1 /* gpgv.c - The GnuPG signature verify utility
2 * Copyright (C) 1998-2020 Free Software Foundation, Inc.
3 * Copyright (C) 1997-2019 Werner Koch
4 * Copyright (C) 2015-2020 g10 Code GmbH
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
20 * SPDX-License-Identifier: GPL-3.0-or-later
30 #ifdef HAVE_DOSISH_SYSTEM
31 #include <fcntl.h> /* for setmode() */
33 #ifdef HAVE_LIBREADLINE
34 #define GNUPG_LIBREADLINE_H_INCLUDED
35 #include <readline/readline.h>
38 #define INCLUDED_BY_MAIN_MODULE 1
40 #include "../common/util.h"
42 #include "../common/iobuf.h"
48 #include "../common/ttyio.h"
49 #include "../common/i18n.h"
50 #include "../common/sysutils.h"
51 #include "../common/status.h"
52 #include "call-agent.h"
53 #include "../common/init.h"
56 enum cmd_and_opt_values {
69 oEnableSpecialFilenames,
75 static gpgrt_opt_t opts[] = {
76 ARGPARSE_group (300, N_("@\nOptions:\n ")),
78 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
79 ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
80 ARGPARSE_s_s (oKeyring, "keyring",
81 N_("|FILE|take the keys from the keyring FILE")),
82 ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
83 ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict",
84 N_("make timestamp conflicts only a warning")),
85 ARGPARSE_s_i (oStatusFD, "status-fd",
86 N_("|FD|write status info to this FD")),
87 ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
88 ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
89 ARGPARSE_s_s (oHomedir, "homedir", "@"),
90 ARGPARSE_s_s (oWeakDigest, "weak-digest",
91 N_("|ALGO|reject signatures made with ALGO")),
92 ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
93 ARGPARSE_s_s (oDebug, "debug", "@"),
99 /* The list of supported debug flags. */
100 static struct debug_flags_s debug_flags [] =
102 { DBG_PACKET_VALUE , "packet" },
103 { DBG_MPI_VALUE , "mpi" },
104 { DBG_CRYPTO_VALUE , "crypto" },
105 { DBG_FILTER_VALUE , "filter" },
106 { DBG_IOBUF_VALUE , "iobuf" },
107 { DBG_MEMORY_VALUE , "memory" },
108 { DBG_CACHE_VALUE , "cache" },
109 { DBG_MEMSTAT_VALUE, "memstat" },
110 { DBG_TRUST_VALUE , "trust" },
111 { DBG_HASHING_VALUE, "hashing" },
112 { DBG_IPC_VALUE , "ipc" },
113 { DBG_CLOCK_VALUE , "clock" },
114 { DBG_LOOKUP_VALUE , "lookup" },
115 { DBG_EXTPROG_VALUE, "extprog" },
120 int g10_errors_seen = 0;
121 int assert_signer_true = 0;
124 make_libversion (const char *libname, const char *(*getfnc)(const char*))
130 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
131 strcpy (stpcpy (stpcpy (result, libname), " "), s);
136 my_strusage( int level )
138 static char *ver_gcry;
143 case 9: p = "GPL-3.0-or-later"; break;
144 case 11: p = "@GPG@v (GnuPG)";
146 case 13: p = VERSION; break;
147 case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
148 case 17: p = PRINTABLE_OS_NAME; break;
149 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
152 case 40: p = _("Usage: gpgv [options] [files] (-h for help)");
154 case 41: p = _("Syntax: gpgv [options] [files]\n"
155 "Check signatures against known trusted keys\n");
160 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
173 main( int argc, char **argv )
175 gpgrt_argparse_t pargs;
178 strlist_t nrings = NULL;
181 early_system_init ();
182 gpgrt_set_strusage (my_strusage);
183 log_set_prefix ("gpgv", GPGRT_LOG_WITH_PREFIX);
185 /* Make sure that our subsystems are ready. */
187 init_common_subsystems (&argc, &argv);
189 gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
191 gnupg_init_signals (0, NULL);
193 opt.command_fd = -1; /* no command fd */
194 opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
195 opt.trust_model = TM_ALWAYS;
196 opt.no_sig_cache = 1;
197 opt.flags.require_cross_cert = 1;
201 opt.weak_digests = NULL;
206 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
207 additional_weak_digest("MD5");
208 gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
212 pargs.flags= ARGPARSE_FLAG_KEEP;
213 while (gpgrt_argparser (&pargs, opts, NULL))
217 case ARGPARSE_CONFFILE: break;
219 case oQuiet: opt.quiet = 1; break;
223 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
226 if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
228 pargs.r_opt = ARGPARSE_INVALID_ARG;
229 pargs.err = ARGPARSE_PRINT_ERROR;
232 case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
233 case oOutput: opt.outfile = pargs.r.ret_str; break;
235 set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
238 log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
241 log_set_file (pargs.r.ret_str);
242 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
243 | GPGRT_LOG_WITH_TIME
244 | GPGRT_LOG_WITH_PID) );
246 case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
248 additional_weak_digest(pargs.r.ret_str);
250 case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
251 case oEnableSpecialFilenames:
252 enable_special_filenames ();
254 default : pargs.err = ARGPARSE_PRINT_ERROR; break;
258 gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */
260 if (log_get_errorcount (0))
264 set_packet_list_mode(1);
266 /* Note: We open all keyrings in read-only mode. */
267 if (!nrings) /* No keyring given: use default one. */
268 keydb_add_resource ("trustedkeys" EXTSEP_S "kbx",
269 (KEYDB_RESOURCE_FLAG_READONLY
270 |KEYDB_RESOURCE_FLAG_GPGVDEF));
271 for (sl = nrings; sl; sl = sl->next)
272 keydb_add_resource (sl->d, KEYDB_RESOURCE_FLAG_READONLY);
274 FREE_STRLIST (nrings);
