if (!opt.quiet)
|
|
|
|
{
|
|
|
|
if (enc->seskeylen)
|
2018-01-23 12:07:25 +01:00
|
|
|
log_info (_("%s.%s encrypted session key\n"), s, a );
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
2018-01-23 12:07:25 +01:00
|
|
|
log_info (_("%s.%s encrypted data\n"), s, a );
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
2021-01-27 11:45:33 +01:00
|
|
|
{
|
|
|
|
log_error (_("encrypted with unknown algorithm %d.%s\n"), algo, a);
|
|
|
|
s = NULL; /* Force a goto leave. */
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
if (openpgp_md_test_algo (enc->s2k.hash_algo))
|
|
|
|
{
|
|
|
|
log_error(_("passphrase generated with unknown digest"
|
|
|
|
" algorithm %d\n"),enc->s2k.hash_algo);
|
|
|
|
s = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
c->last_was_session_key = 2;
|
|
|
|
if (!s || opt.list_only)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
if (opt.override_session_key)
|
|
|
|
{
|
|
|
|
c->dek = xmalloc_clear (sizeof *c->dek);
|
|
|
|
if (get_override_session_key (c->dek, opt.override_session_key))
|
|
|
|
{
|
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2021-05-17 19:27:54 +02:00
|
|
|
c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL,
|
|
|
|
GETPASSWORD_FLAG_SYMDECRYPT, NULL);
|
2014-11-13 13:00:46 +01:00
|
|
|
if (c->dek)
|
|
|
|
{
|
|
|
|
c->dek->symmetric = 1;
|
2018-01-23 12:07:25 +01:00
|
|
|
c->dek->use_aead = enc->aead_algo;
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/* FIXME: This doesn't work perfectly if a symmetric key
|
|
|
|
comes before a public key in the message - if the
|
|
|
|
user doesn't know the passphrase, then there is a
|
|
|
|
chance that the "decrypted" algorithm will happen to
|
|
|
|
be a valid one, which will make the returned dek
|
|
|
|
appear valid, so we won't try any public keys that
|
|
|
|
come later. */
|
|
|
|
if (enc->seskeylen)
|
|
|
|
{
|
2018-01-23 12:07:25 +01:00
|
|
|
err = symkey_decrypt_seskey (c->dek,
|
|
|
|
enc->seskey, enc->seskeylen);
|
|
|
|
if (err)
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
2018-01-23 12:07:25 +01:00
|
|
|
log_info ("decryption of the symmetrically encrypted"
|
|
|
|
" session key failed: %s\n",
|
|
|
|
gpg_strerror (err));
|
2018-01-23 11:54:02 +01:00
|
|
|
if (gpg_err_code (err) != GPG_ERR_BAD_KEY
|
|
|
|
&& gpg_err_code (err) != GPG_ERR_CHECKSUM)
|
2018-01-23 12:07:25 +01:00
|
|
|
log_fatal ("process terminated to be bug compatible"
|
|
|
|
" with GnuPG <= 2.2\n");
|
2022-04-25 11:18:40 +02:00
|
|
|
else
|
|
|
|
write_status_text (STATUS_ERROR,
|
|
|
|
"symkey_decrypt.maybe_error"
|
|
|
|
" 11_BAD_PASSPHRASE");
|
|
|
|
|
2018-01-23 11:54:02 +01:00
|
|
|
if (c->dek->s2k_cacheid[0])
|
|
|
|
{
|
|
|
|
if (opt.debug)
|
|
|
|
log_debug ("cleared passphrase cached with ID:"
|
|
|
|
" %s\n", c->dek->s2k_cacheid);
|
|
|
|
passphrase_clear_cache (c->dek->s2k_cacheid);
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
c->dek->algo_info_printed = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
leave:
|
2022-08-02 18:36:56 +02:00
|
|
|
/* Record infos from the packet. */
|
|
|
|
{
|
|
|
|
struct symlist_item *symitem;
|
|
|
|
symitem = xcalloc (1, sizeof *symitem);
|
|
|
|
if (enc)
|
|
|
|
{
|
|
|
|
symitem->cipher_algo = enc->cipher_algo;
|
|
|
|
symitem->cfb_mode = !enc->aead_algo;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
symitem->other_error = 1;
|
|
|
|
symitem->next = c->symenc_list;
|
|
|
|
c->symenc_list = symitem;
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
c->symkeys++;
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet (pkt, NULL);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static void
|
2018-08-27 13:12:31 +09:00
|
|
|
proc_pubkey_enc (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
PKT_pubkey_enc *enc;
|
|
|
|
|
|
|
|
/* Check whether the secret key is available and store in this case. */
|
|
|
|
c->last_was_session_key = 1;
|
|
|
|
enc = pkt->pkt.pubkey_enc;
|
|
|
|
/*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
|
|
|
|
/* Hmmm: why do I have this algo check here - anyway there is
|
|
|
|
* function to check it. */
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info (_("public key is %s\n"), keystr (enc->keyid));
|
|
|
|
|
2018-08-27 13:12:31 +09:00
|
|
|
if (is_status_enabled ())
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
|
|
|
char buf[50];
|
|
|
|
snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
|
2018-08-27 13:12:31 +09:00
|
|
|
(ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
|
2014-11-13 13:00:46 +01:00
|
|
|
write_status_text (STATUS_ENC_TO, buf);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2018-08-27 13:12:31 +09:00
|
|
|
if (!opt.list_only && !opt.override_session_key)
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
2024-09-03 18:20:51 +02:00
|
|
|
struct pubkey_enc_list *x = xcalloc (1, sizeof *x);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2024-09-03 18:20:51 +02:00
|
|
|
copy_pubkey_enc_parts (&x->d, enc);
|
2019-01-16 10:27:21 +09:00
|
|
|
x->result = -1;
|
2014-11-13 13:00:46 +01:00
|
|
|
x->next = c->pkenc_list;
|
|
|
|
c->pkenc_list = x;
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet(pkt, NULL);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
/*
|
2003-06-05 07:14:21 +00:00
|
|
|
* Print the list of public key encrypted packets which we could
|
|
|
|
* not decrypt.
|
|
|
|
*/
|
|
|
|
static void
|
2018-08-27 13:12:31 +09:00
|
|
|
print_pkenc_list (ctrl_t ctrl, struct pubkey_enc_list *list)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
for (; list; list = list->next)
|
|
|
|
{
|
|
|
|
PKT_public_key *pk;
|
2019-04-03 09:04:49 +02:00
|
|
|
char pkstrbuf[PUBKEY_STRING_SIZE];
|
|
|
|
char *p;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
pk = xmalloc_clear (sizeof *pk);
|
|
|
|
|
2024-09-03 18:20:51 +02:00
|
|
|
pk->pubkey_algo = list->d.pubkey_algo;
|
|
|
|
if (!get_pubkey (ctrl, pk, list->d.keyid))
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
2019-04-03 09:04:49 +02:00
|
|
|
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
|
|
|
|
|
|
|
|
log_info (_("encrypted with %s key, ID %s, created %s\n"),
|
|
|
|
pkstrbuf, keystr_from_pk (pk),
|
2014-11-13 13:00:46 +01:00
|
|
|
strtimestamp (pk->timestamp));
|
2024-09-03 18:20:51 +02:00
|
|
|
p = get_user_id_native (ctrl, list->d.keyid);
|
2014-11-13 13:00:46 +01:00
|
|
|
log_printf (_(" \"%s\"\n"), p);
|
|
|
|
xfree (p);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
log_info (_("encrypted with %s key, ID %s\n"),
|
2024-09-03 18:20:51 +02:00
|
|
|
openpgp_pk_algo_name (list->d.pubkey_algo),
|
|
|
|
keystr (list->d.keyid));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2024-04-24 09:56:30 +02:00
|
|
|
if (opt.flags.require_pqc_encryption
|
|
|
|
&& pk->pubkey_algo != PUBKEY_ALGO_KYBER)
|
|
|
|
log_info (_("WARNING: key is not quantum-resistant\n"));
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
free_public_key (pk);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_encrypted (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
int result = 0;
|
2018-06-06 15:46:24 +02:00
|
|
|
int early_plaintext = literals_seen;
|
2022-03-08 10:13:44 +01:00
|
|
|
unsigned int compliance_de_vs = 0;
|
2018-06-06 15:46:24 +02:00
|
|
|
|
2024-09-09 16:41:35 +02:00
|
|
|
if (pkt)
|
|
|
|
{
|
|
|
|
if (pkt->pkttype == PKT_ENCRYPTED_AEAD)
|
|
|
|
c->seen_pkt_encrypted_aead = 1;
|
|
|
|
if (pkt->pkttype == PKT_ENCRYPTED_MDC)
|
|
|
|
c->seen_pkt_encrypted_mdc = 1;
|
|
|
|
}
|
|
|
|
else /* No PKT indicates the the add-recipients mode. */
|
|
|
|
log_assert (c->ctrl->modify_recipients);
|
2018-11-09 18:07:38 +02:00
|
|
|
|
2018-06-06 15:46:24 +02:00
|
|
|
if (early_plaintext)
|
|
|
|
{
|
|
|
|
log_info (_("WARNING: multiple plaintexts seen\n"));
|
|
|
|
write_status_errcode ("decryption.early_plaintext", GPG_ERR_BAD_DATA);
|
|
|
|
/* We fail only later so that we can print some more info first. */
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!opt.quiet)
|
|
|
|
{
|
|
|
|
if (c->symkeys>1)
|
|
|
|
log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
|
|
|
|
else if (c->symkeys == 1)
|
|
|
|
log_info (_("encrypted with 1 passphrase\n"));
|
2018-08-27 13:12:31 +09:00
|
|
|
print_pkenc_list (c->ctrl, c->pkenc_list);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Figure out the session key by looking at all pkenc packets. */
|
|
|
|
if (opt.list_only || c->dek)
|
|
|
|
;
|
|
|
|
else if (opt.override_session_key)
|
|
|
|
{
|
|
|
|
c->dek = xmalloc_clear (sizeof *c->dek);
|
|
|
|
result = get_override_session_key (c->dek, opt.override_session_key);
|
|
|
|
if (result)
|
|
|
|
{
|
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
|
|
|
log_info (_("public key decryption failed: %s\n"),
|
|
|
|
gpg_strerror (result));
|
|
|
|
write_status_error ("pkdecrypt_failed", result);
|
|
|
|
}
|
|
|
|
}
|
2019-07-12 09:26:00 +09:00
|
|
|
else if (c->pkenc_list)
|
2018-08-27 13:12:31 +09:00
|
|
|
{
|
|
|
|
c->dek = xmalloc_secure_clear (sizeof *c->dek);
|
|
|
|
result = get_session_key (c->ctrl, c->pkenc_list, c->dek);
|
2019-01-16 10:27:21 +09:00
|
|
|
if (is_status_enabled ())
|
2018-08-27 13:12:31 +09:00
|
|
|
{
|
2019-01-16 10:27:21 +09:00
|
|
|
struct pubkey_enc_list *list;
|
|
|
|
|
|
|
|
for (list = c->pkenc_list; list; list = list->next)
|
2021-08-24 10:39:59 +09:00
|
|
|
if (list->result)
|
|
|
|
{ /* Key was not tried or it caused an error. */
|
2019-01-16 10:27:21 +09:00
|
|
|
char buf[20];
|
|
|
|
snprintf (buf, sizeof buf, "%08lX%08lX",
|
2024-09-03 18:20:51 +02:00
|
|
|
(ulong)list->d.keyid[0], (ulong)list->d.keyid[1]);
|
2019-01-16 10:27:21 +09:00
|
|
|
write_status_text (STATUS_NO_SECKEY, buf);
|
|
|
|
}
|
2018-08-27 13:12:31 +09:00
|
|
|
}
|
2019-01-16 10:27:21 +09:00
|
|
|
|
|
|
|
if (result)
|
2018-08-27 13:12:31 +09:00
|
|
|
{
|
|
|
|
log_info (_("public key decryption failed: %s\n"),
|
|
|
|
gpg_strerror (result));
|
|
|
|
write_status_error ("pkdecrypt_failed", result);
|
|
|
|
|
|
|
|
/* Error: Delete the DEK. */
|
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2018-08-27 13:12:31 +09:00
|
|
|
if (c->dek && opt.verbose > 1)
|
|
|
|
log_info (_("public key encrypted data: good DEK\n"));
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2024-09-09 16:41:35 +02:00
|
|
|
if (c->ctrl->modify_recipients)
|
|
|
|
{
|
|
|
|
if (c->anchor)
|
|
|
|
{
|
|
|
|
log_error ("command not possible with nested data\n");
|
|
|
|
write_status_errcode ("decryption.mod_recp", GPG_ERR_BAD_DATA);
|
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
literals_seen++;
|
|
|
|
/* Simply return here. Our caller will then test for DEK and
|
|
|
|
* the PK_list to decide whether decryption worked. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2024-06-24 16:31:24 +02:00
|
|
|
if (!opt.show_only_session_key)
|
|
|
|
write_status (STATUS_BEGIN_DECRYPTION);
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
|
|
|
|
if (opt.list_only)
|
|
|
|
result = -1;
|
|
|
|
else if (!c->dek && !c->last_was_session_key)
|
|
|
|
{
|
|
|
|
int algo;
|
|
|
|
STRING2KEY s2kbuf;
|
|
|
|
STRING2KEY *s2k = NULL;
|
2014-11-17 13:08:23 +01:00
|
|
|
int canceled;
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
if (opt.override_session_key)
|
|
|
|
{
|
|
|
|
c->dek = xmalloc_clear (sizeof *c->dek);
|
|
|
|
result = get_override_session_key (c->dek, opt.override_session_key);
|
|
|
|
if (result)
|
|
|
|
{
|
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Assume this is old style conventional encrypted data. */
|
|
|
|
algo = opt.def_cipher_algo;
|
|
|
|
if (algo)
|
|
|
|
log_info (_("assuming %s encrypted data\n"),
|
|
|
|
openpgp_cipher_algo_name (algo));
|
|
|
|
else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
|
|
|
|
{
|
|
|
|
algo = opt.def_cipher_algo;
|
|
|
|
if (!algo)
|
|
|
|
algo = opt.s2k_cipher_algo;
|
|
|
|
log_info (_("IDEA cipher unavailable, "
|
|
|
|
"optimistically attempting to use %s instead\n"),
|
2007-12-12 10:28:30 +00:00
|
|
|
openpgp_cipher_algo_name (algo));
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
algo = CIPHER_ALGO_IDEA;
|
|
|
|
if (!opt.s2k_digest_algo)
|
|
|
|
{
|
|
|
|
/* If no digest is given we assume SHA-1. */
|
|
|
