1 /* mainproc.c - handle packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
40 #include "keyserver-internal.h"
46 struct kidlist_item *next;
54 * Structure to hold the context
56 typedef struct mainproc_context *CTX;
57 struct mainproc_context
59 struct mainproc_context *anchor; /* May be useful in the future. */
60 PKT_public_key *last_pubkey;
61 PKT_secret_key *last_seckey;
62 PKT_user_id *last_user_id;
63 md_filter_context_t mfx;
64 int sigs_only; /* Process only signatures and reject all other stuff. */
65 int encrypt_only; /* Process only encryption messages. */
67 /* Name of the file with the complete signature or the file with the
68 detached signature. This is currently only used to deduce the
69 file name of the data file if that has not been given. */
70 const char *sigfilename;
72 /* A structure to describe the signed data in case of a detached
76 /* A file descriptor of the the signed data. Only used if not -1. */
78 /* A list of filenames with the data files or NULL. This is only
79 used if DATA_FD is -1. */
81 /* Flag to indicated that either one of the next previous fieldss
82 is used. This is only needed for better readability. */
87 int last_was_session_key;
88 KBNODE list; /* The current list of packets. */
90 IOBUF iobuf; /* Used to get the filename etc. */
91 int trustletter; /* Temporary usage in list_node. */
93 struct kidlist_item *pkenc_list; /* List of encryption packets. */
94 int any_sig_seen; /* Set to true if a signature packet has been seen. */
98 static int do_proc_packets( CTX c, IOBUF a );
99 static void list_node( CTX c, KBNODE node );
100 static void proc_tree( CTX c, KBNODE node );
101 static int literals_seen;
104 reset_literals_seen(void)
110 release_list( CTX c )
114 proc_tree(c, c->list );
115 release_kbnode( c->list );
116 while( c->pkenc_list ) {
117 struct kidlist_item *tmp = c->pkenc_list->next;
118 xfree( c->pkenc_list );
121 c->pkenc_list = NULL;
124 c->last_was_session_key = 0;
125 xfree(c->dek); c->dek = NULL;
130 add_onepass_sig( CTX c, PACKET *pkt )
134 if ( c->list ) /* add another packet */
135 add_kbnode( c->list, new_kbnode( pkt ));
136 else /* insert the first one */
137 c->list = node = new_kbnode( pkt );
144 add_gpg_control( CTX c, PACKET *pkt )
146 if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
147 /* New clear text signature.
148 * Process the last one and reset everything */
152 if( c->list ) /* add another packet */
153 add_kbnode( c->list, new_kbnode( pkt ));
154 else /* insert the first one */
155 c->list = new_kbnode( pkt );
163 add_user_id( CTX c, PACKET *pkt )
166 log_error("orphaned user ID\n" );
169 add_kbnode( c->list, new_kbnode( pkt ) );
174 add_subkey( CTX c, PACKET *pkt )
177 log_error("subkey w/o mainkey\n" );
180 add_kbnode( c->list, new_kbnode( pkt ) );
185 add_ring_trust( CTX c, PACKET *pkt )
188 log_error("ring trust w/o key\n" );
191 add_kbnode( c->list, new_kbnode( pkt ) );
197 add_signature( CTX c, PACKET *pkt )
202 if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
203 /* This is the first signature for the following datafile.