276 ctrl = xcalloc (1, sizeof *ctrl);
278 if ((rc = verify_signatures (ctrl, argc, argv)))
279 log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
281 keydb_release (ctrl->cached_getkey_kdb);
286 return 8; /*NOTREACHED*/
293 rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
299 * We have to override the trustcheck from pkclist.c because
300 * this utility assumes that all keys in the keyring are trustworthy
303 check_signatures_trust (ctrl_t ctrl, kbnode_t kblock,
304 PKT_public_key *pk, PKT_signature *sig)
314 read_trust_options (ctrl_t ctrl,
315 byte *trust_model, ulong *created, ulong *nextcheck,
316 byte *marginals, byte *completes, byte *cert_depth,
317 byte *min_cert_level)
326 (void)min_cert_level;
330 * We don't have the trustdb , so we have to provide some stub functions
335 cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
343 check_trustdb_stale (ctrl_t ctrl)
349 get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
360 get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
361 PKT_signature *sig, int may_ask)
373 trust_value_to_string (unsigned int value)
380 uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
389 get_ownertrust_info (ctrl_t ctrl, PKT_public_key *pk, int no_create)
398 get_ownertrust (ctrl_t ctrl, PKT_public_key *pk)
402 return TRUST_UNKNOWN;
407 * Because we only work with trusted keys, it does not make sense to
408 * get them from a keyserver
411 struct keyserver_spec *
412 keyserver_match (struct keyserver_spec *spec)
419 keyserver_any_configured (ctrl_t ctrl)
426 keyserver_import_keyid (u32 *keyid, void *dummy, unsigned int flags)
435 keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
436 struct keyserver_spec *keyserver, unsigned int flags)
447 keyserver_import_fprint_ntds (ctrl_t ctrl,
448 const byte *fprint, size_t fprint_len)
457 keyserver_import_cert (const char *name)
464 keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
465 unsigned char **fpr, size_t *fpr_len)
476 keyserver_import_mbox (const char *name,struct keyserver_spec *spec)
484 keyserver_import_ntds (ctrl_t ctrl, const char *mbox,
485 unsigned char **fpr, size_t *fprlen)
495 keyserver_import_ldap (const char *name)
503 read_key_from_file_or_buffer (ctrl_t ctrl, const char *fname,
504 const void *buffer, size_t buflen,
505 kbnode_t *r_keyblock)
516 import_included_key_block (ctrl_t ctrl, kbnode_t keyblock)
525 * No encryption here but mainproc links to these functions.
528 get_session_key (ctrl_t ctrl, struct pubkey_enc_list *k, DEK *dek)
533 return GPG_ERR_GENERAL;
538 get_override_session_key (DEK *dek, const char *string)
542 return GPG_ERR_GENERAL;
547 decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
548 int *compliance_error)
554 (void)compliance_error;
555 return GPG_ERR_GENERAL;
560 * No interactive commands, so we don't need the helptexts
563 display_online_help (const char *keyword)
569 * We don't use secret keys, but getkey.c links to this
572 check_secret_key (PKT_public_key *pk, int n)
576 return GPG_ERR_GENERAL;
580 * No secret key, so no passphrase needed
583 passphrase_to_dek (int cipher_algo, STRING2KEY *s2k, int create, int nocache,
584 const char *tmp, unsigned int flags, int *canceled)
599 passphrase_clear_cache (const char *cacheid)
604 struct keyserver_spec *
605 parse_preferred_keyserver(PKT_signature *sig)
611 struct keyserver_spec *
612 parse_keyserver_uri (const char *uri, int require_scheme,
613 const char *configname, unsigned int configlineno)
616 (void)require_scheme;
623 free_keyserver_spec (struct keyserver_spec *keyserver)
628 /* Stubs to avoid linking to photoid.c */
630 show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
638 parse_image_header (const struct user_attribute *attr, byte *type, u32 *len)
647 image_type_to_string (byte type, int string)
654 #ifdef ENABLE_CARD_SUPPORT
656 agent_scd_getattr (const char *name, struct agent_card_info_s *info)
662 #endif /* ENABLE_CARD_SUPPORT */
664 /* We do not do any locking, so use these stubs here */
666 dotlock_disable (void)
671 dotlock_create (const char *file_to_lock, unsigned int flags)
679 dotlock_destroy (dotlock_t h)
685 dotlock_take (dotlock_t h, long timeout)
693 dotlock_release (dotlock_t h)
700 dotlock_remove_lockfiles (void)
705 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
713 agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
717 return gpg_error (GPG_ERR_NO_SECKEY);
721 agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
722 char **r_serialno, int *r_cleartext)
728 return gpg_error (GPG_ERR_NO_SECKEY);
732 export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
733 const void *prefix, size_t prefixlen,
734 export_stats_t stats,
735 kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
747 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
751 tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
752 PKT_public_key *pk, const char *user_id)
758 return gpg_error (GPG_ERR_GENERAL);
762 tofu_get_policy (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *user_id,
763 enum tofu_policy *policy)
769 return gpg_error (GPG_ERR_GENERAL);
773 tofu_policy_str (enum tofu_policy policy)
781 tofu_begin_batch_update (ctrl_t ctrl)
787 tofu_end_batch_update (ctrl_t ctrl)
793 tofu_notice_key_changed (ctrl_t ctrl, kbnode_t kb)
803 get_revocation_reason (PKT_signature *sig, char **r_reason,
804 char **r_comment, size_t *r_commentlen)
817 impex_filter_getval (void *cookie, const char *propname)