More stuff for the audit-log.

2025-07-03 22:56:33 +02:00 · 2009-12-02 18:33:59 +00:00 · 2009-12-02 18:33:59 +00:00 · 9e83404751
commit 9e83404751
parent e1172f00be
11 changed files with 406 additions and 62 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,16 @@
+2009-12-02  Werner Koch  <wk@g10code.com>
+
+	* verify.c (gpgsm_verify): Add audit info on hash algorithms.
+
+	* sign.c (gpgsm_sign): Add audit log calls.
+	(hash_data): Return an error indicator.
+
+2009-12-01  Werner Koch  <wk@g10code.com>
+
+	* decrypt.c (gpgsm_decrypt): Add audit log calls.
+
+	* gpgsm.c: New option --html-audit-log.
+
 2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

 	* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -253,6 +253,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)

  memset (&dfparm, 0, sizeof dfparm);

+  audit_set_type (ctrl->audit, AUDIT_TYPE_DECRYPT);
+
  kh = keydb_new (0);
  if (!kh)
    {
@ -296,6 +298,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
      goto leave;
    }

+  audit_log (ctrl->audit, AUDIT_SETUP_READY);
+
  /* Parser loop. */
  do 
    {
@ -313,6 +317,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
          const char *algoid;
          int any_key = 0;
          
+          audit_log (ctrl->audit, AUDIT_GOT_DATA);
+
          algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/);
          algo = gcry_cipher_map_name (algoid);
          mode = gcry_cipher_mode_from_oid (algoid);
@ -330,6 +336,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                sprintf (numbuf, "%d", rc);
                gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.algorithm",
                               numbuf, algoid?algoid:"?", NULL);
+                audit_log_s (ctrl->audit, AUDIT_BAD_DATA_CIPHER_ALGO, algoid);
              }

              /* If it seems that this is not an encrypted message we
@ -339,6 +346,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)

              goto leave;
            }
+
+          audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
          dfparm.algo = algo;
          dfparm.mode = mode;
          dfparm.blklen = gcry_cipher_get_algo_blklen (algo);
@ -369,6 +378,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
              rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
              if (rc == -1 && recp)
                break; /* no more recipients */
+              audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp);
              if (rc)
                log_error ("recp %d - error getting info: %s\n",
                           recp, gpg_strerror (rc));
@ -382,6 +392,13 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                  gpgsm_dump_serial (serial);
                  log_printf ("\n");

+                  if (ctrl->audit)
+                    {
+                      char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
+                      audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr);
+                      xfree (tmpstr);
+                    }
+
                  keydb_search_reset (kh);
                  rc = keydb_search_issuer_sn (kh, issuer, serial);
                  if (rc)
@ -415,6 +432,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                                   kidbuf, "0", "0", NULL);
                  }

+                  /* Put the certificate into the audit log.  */
+                  audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, 0);

                  /* Just in case there is a problem with the own
                     certificate we print this message - should never
@ -462,10 +481,41 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                                              decrypt_filter,
                                              &dfparm);
                    }
+                  audit_log_ok (ctrl->audit, AUDIT_RECP_RESULT, rc);
                }
              xfree (hexkeygrip);
              xfree (desc);
            }
+
+          /* If we write an audit log add the unused recipients to the
+             log as well.  */
+          if (ctrl->audit && any_key)
+            {
+              for (;; recp++)
+                {
+                  char *issuer;
+                  ksba_sexp_t serial;
+                  int tmp_rc;
+
+                  tmp_rc = ksba_cms_get_issuer_serial (cms, recp,
+                                                       &issuer, &serial);
+                  if (tmp_rc == -1)
+                    break; /* no more recipients */
+                  audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp);
+                  if (tmp_rc)
+                    log_error ("recp %d - error getting info: %s\n",
+                               recp, gpg_strerror (rc));
+                  else
+                    {
+                      char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
+                      audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr);
+                      xfree (tmpstr);
+                      xfree (issuer);
+                      xfree (serial);
+                    }
+                }
+            }
+
          if (!any_key)
            {
              rc = gpg_error (GPG_ERR_NO_SECKEY);
@ -488,7 +538,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                                      dfparm.lastblock, 
                                      dfparm.blklen - npadding);
              if (rc)
-                  goto leave;
+                goto leave;

              for (i=dfparm.blklen - npadding; i < dfparm.blklen; i++)
                {
@ -515,6 +565,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)