|
s2kbuf.mode = 0;
|
|
|
|
s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
|
|
|
|
s2k = &s2kbuf;
|
|
|
|
}
|
|
|
|
log_info (_("assuming %s encrypted data\n"), "IDEA");
|
|
|
|
}
|
|
|
|
|
2021-05-17 19:27:54 +02:00
|
|
|
c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL,
|
|
|
|
GETPASSWORD_FLAG_SYMDECRYPT, &canceled);
|
2014-11-13 13:00:46 +01:00
|
|
|
if (c->dek)
|
|
|
|
c->dek->algo_info_printed = 1;
|
2014-11-17 13:08:23 +01:00
|
|
|
else if (canceled)
|
|
|
|
result = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
else
|
|
|
|
result = gpg_error (GPG_ERR_INV_PASSPHRASE);
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-17 13:08:23 +01:00
|
|
|
else if (!c->dek)
|
2019-07-05 15:16:08 +09:00
|
|
|
{
|
2019-07-12 09:26:00 +09:00
|
|
|
if (c->symkeys && !c->pkenc_list)
|
|
|
|
result = gpg_error (GPG_ERR_BAD_KEY);
|
|
|
|
|
2019-07-05 15:16:08 +09:00
|
|
|
if (!result)
|
2019-07-12 09:26:00 +09:00
|
|
|
result = gpg_error (GPG_ERR_NO_SECKEY);
|
2019-07-05 15:16:08 +09:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2017-05-30 14:30:24 +02:00
|
|
|
/* Compute compliance with CO_DE_VS. */
|
2022-11-28 08:21:59 +01:00
|
|
|
if (!result && (is_status_enabled () || opt.flags.require_compliance)
|
2017-05-30 14:30:24 +02:00
|
|
|
/* Overriding session key voids compliance. */
|
2017-06-19 17:50:02 +02:00
|
|
|
&& !opt.override_session_key
|
2017-05-30 14:30:24 +02:00
|
|
|
/* Check symmetric cipher. */
|
2021-01-28 15:48:08 +01:00
|
|
|
&& gnupg_gcrypt_is_compliant (CO_DE_VS)
|
2017-06-19 17:50:02 +02:00
|
|
|
&& gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo,
|
|
|
|
GCRY_CIPHER_MODE_CFB))
|
2017-05-30 14:30:24 +02:00
|
|
|
{
|
2018-08-27 13:12:31 +09:00
|
|
|
struct pubkey_enc_list *i;
|
2022-08-02 18:36:56 +02:00
|
|
|
struct symlist_item *si;
|
2017-05-30 14:30:24 +02:00
|
|
|
int compliant = 1;
|
|
|
|
PKT_public_key *pk = xmalloc (sizeof *pk);
|
|
|
|
|
2017-06-19 17:50:02 +02:00
|
|
|
if ( !(c->pkenc_list || c->symkeys) )
|
|
|
|
log_debug ("%s: where else did the session key come from?\n", __func__);
|
2017-05-30 14:30:24 +02:00
|
|
|
|
2022-08-02 18:36:56 +02:00
|
|
|
/* Check that all seen symmetric key packets use compliant
|
|
|
|
* algos. This is so that no non-compliant encrypted session
|
|
|
|
* key can be sneaked in. */
|
|
|
|
for (si = c->symenc_list; si && compliant; si = si->next)
|
|
|
|
{
|
|
|
|
if (!si->cfb_mode
|
|
|
|
|| !gnupg_cipher_is_compliant (CO_DE_VS, si->cipher_algo,
|
|
|
|
GCRY_CIPHER_MODE_CFB))
|
|
|
|
compliant = 0;
|
|
|
|
}
|
|
|
|
|
2022-09-22 10:07:42 +02:00
|
|
|
/* Check that every known public key used to encrypt the session key
|
2022-08-02 18:36:56 +02:00
|
|
|
* is compliant. */
|
2017-05-30 14:30:24 +02:00
|
|
|
for (i = c->pkenc_list; i && compliant; i = i->next)
|
|
|
|
{
|
|
|
|
memset (pk, 0, sizeof *pk);
|
2024-09-03 18:20:51 +02:00
|
|
|
pk->pubkey_algo = i->d.pubkey_algo;
|
|
|
|
if (!get_pubkey (c->ctrl, pk, i->d.keyid)
|
2022-09-22 10:07:42 +02:00
|
|
|
&& !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0,
|
|
|
|
pk->pkey, nbits_from_pk (pk), NULL))
|
2017-05-30 14:30:24 +02:00
|
|
|
compliant = 0;
|
|
|
|
release_public_key_parts (pk);
|
|
|
|
}
|
|
|
|
|
|
|
|
xfree (pk);
|
|
|
|
|
|
|
|
if (compliant)
|
2022-03-18 11:13:23 +01:00
|
|
|
compliance_de_vs |= 1;
|
2017-05-30 14:30:24 +02:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!result)
|
2022-03-18 11:13:23 +01:00
|
|
|
{
|
|
|
|
int compl_error;
|
|
|
|
result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek,
|
|
|
|
&compl_error);
|
|
|
|
if (!result && !compl_error)
|
|
|
|
compliance_de_vs |= 2;
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2024-09-19 10:00:24 +02:00
|
|
|
/* Trigger the deferred error. */
|
2018-06-06 15:46:24 +02:00
|
|
|
if (!result && early_plaintext)
|
|
|
|
result = gpg_error (GPG_ERR_BAD_DATA);
|
2024-06-24 16:31:24 +02:00
|
|
|
else if (!result && opt.show_only_session_key)
|
|
|
|
result = -1;
|
2024-09-19 10:00:24 +02:00
|
|
|
|
2018-06-06 15:46:24 +02:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (result == -1)
|
|
|
|
;
|
2015-10-06 09:40:57 +02:00
|
|
|
else if (!result
|
|
|
|
&& !opt.ignore_mdc_error
|
|
|
|
&& !pkt->pkt.encrypted->mdc_method
|
2018-05-15 12:33:03 +02:00
|
|
|
&& !pkt->pkt.encrypted->aead_algo)
|
2015-10-06 09:40:57 +02:00
|
|
|
{
|
2018-05-15 12:33:03 +02:00
|
|
|
/* The message has been decrypted but does not carry an MDC or
|
|
|
|
* uses AEAD encryption. --ignore-mdc-error has also not been
|
|
|
|
* used. To avoid attacks changing an MDC message to a non-MDC
|
|
|
|
* message, we fail here. */
|
2015-10-06 09:40:57 +02:00
|
|
|
log_error (_("WARNING: message was not integrity protected\n"));
|
2018-05-31 12:59:40 +02:00
|
|
|
if (!pkt->pkt.encrypted->mdc_method
|
|
|
|
&& (openpgp_cipher_get_algo_blklen (c->dek->algo) == 8
|
|
|
|
|| c->dek->algo == CIPHER_ALGO_TWOFISH))
|
|
|
|
{
|
|
|
|
/* Before 2.2.8 we did not fail hard for a missing MDC if
|
|
|
|
* one of the old ciphers where used. Although these cases
|
|
|
|
* are rare in practice we print a hint on how to decrypt
|
|
|
|
* such messages. */
|
|
|
|
log_string
|
|
|
|
(GPGRT_LOGLVL_INFO,
|
|
|
|
_("Hint: If this message was created before the year 2003 it is\n"
|
|
|
|
"likely that this message is legitimate. This is because back\n"
|
|
|
|
"then integrity protection was not widely used.\n"));
|
|
|
|
log_info (_("Use the option '%s' to decrypt anyway.\n"),
|
|
|
|
"--ignore-mdc-error");
|
|
|
|
write_status_errcode ("nomdc_with_legacy_cipher",
|
|
|
|
GPG_ERR_DECRYPT_FAILED);
|
|
|
|
}
|
|
|
|
log_info (_("decryption forced to fail!\n"));
|
2015-10-06 09:40:57 +02:00
|
|
|
write_status (STATUS_DECRYPTION_FAILED);
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
|
2018-01-21 16:24:43 +01:00
|
|
|
&& !pkt->pkt.encrypted->aead_algo
|
2014-11-13 13:00:46 +01:00
|
|
|
&& opt.ignore_mdc_error))
|
|
|
|
{
|
2018-01-21 16:24:43 +01:00
|
|
|
/* All is fine or for an MDC message the MDC failed but the
|
|
|
|
* --ignore-mdc-error option is active. For compatibility
|
|
|
|
* reasons we issue GOODMDC also for AEAD messages. */
|
2014-11-13 13:00:46 +01:00
|
|
|
write_status (STATUS_DECRYPTION_OKAY);
|
|
|
|
if (opt.verbose > 1)
|
|
|
|
log_info(_("decryption okay\n"));
|
2018-01-21 16:24:43 +01:00
|
|
|
|
|
|
|
if (pkt->pkt.encrypted->aead_algo)
|
2022-03-08 10:13:44 +01:00
|
|
|
{
|
|
|
|
write_status (STATUS_GOODMDC);
|
2022-03-18 11:13:23 +01:00
|
|
|
compliance_de_vs |= 4;
|
2022-03-08 10:13:44 +01:00
|
|
|
}
|
2018-01-21 16:24:43 +01:00
|
|
|
else if (pkt->pkt.encrypted->mdc_method && !result)
|
2022-03-08 10:13:44 +01:00
|
|
|
{
|
|
|
|
write_status (STATUS_GOODMDC);
|
2022-03-18 11:13:23 +01:00
|
|
|
compliance_de_vs |= 4;
|
2022-03-08 10:13:44 +01:00
|
|
|
}
|
2018-05-15 12:19:40 +02:00
|
|
|
else
|
2014-11-13 13:00:46 +01:00
|
|
|
log_info (_("WARNING: message was not integrity protected\n"));
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2018-01-21 16:24:43 +01:00
|
|
|
else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
|
|
|
|
|| gpg_err_code (result) == GPG_ERR_TRUNCATED)
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
|
|
|
glo_ctrl.lasterr = result;
|
|
|
|
log_error (_("WARNING: encrypted message has been manipulated!\n"));
|
|
|
|
write_status (STATUS_BADMDC);
|
|
|
|
write_status (STATUS_DECRYPTION_FAILED);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
{
|
2022-04-25 11:18:40 +02:00
|
|
|
if (gpg_err_code (result) == GPG_ERR_BAD_KEY
|
|
|
|
|| gpg_err_code (result) == GPG_ERR_CHECKSUM
|
|
|
|
|| gpg_err_code (result) == GPG_ERR_CIPHER_ALGO)
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
2022-04-25 11:18:40 +02:00
|
|
|
if (c->symkeys)
|
|
|
|
write_status_text (STATUS_ERROR,
|
|
|
|
"symkey_decrypt.maybe_error"
|
|
|
|
" 11_BAD_PASSPHRASE");
|
|
|
|
|
|
|
|
if (c->dek && *c->dek->s2k_cacheid != '\0')
|
|
|
|
{
|
|
|
|
if (opt.debug)
|
|
|
|
log_debug ("cleared passphrase cached with ID: %s\n",
|
|
|
|
c->dek->s2k_cacheid);
|
|
|
|
passphrase_clear_cache (c->dek->s2k_cacheid);
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
|
|
|
glo_ctrl.lasterr = result;
|
|
|
|
write_status (STATUS_DECRYPTION_FAILED);
|
2015-01-22 12:06:11 +01:00
|
|
|
log_error (_("decryption failed: %s\n"), gpg_strerror (result));
|
2014-11-13 13:00:46 +01:00
|
|
|
/* Hmmm: does this work when we have encrypted using multiple
|
|
|
|
* ways to specify the session key (symmmetric and PK). */
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2022-03-18 11:13:23 +01:00
|
|
|
|
|
|
|
/* If we concluded that the decryption was compliant, issue a
|
2022-08-02 18:36:56 +02:00
|
|
|
* compliance status before the end of the decryption status. */
|
2022-03-18 11:13:23 +01:00
|
|
|
if (compliance_de_vs == (4|2|1))
|
|
|
|
{
|
|
|
|
write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
|
|
|
|
gnupg_status_compliance_flag (CO_DE_VS),
|
|
|
|
NULL);
|
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (c->dek);
|
|
|
|
c->dek = NULL;
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet (pkt, NULL);
|
2014-11-13 13:00:46 +01:00
|
|
|
c->last_was_session_key = 0;
|
2024-06-24 16:31:24 +02:00
|
|
|
|
|
|
|
if (!opt.show_only_session_key)
|
|
|
|
write_status (STATUS_END_DECRYPTION);
|
2018-05-30 21:45:37 +02:00
|
|
|
|
|
|
|
/* Bump the counter even if we have not seen a literal data packet
|
|
|
|
* inside an encryption container. This acts as a sentinel in case
|
|
|
|
* a misplace extra literal data packets follows after this
|
|
|
|
* encrypted packet. */
|
|
|
|
literals_seen++;
|
2022-03-08 10:13:44 +01:00
|
|
|
|
2024-01-29 09:16:21 +01:00
|
|
|
/* The --require-compliance option allows one to simplify decryption in
|
2022-03-08 10:13:44 +01:00
|
|
|
* de-vs compliance mode by just looking at the exit status. */
|
|
|
|
if (opt.flags.require_compliance
|
|
|
|
&& opt.compliance == CO_DE_VS
|
2024-06-24 16:31:24 +02:00
|
|
|
&& compliance_de_vs != (4|2|1)
|
|
|
|
&& !opt.show_only_session_key)
|
2022-03-08 10:13:44 +01:00
|
|
|
{
|
|
|
|
log_error (_("operation forced to fail due to"
|
|
|
|
" unfulfilled compliance rules\n"));
|
|
|
|
g10_errors_seen = 1;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-11-09 18:07:38 +02:00
|
|
|
static int
|
2022-02-08 18:31:54 +02:00
|
|
|
have_seen_pkt_encrypted_aead_or_mdc( CTX c )
|
2018-11-09 18:07:38 +02:00
|
|
|
{
|
|
|
|
CTX cc;
|
|
|
|
|
|
|
|
for (cc = c; cc; cc = cc->anchor)
|
|
|
|
{
|
|
|
|
if (cc->seen_pkt_encrypted_aead)
|
|
|
|
return 1;
|
2022-02-08 18:31:54 +02:00
|
|
|
if (cc->seen_pkt_encrypted_mdc)
|
|
|
|
return 1;
|
2018-11-09 18:07:38 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static void
|
|
|
|
proc_plaintext( CTX c, PACKET *pkt )
|
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
PKT_plaintext *pt = pkt->pkt.plaintext;
|
|
|
|
int any, clearsig, rc;
|
|
|
|
kbnode_t n;
|
2019-03-14 11:20:07 +01:00
|
|
|
unsigned char *extrahash;
|
|
|
|
size_t extrahashlen;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2018-10-24 15:56:18 -04:00
|
|
|
/* This is a literal data packet. Bump a counter for later checks. */
|
2014-11-13 13:00:46 +01:00
|
|
|
literals_seen++;
|
|
|
|
|
|
|
|
if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
|
|
|
|
log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
|
|
|
|
else if (opt.verbose)
|
2018-06-08 10:45:21 +02:00
|
|
|
{
|
|
|
|
/* We don't use print_utf8_buffer because that would require a
|
|
|
|
* string change which we don't want in 2.2. It is also not
|
|
|
|
* clear whether the filename is always utf-8 encoded. */
|
|
|
|
char *tmp = make_printable_string (pt->name, pt->namelen, 0);
|
|
|
|
log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
|
|
|
|
xfree (tmp);
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
free_md_filter_context (&c->mfx);
|
|
|
|
if (gcry_md_open (&c->mfx.md, 0, 0))
|
|
|
|
BUG ();
|
|
|
|
/* fixme: we may need to push the textfilter if we have sigclass 1
|
|
|
|
* and no armoring - Not yet tested
|
|
|
|
* Hmmm, why don't we need it at all if we have sigclass 1
|
|
|
|
* Should we assume that plaintext in mode 't' has always sigclass 1??