204 * GPG does not write such packets; instead it always uses
205 * onepass-sig packets. The drawback of PGP's method
206 * of prepending the signature to the data is
207 * that it is not possible to make a signature from data read
208 * from stdin. (GPG is able to read PGP stuff anyway.) */
209 node = new_kbnode( pkt );
214 return 0; /* oops (invalid packet sequence)*/
215 else if( !c->list->pkt )
216 BUG(); /* so nicht */
218 /* add a new signature node id at the end */
219 node = new_kbnode( pkt );
220 add_kbnode( c->list, node );
225 symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
229 if(slen < 17 || slen > 33)
231 log_error ( _("weird size for an encrypted session key (%d)\n"),
233 return G10ERR_BAD_KEY;
236 if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
238 if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
240 gcry_cipher_setiv ( hd, NULL, 0 );
241 gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
242 gcry_cipher_close ( hd );
244 /* Now we replace the dek components with the real session key to
245 decrypt the contents of the sequencing packet. */
250 if(dek->keylen > DIM(dek->key))
253 /* This is not completely accurate, since a bad passphrase may have
254 resulted in a garbage algorithm byte, but it's close enough since
255 a bogus byte here will fail later. */
256 if(dek->algo==CIPHER_ALGO_IDEA)
259 memcpy(dek->key, seskey + 1, dek->keylen);
261 /*log_hexdump( "thekey", dek->key, dek->keylen );*/
267 proc_symkey_enc( CTX c, PACKET *pkt )
271 enc = pkt->pkt.symkey_enc;
273 log_error ("invalid symkey encrypted packet\n");
276 int algo = enc->cipher_algo;
277 const char *s = openpgp_cipher_algo_name (algo);
279 if (!openpgp_cipher_test_algo (algo))
284 log_info(_("%s encrypted session key\n"), s );
286 log_info(_("%s encrypted data\n"), s );
290 log_error(_("encrypted with unknown algorithm %d\n"), algo );
292 if(openpgp_md_test_algo (enc->s2k.hash_algo))
294 log_error(_("passphrase generated with unknown digest"
295 " algorithm %d\n"),enc->s2k.hash_algo);
299 c->last_was_session_key = 2;
300 if(!s || opt.list_only)
303 if(opt.override_session_key)
305 c->dek = xmalloc_clear( sizeof *c->dek );
306 if(get_override_session_key(c->dek, opt.override_session_key))
314 c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
320 /* FIXME: This doesn't work perfectly if a symmetric
321 key comes before a public key in the message - if
322 the user doesn't know the passphrase, then there is
323 a chance that the "decrypted" algorithm will happen
324 to be a valid one, which will make the returned dek
325 appear valid, so we won't try any public keys that
329 if(symkey_decrypt_seskey(c->dek, enc->seskey,
337 c->dek->algo_info_printed = 1;
348 proc_pubkey_enc( CTX c, PACKET *pkt )
353 /* check whether the secret key is available and store in this case */
354 c->last_was_session_key = 1;
355 enc = pkt->pkt.pubkey_enc;
356 /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
357 /* Hmmm: why do I have this algo check here - anyway there is
358 * function to check it. */
360 log_info(_("public key is %s\n"), keystr(enc->keyid) );
362 if( is_status_enabled() ) {
364 sprintf(buf, "%08lX%08lX %d 0",
365 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
366 write_status_text( STATUS_ENC_TO, buf );
369 if( !opt.list_only && opt.override_session_key ) {
370 /* It does not make much sense to store the session key in
371 * secure memory because it has already been passed on the
372 * command line and the GCHQ knows about it. */
373 c->dek = xmalloc_clear( sizeof *c->dek );
374 result = get_override_session_key ( c->dek, opt.override_session_key );
376 xfree(c->dek); c->dek = NULL;
379 else if( is_ELGAMAL(enc->pubkey_algo)
380 || enc->pubkey_algo == PUBKEY_ALGO_DSA
381 || is_RSA(enc->pubkey_algo)
382 || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
383 /* Note that we also allow type 20 Elgamal keys for decryption.
384 There are still a couple of those keys in active use as a
387 /* FIXME: Store this all in a list and process it later so that
388 we can prioritize what key to use. This gives a better user
389 experience if wildcard keyids are used. */
390 if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
391 || opt.try_all_secrets
392 || !seckey_available( enc->keyid )) ) {
396 c->dek = xmalloc_secure_clear( sizeof *c->dek );
397 if( (result = get_session_key( enc, c->dek )) ) {
398 /* error: delete the DEK */
399 xfree(c->dek); c->dek = NULL;
404 result = G10ERR_NO_SECKEY;
407 result = G10ERR_PUBKEY_ALGO;
413 /* store it for later display */
414 struct kidlist_item *x = xmalloc( sizeof *x );
415 x->kid[0] = enc->keyid[0];
416 x->kid[1] = enc->keyid[1];
417 x->pubkey_algo = enc->pubkey_algo;
419 x->next = c->pkenc_list;
422 if( !result && opt.verbose > 1 )
423 log_info( _("public key encrypted data: good DEK\n") );