 leave:
+  audit_log_ok (ctrl->audit, AUDIT_DECRYPTION_RESULT, rc);
  if (rc)
    {
      gpgsm_status (ctrl, STATUS_DECRYPTION_FAILED, NULL);
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -99,6 +99,7 @@ enum cmd_and_opt_values {
  oLogFile,
  oNoLogFile,
  oAuditLog,
+  oHtmlAuditLog,

  oEnableSpecialFilenames,

@ -286,6 +287,7 @@ static ARGPARSE_OPTS opts[] = {

  ARGPARSE_s_s (oAuditLog, "audit-log", 
                N_("|FILE|write an audit log to FILE")),
+  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""),
  ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
  ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
  ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),
@ -851,6 +853,7 @@ main ( int argc, char **argv)
  int default_keyring = 1;
  char *logfile = NULL;
  char *auditlog = NULL;
+  char *htmlauditlog = NULL;
  int greeting = 0;
  int nogreeting = 0;
  int debug_wait = 0;
@ -866,6 +869,7 @@ main ( int argc, char **argv)
  int do_not_setup_keys = 0;
  int recp_required = 0;
  estream_t auditfp = NULL;
+  estream_t htmlauditfp = NULL;
  struct assuan_malloc_hooks malloc_hooks;

  /*mtrace();*/
@ -1182,6 +1186,7 @@ main ( int argc, char **argv)
        case oNoLogFile: logfile = NULL; break;          

        case oAuditLog: auditlog = pargs.r.ret_str; break;
+        case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break;

        case oBatch: 
          opt.batch = 1;
@ -1410,11 +1415,6 @@ main ( int argc, char **argv)
    }
 #  endif

-  if (auditlog)
-    log_info ("NOTE: The audit log feature (--audit-log) is "
-              "WORK IN PRORESS and not ready for use!\n");
-
-
  if (may_coredump && !opt.quiet)
    log_info (_("WARNING: program may create a core file!\n"));

@ -1546,7 +1546,7 @@ main ( int argc, char **argv)


  /* Prepare the audit log feature for certain commands.  */
-  if (auditlog)
+  if (auditlog || htmlauditlog)
    {
      switch (cmd)
        {
@ -1556,7 +1556,10 @@ main ( int argc, char **argv)
        case aVerify:
          audit_release (ctrl.audit);
          ctrl.audit = audit_new ();
-          auditfp = open_es_fwrite (auditlog);
+          if (auditlog)
+            auditfp = open_es_fwrite (auditlog);
+          if (htmlauditlog)
+            htmlauditfp = open_es_fwrite (htmlauditlog);
          break;
        default:
          break;
@ -1914,12 +1917,16 @@ main ( int argc, char **argv)
    }

  /* Print the audit result if needed.  */
-  if (auditlog && auditfp)
+  if ((auditlog && auditfp) || (htmlauditlog && htmlauditfp))
    {
-      audit_print_result (ctrl.audit, auditfp, 0);
+      if (auditlog && auditfp)
+        audit_print_result (ctrl.audit, auditfp, 0);
+      if (htmlauditlog && htmlauditfp)
+        audit_print_result (ctrl.audit, htmlauditfp, 1);
      audit_release (ctrl.audit);
      ctrl.audit = NULL;
      es_fclose (auditfp);
+      es_fclose (htmlauditfp);
    }
  
  /* cleanup */
--- a/sm/sign.c
+++ b/sm/sign.c
@ -34,18 +34,20 @@
 #include "i18n.h"


-static void
+/* Hash the data and return if something was hashed.  Return -1 on error.  */
+static int
 hash_data (int fd, gcry_md_hd_t md)
 {
  FILE *fp;
  char buffer[4096];
  int nread;
+  int rc = 0;

  fp = fdopen ( dup (fd), "rb");
  if (!fp)
    {
      log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
-      return;
+      return -1;
    }

  do 
@ -55,8 +57,12 @@ hash_data (int fd, gcry_md_hd_t md)
    }
  while (nread);
  if (ferror (fp))
+    {
      log_error ("read error on fd %d: %s\n", fd, strerror (errno));
+      rc = -1;
+    }
  fclose (fp);
+  return rc;
 }

 static int
@ -321,6 +327,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
  certlist_t cl;
  int release_signerlist = 0;