|
|
|
|
* See: Russ Allbery's mail 1999-02-09
|
|
|
|
*/
|
|
|
|
any = clearsig = 0;
|
|
|
|
for (n=c->list; n; n = n->next )
|
|
|
|
{
|
|
|
|
if (n->pkt->pkttype == PKT_ONEPASS_SIG)
|
|
|
|
{
|
|
|
|
/* The onepass signature case. */
|
|
|
|
if (n->pkt->pkt.onepass_sig->digest_algo)
|
|
|
|
{
|
2018-12-01 13:43:10 +02:00
|
|
|
if (!opt.skip_verify)
|
|
|
|
gcry_md_enable (c->mfx.md,
|
|
|
|
n->pkt->pkt.onepass_sig->digest_algo);
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
any = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (n->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
|
|
|
|
{
|
|
|
|
/* The clearsigned message case. */
|
|
|
|
size_t datalen = n->pkt->pkt.gpg_control->datalen;
|
|
|
|
const byte *data = n->pkt->pkt.gpg_control->data;
|
|
|
|
|
|
|
|
/* Check that we have at least the sigclass and one hash. */
|
|
|
|
if (datalen < 2)
|
|
|
|
log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n");
|
|
|
|
/* Note that we don't set the clearsig flag for not-dash-escaped
|
|
|
|
* documents. */
|
|
|
|
clearsig = (*data == 0x01);
|
|
|
|
for (data++, datalen--; datalen; datalen--, data++)
|
2018-12-01 13:43:10 +02:00
|
|
|
if (!opt.skip_verify)
|
|
|
|
gcry_md_enable (c->mfx.md, *data);
|
2014-11-13 13:00:46 +01:00
|
|
|
any = 1;
|
|
|
|
break; /* Stop here as one-pass signature packets are not
|
|
|
|
expected. */
|
|
|
|
}
|
|
|
|
else if (n->pkt->pkttype == PKT_SIGNATURE)
|
|
|
|
{
|
|
|
|
/* The SIG+LITERAL case that PGP used to use. */
|
2018-12-01 13:43:10 +02:00
|
|
|
if (!opt.skip_verify)
|
|
|
|
gcry_md_enable (c->mfx.md, n->pkt->pkt.signature->digest_algo);
|
2014-11-13 13:00:46 +01:00
|
|
|
any = 1;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2022-02-08 18:31:54 +02:00
|
|
|
if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead_or_mdc(c))
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
|
|
|
/* This is for the old GPG LITERAL+SIG case. It's not legal
|
|
|
|
according to 2440, so hopefully it won't come up that often.
|
|
|
|
There is no good way to specify what algorithms to use in
|
|
|
|
that case, so these there are the historical answer. */
|
|
|
|
gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
|
|
|
|
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
|
|
|
|
}
|
|
|
|
if (DBG_HASHING)
|
|
|
|
{
|
|
|
|
gcry_md_debug (c->mfx.md, "verify");
|
|
|
|
if (c->mfx.md2)
|
|
|
|
gcry_md_debug (c->mfx.md2, "verify2");
|
|
|
|
}
|
2007-03-05 14:56:31 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
rc=0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (literals_seen > 1)
|
|
|
|
{
|
|
|
|
log_info (_("WARNING: multiple plaintexts seen\n"));
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2018-05-30 22:05:57 +02:00
|
|
|
write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
|
|
|
|
log_inc_errorcount ();
|
|
|
|
rc = gpg_error (GPG_ERR_UNEXPECTED);
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!rc)
|
|
|
|
{
|
2016-09-08 00:45:45 +02:00
|
|
|
/* It we are in --verify mode, we do not want to output the
|
|
|
|
* signed text. However, if --output is also used we do what
|
|
|
|
* has been requested and write out the signed data. */
|
|
|
|
rc = handle_plaintext (pt, &c->mfx,
|
|
|
|
(opt.outfp || opt.outfile)? 0 : c->sigs_only,
|
|
|
|
clearsig);
|
2014-11-13 13:00:46 +01:00
|
|
|
if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
|
|
|
|
{
|
|
|
|
/* Can't write output but we hash it anyway to check the
|
|
|
|
signature. */
|
|
|
|
rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rc)
|
2015-01-22 12:06:11 +01:00
|
|
|
log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/* We add a marker control packet instead of the plaintext packet.
|
2019-03-14 11:20:07 +01:00
|
|
|
* This is so that we can later detect invalid packet sequences.
|
2020-04-15 22:23:10 +02:00
|
|
|
* The packet is further used to convey extra data from the
|
2019-03-14 11:20:07 +01:00
|
|
|
* plaintext packet to the signature verification. */
|
|
|
|
extrahash = xtrymalloc (6 + pt->namelen);
|
|
|
|
if (!extrahash)
|
|
|
|
{
|
|
|
|
/* No way to return an error. */
|
|
|
|
rc = gpg_error_from_syserror ();
|
|
|
|
log_error ("malloc failed in %s: %s\n", __func__, gpg_strerror (rc));
|
|
|
|
extrahashlen = 0;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
extrahash[0] = pt->mode;
|
|
|
|
extrahash[1] = pt->namelen;
|
|
|
|
if (pt->namelen)
|
|
|
|
memcpy (extrahash+2, pt->name, pt->namelen);
|
|
|
|
extrahashlen = 2 + pt->namelen;
|
|
|
|
extrahash[extrahashlen++] = pt->timestamp >> 24;
|
|
|
|
extrahash[extrahashlen++] = pt->timestamp >> 16;
|
|
|
|
extrahash[extrahashlen++] = pt->timestamp >> 8;
|
|
|
|
extrahash[extrahashlen++] = pt->timestamp ;
|
|
|
|
}
|
|
|
|
|
2019-03-15 08:55:06 +01:00
|
|
|
free_packet (pkt, NULL);
|
|
|
|
c->last_was_session_key = 0;
|
|
|
|
|
2019-03-14 11:20:07 +01:00
|
|
|
n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK,
|
|
|
|
extrahash, extrahashlen));
|
|
|
|
xfree (extrahash);
|
2014-11-13 13:00:46 +01:00
|
|
|
if (c->list)
|
|
|
|
add_kbnode (c->list, n);
|
|
|
|
else
|
|
|
|
c->list = n;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_compressed_cb (iobuf_t a, void *info)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2006-12-21 19:40:00 +00:00
|
|
|
if ( ((CTX)info)->signed_data.used
|
2023-07-05 10:21:23 +09:00
|
|
|
&& ((CTX)info)->signed_data.data_fd != GNUPG_INVALID_FD)
|
2010-10-01 20:33:53 +00:00
|
|
|
return proc_signature_packets_by_fd (((CTX)info)->ctrl, info, a,
|
2006-12-21 19:40:00 +00:00
|
|
|
((CTX)info)->signed_data.data_fd);
|
|
|
|
else
|
2010-10-01 20:33:53 +00:00
|
|
|
return proc_signature_packets (((CTX)info)->ctrl, info, a,
|
2006-12-21 19:40:00 +00:00
|
|
|
((CTX)info)->signed_data.data_names,
|
|
|
|
((CTX)info)->sigfilename );
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_encrypt_cb (iobuf_t a, void *info )
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2010-10-01 20:33:53 +00:00
|
|
|
CTX c = info;
|
2024-09-09 16:41:35 +02:00
|
|
|
return proc_encryption_packets (c->ctrl, info, a, NULL, NULL);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2013-10-02 09:11:43 +02:00
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_compressed (CTX c, PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2013-10-04 08:20:49 +02:00
|
|
|
PKT_compressed *zd = pkt->pkt.compressed;
|
|
|
|
int rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2013-10-04 08:20:49 +02:00
|
|
|
/*printf("zip: compressed data packet\n");*/
|
|
|
|
if (c->sigs_only)
|
|
|
|
rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
|
|
|
|
else if( c->encrypt_only )
|
|
|
|
rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
|
|
|
|
else
|
|
|
|
rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
|
|
|
|
|
|
|
|
if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
|
|
|
|
{
|
|
|
|
if (!c->any.uncompress_failed)
|
|
|
|
{
|
|
|
|
CTX cc;
|
|
|
|
|
|
|
|
for (cc=c; cc; cc = cc->anchor)
|
|
|
|
cc->any.uncompress_failed = 1;
|
|
|
|
log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (rc)
|
|
|
|
log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet (pkt, NULL);
|
2013-10-04 08:20:49 +02:00
|
|
|
c->last_was_session_key = 0;
|
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/*
|
2016-09-01 16:00:06 +02:00
|
|
|
* Check the signature. If R_PK is not NULL a copy of the public key
|
2017-05-29 15:23:36 +02:00
|
|
|
* used to verify the signature will be stored there, or NULL if not
|
2020-03-13 17:14:34 +01:00
|
|
|
* found. If FORCED_PK is not NULL, this public key is used to verify
|
|
|
|
* _data signatures_ and no key lookup is done. Returns: 0 = valid
|
|
|
|
* signature or an error code
|
2003-06-05 07:14:21 +00:00
|
|
|
*/
|
|
|
|
static int
|
2019-03-14 11:20:07 +01:00
|
|
|
do_check_sig (CTX c, kbnode_t node, const void *extrahash, size_t extrahashlen,
|
2020-03-13 17:14:34 +01:00
|
|
|
PKT_public_key *forced_pk, int *is_selfsig,
|
2016-09-01 16:00:06 +02:00
|
|
|
int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
PKT_signature *sig;
|
|
|
|
gcry_md_hd_t md = NULL;
|
|
|
|
gcry_md_hd_t md2 = NULL;
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
gcry_md_hd_t md_good = NULL;
|
2014-11-13 13:00:46 +01:00
|
|
|
int algo, rc;
|
|
|
|
|
2016-09-01 16:00:06 +02:00
|
|
|
if (r_pk)
|
|
|
|
*r_pk = NULL;
|
|
|
|
|
2016-04-29 11:05:24 +02:00
|
|
|
log_assert (node->pkt->pkttype == PKT_SIGNATURE);
|
2014-11-13 13:00:46 +01:00
|
|
|
if (is_selfsig)
|
|
|
|
*is_selfsig = 0;
|
|
|
|
sig = node->pkt->pkt.signature;
|
|
|
|
|
|
|
|
algo = sig->digest_algo;
|
|
|
|
rc = openpgp_md_test_algo (algo);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
if (sig->sig_class == 0x00)
|
|
|
|
{
|
|
|
|
if (c->mfx.md)
|
|
|
|
{
|
|
|
|
if (gcry_md_copy (&md, c->mfx.md ))
|
|
|
|
BUG ();
|
|
|
|
}
|
|
|
|
else /* detached signature */
|
|
|
|
{
|
2015-10-19 11:06:57 +02:00
|
|
|
/* check_signature() will enable the md. */
|
2014-11-13 13:00:46 +01:00
|
|
|
if (gcry_md_open (&md, 0, 0 ))
|
|
|
|
BUG ();
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (sig->sig_class == 0x01)
|
|
|
|
{
|
|
|
|
/* How do we know that we have to hash the (already hashed) text
|
|
|
|
in canonical mode ??? (calculating both modes???) */
|
|
|
|
if (c->mfx.md)
|
|
|
|
{
|
|
|
|
if (gcry_md_copy (&md, c->mfx.md ))
|
|
|
|
BUG ();
|
|
|
|
if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2))
|
|
|
|
BUG ();
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else /* detached signature */
|
|
|
|
{
|
|
|
|
log_debug ("Do we really need this here?");
|
2015-10-19 11:06:57 +02:00
|
|
|
/* check_signature() will enable the md*/
|
2014-11-13 13:00:46 +01:00
|
|
|
if (gcry_md_open (&md, 0, 0 ))
|
|
|
|
BUG ();
|
|
|
|
if (gcry_md_open (&md2, 0, 0 ))
|
|
|
|
BUG ();
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if ((sig->sig_class&~3) == 0x10
|
|
|
|
|| sig->sig_class == 0x18
|
|
|
|
|| sig->sig_class == 0x1f
|
|
|
|
|| sig->sig_class == 0x20
|
|
|
|
|| sig->sig_class == 0x28
|
|
|
|
|| sig->sig_class == 0x30)
|
|
|
|
{
|
|
|
|
if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
return check_key_signature (c->ctrl, c->list, node, is_selfsig);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (sig->sig_class == 0x20)
|
|
|
|
{
|
|
|
|
log_error (_("standalone revocation - "
|
|
|
|
"use \"gpg --import\" to apply\n"));
|
2015-01-22 12:06:11 +01:00
|
|
|
return GPG_ERR_NOT_PROCESSED;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
log_error ("invalid root packet for sigclass %02x\n", sig->sig_class);
|
2015-01-22 12:06:11 +01:00
|
|
|
return GPG_ERR_SIG_CLASS;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
2015-01-22 12:06:11 +01:00
|
|
|
return GPG_ERR_SIG_CLASS;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2015-10-19 11:06:57 +02:00
|
|
|
/* We only get here if we are checking the signature of a binary
|
|
|
|
(0x00) or text document (0x01). */
|
2019-03-14 11:20:07 +01:00
|
|
|
rc = check_signature2 (c->ctrl, sig, md, extrahash, extrahashlen,
|
2020-03-13 17:14:34 +01:00
|
|
|
forced_pk,
|
2019-03-14 11:20:07 +01:00
|
|
|
NULL, is_expkey, is_revkey, r_pk);
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
if (! rc)
|
|
|
|
md_good = md;
|
|
|
|
else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
|
|
|
|
{
|
2016-09-01 16:00:06 +02:00
|
|
|
PKT_public_key *pk2;
|
|
|
|
|
2019-03-14 11:20:07 +01:00
|
|
|
rc = check_signature2 (c->ctrl, sig, md2, extrahash, extrahashlen,
|
2020-03-13 17:14:34 +01:00
|
|
|
forced_pk,
|
2019-03-14 11:20:07 +01:00
|
|
|
NULL, is_expkey, is_revkey,
|
2016-09-01 16:00:06 +02:00
|
|
|
r_pk? &pk2 : NULL);
|
|
|
|
if (!rc)
|
|
|
|
{
|
|
|
|
md_good = md2;
|
|
|