432 * Print the list of public key encrypted packets which we could
436 print_pkenc_list( struct kidlist_item *list, int failed )
438 for( ; list; list = list->next ) {
442 if ( failed && !list->reason )
444 if ( !failed && list->reason )
447 algstr = gcry_pk_algo_name ( list->pubkey_algo );
448 pk = xmalloc_clear( sizeof *pk );
452 pk->pubkey_algo = list->pubkey_algo;
453 if( !get_pubkey( pk, list->kid ) )
456 log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
457 nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
458 strtimestamp(pk->timestamp) );
459 p=get_user_id_native(list->kid);
460 log_printf (_(" \"%s\"\n"),p);
464 log_info(_("encrypted with %s key, ID %s\n"),
465 algstr,keystr(list->kid));
467 free_public_key( pk );
469 if( list->reason == G10ERR_NO_SECKEY ) {
470 if( is_status_enabled() ) {
472 snprintf (buf, sizeof buf, "%08lX%08lX",
473 (ulong)list->kid[0], (ulong)list->kid[1]);
474 write_status_text( STATUS_NO_SECKEY, buf );
477 else if (list->reason)
479 log_info(_("public key decryption failed: %s\n"),
480 g10_errstr(list->reason));
481 write_status_error ("pkdecrypt_failed", list->reason);
488 proc_encrypted( CTX c, PACKET *pkt )
495 log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
496 else if(c->symkeys==1)
497 log_info(_("encrypted with 1 passphrase\n"));
498 print_pkenc_list ( c->pkenc_list, 1 );
499 print_pkenc_list ( c->pkenc_list, 0 );
502 /* FIXME: Figure out the session key by looking at all pkenc packets. */
505 write_status( STATUS_BEGIN_DECRYPTION );
507 /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
510 else if( !c->dek && !c->last_was_session_key ) {
512 STRING2KEY s2kbuf, *s2k = NULL;
514 if(opt.override_session_key)
516 c->dek = xmalloc_clear( sizeof *c->dek );
517 result=get_override_session_key(c->dek, opt.override_session_key);
526 /* Assume this is old style conventional encrypted data. */
527 algo = opt.def_cipher_algo;
529 log_info (_("assuming %s encrypted data\n"),
530 openpgp_cipher_algo_name (algo));
531 else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
533 algo = opt.def_cipher_algo;
535 algo = opt.s2k_cipher_algo;
537 log_info (_("IDEA cipher unavailable, "
538 "optimistically attempting to use %s instead\n"),
539 openpgp_cipher_algo_name (algo));
543 algo = CIPHER_ALGO_IDEA;
544 if (!opt.s2k_digest_algo)
546 /* If no digest is given we assume MD5 */
548 s2kbuf.hash_algo = DIGEST_ALGO_MD5;
551 log_info (_("assuming %s encrypted data\n"), "IDEA");
554 c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
556 c->dek->algo_info_printed = 1;
560 result = G10ERR_NO_SECKEY;
562 result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
566 else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
567 && opt.ignore_mdc_error)) {
568 write_status( STATUS_DECRYPTION_OKAY );
569 if( opt.verbose > 1 )
570 log_info(_("decryption okay\n"));
571 if( pkt->pkt.encrypted->mdc_method && !result )
572 write_status( STATUS_GOODMDC );
573 else if(!opt.no_mdc_warn)
574 log_info (_("WARNING: message was not integrity protected\n"));
575 if(opt.show_session_key)
578 char *buf = xmalloc ( c->dek->keylen*2 + 20 );
579 sprintf ( buf, "%d:", c->dek->algo );
580 for(i=0; i < c->dek->keylen; i++ )
581 sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
582 log_info( "session key: `%s'\n", buf );
583 write_status_text ( STATUS_SESSION_KEY, buf );
586 else if( result == G10ERR_BAD_SIGN ) {
587 log_error(_("WARNING: encrypted message has been manipulated!\n"));
588 write_status( STATUS_BADMDC );
589 write_status( STATUS_DECRYPTION_FAILED );
592 if (gpg_err_code (result) == GPG_ERR_BAD_KEY
593 && *c->dek->s2k_cacheid != '\0')
595 log_debug(_("cleared passphrase cached with ID: %s\n"),
596 c->dek->s2k_cacheid);
597 passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
599 write_status( STATUS_DECRYPTION_FAILED );
600 log_error(_("decryption failed: %s\n"), g10_errstr(result));
601 /* Hmmm: does this work when we have encrypted using multiple
602 * ways to specify the session key (symmmetric and PK)*/
604 xfree(c->dek); c->dek = NULL;
606 c->last_was_session_key = 0;
607 write_status( STATUS_END_DECRYPTION );
612 proc_plaintext( CTX c, PACKET *pkt )
614 PKT_plaintext *pt = pkt->pkt.plaintext;
615 int any, clearsig, only_md5, rc;
620 if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
621 log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
622 else if( opt.verbose )
623 log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
624 free_md_filter_context( &c->mfx );
625 if (gcry_md_open (&c->mfx.md, 0, 0))
627 /* fixme: we may need to push the textfilter if we have sigclass 1
628 * and no armoring - Not yet tested
629 * Hmmm, why don't we need it at all if we have sigclass 1
630 * Should we assume that plaintext in mode 't' has always sigclass 1??
