security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Support DSA2.

Browse source 
Support Camellia for testing.
More audit stuff.
This commit is contained in:
Werner Koch 2007-12-12 10:28:30 +00:00
parent c8b76e5621
commit bae4b256c7
34 changed files with 682 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

17
sm/ChangeLog
View file

@ -1,3 +1,20 @@
2007-12-11 Werner Koch <wk@g10code.com>
* certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED.
* server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log.
(cmd_recipient): Start audit session.
* gpgsm.c (main): Revamp creation of the audit log.
* gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN.
* call-agent.c (start_agent): Record an audit event.
* call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass
it from all callers.
(prepare_dirmngr): New helper for start_dirmngr.
* encrypt.c (gpgsm_encrypt): Add calls to audit_log.
2007-12-03 Werner Koch <wk@g10code.com>
* gpgsm.c (main): All gnupg_reopen_std.

22
sm/call-agent.c
View file

@ -1,5 +1,6 @@
/* call-agent.c - divert operations to the agent
* Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003, 2005,
* 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -69,13 +70,14 @@ struct learn_parm_s
static int
start_agent (ctrl_t ctrl)
{
int rc;
if (agent_ctx)
return 0; /* fixme: We need a context for each thread or serialize
the access to the agent (which is suitable given that
the agent is not MT. */
return start_new_gpg_agent (&agent_ctx,
rc = 0; /* fixme: We need a context for each thread or
serialize the access to the agent (which is
suitable given that the agent is not MT. */
else
rc = start_new_gpg_agent (&agent_ctx,
GPG_ERR_SOURCE_DEFAULT,
opt.homedir,
opt.agent_program,
@ -84,7 +86,13 @@ start_agent (ctrl_t ctrl)
opt.xauthority, opt.pinentry_user_data,
opt.verbose, DBG_ASSUAN,
gpgsm_status2, ctrl);
if (!ctrl->agent_seen)
{
ctrl->agent_seen = 1;
audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
}
return rc;
}

44
sm/call-dirmngr.c
View file

@ -1,5 +1,5 @@
/* call-dirmngr.c - communication with the dromngr
* Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
* Copyright (C) 2002, 2003, 2005, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -134,13 +134,32 @@ get_membuf (struct membuf *mb, size_t *len)
}
/* This fucntion prepares the dirmngr for a new session. The
audit-events option is used so that other dirmngr clients won't get
disturbed by such events. */
static void
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
{
if (!ctrl->dirmngr_seen)
{
ctrl->dirmngr_seen = 1;
if (!err)
{
err = assuan_transact (ctx, "OPTION audit-events=1",
NULL, NULL, NULL, NULL, NULL, NULL);
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
err = 0; /* Allow the use of old dirmngr versions. */
}
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
}
}
/* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */
static int
start_dirmngr (void)
start_dirmngr (ctrl_t ctrl)
{
int rc;
char *infostr, *p;
@ -148,8 +167,11 @@ start_dirmngr (void)
int try_default = 0;
if (dirmngr_ctx)
return 0; /* fixme: We need a context for each thread or serialize
the access to the dirmngr */
{
prepare_dirmngr (ctrl, dirmngr_ctx, 0);
return 0; /* fixme: We need a context for each thread or serialize
the access to the dirmngr */
}
/* Note: if you change this to multiple connections, you also need
to take care of the implicit option sending caching. */
@ -220,7 +242,7 @@ start_dirmngr (void)
log_error (_("malformed DIRMNGR_INFO environment variable\n"));
xfree (infostr);
force_pipe_server = 1;
return start_dirmngr ();
return start_dirmngr (ctrl);
}
*p++ = 0;
pid = atoi (p);
@ -233,7 +255,7 @@ start_dirmngr (void)
prot);
xfree (infostr);
force_pipe_server = 1;
return start_dirmngr ();
return start_dirmngr (ctrl);
}
}
else
@ -251,11 +273,13 @@ start_dirmngr (void)
{
log_error (_("can't connect to the dirmngr - trying fall back\n"));
force_pipe_server = 1;
return start_dirmngr ();
return start_dirmngr (ctrl);
}
#endif /*!HAVE_W32_SYSTEM*/
}
prepare_dirmngr (ctrl, ctx, rc);
if (rc)
{
log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc));
@ -424,7 +448,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
struct isvalid_status_parm_s stparm;
rc = start_dirmngr ();
rc = start_dirmngr (ctrl);
if (rc)
return rc;
@ -691,7 +715,7 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names,
struct lookup_parm_s parm;
size_t len;
rc = start_dirmngr ();
rc = start_dirmngr (ctrl);
if (rc)
return rc;
@ -821,7 +845,7 @@ gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
size_t len;
struct run_command_parm_s parm;
rc = start_dirmngr ();
rc = start_dirmngr (ctrl);
if (rc)
return rc;