|
if (r_pk)
|
|
|
|
{
|
|
|
|
free_public_key (*r_pk);
|
|
|
|
*r_pk = pk2;
|
|
|
|
}
|
|
|
|
}
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (md_good)
|
|
|
|
{
|
2016-09-01 12:41:27 +02:00
|
|
|
unsigned char *buffer = gcry_md_read (md_good, sig->digest_algo);
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
|
|
|
|
memcpy (sig->digest, buffer, sig->digest_len);
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
gcry_md_close (md);
|
|
|
|
gcry_md_close (md2);
|
|
|
|
|
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-11-13 13:00:46 +01:00
|
|
|
print_userid (PACKET *pkt)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!pkt)
|
|
|
|
BUG();
|
|
|
|
|
|
|
|
if (pkt->pkttype != PKT_USER_ID)
|
|
|
|
{
|
2015-02-19 17:22:27 +01:00
|
|
|
es_printf ("ERROR: unexpected packet type %d", pkt->pkttype );
|
2014-11-13 13:00:46 +01:00
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
if (opt.with_colons)
|
|
|
|
{
|
|
|
|
if (pkt->pkt.user_id->attrib_data)
|
2015-02-19 17:22:27 +01:00
|
|
|
es_printf("%u %lu",
|
|
|
|
pkt->pkt.user_id->numattribs,
|
|
|
|
pkt->pkt.user_id->attrib_len);
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
es_write_sanitized (es_stdout, pkt->pkt.user_id->name,
|
|
|
|
pkt->pkt.user_id->len, ":", NULL);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
print_utf8_buffer (es_stdout, pkt->pkt.user_id->name,
|
|
|
|
pkt->pkt.user_id->len );
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
/*
|
|
|
|
* List the keyblock in a user friendly way
|
2003-06-05 07:14:21 +00:00
|
|
|
*/
|
|
|
|
static void
|
2014-11-13 13:00:46 +01:00
|
|
|
list_node (CTX c, kbnode_t node)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-06-02 19:50:18 +02:00
|
|
|
if (!node)
|
|
|
|
;
|
2016-06-06 16:00:50 +02:00
|
|
|
else if (node->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
2014-06-02 19:50:18 +02:00
|
|
|
{
|
|
|
|
PKT_public_key *pk = node->pkt->pkt.public_key;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-06-02 19:50:18 +02:00
|
|
|
if (opt.with_colons)
|
|
|
|
{
|
|
|
|
u32 keyid[2];
|
|
|
|
|
|
|
|
keyid_from_pk( pk, keyid );
|
2016-06-06 16:00:50 +02:00
|
|
|
if (pk->flags.primary)
|
2016-11-23 12:29:22 +01:00
|
|
|
c->trustletter = (opt.fast_list_mode
|
|
|
|
? 0
|
|
|
|
: get_validity_info
|
|
|
|
(c->ctrl,
|
|
|
|
node->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
? node : NULL,
|
|
|
|
pk, NULL));
|
2016-06-06 16:00:50 +02:00
|
|
|
es_printf ("%s:", pk->flags.primary? "pub":"sub" );
|
2014-06-02 19:50:18 +02:00
|
|
|
if (c->trustletter)
|
|
|
|
es_putc (c->trustletter, es_stdout);
|
|
|
|
es_printf (":%u:%d:%08lX%08lX:%s:%s::",
|
|
|
|
nbits_from_pk( pk ),
|
|
|
|
pk->pubkey_algo,
|
|
|
|
(ulong)keyid[0],(ulong)keyid[1],
|
|
|
|
colon_datestr_from_pk( pk ),
|
|
|
|
colon_strtime (pk->expiredate) );
|
2016-06-06 16:00:50 +02:00
|
|
|
if (pk->flags.primary && !opt.fast_list_mode)
|
2017-03-31 20:03:52 +02:00
|
|
|
es_putc (get_ownertrust_info (c->ctrl, pk, 1), es_stdout);
|
2014-06-02 19:50:18 +02:00
|
|
|
es_putc (':', es_stdout);
|
2016-06-06 16:00:50 +02:00
|
|
|
es_putc ('\n', es_stdout);
|
2014-06-02 19:50:18 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
print_key_line (c->ctrl, es_stdout, pk, 0);
|
2014-06-02 19:50:18 +02:00
|
|
|
}
|
|
|
|
|
2016-06-06 16:00:50 +02:00
|
|
|
if (opt.keyid_format == KF_NONE && !opt.with_colons)
|
|
|
|
; /* Already printed. */
|
|
|
|
else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
|
2017-03-31 20:03:52 +02:00
|
|
|
print_fingerprint (c->ctrl, NULL, pk, 0);
|
2014-06-02 19:50:18 +02:00
|
|
|
|
2016-06-06 16:00:50 +02:00
|
|
|
if (pk->flags.primary)
|
2014-06-02 19:50:18 +02:00
|
|
|
{
|
2016-06-06 16:00:50 +02:00
|
|
|
int kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
|
|
|
|
|
2014-06-02 19:50:18 +02:00
|
|
|
/* Now list all userids with their signatures. */
|
|
|
|
for (node = node->next; node; node = node->next)
|
|
|
|
{
|
|
|
|
if (node->pkt->pkttype == PKT_SIGNATURE)
|
|
|
|
{
|
|
|
|
list_node (c, node );
|
|
|
|
}
|
|
|
|
else if (node->pkt->pkttype == PKT_USER_ID)
|
|
|
|
{
|
|
|
|
if (opt.with_colons)
|
|
|
|
es_printf ("%s:::::::::",
|
|
|
|
node->pkt->pkt.user_id->attrib_data?"uat":"uid");
|
|
|
|
else
|
2015-08-06 17:09:27 +02:00
|
|
|
es_printf ("uid%*s",
|
2016-06-06 16:00:50 +02:00
|
|
|
kl + (opt.legacy_list_mode? 9:11),
|
2015-08-06 17:09:27 +02:00
|
|
|
"" );
|
2014-06-02 19:50:18 +02:00
|
|
|
print_userid (node->pkt);
|
|
|
|
if (opt.with_colons)
|
|
|
|
es_putc (':', es_stdout);
|
|
|
|
es_putc ('\n', es_stdout);
|
|
|
|
}
|
|
|
|
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
|
|
|
{
|
|
|
|
list_node(c, node );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2016-06-06 16:00:50 +02:00
|
|
|
else if (node->pkt->pkttype == PKT_SECRET_KEY
|
2014-06-02 19:50:18 +02:00
|
|
|
|| node->pkt->pkttype == PKT_SECRET_SUBKEY)
|
|
|
|
{
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2010-04-23 11:36:59 +00:00
|
|
|
log_debug ("FIXME: No way to print secret key packets here\n");
|
2015-11-16 12:41:46 +01:00
|
|
|
/* fixme: We may use a function to turn a secret key packet into
|
2010-04-23 11:36:59 +00:00
|
|
|
a public key one and use that here. */
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
else if (node->pkt->pkttype == PKT_SIGNATURE)
|
|
|
|
{
|
|
|
|
PKT_signature *sig = node->pkt->pkt.signature;
|
|
|
|
int is_selfsig = 0;
|
|
|
|
int rc2 = 0;
|
|
|
|
size_t n;
|
|
|
|
char *p;
|
|
|
|
int sigrc = ' ';
|
|
|
|
|
|
|
|
if (!opt.verbose)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
|
|
|
|
es_fputs ("rev", es_stdout);
|
|
|
|
else
|
|
|
|
es_fputs ("sig", es_stdout);
|
|
|
|
if (opt.check_sigs)
|
|
|
|
{
|
|
|
|
fflush (stdout);
|
2020-03-13 17:14:34 +01:00
|
|
|
rc2 = do_check_sig (c, node, NULL, 0, NULL,
|
|
|
|
&is_selfsig, NULL, NULL, NULL);
|
2014-06-02 19:50:18 +02:00
|
|
|
switch (gpg_err_code (rc2))
|
|
|
|
{
|
|
|
|
case 0: sigrc = '!'; break;
|
|
|
|
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
|
|
|
|
case GPG_ERR_NO_PUBKEY:
|
|
|
|
case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
|
|
|
|
default: sigrc = '%'; break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
else /* Check whether this is a self signature. */
|
|
|
|
{
|
|
|
|
u32 keyid[2];
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-06-02 19:50:18 +02:00
|
|
|
if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|| c->list->pkt->pkttype == PKT_SECRET_KEY )
|
|
|
|
{
|
|
|
|
keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2014-06-02 19:50:18 +02:00
|
|
|
if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
|
|
|
|
is_selfsig = 1;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
|
|
|
|
if (opt.with_colons)
|
|
|
|
{
|
|
|
|
es_putc (':', es_stdout);
|
|
|
|
if (sigrc != ' ')
|
|
|
|
es_putc (sigrc, es_stdout);
|
|
|
|
es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
|
|
|
|
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
|
|
|
|
colon_datestr_from_sig (sig),
|
|
|
|
colon_expirestr_from_sig (sig));
|
|
|
|
|
|
|
|
if (sig->trust_depth || sig->trust_value)
|
|
|
|
es_printf ("%d %d",sig->trust_depth,sig->trust_value);
|
|
|
|
es_putc (':', es_stdout);
|
|
|
|
|
|
|
|
if (sig->trust_regexp)
|
|
|
|
es_write_sanitized (es_stdout, sig->trust_regexp,
|
|
|
|
strlen (sig->trust_regexp), ":", NULL);
|
|
|
|
es_putc (':', es_stdout);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
else
|
|
|
|
es_printf ("%c %s %s ",
|
|
|
|
sigrc, keystr (sig->keyid), datestr_from_sig(sig));
|
|
|
|
if (sigrc == '%')
|
2015-01-22 12:06:11 +01:00
|
|
|
es_printf ("[%s] ", gpg_strerror (rc2) );
|
2014-06-02 19:50:18 +02:00
|
|
|
else if (sigrc == '?')
|
|
|
|
;
|
|
|
|
else if (is_selfsig)
|
|
|
|
{
|
|
|
|
if (opt.with_colons)
|
|
|
|
es_putc (':', es_stdout);
|
|
|
|
es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
|
|
|
|
if (opt.with_colons)
|
|
|
|
es_putc (':', es_stdout);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
else if (!opt.fast_list_mode)
|
|
|
|
{
|
2018-04-12 17:53:17 +02:00
|
|
|
p = get_user_id (c->ctrl, sig->keyid, &n, NULL);
|
2014-06-02 19:50:18 +02:00
|
|
|
es_write_sanitized (es_stdout, p, n,
|
|
|
|
opt.with_colons?":":NULL, NULL );
|
|
|
|
xfree (p);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
if (opt.with_colons)
|
|
|
|
es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
|
|
|
|
es_putc ('\n', es_stdout);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-06-02 19:50:18 +02:00
|
|
|
else
|
|
|
|
log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
int rc;
|
|
|
|
CTX c = xmalloc_clear (sizeof *c);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
c->ctrl = ctrl;
|
|
|
|
c->anchor = anchor;
|
2024-09-09 16:41:35 +02:00
|
|
|
rc = do_proc_packets (c, a, 0);
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (c);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
return rc;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
|
|
int
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
|
2006-10-02 11:54:35 +00:00
|
|
|
strlist_t signedfiles, const char *sigfilename )
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
CTX c = xmalloc_clear (sizeof *c);
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
c->ctrl = ctrl;
|
|
|
|
c->anchor = anchor;
|
|
|
|
c->sigs_only = 1;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2023-07-05 10:21:23 +09:00
|
|
|
c->signed_data.data_fd = GNUPG_INVALID_FD;
|
2014-11-13 13:00:46 +01:00
|
|
|
c->signed_data.data_names = signedfiles;
|
|
|
|
c->signed_data.used = !!signedfiles;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
c->sigfilename = sigfilename;
|
2024-09-09 16:41:35 +02:00
|
|
|
rc = do_proc_packets (c, a, 0);
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/* If we have not encountered any signature we print an error
|
|
|
|
messages, send a NODATA status back and return an error code.
|
|
|
|
Using log_error is required because verify_files does not check
|
|
|
|
error codes for each file but we want to terminate the process
|
|
|
|
with an error. */
|
|
|
|
if (!rc && !c->any.sig_seen)
|
|
|
|
{
|
|
|
|
write_status_text (STATUS_NODATA, "4");
|
|
|
|
log_error (_("no signature found\n"));
|
2015-01-22 12:06:11 +01:00
|
|
|
rc = GPG_ERR_NO_DATA;
|
2014-11-13 13:00:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Propagate the signature seen flag upward. Do this only on success
|
|
|
|
so that we won't issue the nodata status several times. */
|
|
|
|
if (!rc && c->anchor && c->any.sig_seen)
|
|
|
|
c->anchor->any.sig_seen = 1;
|
|
|
|
|
|
|
|
xfree (c);
|
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2010-03-08 18:19:21 +00:00
|
|
|
|
2006-12-21 19:40:00 +00:00
|
|
|
int
|
2023-07-05 10:21:23 +09:00
|
|
|
proc_signature_packets_by_fd (ctrl_t ctrl, void *anchor, iobuf_t a,
|
|
|
|
gnupg_fd_t signed_data_fd)
|
2006-12-21 19:40:00 +00:00
|
|
|
{
|
|
|
|
int rc;
|
2010-03-08 18:19:21 +00:00
|
|
|
CTX c;
|
|
|
|
|
|
|
|
c = xtrycalloc (1, sizeof *c);
|
|
|
|
if (!c)
|
|
|
|
return gpg_error_from_syserror ();
|
2006-12-21 19:40:00 +00:00
|
|
|
|
2010-10-01 20:33:53 +00:00
|
|
|
c->ctrl = ctrl;
|
2006-12-21 19:40:00 +00:00
|
|
|
c->anchor = anchor;
|
|
|
|
c->sigs_only = 1;
|
|
|
|
|
|
|
|
c->signed_data.data_fd = signed_data_fd;
|
|
|
|
c->signed_data.data_names = NULL;
|
2023-07-05 10:21:23 +09:00
|
|
|
c->signed_data.used = (signed_data_fd != GNUPG_INVALID_FD);
|
2006-12-21 19:40:00 +00:00
|
|
|
|
2024-09-09 16:41:35 +02:00
|
|
|
rc = do_proc_packets (c, a, 0);
|
2006-12-21 19:40:00 +00:00
|
|
|
|
|
|
|
/* If we have not encountered any signature we print an error
|
|
|
|
messages, send a NODATA status back and return an error code.