+  audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN);
+
  kh = keydb_new (0);
  if (!kh)
    {
@ -539,8 +547,11 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
          goto leave;
        }
      gcry_md_enable (data_md, algo);
+      audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
    }

+  audit_log (ctrl->audit, AUDIT_SETUP_READY);
+
  if (detached)
    { /* We hash the data right now so that we can store the message
         digest.  ksba_cms_build() takes this as an flag that detached
@ -548,7 +559,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
      unsigned char *digest;
      size_t digest_len;

-      hash_data (data_fd, data_md);
+      if (!hash_data (data_fd, data_md))
+        audit_log (ctrl->audit, AUDIT_GOT_DATA);
      for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
        {
          digest = gcry_md_read (data_md, cl->hash_algo);
@ -623,6 +635,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
          rc = hash_and_copy_data (data_fd, data_md, writer);
          if (rc)
            goto leave;
+          audit_log (ctrl->audit, AUDIT_GOT_DATA);
          for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
            {
              digest = gcry_md_read (data_md, cl->hash_algo);
@ -663,13 +676,18 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
              unsigned char *sigval = NULL;
              char *buf, *fpr;

+              audit_log_i (ctrl->audit, AUDIT_NEW_SIG, signer);
              if (signer)
                gcry_md_reset (md);
              {
                certlist_t cl_tmp;

                for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next)
-                  gcry_md_enable (md, cl_tmp->hash_algo);
+                  {
+                    gcry_md_enable (md, cl_tmp->hash_algo);
+                    audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, 
+                                 cl_tmp->hash_algo);
+                  }
              }

              rc = ksba_cms_hash_signed_attrs (cms, signer);
@ -685,6 +703,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                                               md, cl->hash_algo, &sigval);
              if (rc)
                {
+                  audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, rc);
                  gcry_md_close (md);
                  goto leave;
                }
@ -693,6 +712,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
              xfree (sigval);
              if (err)
                {
+                  audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err);
                  log_error ("failed to store the signature: %s\n",
                             gpg_strerror (err));
                  rc = err;
@ -708,28 +728,29 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                  gcry_md_close (md);
                  goto leave;
                }
+              rc = 0;
              {
                int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
-                rc = asprintf (&buf, "%c %d %d 00 %s %s",
-                               detached? 'D':'S',
-                               pkalgo, 
-                               cl->hash_algo, 
-                               signed_at,
-                               fpr);
+                buf = xtryasprintf ("%c %d %d 00 %s %s",
+                                    detached? 'D':'S',
+                                    pkalgo, 
+                                    cl->hash_algo, 
+                                    signed_at,
+                                    fpr);
+                if (!buf)
+                  rc = gpg_error_from_syserror ();
              }
              xfree (fpr);
-              if (rc < 0)
+              if (rc)
                {
-                  rc = gpg_error (GPG_ERR_ENOMEM);
                  gcry_md_close (md);
                  goto leave;
                }
-              rc = 0;
              gpgsm_status (ctrl, STATUS_SIG_CREATED, buf);
-              free (buf); /* yes, we must use the regular free() here */
+              xfree (buf);
+              audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, 0);
            }
          gcry_md_close (md);
-
        }
    }
  while (stopreason != KSBA_SR_READY);   
@ -741,6 +762,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
      goto leave;
    }

+  audit_log (ctrl->audit, AUDIT_SIGNING_DONE);
  log_info ("signature created\n");


--- a/sm/verify.c
+++ b/sm/verify.c
@ -216,6 +216,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
                log_debug ("enabling extra hash algorithm %d\n", 
                           opt.extra_digest_algo);
              gcry_md_enable (data_md, opt.extra_digest_algo);
+              audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO,
+                           opt.extra_digest_algo);
            }
          if (is_detached)
            {
@ -236,7 +238,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
        }
      else if (stopreason == KSBA_SR_END_DATA)
        { /* The data bas been hashed */
-
+          audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0);
        }
    }
  while (stopreason != KSBA_SR_READY);   
@ -452,6 +454,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
      log_printf (_(" using certificate ID 0x%08lX\n"),
                  gpgsm_get_short_fingerprint (cert, NULL));

+      audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);

      if (msgdigest)
        { /* Signed attributes are available. */
@ -484,6 +487,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
              goto next_signer; 
            }
            
+          audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo);
          rc = gcry_md_open (&md, sigval_hash_algo, 0);
          if (rc)
            {