2
sm/certchain.c
View file

@ -1127,6 +1127,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
associated with that specific root certificate. */
istrusted_rc = gpgsm_agent_istrusted (ctrl, subject_cert,
rootca_flags);
audit_log_cert (ctrl->audit, AUDIT_ROOT_TRUSTED,
subject_cert, istrusted_rc);
/* If the chain model extended attribute is used, make sure
that our chain model flag is set. */
if (has_validation_model_chain (subject_cert, listmode, listfp))

20
sm/encrypt.c
View file

@ -1,5 +1,5 @@
/* encrypt.c - Encrypt a message
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003, 2004, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -318,9 +318,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
int recpno;
FILE *data_fp = NULL;
certlist_t cl;
int count;
memset (&encparm, 0, sizeof encparm);
audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT);
/* Check that the certificate list is not empty and that at least
one certificate is not flagged as encrypt_to; i.e. is a real
recipient. */
@ -331,10 +334,15 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
{
log_error(_("no valid recipients given\n"));
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
rc = gpg_error (GPG_ERR_NO_PUBKEY);
goto leave;
}
for (count = 0, cl = recplist; cl; cl = cl->next)
count++;
audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
kh = keydb_new (0);
if (!kh)
{
@ -385,6 +393,8 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
goto leave;
}
audit_log (ctrl->audit, AUDIT_GOT_DATA);
/* We are going to create enveloped data with uninterpreted data as
inner content */
err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA);
@ -432,6 +442,8 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
rc = out_of_core ();
goto leave;
}
audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid);
/* Gather certificates of recipients, encrypt the session key for
each and store them in the CMS object */
@ -442,6 +454,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
rc = encrypt_dek (dek, cl->cert, &encval);
if (rc)
{
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
log_error ("encryption failed for recipient no. %d: %s\n",
recpno, gpg_strerror (rc));
goto leave;
@ -450,6 +463,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
err = ksba_cms_add_recipient (cms, cl->cert);
if (err)
{
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
log_error ("ksba_cms_add_recipient failed: %s\n",
gpg_strerror (err));
rc = err;
@ -459,6 +473,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
err = ksba_cms_set_enc_val (cms, recpno, encval);
xfree (encval);
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
if (err)
{
log_error ("ksba_cms_set_enc_val failed: %s\n",
@ -466,7 +481,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
rc = err;
goto leave;
}
}
}
/* Main control loop for encryption. */
recpno = 0;
@ -496,6 +511,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
log_info ("encrypted data created\n");
leave:

47
sm/gpgsm.c
View file

@ -848,6 +848,7 @@ main ( int argc, char **argv)
certlist_t signerlist = NULL;
int do_not_setup_keys = 0;
int recp_required = 0;
estream_t auditfp = NULL;
/*mtrace();*/
@ -1482,6 +1483,26 @@ main ( int argc, char **argv)
keydb_add_resource (sl->d, 0, 0, NULL);
FREE_STRLIST(nrings);
/* Prepare the audit log feature for certain commands. */
if (auditlog)
{
switch (cmd)
{
case aEncr:
case aSign:
case aDecrypt:
case aVerify:
audit_release (ctrl.audit);
ctrl.audit = audit_new ();
auditfp = open_es_fwrite (auditlog);
break;
default:
break;
}
}
if (!do_not_setup_keys)
{
for (sl = locusr; sl ; sl = sl->next)
@ -1528,6 +1549,7 @@ main ( int argc, char **argv)
fname = argc? *argv : NULL;
/* Dispatch command. */
switch (cmd)
{
case aGPGConfList:
@ -1650,7 +1672,6 @@ main ( int argc, char **argv)
case aVerify:
{
FILE *fp = NULL;
estream_t auditfp = NULL;
set_binary (stdin);
if (argc == 2 && opt.outfile)
@ -1658,13 +1679,6 @@ main ( int argc, char **argv)
else if (opt.outfile)
fp = open_fwrite (opt.outfile);
if (auditlog)
{
audit_release (ctrl.audit);
ctrl.audit = audit_new ();
auditfp = open_es_fwrite (auditlog);
}
if (!argc)
gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */
else if (argc == 1)
@ -1674,16 +1688,8 @@ main ( int argc, char **argv)
else
wrong_args ("--verify [signature [detached_data]]");
if (auditlog)
{
audit_print_result (ctrl.audit, auditfp, 0);
audit_release (ctrl.audit);
ctrl.audit = NULL;
}
if (fp && fp != stdout)
fclose (fp);
es_fclose (auditfp);
}
break;
@ -1846,6 +1852,15 @@ main ( int argc, char **argv)
log_error ("invalid command (there is no implicit command)\n");
break;
}
/* Print the audit result if needed. */
if (auditlog && auditfp)
{
audit_print_result (ctrl.audit, auditfp, 0);
audit_release (ctrl.audit);
ctrl.audit = NULL;
es_fclose (auditfp);
}
/* cleanup */
gpgsm_release_certlist (recplist);

4
sm/gpgsm.h
View file

@ -152,6 +152,10 @@ struct server_control_s
struct server_local_s *server_local;
audit_ctx_t audit; /* NULL or a context for the audit subsystem. */
int agent_seen; /* Flag indicating that the gpg-agent has been
accessed. */
int dirmngr_seen; /* Flag indicating that the dirmngr has been
accessed. */
int with_colons; /* Use column delimited output format */
int with_chain; /* Include the certifying certs in a listing */

23
sm/server.c
View file

@ -366,7 +366,14 @@ cmd_recipient (assuan_context_t ctx, char *line)
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist, 0);
if (!ctrl->audit)
rc = start_audit_session (ctrl);
else
rc = 0;
if (!rc)
rc = gpgsm_add_to_certlist (ctrl, line, 0,
&ctrl->server_local->recplist, 0);
if (rc)
{
gpg_err_code_t r = gpg_err_code (rc);
@ -477,6 +484,8 @@ cmd_encrypt (assuan_context_t ctx, char *line)
rc = gpgsm_add_cert_to_certlist (ctrl, cl->cert,
&ctrl->server_local->recplist, 1);
}
if (!rc)
rc = ctrl->audit? 0 : start_audit_session (ctrl);
if (!rc)
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
ctrl->server_local->recplist,
@ -492,6 +501,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
return rc;
}
/* DECRYPT
This performs the decrypt operation after doing some check on the
@ -517,7 +527,10 @@ cmd_decrypt (assuan_context_t ctx, char *line)
out_fp = fdopen (dup(out_fd), "w");
if (!out_fp)
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
rc = gpgsm_decrypt (ctrl, inp_fd, out_fp);
rc = start_audit_session (ctrl);
if (!rc)
rc = gpgsm_decrypt (ctrl, inp_fd, out_fp);
fclose (out_fp);
/* close and reset the fd */
@ -600,8 +613,10 @@ cmd_sign (assuan_context_t ctx, char *line)
if (!out_fp)
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
inp_fd, detached, out_fp);
rc = start_audit_session (ctrl);
if (!rc)
rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
inp_fd, detached, out_fp);
fclose (out_fp);
/* close and reset the fd */