|
|
|
|
Using log_error is required because verify_files does not check
|
|
|
|
error codes for each file but we want to terminate the process
|
2011-02-04 12:57:53 +01:00
|
|
|
with an error. */
|
2013-10-04 08:20:49 +02:00
|
|
|
if (!rc && !c->any.sig_seen)
|
2006-12-21 19:40:00 +00:00
|
|
|
{
|
|
|
|
write_status_text (STATUS_NODATA, "4");
|
|
|
|
log_error (_("no signature found\n"));
|
|
|
|
rc = gpg_error (GPG_ERR_NO_DATA);
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2006-12-21 19:40:00 +00:00
|
|
|
/* Propagate the signature seen flag upward. Do this only on success
|
|
|
|
so that we won't issue the nodata status several times. */
|
2013-10-04 08:20:49 +02:00
|
|
|
if (!rc && c->anchor && c->any.sig_seen)
|
|
|
|
c->anchor->any.sig_seen = 1;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2006-12-21 19:40:00 +00:00
|
|
|
xfree ( c );
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2024-09-09 16:41:35 +02:00
|
|
|
/* Handle encryption packets. If called recursively the caller's CTX
|
|
|
|
* should be given for ANCHOR. If R_DEK and R_LIST are not NULL the
|
|
|
|
* DEK (or NULL) is returned there and the list at R_LIST; the caller
|
|
|
|
* needs to release them; even if the function returns an error. */
|
|
|
|
gpg_error_t
|
|
|
|
proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
|
|
|
|
DEK **r_dek, struct pubkey_enc_list **r_list)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
CTX c = xmalloc_clear (sizeof *c);
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
c->ctrl = ctrl;
|
|
|
|
c->anchor = anchor;
|
|
|
|
c->encrypt_only = 1;
|
2024-09-09 16:41:35 +02:00
|
|
|
if (r_dek && r_list)
|
|
|
|
{
|
|
|
|
rc = do_proc_packets (c, a, 1);
|
|
|
|
*r_dek = c->dek;
|
|
|
|
c->dek = NULL;
|
|
|
|
*r_list = c->pkenc_list;
|
|
|
|
c->pkenc_list = NULL;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
rc = do_proc_packets (c, a, 0);
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (c);
|
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-10-02 09:11:43 +02:00
|
|
|
static int
|
|
|
|
check_nesting (CTX c)
|
|
|
|
{
|
|
|
|
int level;
|
|
|
|
|
2013-10-04 08:20:49 +02:00
|
|
|
for (level=0; c; c = c->anchor)
|
2013-10-02 09:11:43 +02:00
|
|
|
level++;
|
|
|
|
|
|
|
|
if (level > MAX_NESTING_DEPTH)
|
|
|
|
{
|
|
|
|
log_error ("input data with too deeply nested packets\n");
|
|
|
|
write_status_text (STATUS_UNEXPECTED, "1");
|
2013-10-04 08:20:49 +02:00
|
|
|
return GPG_ERR_BAD_DATA;
|
2013-10-02 09:11:43 +02:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2013-10-02 09:11:43 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2024-09-09 16:41:35 +02:00
|
|
|
/* Main processing loop. If KEEP_DEK_AND_LIST is set the DEK and
|
|
|
|
* PKENC_LIST of the context C are not released at the end of the
|
|
|
|
* function. The caller is then required to do this. */
|
2013-10-02 09:11:43 +02:00
|
|
|
static int
|
2024-09-09 16:41:35 +02:00
|
|
|
do_proc_packets (CTX c, iobuf_t a, int keep_dek_and_list)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
PACKET *pkt;
|
2017-03-29 10:02:40 +02:00
|
|
|
struct parse_packet_ctx_s parsectx;
|
2014-11-13 13:00:46 +01:00
|
|
|
int rc = 0;
|
|
|
|
int any_data = 0;
|
|
|
|
int newpkt;
|
|
|
|
|
|
|
|
rc = check_nesting (c);
|
|
|
|
if (rc)
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
pkt = xmalloc( sizeof *pkt );
|
|
|
|
c->iobuf = a;
|
|
|
|
init_packet(pkt);
|
2017-03-29 10:02:40 +02:00
|
|
|
init_parse_packet (&parsectx, a);
|
|
|
|
while ((rc=parse_packet (&parsectx, pkt)) != -1)
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
|
|
|
any_data = 1;
|
|
|
|
if (rc)
|
|
|
|
{
|
2024-09-09 16:41:35 +02:00
|
|
|
if (c->ctrl->modify_recipients && gpg_err_code (rc) == GPG_ERR_TRUE)
|
|
|
|
{
|
|
|
|
/* Save the last read CTB (which was the last byte
|
|
|
|
* actually read from the input) and get out of the
|
|
|
|
* loop. */
|
|
|
|
c->ctrl->last_read_ctb = parsectx.last_ctb;
|
|
|
|
/* We need to call the first part of the encrypted data
|
|
|
|
* handler to get the DEK. */
|
|
|
|
proc_encrypted (c, NULL);
|
|
|
|
rc = -1;
|
|
|
|
break;
|
|
|
|
}
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet (pkt, &parsectx);
|
2014-11-13 13:00:46 +01:00
|
|
|
/* Stop processing when an invalid packet has been encountered
|
|
|
|
* but don't do so when we are doing a --list-packets. */
|
|
|
|
if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
|
2016-06-28 15:56:48 +09:00
|
|
|
&& opt.list_packets == 0)
|
2014-11-13 13:00:46 +01:00
|
|
|
break;
|
|
|
|
continue;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
newpkt = -1;
|
|
|
|
if (opt.list_packets)
|
|
|
|
{
|
|
|
|
switch (pkt->pkttype)
|
|
|
|
{
|
2018-08-27 13:12:31 +09:00
|
|
|
case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break;
|
2014-11-13 13:00:46 +01:00
|
|
|
case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
|
|
|
|
case PKT_ENCRYPTED:
|
2018-01-21 16:24:43 +01:00
|
|
|
case PKT_ENCRYPTED_MDC:
|
|
|
|
case PKT_ENCRYPTED_AEAD:proc_encrypted (c, pkt); break;
|
2014-11-13 13:00:46 +01:00
|
|
|
case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
|
|
|
|
default: newpkt = 0; break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (c->sigs_only)
|
|
|
|
{
|
|
|
|
switch (pkt->pkttype)
|
|
|
|
{
|
|
|
|
case PKT_PUBLIC_KEY:
|
|
|
|
case PKT_SECRET_KEY:
|
|
|
|
case PKT_USER_ID:
|
|
|
|
case PKT_SYMKEY_ENC:
|
|
|
|
case PKT_PUBKEY_ENC:
|
|
|
|
case PKT_ENCRYPTED:
|
|
|
|
case PKT_ENCRYPTED_MDC:
|
2018-01-21 16:24:43 +01:00
|
|
|
case PKT_ENCRYPTED_AEAD:
|
2014-11-13 13:00:46 +01:00
|
|
|
write_status_text( STATUS_UNEXPECTED, "0" );
|
2015-01-22 12:06:11 +01:00
|
|
|
rc = GPG_ERR_UNEXPECTED;
|
2014-11-13 13:00:46 +01:00
|
|
|
goto leave;
|
|
|
|
|
|
|
|
case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
|
|
|
|
case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
|
|
|
|
case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
|
|
|
|
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
|
|
|
|
case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
|
|
|
|
default: newpkt = 0; break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (c->encrypt_only)
|
|
|
|
{
|
|
|
|
switch (pkt->pkttype)
|
|
|
|
{
|
|
|
|
case PKT_PUBLIC_KEY:
|
|
|
|
case PKT_SECRET_KEY:
|
|
|
|
case PKT_USER_ID:
|
|
|
|
write_status_text (STATUS_UNEXPECTED, "0");
|
2015-01-22 12:06:11 +01:00
|
|
|
rc = GPG_ERR_UNEXPECTED;
|
2014-11-13 13:00:46 +01:00
|
|
|
goto leave;
|
|
|
|
|
|
|
|
case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
|
2024-09-09 16:41:35 +02:00
|
|
|
|
|
|
|
case PKT_SYMKEY_ENC:
|
|
|
|
case PKT_PUBKEY_ENC:
|
|
|
|
/* In --add-recipients mode set the stop flag as soon as
|
|
|
|
* we see the first of these packets. */
|
|
|
|
if (c->ctrl->modify_recipients)
|
|
|
|
parsectx.only_fookey_enc = 1;
|
|
|
|
if (pkt->pkttype == PKT_SYMKEY_ENC)
|
|
|
|
proc_symkey_enc (c, pkt);
|
|
|
|
else
|
|
|
|
proc_pubkey_enc (c, pkt);
|
|
|
|
break;
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
case PKT_ENCRYPTED:
|
2018-01-21 16:24:43 +01:00
|
|
|
case PKT_ENCRYPTED_MDC:
|
|
|
|
case PKT_ENCRYPTED_AEAD: proc_encrypted (c, pkt); break;
|
2014-11-13 13:00:46 +01:00
|
|
|
case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
|
|
|
|
case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
|
|
|
|
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
|
|
|
|
case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
|
|
|
|
default: newpkt = 0; break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
switch (pkt->pkttype)
|
|
|
|
{
|
|
|
|
case PKT_PUBLIC_KEY:
|
|
|
|
case PKT_SECRET_KEY:
|
|
|
|
release_list (c);
|
|
|
|
c->list = new_kbnode (pkt);
|
|
|
|
newpkt = 1;
|
|
|
|
break;
|
|
|
|
case PKT_PUBLIC_SUBKEY:
|
|
|
|
case PKT_SECRET_SUBKEY:
|
|
|
|
newpkt = add_subkey (c, pkt);
|
|
|
|
break;
|
|
|
|
case PKT_USER_ID: newpkt = add_user_id (c, pkt); break;
|
|
|
|
case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
|
2018-08-27 13:12:31 +09:00
|
|
|
case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break;
|
2014-11-13 13:00:46 +01:00
|
|
|
case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
|
|
|
|
case PKT_ENCRYPTED:
|
2018-01-21 16:24:43 +01:00
|
|
|
case PKT_ENCRYPTED_MDC:
|
|
|
|
case PKT_ENCRYPTED_AEAD: proc_encrypted (c, pkt); break;
|
2014-11-13 13:00:46 +01:00
|
|
|
case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
|
|
|
|
case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
|
|
|
|
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
|
|
|
|
case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
|
|
|
|
case PKT_RING_TRUST: newpkt = add_ring_trust (c, pkt); break;
|
|
|
|
default: newpkt = 0; break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2013-10-02 09:11:43 +02:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (rc)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
/* This is a very ugly construct and frankly, I don't remember why
|
|
|
|
* I used it. Adding the MDC check here is a hack.
|
|
|
|
* The right solution is to initiate another context for encrypted
|
|
|
|
* packet and not to reuse the current one ... It works right
|
2015-11-16 12:41:46 +01:00
|
|
|
* when there is a compression packet between which adds just
|
2014-11-13 13:00:46 +01:00
|
|
|
* an extra layer.
|
|
|
|
* Hmmm: Rewrite this whole module here??
|
|
|
|
*/
|
|
|
|
if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
|
|
|
|
c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
|
|
|
|
|
|
|
|
if (newpkt == -1)
|
|
|
|
;
|
|
|
|
else if (newpkt)
|
|
|
|
{
|
|
|
|
pkt = xmalloc (sizeof *pkt);
|
|
|
|
init_packet (pkt);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet (pkt, &parsectx);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2015-01-22 12:06:11 +01:00
|
|
|
if (rc == GPG_ERR_INV_PACKET)
|
2014-11-13 13:00:46 +01:00
|
|
|
write_status_text (STATUS_NODATA, "3");
|
|
|
|
|
|
|
|
if (any_data)
|
|
|
|
rc = 0;
|
|
|
|
else if (rc == -1)
|
|
|
|
write_status_text (STATUS_NODATA, "2");
|
|
|
|
|
|
|
|
|
|
|
|
leave:
|
2024-09-09 16:41:35 +02:00
|
|
|
if (!keep_dek_and_list)
|
|
|
|
release_list (c);
|
2017-03-29 11:57:40 +02:00
|
|
|
free_packet (pkt, &parsectx);
|
|
|
|
deinit_parse_packet (&parsectx);
|
2014-11-13 13:00:46 +01:00
|
|
|
xfree (pkt);
|
|
|
|
free_md_filter_context (&c->mfx);
|
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-06-13 10:40:34 +02:00
|
|
|
/* Return true if the AKL has the WKD method specified. */
|
|
|
|
static int
|
|
|
|
akl_has_wkd_method (void)
|
|
|
|
{
|
|
|
|
struct akl *akl;
|
|
|
|
|
|
|
|
for (akl = opt.auto_key_locate; akl; akl = akl->next)
|
|
|
|
if (akl->type == AKL_WKD)
|
|
|
|
return 1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-03-14 11:20:07 +01:00
|
|
|
/* Return the ISSUER fingerprint buffer and its length at R_LEN.
|
2018-04-12 16:41:05 +02:00
|
|
|
* Returns NULL if not available. The returned buffer is valid as
|
|
|
|
* long as SIG is not modified. */
|
2018-07-05 20:55:32 +02:00
|
|
|
const byte *
|
2018-04-12 16:41:05 +02:00
|
|
|
issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
|
2016-08-10 19:51:54 +02:00
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
size_t n;
|
|
|
|
|
2019-09-05 20:36:38 +02:00
|
|
|
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &n);
|
2019-03-14 11:20:07 +01:00
|
|
|
if (p && ((n == 21 && p[0] == 4) || (n == 33 && p[0] == 5)))
|
2018-04-12 16:41:05 +02:00
|
|
|
{
|
|
|
|
*r_len = n - 1;
|
|
|
|
return p+1;
|
|
|
|
}
|
|
|
|
*r_len = 0;
|
2016-08-10 19:51:54 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-07-05 20:55:32 +02:00
|
|
|
/* Return the ISSUER fingerprint string in human readable format if
|
2016-08-10 19:51:54 +02:00
|
|
|
* available. Caller must release the string. */
|
2018-04-12 17:53:17 +02:00
|
|
|
/* FIXME: Move to another file. */
|
|
|
|
char *
|
2016-08-10 19:51:54 +02:00
|
|
|
issuer_fpr_string (PKT_signature *sig)
|
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
size_t n;
|
|
|
|
|
2018-04-12 16:41:05 +02:00
|
|
|
p = issuer_fpr_raw (sig, &n);
|
|
|
|
return p? bin2hex (p, n, NULL) : NULL;
|
2016-08-10 19:51:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-05-07 14:36:34 +02:00
|
|
|
static void
|
|
|
|
print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
|
|
|
|
PKT_signature *sig, int rc)
|
|
|
|
{
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
write_status_text_and_buffer (statno, keyid_str,
|
|
|
|
un? un->pkt->pkt.user_id->name:"[?]",
|
|
|
|
un? un->pkt->pkt.user_id->len:3,
|
|
|
|
-1);
|
|
|
|
|
|
|
|
if (un)
|
|
|
|
p = utf8_to_native (un->pkt->pkt.user_id->name,
|
|
|
|
un->pkt->pkt.user_id->len, 0);
|
|
|
|
else
|
|
|
|
p = xstrdup ("[?]");
|
|
|
|
|
|
|
|
if (rc)
|
|
|
|
log_info (_("BAD signature from \"%s\""), p);
|
|
|
|
else if (sig->flags.expired)
|
|
|
|
log_info (_("Expired signature from \"%s\""), p);
|
|
|
|
else
|
|
|
|
log_info (_("Good signature from \"%s\""), p);
|
|
|
|
|
|
|
|
xfree (p);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
static int
|
2014-11-13 13:00:46 +01:00
|
|
|
check_sig_and_print (CTX c, kbnode_t node)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
PKT_signature *sig = node->pkt->pkt.signature;
|
|
|
|
const char *astr;
|
2020-06-08 20:13:25 +02:00
|
|
|
gpg_error_t rc;
|
2014-05-07 14:36:34 +02:00
|
|
|
int is_expkey = 0;
|
|
|
|
int is_revkey = 0;
|
2018-04-12 16:41:05 +02:00
|
|
|
char *issuer_fpr = NULL;
|
2016-09-01 16:00:06 +02:00
|
|
|
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
|
2019-03-14 11:20:07 +01:00
|
|
|
const void *extrahash = NULL;
|
|
|
|
size_t extrahashlen = 0;
|
2020-03-13 17:14:34 +01:00
|
|
|
kbnode_t included_keyblock = NULL;
|
2024-02-10 14:24:50 +01:00
|
|
|
char pkstrbuf[PUBKEY_STRING_SIZE] = { 0 };
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
if (opt.skip_verify)
|
|
|
|
{
|
|
|
|
log_info(_("signature verification suppressed\n"));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check that the message composition is valid.
|
2016-05-21 11:41:49 +02:00
|
|
|
*
|
|
|
|
* Per RFC-2440bis (-15) allowed:
|
|
|
|
*
|
|
|
|
* S{1,n} -- detached signature.
|
|
|
|
* S{1,n} P -- old style PGP2 signature
|
|
|
|
* O{1,n} P S{1,n} -- standard OpenPGP signature.
|
|
|
|
* C P S{1,n} -- cleartext signature.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* O = One-Pass Signature packet.
|
|
|
|
* S = Signature packet.
|
|
|
|
* P = OpenPGP Message packet (Encrypted | Compressed | Literal)
|
|
|
|
* (Note that the current rfc2440bis draft also allows
|
|
|
|
* for a signed message but that does not work as it
|
|
|
|
* introduces ambiguities.)
|
|
|
|
* We keep track of these packages using the marker packet
|
|
|
|
* CTRLPKT_PLAINTEXT_MARK.
|
|
|
|
* C = Marker packet for cleartext signatures.
|
|
|
|
*
|
|
|
|
* We reject all other messages.
|
|
|
|
*
|
|
|
|
* Actually we are calling this too often, i.e. for verification of
|
|
|
|
* each message but better have some duplicate work than to silently
|
|
|
|
* introduce a bug here.
|
|
|
|
*/
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
kbnode_t n;
|
2006-04-19 11:26:11 +00:00
|
|
|
int n_onepass, n_sig;
|
|
|
|
|
|
|
|
/* log_debug ("checking signature packet composition\n"); */
|
|
|
|
/* dump_kbnode (c->list); */
|
|
|
|
|
|
|
|
n = c->list;
|
2016-04-29 11:05:24 +02:00
|
|
|
log_assert (n);
|
2011-02-04 12:57:53 +01:00
|
|
|
if ( n->pkt->pkttype == PKT_SIGNATURE )
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
/* This is either "S{1,n}" case (detached signature) or
|
|
|
|
"S{1,n} P" (old style PGP2 signature). */
|
|
|
|
for (n = n->next; n; n = n->next)
|
|
|
|
if (n->pkt->pkttype != PKT_SIGNATURE)
|
|
|
|
break;
|
|
|
|
if (!n)
|
|
|
|
; /* Okay, this is a detached signature. */
|
|
|
|
else if (n->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& (n->pkt->pkt.gpg_control->control
|
|
|
|
== CTRLPKT_PLAINTEXT_MARK) )
|
|
|
|
{
|
|
|
|
if (n->next)
|
|
|
|
goto ambiguous; /* We only allow one P packet. */
|
2019-03-14 11:20:07 +01:00
|
|
|
extrahash = n->pkt->pkt.gpg_control->data;
|
|
|
|
extrahashlen = n->pkt->pkt.gpg_control->datalen;
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
goto ambiguous;
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
/* This is the "O{1,n} P S{1,n}" case (standard signature). */
|
|
|
|
for (n_onepass=1, n = n->next;
|
|
|
|
n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
|
|
|
|
n_onepass++;
|
|
|
|
if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& (n->pkt->pkt.gpg_control->control
|
|
|
|
== CTRLPKT_PLAINTEXT_MARK)))
|
|
|
|
goto ambiguous;
|
2019-03-14 11:20:07 +01:00
|
|
|
extrahash = n->pkt->pkt.gpg_control->data;
|
|
|
|
extrahashlen = n->pkt->pkt.gpg_control->datalen;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
for (n_sig=0, n = n->next;
|
|
|
|
n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
|
|
|
|
n_sig++;
|
|
|
|
if (!n_sig)
|
|
|
|
goto ambiguous;
|
2007-03-05 14:56:31 +00:00
|
|
|
|
|
|
|
/* If we wanted to disallow multiple sig verification, we'd do
|
2018-05-30 22:05:57 +02:00
|
|
|
* something like this:
|
|
|
|
*
|
|
|
|
* if (n)
|
|
|
|
* goto ambiguous;
|
|
|
|
*
|
|
|
|
* However, this can stay allowable as we can't get here. */
|
2007-03-05 14:56:31 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
if (n_onepass != n_sig)
|
|
|
|
{
|
|
|
|
log_info ("number of one-pass packets does not match "
|
|
|
|
"number of signature packets\n");
|
|
|
|
goto ambiguous;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (n->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
|
|
|
|
{
|
|
|
|
/* This is the "C P S{1,n}" case (clear text signature). */
|
|
|
|
n = n->next;
|
|
|
|
if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& (n->pkt->pkt.gpg_control->control
|
|
|
|
== CTRLPKT_PLAINTEXT_MARK)))
|
|
|
|
goto ambiguous;
|
2019-03-14 11:20:07 +01:00
|
|
|
extrahash = n->pkt->pkt.gpg_control->data;
|
|
|
|
extrahashlen = n->pkt->pkt.gpg_control->datalen;
|
2006-04-19 11:26:11 +00:00
|
|
|
for (n_sig=0, n = n->next;
|
|
|
|
n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
|
|
|
|
n_sig++;
|
|
|
|
if (n || !n_sig)
|
|
|
|
goto ambiguous;
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
else
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
ambiguous:
|
|
|
|
log_error(_("can't handle this ambiguous signature data\n"));
|
|
|
|
return 0;
|
|
|
|
}
|
2020-06-08 15:22:28 +02:00
|
|
|
} /* End checking signature packet composition. */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2016-06-13 10:40:34 +02:00
|
|
|
if (sig->signers_uid)
|
|
|
|
write_status_buffer (STATUS_NEWSIG,
|
|
|
|
sig->signers_uid, strlen (sig->signers_uid), 0);
|
|
|
|
else
|
|
|
|
write_status_text (STATUS_NEWSIG, NULL);
|
2015-03-19 20:38:25 +01:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
astr = openpgp_pk_algo_name ( sig->pubkey_algo );
|
2018-04-12 16:41:05 +02:00
|
|
|
issuer_fpr = issuer_fpr_string (sig);
|
|
|
|
|
|
|
|
if (issuer_fpr)
|
2016-08-10 19:51:54 +02:00
|
|
|
{
|
|
|
|
log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
|
|
|
|
log_info (_(" using %s key %s\n"),
|
|
|
|
astr? astr: "?", issuer_fpr);
|
|
|
|
|
|
|
|
}
|
|
|
|
else if (!keystrlen () || keystrlen () > 8)
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
|
|
|
log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
|
|
|
|
log_info (_(" using %s key %s\n"),
|
2016-06-06 16:00:50 +02:00
|
|
|
astr? astr: "?", keystr(sig->keyid));
|
2014-05-07 14:08:16 +02:00
|
|
|
}
|
2016-08-10 19:51:54 +02:00
|
|
|
else /* Legacy format. */
|
2014-05-07 14:08:16 +02:00
|
|
|
log_info (_("Signature made %s using %s key ID %s\n"),
|
|
|
|
asctimestamp(sig->timestamp), astr? astr: "?",
|
|
|
|
keystr(sig->keyid));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2016-08-10 19:51:54 +02:00
|
|
|
/* In verbose mode print the signers UID. */
|
|
|
|
if (sig->signers_uid)
|
|
|
|
log_info (_(" issuer \"%s\"\n"), sig->signers_uid);
|
|
|
|
|
2020-03-13 17:14:34 +01:00
|
|
|
rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
|
2019-03-14 11:20:07 +01:00
|
|
|
NULL, &is_expkey, &is_revkey, &pk);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2020-03-14 18:04:47 +01:00
|
|
|
/* If the key is not found but the signature includes a key block we
|
|
|
|
* use that key block for verification and on success import it. */
|
2020-03-13 17:14:34 +01:00
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
2020-03-14 18:04:47 +01:00
|
|
|
&& sig->flags.key_block
|
|
|
|
&& opt.flags.auto_key_import)
|
2020-03-13 17:14:34 +01:00
|
|
|
{
|
|
|
|
PKT_public_key *included_pk;
|
|
|
|
const byte *kblock;
|
|
|
|
size_t kblock_len;
|
|
|
|
|
|
|
|
included_pk = xcalloc (1, sizeof *included_pk);
|
|
|
|
kblock = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_BLOCK, &kblock_len);
|
|
|
|
if (kblock && kblock_len > 1
|
|
|
|
&& !get_pubkey_from_buffer (c->ctrl, included_pk,
|
|
|
|
kblock+1, kblock_len-1,
|
|
|
|
sig->keyid, &included_keyblock))
|
|
|
|
{
|
|
|
|
rc = do_check_sig (c, node, extrahash, extrahashlen, included_pk,
|
|
|
|
NULL, &is_expkey, &is_revkey, &pk);
|
2020-06-08 20:13:25 +02:00
|
|
|
if (opt.verbose)
|
|
|
|
log_debug ("checked signature using included key block: %s\n",
|
|
|
|
gpg_strerror (rc));
|
2020-03-13 17:14:34 +01:00
|
|
|
if (!rc)
|
|
|
|
{
|
|
|
|
/* The keyblock has been verified, we now import it. */
|
|
|
|
rc = import_included_key_block (c->ctrl, included_keyblock);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
free_public_key (included_pk);
|
|
|
|
}
|
|
|
|
|
2019-07-05 09:31:58 +02:00
|
|
|
/* If the key isn't found, check for a preferred keyserver. Note
|
|
|
|
* that this is only done if honor-keyserver-url has been set. We
|
|
|
|
* test for this in the loop so that we can show info about the
|
|
|
|
* preferred keyservers. */
|
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
|
|
|
&& sig->flags.pref_ks)
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
|
|
|
const byte *p;
|
|
|
|
int seq = 0;
|
|
|
|
size_t n;
|
2019-07-05 09:31:58 +02:00
|
|
|
int any_pref_ks = 0;
|
2003-09-23 17:48:33 +00:00
|
|
|
|
2019-09-05 20:36:38 +02:00
|
|
|
while ((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &n, &seq, NULL)))
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
|
|
|
/* According to my favorite copy editor, in English grammar,
|
|
|
|
you say "at" if the key is located on a web page, but
|
|
|
|
"from" if it is located on a keyserver. I'm not going to
|
|
|
|
even try to make two strings here :) */
|
|
|
|
log_info(_("Key available at: ") );
|
|
|
|
print_utf8_buffer (log_get_stream(), p, n);
|
|
|
|
log_printf ("\n");
|
2019-07-05 09:31:58 +02:00
|
|
|
any_pref_ks = 1;
|
2014-05-07 14:08:16 +02:00
|
|
|
|
2019-07-05 09:31:58 +02:00
|
|
|
if ((opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
|
|
|
&& (opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL))
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
|
|
|
struct keyserver_spec *spec;
|
2003-09-23 17:48:33 +00:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
spec = parse_preferred_keyserver (sig);
|
|
|
|
if (spec)
|
|
|
|
{
|
|
|
|
int res;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2019-07-05 09:31:58 +02:00
|
|
|
if (DBG_LOOKUP)
|
|
|
|
log_debug ("trying auto-key-retrieve method %s\n",
|
|
|
|
"Pref-KS");
|
|
|
|
|
2016-09-01 16:00:06 +02:00
|
|
|
free_public_key (pk);
|
|
|
|
pk = NULL;
|
2014-05-07 14:08:16 +02:00
|
|
|
glo_ctrl.in_auto_key_retrieve++;
|
2021-04-16 20:21:23 +02:00
|
|
|
res = keyserver_import_keyid (c->ctrl, sig->keyid,spec,
|
|
|
|
KEYSERVER_IMPORT_FLAG_QUICK);
|
2014-05-07 14:08:16 +02:00
|
|
|
glo_ctrl.in_auto_key_retrieve--;
|
|
|
|
if (!res)
|
2020-03-13 17:14:34 +01:00
|
|
|
rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
|
2019-03-14 11:20:07 +01:00
|
|
|
NULL, &is_expkey, &is_revkey, &pk);
|
2019-07-05 09:31:58 +02:00
|
|
|
else if (DBG_LOOKUP)
|
|
|
|
log_debug ("lookup via %s failed: %s\n", "Pref-KS",
|
|
|
|
gpg_strerror (res));
|
2014-05-07 14:08:16 +02:00
|
|
|
free_keyserver_spec (spec);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
if (!rc)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2019-07-05 09:31:58 +02:00
|
|
|
|
|
|
|
if (any_pref_ks
|
|
|
|
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
|
|
|
&& !(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL))
|
|
|
|
log_info (_("Note: Use '%s' to make use of this info\n"),
|
|
|
|
"--keyserver-option honor-keyserver-url");
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If the above methods didn't work, our next try is to retrieve the
|
|
|
|
* key from the WKD. This requires that WKD is in the AKL and the
|
|
|
|
* Signer's UID is in the signature. */
|
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
|
|
|
&& (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
|
|
|
|
&& !opt.flags.disable_signer_uid
|
|
|
|
&& akl_has_wkd_method ()
|
|
|
|
&& sig->signers_uid)
|
|
|
|
{
|
|
|
|
int res;
|
|
|
|
|
|
|
|
if (DBG_LOOKUP)
|
|
|
|
log_debug ("trying auto-key-retrieve method %s\n", "WKD");
|
|
|
|
free_public_key (pk);
|
|
|
|
pk = NULL;
|
|
|
|
glo_ctrl.in_auto_key_retrieve++;
|
2021-04-16 20:21:23 +02:00
|
|
|
res = keyserver_import_wkd (c->ctrl, sig->signers_uid,
|
|
|
|
KEYSERVER_IMPORT_FLAG_QUICK, NULL, NULL);
|
2019-07-05 09:31:58 +02:00
|
|
|
glo_ctrl.in_auto_key_retrieve--;
|
|
|
|
/* Fixme: If the fingerprint is embedded in the signature,
|
|
|
|
* compare it to the fingerprint of the returned key. */
|
|
|
|
if (!res)
|
2020-03-13 17:14:34 +01:00
|
|
|
rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
|
2019-07-05 09:31:58 +02:00
|
|
|
NULL, &is_expkey, &is_revkey, &pk);
|
|
|
|
else if (DBG_LOOKUP)
|
|
|
|
log_debug ("lookup via %s failed: %s\n", "WKD", gpg_strerror (res));
|
2014-05-07 14:08:16 +02:00
|
|
|
}
|
2003-09-23 17:48:33 +00:00
|
|
|
|
2016-10-27 08:44:19 +02:00
|
|
|
/* If the above methods didn't work, our next try is to locate
|
2016-06-13 10:40:34 +02:00
|
|
|
* the key via its fingerprint from a keyserver. This requires
|
2019-07-05 09:31:58 +02:00
|
|
|
* that the signers fingerprint is encoded in the signature. */
|
2016-06-20 23:58:16 +02:00
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
|
|
|
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
|
|
|
&& keyserver_any_configured (c->ctrl))
|
|
|
|
{
|
|
|
|
int res;
|
|
|
|
const byte *p;
|
|
|
|
size_t n;
|
|
|
|
|
2018-04-12 16:41:05 +02:00
|
|
|
p = issuer_fpr_raw (sig, &n);
|
|
|
|
if (p)
|
2016-06-20 23:58:16 +02:00
|
|
|
{
|
2019-07-05 09:31:58 +02:00
|
|
|
if (DBG_LOOKUP)
|
|
|
|
log_debug ("trying auto-key-retrieve method %s\n", "KS");
|
|
|
|
|
2019-03-14 11:20:07 +01:00
|
|
|
/* v4 or v5 packet with a SHA-1/256 fingerprint. */
|
2016-09-01 16:00:06 +02:00
|
|
|
free_public_key (pk);
|
|
|
|
pk = NULL;
|
2016-06-20 23:58:16 +02:00
|
|
|
glo_ctrl.in_auto_key_retrieve++;
|
2024-06-04 15:25:51 +02:00
|
|
|
res = keyserver_import_fpr (c->ctrl, p, n, opt.keyserver,
|
|
|
|
KEYSERVER_IMPORT_FLAG_QUICK);
|
2016-06-20 23:58:16 +02:00
|
|
|
glo_ctrl.in_auto_key_retrieve--;
|
|
|
|
if (!res)
|
2020-03-13 17:14:34 +01:00
|
|
|
rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
|
2019-03-14 11:20:07 +01:00
|
|
|
NULL, &is_expkey, &is_revkey, &pk);
|
2019-07-05 09:31:58 +02:00
|
|
|
else if (DBG_LOOKUP)
|
|
|
|
log_debug ("lookup via %s failed: %s\n", "KS", gpg_strerror (res));
|
2016-06-20 23:58:16 +02:00
|
|
|
}
|
|
|
|
}
|
2016-06-13 10:40:34 +02:00
|
|
|
|
2024-06-24 16:31:24 +02:00
|
|
|
/* Do something with the result of the signature checking. */
|
2014-05-07 14:08:16 +02:00
|
|
|
if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
|
|
|
|
{
|
2020-06-08 20:13:25 +02:00
|
|
|
/* We have checked the signature and the result is either a good
|
|
|
|
* signature or a bad signature. Further examination follows. */
|
2014-05-07 14:08:16 +02:00
|
|
|
kbnode_t un, keyblock;
|
|
|
|
int count = 0;
|
2020-06-08 20:13:25 +02:00
|
|
|
int keyblock_has_pk = 0; /* For failsafe check. */
|
2014-05-07 14:08:16 +02:00
|
|
|
int statno;
|
|
|
|
char keyid_str[50];
|
2016-09-01 16:00:06 +02:00
|
|
|
PKT_public_key *mainpk = NULL;
|
2014-05-07 14:08:16 +02:00
|
|
|
|
|
|
|
if (rc)
|
|
|
|
statno = STATUS_BADSIG;
|
|
|
|
else if (sig->flags.expired)
|
|
|
|
statno = STATUS_EXPSIG;
|
|
|
|
else if (is_expkey)
|
|
|
|
statno = STATUS_EXPKEYSIG;
|
|
|
|
else if(is_revkey)
|
|
|
|
statno = STATUS_REVKEYSIG;
|
|
|
|
else
|
|
|
|
statno = STATUS_GOODSIG;
|
|
|
|
|
2016-09-01 16:00:06 +02:00
|
|
|
/* FIXME: We should have the public key in PK and thus the
|
2017-05-29 15:23:36 +02:00
|
|
|
* keyblock has already been fetched. Thus we could use the
|
2016-09-01 16:00:06 +02:00
|
|
|
* fingerprint or PK itself to lookup the entire keyblock. That
|
|
|
|
* would best be done with a cache. */
|
2020-03-13 17:14:34 +01:00
|
|
|
if (included_keyblock)
|
|
|
|
{
|
|
|
|
keyblock = included_keyblock;
|
|
|
|
included_keyblock = NULL;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
keyblock = get_pubkeyblock_for_sig (c->ctrl, sig);
|
2014-05-07 14:08:16 +02:00
|
|
|
|
|
|
|
snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
|
|
|
|
(ulong)sig->keyid[0], (ulong)sig->keyid[1]);
|
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* Find and print the primary user ID along with the
|
|
|
|
"Good|Expired|Bad signature" line. */
|
2014-05-07 14:08:16 +02:00
|
|
|
for (un=keyblock; un; un = un->next)
|
|
|
|
{
|
|
|
|
int valid;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2020-06-08 20:13:25 +02:00
|
|
|
if (!keyblock_has_pk
|
|
|
|
&& (un->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|| un->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
|
|
|
&& !cmp_public_keys (un->pkt->pkt.public_key, pk))
|
|
|
|
{
|
|
|
|
keyblock_has_pk = 1;
|
|
|
|
}
|
|
|
|
if (un->pkt->pkttype == PKT_PUBLIC_KEY)
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
2016-09-01 16:00:06 +02:00
|
|
|
mainpk = un->pkt->pkt.public_key;
|
2014-05-07 14:08:16 +02:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (un->pkt->pkttype != PKT_USER_ID)
|
|
|
|
continue;
|
|
|
|
if (!un->pkt->pkt.user_id->created)
|
|
|
|
continue;
|
2017-03-08 11:01:22 +01:00
|
|
|
if (un->pkt->pkt.user_id->flags.revoked)
|
2014-05-07 14:08:16 +02:00
|
|
|
continue;
|
2017-03-08 11:01:22 +01:00
|
|
|
if (un->pkt->pkt.user_id->flags.expired)
|
2014-05-07 14:08:16 +02:00
|
|
|
continue;
|
2017-03-08 11:01:22 +01:00
|
|
|
if (!un->pkt->pkt.user_id->flags.primary)
|
2014-05-07 14:08:16 +02:00
|
|
|
continue;
|
|
|
|
/* We want the textual primary user ID here */
|
|
|
|
if (un->pkt->pkt.user_id->attrib_data)
|
|
|
|
continue;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2016-09-01 16:00:06 +02:00
|
|
|
log_assert (mainpk);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
/* Since this is just informational, don't actually ask the
|
|
|
|
user to update any trust information. (Note: we register
|
2015-10-26 20:36:16 +01:00
|
|
|
the signature later.) Because print_good_bad_signature
|
|
|
|
does not print a LF we need to compute the validity
|
|
|
|
before calling that function. */
|
|
|
|
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
|
2016-11-23 12:29:22 +01:00
|
|
|
valid = get_validity (c->ctrl, keyblock, mainpk,
|
|
|
|
un->pkt->pkt.user_id, NULL, 0);
|
2015-10-26 20:36:16 +01:00
|
|
|
else
|
|
|
|
valid = 0; /* Not used. */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-05-07 14:36:34 +02:00
|
|
|
print_good_bad_signature (statno, keyid_str, un, sig, rc);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-05-07 14:36:34 +02:00
|
|
|
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
|
2014-05-07 14:08:16 +02:00
|
|
|
log_printf (" [%s]\n",trust_value_to_string(valid));
|
|
|
|
else
|
|
|
|
log_printf ("\n");
|
2014-05-07 15:05:34 +02:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
count++;
|
2020-06-08 20:13:25 +02:00
|
|
|
/* At this point we could in theory stop because the primary
|
|
|
|
* UID flag is never set for more than one User ID per
|
|
|
|
* keyblock. However, we use this loop also for a failsafe
|
|
|
|
* check that the public key used to create the signature is
|
|
|
|
* contained in the keyring.*/
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2016-09-01 16:00:06 +02:00
|
|
|
log_assert (mainpk);
|
2020-06-08 20:13:25 +02:00
|
|
|
if (!keyblock_has_pk)
|
|
|
|
{
|
|
|
|
log_error ("signature key lost from keyblock\n");
|
|
|
|
rc = gpg_error (GPG_ERR_INTERNAL);
|
|
|
|
}
|
2016-09-01 16:00:06 +02:00
|
|
|
|
2017-02-20 16:19:50 -05:00
|
|
|
/* In case we did not found a valid textual userid above
|
2015-10-26 20:36:16 +01:00
|
|
|
we print the first user id packet or a "[?]" instead along
|
|
|
|
with the "Good|Expired|Bad signature" line. */
|
|
|
|
if (!count)
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
|
|
|
/* Try for an invalid textual userid */
|
|
|
|
for (un=keyblock; un; un = un->next)
|
|
|
|
{
|
|
|
|
if (un->pkt->pkttype == PKT_USER_ID
|
|
|
|
&& !un->pkt->pkt.user_id->attrib_data)
|
|
|
|
break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
/* Try for any userid at all */
|
|
|
|
if (!un)
|
|
|
|
{
|
|
|
|
for (un=keyblock; un; un = un->next)
|
|
|
|
{
|
|
|
|
if (un->pkt->pkttype == PKT_USER_ID)
|
|
|
|
break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
if (opt.trust_model==TM_ALWAYS || !un)
|
|
|
|
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-05-07 14:36:34 +02:00
|
|
|
print_good_bad_signature (statno, keyid_str, un, sig, rc);
|
2014-05-07 14:08:16 +02:00
|
|
|
|
|
|
|
if (opt.trust_model != TM_ALWAYS && un)
|
|
|
|
log_printf (" %s",_("[uncertain]") );
|
|
|
|
log_printf ("\n");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
/* If we have a good signature and already printed
|
|
|
|
* the primary user ID, print all the other user IDs */
|
|
|
|
if (count
|
|
|
|
&& !rc
|
|
|
|
&& !(opt.verify_options & VERIFY_SHOW_PRIMARY_UID_ONLY))
|
|
|
|
{
|
|
|
|
char *p;
|
|
|
|
for( un=keyblock; un; un = un->next)
|
|
|
|
{
|
|
|
|
if (un->pkt->pkttype != PKT_USER_ID)
|
|
|
|
continue;
|
2017-03-08 11:01:22 +01:00
|
|
|
if ((un->pkt->pkt.user_id->flags.revoked
|
|
|
|
|| un->pkt->pkt.user_id->flags.expired)
|
2014-05-07 14:08:16 +02:00
|
|
|
&& !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
|
|
|
|
continue;
|
2015-10-26 20:36:16 +01:00
|
|
|
/* Skip textual primary user ids which we printed above. */
|
2017-03-08 11:01:22 +01:00
|
|
|
if (un->pkt->pkt.user_id->flags.primary
|
2014-05-07 14:08:16 +02:00
|
|
|
&& !un->pkt->pkt.user_id->attrib_data )
|
|
|
|
continue;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* If this user id has attribute data, print that. */
|
2014-05-07 14:08:16 +02:00
|
|
|
if (un->pkt->pkt.user_id->attrib_data)
|
|
|
|
{
|
2016-09-01 16:00:06 +02:00
|
|
|
dump_attribs (un->pkt->pkt.user_id, mainpk);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
if (opt.verify_options&VERIFY_SHOW_PHOTOS)
|
2016-05-21 11:41:49 +02:00
|
|
|
show_photos (c->ctrl,
|
|
|
|
un->pkt->pkt.user_id->attribs,
|
2014-05-07 14:08:16 +02:00
|
|
|
un->pkt->pkt.user_id->numattribs,
|
2016-09-01 16:00:06 +02:00
|
|
|
mainpk ,un->pkt->pkt.user_id);
|
2014-05-07 14:08:16 +02:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2014-05-07 14:08:16 +02:00
|
|
|
p = utf8_to_native (un->pkt->pkt.user_id->name,
|
|
|
|
un->pkt->pkt.user_id->len, 0);
|
|
|
|
log_info (_(" aka \"%s\""), p);
|
|
|
|
xfree (p);
|
|
|
|
|
|
|
|
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
|
|
|
|
{
|
|
|
|
const char *valid;
|
|
|
|
|
2017-03-08 11:01:22 +01:00
|
|
|
if (un->pkt->pkt.user_id->flags.revoked)
|
2014-05-07 14:08:16 +02:00
|
|
|
valid = _("revoked");
|
2017-03-08 11:01:22 +01:00
|
|
|
else if (un->pkt->pkt.user_id->flags.expired)
|
2014-05-07 14:08:16 +02:00
|
|
|
valid = _("expired");
|
|
|
|
else
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
/* Since this is just informational, don't
|
|
|
|
actually ask the user to update any trust
|
|
|
|
information. */
|
2014-05-07 14:08:16 +02:00
|
|
|
valid = (trust_value_to_string
|
2016-11-23 12:29:22 +01:00
|
|
|
(get_validity (c->ctrl, keyblock, mainpk,
|
2016-09-15 12:19:29 +02:00
|
|
|
un->pkt->pkt.user_id, NULL, 0)));
|
2014-05-07 14:08:16 +02:00
|
|
|
log_printf (" [%s]\n",valid);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
log_printf ("\n");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* For good signatures print notation data. */
|
2014-05-07 14:08:16 +02:00
|
|
|
if (!rc)
|
|
|
|
{
|
|
|
|
if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
|
|
|
|
show_policy_url (sig, 0, 1);
|
|
|
|
else
|
|
|
|
show_policy_url (sig, 0, 2);
|
|
|
|
|
|
|
|
if ((opt.verify_options & VERIFY_SHOW_KEYSERVER_URLS))
|
|
|
|
show_keyserver_url (sig, 0, 1);
|
|
|
|
else
|
|
|
|
show_keyserver_url (sig, 0, 2);
|
|
|
|
|
|
|
|
if ((opt.verify_options & VERIFY_SHOW_NOTATIONS))
|
|
|
|
show_notation
|
|
|
|
(sig, 0, 1,
|
|
|
|
(((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)
|
|
|
|
+ ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0)));
|
|
|
|
else
|
|
|
|
show_notation (sig, 0, 2, 0);
|
|
|
|
}
|
2003-09-23 17:48:33 +00:00
|
|
|
|
2024-02-10 14:24:50 +01:00
|
|
|
/* Fill PKSTRBUF with the algostring in case we later need it. */
|
|
|
|
if (pk)
|
|
|
|
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
|
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* For good signatures print the VALIDSIG status line. */
|
2024-02-10 14:24:50 +01:00
|
|
|
if (!rc && (is_status_enabled ()
|
|
|
|
|| opt.assert_signer_list
|
|
|
|
|| opt.assert_pubkey_algos) && pk)
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
2016-09-01 16:34:08 +02:00
|
|
|
char pkhex[MAX_FINGERPRINT_LEN*2+1];
|
|
|
|
char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
|
|
|
|
|
|
|
|
hexfingerprint (pk, pkhex, sizeof pkhex);
|
|
|
|
hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
|
|
|
|
|
|
|
|
/* TODO: Replace the reserved '0' in the field below with
|
|
|
|
bits for status flags (policy url, notation, etc.). */
|
|
|
|
write_status_printf (STATUS_VALIDSIG,
|
|
|
|
"%s %s %lu %lu %d 0 %d %d %02X %s",
|
|
|
|
pkhex,
|
|
|
|
strtimestamp (sig->timestamp),
|
|
|
|
(ulong)sig->timestamp,
|
|
|
|
(ulong)sig->expiredate,
|
|
|
|
sig->version, sig->pubkey_algo,
|
|
|
|
sig->digest_algo,
|
|
|
|
sig->sig_class,
|
|
|
|
mainpkhex);
|
2023-04-05 21:32:23 +02:00
|
|
|
/* Handle the --assert-signer option. */
|
|
|
|
check_assert_signer_list (mainpkhex, pkhex);
|
2024-02-10 14:24:50 +01:00
|
|
|
/* Handle the --assert-pubkey-algo option. */
|
|
|
|
check_assert_pubkey_algo (pkstrbuf, pkhex);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2017-07-27 16:22:36 +02:00
|
|
|
/* Print compliance warning for Good signatures. */
|
|
|
|
if (!rc && pk && !opt.quiet
|
2020-07-03 15:47:55 +02:00
|
|
|
&& !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo, 0,
|
2017-07-27 16:22:36 +02:00
|
|
|
pk->pkey, nbits_from_pk (pk), NULL))
|
|
|
|
{
|
|
|
|
log_info (_("WARNING: This key is not suitable for signing"
|
|
|
|
" in %s mode\n"),
|
|
|
|
gnupg_compliance_option_string (opt.compliance));
|
|
|
|
}
|
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* For good signatures compute and print the trust information.
|
|
|
|
Note that in the Tofu trust model this may ask the user on
|
|
|
|
how to resolve a conflict. */
|
2014-05-07 14:08:16 +02:00
|
|
|
if (!rc)
|
|
|
|
{
|
2020-06-08 20:13:25 +02:00
|
|
|
rc = check_signatures_trust (c->ctrl, keyblock, pk, sig);
|
2014-05-07 14:08:16 +02:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* Print extra information about the signature. */
|
2014-05-07 14:08:16 +02:00
|
|
|
if (sig->flags.expired)
|
|
|
|
{
|
|
|
|
log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
|
2020-06-08 20:13:25 +02:00
|
|
|
if (!rc)
|
|
|
|
rc = gpg_error (GPG_ERR_GENERAL); /* Need a better error here? */
|
2014-05-07 14:08:16 +02:00
|
|
|
}
|
|
|
|
else if (sig->expiredate)
|
|
|
|
log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
|
|
|
|
|
|
|
|
if (opt.verbose)
|
2016-09-01 16:00:06 +02:00
|
|
|
{
|
|
|
|
log_info (_("%s signature, digest algorithm %s%s%s\n"),
|
|
|
|
sig->sig_class==0x00?_("binary"):
|
|
|
|
sig->sig_class==0x01?_("textmode"):_("unknown"),
|
|
|
|
gcry_md_algo_name (sig->digest_algo),
|
|
|
|
*pkstrbuf?_(", key algorithm "):"", pkstrbuf);
|
|
|
|
}
|
2014-05-07 14:08:16 +02:00
|
|
|
|
2015-10-26 20:36:16 +01:00
|
|
|
/* Print final warnings. */
|
2014-11-13 17:39:31 +01:00
|
|
|
if (!rc && !c->signed_data.used)
|
|
|
|
{
|
|
|
|
/* Signature is basically good but we test whether the
|
|
|
|
deprecated command
|
|
|
|
gpg --verify FILE.sig
|
|
|
|
was used instead of
|
|
|
|
gpg --verify FILE.sig FILE
|
|
|
|
to verify a detached signature. If we figure out that a
|
|
|
|
data file with a matching name exists, we print a warning.
|
|
|
|
|
|
|
|
The problem is that the first form would also verify a
|
|
|
|
standard signature. This behavior could be used to
|
|
|
|
create a made up .sig file for a tarball by creating a
|
|
|
|
standard signature from a valid detached signature packet
|
|
|
|
(for example from a signed git tag). Then replace the
|
|
|
|
sig file on the FTP server along with a changed tarball.
|
|
|
|
Using the first form the verify command would correctly
|
|
|
|
verify the signature but don't even consider the tarball. */
|
|
|
|
kbnode_t n;
|
|
|
|
char *dfile;
|
|
|
|
|
|
|
|
dfile = get_matching_datafile (c->sigfilename);
|
|
|
|
if (dfile)
|
|
|
|
{
|
|
|
|
for (n = c->list; n; n = n->next)
|
|
|
|
if (n->pkt->pkttype != PKT_SIGNATURE)
|
|
|
|
break;
|
|
|
|
if (n)
|
|
|
|
{
|
|
|
|
/* Not only signature packets in the tree thus this
|
|
|
|
is not a detached signature. */
|
|
|
|
log_info (_("WARNING: not a detached signature; "
|
|
|
|
"file '%s' was NOT verified!\n"), dfile);
|
2023-04-05 21:32:23 +02:00
|
|
|
assert_signer_true = 0;
|
2014-11-13 17:39:31 +01:00
|
|
|
}
|
|
|
|
xfree (dfile);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-05-30 14:30:24 +02:00
|
|
|
/* Compute compliance with CO_DE_VS. */
|
2023-01-20 09:23:27 +01:00
|
|
|
if (pk
|
2021-01-28 15:48:08 +01:00
|
|
|
&& gnupg_gcrypt_is_compliant (CO_DE_VS)
|
2020-07-03 15:47:55 +02:00
|
|
|
&& gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
|
2017-05-30 14:30:24 +02:00
|
|
|
nbits_from_pk (pk), NULL)
|
|
|
|
&& gnupg_digest_is_compliant (CO_DE_VS, sig->digest_algo))
|
|
|
|
write_status_strings (STATUS_VERIFICATION_COMPLIANCE_MODE,
|
|
|
|
gnupg_status_compliance_flag (CO_DE_VS),
|
|
|
|
NULL);
|
2022-03-08 10:13:44 +01:00
|
|
|
else if (opt.flags.require_compliance
|
|
|
|
&& opt.compliance == CO_DE_VS)
|
|
|
|
{
|
|
|
|
log_error (_("operation forced to fail due to"
|
|
|
|
" unfulfilled compliance rules\n"));
|
|
|
|
if (!rc)
|
|
|
|
rc = gpg_error (GPG_ERR_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
2017-05-30 14:30:24 +02:00
|
|
|
|
2016-11-14 17:33:18 +01:00
|
|
|
free_public_key (pk);
|
|
|
|
pk = NULL;
|
2016-09-01 16:00:06 +02:00
|
|
|
release_kbnode( keyblock );
|
2014-05-07 14:08:16 +02:00
|
|
|
if (rc)
|
|
|
|
g10_errors_seen = 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2020-06-08 20:13:25 +02:00
|
|
|
else /* Error checking the signature. (neither Good nor Bad). */
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
2018-04-12 16:41:05 +02:00
|
|
|
write_status_printf (STATUS_ERRSIG, "%08lX%08lX %d %d %02x %lu %d %s",
|
|
|
|
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
|
|
|
|
sig->pubkey_algo, sig->digest_algo,
|
|
|
|
sig->sig_class, (ulong)sig->timestamp,
|
|
|
|
gpg_err_code (rc),
|
|
|
|
issuer_fpr? issuer_fpr:"-");
|
2015-01-22 12:06:11 +01:00
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
|
2014-05-07 14:08:16 +02:00
|
|
|
{
|
2018-04-12 16:41:05 +02:00
|
|
|
write_status_printf (STATUS_NO_PUBKEY, "%08lX%08lX",
|
|
|
|
(ulong)sig->keyid[0], (ulong)sig->keyid[1]);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2015-01-22 12:06:11 +01:00
|
|
|
if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
|
|
|
|
log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-05-07 14:08:16 +02:00
|
|
|
|
2018-04-13 16:42:34 +09:00
|
|
|
free_public_key (pk);
|
2020-03-13 17:14:34 +01:00
|
|
|
release_kbnode (included_keyblock);
|
2018-04-12 16:41:05 +02:00
|
|
|
xfree (issuer_fpr);
|
2014-05-07 14:08:16 +02:00
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
/*
|
2003-06-05 07:14:21 +00:00
|
|
|
* Process the tree which starts at node
|
|
|
|
*/
|
|
|
|
static void
|
2014-11-13 13:00:46 +01:00
|
|
|
proc_tree (CTX c, kbnode_t node)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-11-13 13:00:46 +01:00
|
|
|
kbnode_t n1;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (opt.list_packets || opt.list_only)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* We must skip our special plaintext marker packets here because
|
|
|
|
they may be the root packet. These packets are only used in
|
2016-10-27 14:58:01 +02:00
|
|
|
additional checks and skipping them here doesn't matter. */
|
2014-11-13 13:00:46 +01:00
|
|
|
while (node
|
|
|
|
&& node->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
|
|
|
|
{
|
|
|
|
node = node->next;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
if (!node)
|
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
c->trustletter = ' ';
|
|
|
|
if (node->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
merge_keys_and_selfsig (c->ctrl, node);
|
2014-11-13 13:00:46 +01:00
|
|
|
list_node (c, node);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (node->pkt->pkttype == PKT_SECRET_KEY)
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
merge_keys_and_selfsig (c->ctrl, node);
|
2014-11-13 13:00:46 +01:00
|
|
|
list_node (c, node);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (node->pkt->pkttype == PKT_ONEPASS_SIG)
|
|
|
|
{
|
|
|
|
/* Check all signatures. */
|
|
|
|
if (!c->any.data)
|
|
|
|
{
|
|
|
|
int use_textmode = 0;
|
|
|
|
|
|
|
|
free_md_filter_context (&c->mfx);
|
|
|
|
/* Prepare to create all requested message digests. */
|
2014-11-28 12:20:42 +01:00
|
|
|
rc = gcry_md_open (&c->mfx.md, 0, 0);
|
|
|
|
if (rc)
|
|
|
|
goto hash_err;
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
/* Fixme: why looking for the signature packet and not the
|
|
|
|
one-pass packet? */
|
|
|
|
for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
|
|
|
|
gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo);
|
|
|
|
|
|
|
|
if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
|
|
|
|
use_textmode = 1;
|
|
|
|
|
|
|
|
/* Ask for file and hash it. */
|
|
|
|
if (c->sigs_only)
|
|
|
|
{
|
2023-07-05 10:21:23 +09:00
|
|
|
if (c->signed_data.used
|
|
|
|
&& c->signed_data.data_fd != GNUPG_INVALID_FD)
|
2014-11-13 13:00:46 +01:00
|
|
|
rc = hash_datafile_by_fd (c->mfx.md, NULL,
|
|
|
|
c->signed_data.data_fd,
|
|
|
|
use_textmode);
|
|
|
|
else
|
|
|
|
rc = hash_datafiles (c->mfx.md, NULL,
|
|
|
|
c->signed_data.data_names,
|
|
|
|
c->sigfilename,
|
|
|
|
use_textmode);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
{
|
2022-02-25 11:55:07 +09:00
|
|
|
rc = ask_for_detached_datafile (c->mfx.md, NULL,
|
2014-11-13 13:00:46 +01:00
|
|
|
iobuf_get_real_fname (c->iobuf),
|
|
|
|
use_textmode);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2014-11-28 12:20:42 +01:00
|
|
|
hash_err:
|
2014-11-13 13:00:46 +01:00
|
|
|
if (rc)
|
|
|
|
{
|
2015-01-22 12:06:11 +01:00
|
|
|
log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
|
2014-11-13 13:00:46 +01:00
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (c->signed_data.used)
|
|
|
|
{
|
|
|
|
log_error (_("not a detached signature\n"));
|
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
|
2024-08-23 11:27:58 +02:00
|
|
|
if (check_sig_and_print (c, n1) && opt.batch
|
|
|
|
&& !opt.flags.proc_all_sigs)
|
2023-06-01 11:58:53 +09:00
|
|
|
break;
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (node->pkt->pkttype == PKT_GPG_CONTROL
|
|
|
|
&& node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
|
|
|
|
{
|
|
|
|
/* Clear text signed message. */
|
|
|
|
if (!c->any.data)
|
|
|
|
{
|
|
|
|
log_error ("cleartext signature without data\n");
|
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (c->signed_data.used)
|
|
|
|
{
|
|
|
|
log_error (_("not a detached signature\n"));
|
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
|
2024-08-23 11:27:58 +02:00
|
|
|
if (check_sig_and_print (c, n1) && opt.batch
|
|
|
|
&& !opt.flags.proc_all_sigs)
|
2023-06-01 11:58:53 +09:00
|
|
|
break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (node->pkt->pkttype == PKT_SIGNATURE)
|
|
|
|
{
|
|
|
|
PKT_signature *sig = node->pkt->pkt.signature;
|
|
|
|
int multiple_ok = 1;
|
|
|
|
|
|
|
|
n1 = find_next_kbnode (node, PKT_SIGNATURE);
|
|
|
|
if (n1)
|
|
|
|
{
|
|
|
|
byte class = sig->sig_class;
|
|
|
|
byte hash = sig->digest_algo;
|
|
|
|
|
|
|
|
for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
|
|
|
|
{
|
|
|
|
/* We can't currently handle multiple signatures of
|
2016-10-27 19:51:56 +02:00
|
|
|
* different classes (we'd pretty much have to run a
|
|
|
|
* different hash context for each), but if they are all
|
|
|
|
* the same and it is detached signature, we make an
|
|
|
|
* exception. Note that the old code also disallowed
|
|
|
|
* multiple signatures if the digest algorithms are
|
|
|
|
* different. We softened this restriction only for
|
|
|
|
* detached signatures, to be on the safe side. */
|
2014-11-13 13:00:46 +01:00
|
|
|
if (n1->pkt->pkt.signature->sig_class != class
|
2016-10-27 19:51:56 +02:00
|
|
|
|| (c->any.data
|
|
|
|
&& n1->pkt->pkt.signature->digest_algo != hash))
|
2014-11-13 13:00:46 +01:00
|
|
|
{
|
|
|
|
multiple_ok = 0;
|
|
|
|
log_info (_("WARNING: multiple signatures detected. "
|
|
|
|
"Only the first will be checked.\n"));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sig->sig_class != 0x00 && sig->sig_class != 0x01)
|
|
|
|
{
|
|
|
|
log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class);
|
|
|
|
}
|
|
|
|
else if (!c->any.data)
|
|
|
|
{
|
|
|
|
/* Detached signature */
|
|
|
|
free_md_filter_context (&c->mfx);
|
2014-11-28 12:20:42 +01:00
|
|
|
rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0);
|
|
|
|
if (rc)
|
|
|
|
goto detached_hash_err;
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2016-10-27 19:51:56 +02:00
|
|
|
if (multiple_ok)
|
|
|
|
{
|
|
|
|
/* If we have and want to handle multiple signatures we
|
|
|
|
* need to enable all hash algorithms for the context. */
|
|
|
|
for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE)); )
|
|
|
|
if (!openpgp_md_test_algo (n1->pkt->pkt.signature->digest_algo))
|
|
|
|
gcry_md_enable (c->mfx.md,
|
|
|
|
map_md_openpgp_to_gcry
|
|
|
|
(n1->pkt->pkt.signature->digest_algo));
|
|
|
|
}
|
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
if (RFC2440 || RFC4880)
|
|
|
|
; /* Strict RFC mode. */
|
|
|
|
else if (sig->digest_algo == DIGEST_ALGO_SHA1
|
|
|
|
&& sig->pubkey_algo == PUBKEY_ALGO_DSA
|
|
|
|
&& sig->sig_class == 0x01)
|
|
|
|
{
|
|
|
|
/* Enable a workaround for a pgp5 bug when the detached
|
2016-10-27 19:51:56 +02:00
|
|
|
* signature has been created in textmode. Note that we
|
|
|
|
* do not implement this for multiple signatures with
|
|
|
|
* different hash algorithms. */
|
2014-11-28 12:20:42 +01:00
|
|
|
rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
|
|
|
|
if (rc)
|
|
|
|
goto detached_hash_err;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-08-12 10:36:30 +02:00
|
|
|
|
2014-11-13 13:00:46 +01:00
|
|
|
/* Here we used to have another hack to work around a pgp
|
|
|
|
* 2 bug: It worked by not using the textmode for detached
|
|
|
|
* signatures; this would let the first signature check
|
|
|
|
* (on md) fail but the second one (on md2), which adds an
|
|
|
|
* extra CR would then have produced the "correct" hash.
|
|
|
|
* This is very, very ugly hack but it may haved help in
|
|
|
|
* some cases (and break others).
|
|
|
|
* c->mfx.md2? 0 :(sig->sig_class == 0x01)
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (DBG_HASHING)
|
|
|
|
{
|
|
|
|
gcry_md_debug (c->mfx.md, "verify");
|
|
|
|
if (c->mfx.md2)
|
|
|
|
gcry_md_debug (c->mfx.md2, "verify2");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
|
|
|
if (c->sigs_only)
|
|
|
|
{
|
2023-07-05 10:21:23 +09:00
|
|
|
if (c->signed_data.used
|
|
|
|
&& c->signed_data.data_fd != GNUPG_INVALID_FD)
|
2014-11-13 13:00:46 +01:00
|
|
|
rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
|
|
|
|
c->signed_data.data_fd,
|
|
|
|
(sig->sig_class == 0x01));
|
|
|
|
else
|
|
|
|
rc = hash_datafiles (c->mfx.md, c->mfx.md2,
|
|
|
|
c->signed_data.data_names,
|
|
|
|
c->sigfilename,
|
|
|
|
(sig->sig_class == 0x01));
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
|
|
|
|
iobuf_get_real_fname(c->iobuf),
|
|
|
|
(sig->sig_class == 0x01));
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
|
2014-11-28 12:20:42 +01:00
|
|
|
detached_hash_err:
|
2014-11-13 13:00:46 +01:00
|
|
|
if (rc)
|
|
|
|
{
|
2015-01-22 12:06:11 +01:00
|
|
|
log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
|
2014-11-13 13:00:46 +01:00
|
|
|
return;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else if (c->signed_data.used)
|
|
|
|
{
|
|
|
|
log_error (_("not a detached signature\n"));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
else if (!opt.quiet)
|
|
|
|
log_info (_("old style (PGP 2.x) signature\n"));
|
|
|
|
|
|
|
|
if (multiple_ok)
|
|
|
|
{
|
|
|
|
for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
|
2024-08-23 11:27:58 +02:00
|
|
|
if (check_sig_and_print (c, n1) && opt.batch
|
|
|
|
&& !opt.flags.proc_all_sigs)
|
2023-06-01 11:58:53 +09:00
|
|
|
break;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
check_sig_and_print (c, node);
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2014-11-13 13:00:46 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
dump_kbnode (c->list);
|
|
|
|
log_error ("invalid root packet detected in proc_tree()\n");
|
|
|
|
dump_kbnode (node);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|