631 * See: Russ Allbery's mail 1999-02-09
633 any = clearsig = only_md5 = 0;
634 for(n=c->list; n; n = n->next )
636 if( n->pkt->pkttype == PKT_ONEPASS_SIG )
638 /* For the onepass signature case */
639 if( n->pkt->pkt.onepass_sig->digest_algo )
641 gcry_md_enable (c->mfx.md,
642 n->pkt->pkt.onepass_sig->digest_algo);
643 if( !any && n->pkt->pkt.onepass_sig->digest_algo
650 if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
653 else if( n->pkt->pkttype == PKT_GPG_CONTROL
654 && n->pkt->pkt.gpg_control->control
655 == CTRLPKT_CLEARSIGN_START )
657 /* For the clearsigned message case */
658 size_t datalen = n->pkt->pkt.gpg_control->datalen;
659 const byte *data = n->pkt->pkt.gpg_control->data;
661 /* check that we have at least the sigclass and one hash */
663 log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
664 /* Note that we don't set the clearsig flag for not-dash-escaped
666 clearsig = (*data == 0x01);
667 for( data++, datalen--; datalen; datalen--, data++ )
668 gcry_md_enable (c->mfx.md, *data);
670 break; /* Stop here as one-pass signature packets are not
673 else if(n->pkt->pkttype==PKT_SIGNATURE)
675 /* For the SIG+LITERAL case that PGP used to use. */
676 gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
681 if( !any && !opt.skip_verify )
683 /* This is for the old GPG LITERAL+SIG case. It's not legal
684 according to 2440, so hopefully it won't come up that
685 often. There is no good way to specify what algorithms to
686 use in that case, so these three are the historical
688 gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
689 gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
690 gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
692 if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
693 /* This is a kludge to work around a bug in pgp2. It does only
694 * catch those mails which are armored. To catch the non-armored
695 * pgp mails we could see whether there is the signature packet
696 * in front of the plaintext. If someone needs this, send me a patch.
698 if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
702 gcry_md_start_debug ( c->mfx.md, "verify" );
704 gcry_md_start_debug ( c->mfx.md2, "verify2" );
711 log_info (_("WARNING: multiple plaintexts seen\n"));
713 if (!opt.flags.allow_multiple_messages)
715 write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
716 log_inc_errorcount ();
717 rc = gpg_error (GPG_ERR_UNEXPECTED);
723 rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
724 if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
726 /* Can't write output but we hash it anyway to check the
728 rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
733 log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
735 c->last_was_session_key = 0;
737 /* We add a marker control packet instead of the plaintext packet.
738 * This is so that we can later detect invalid packet sequences.
740 n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
742 add_kbnode (c->list, n);
749 proc_compressed_cb( IOBUF a, void *info )
751 if ( ((CTX)info)->signed_data.used
752 && ((CTX)info)->signed_data.data_fd != -1)
753 return proc_signature_packets_by_fd (info, a,
754 ((CTX)info)->signed_data.data_fd);
756 return proc_signature_packets (info, a,
757 ((CTX)info)->signed_data.data_names,
758 ((CTX)info)->sigfilename );
762 proc_encrypt_cb( IOBUF a, void *info )
764 return proc_encryption_packets( info, a );
768 proc_compressed( CTX c, PACKET *pkt )
770 PKT_compressed *zd = pkt->pkt.compressed;
773 /*printf("zip: compressed data packet\n");*/
775 rc = handle_compressed( c, zd, proc_compressed_cb, c );
776 else if( c->encrypt_only )
777 rc = handle_compressed( c, zd, proc_encrypt_cb, c );
779 rc = handle_compressed( c, zd, NULL, NULL );
781 log_error("uncompressing failed: %s\n", g10_errstr(rc));
783 c->last_was_session_key = 0;
787 * check the signature
788 * Returns: 0 = valid signature or an error code
791 do_check_sig( CTX c, KBNODE node, int *is_selfsig,
792 int *is_expkey, int *is_revkey )
795 gcry_md_hd_t md = NULL, md2 = NULL;
798 assert( node->pkt->pkttype == PKT_SIGNATURE );
801 sig = node->pkt->pkt.signature;
803 algo = sig->digest_algo;
804 rc = openpgp_md_test_algo(algo);
808 if( sig->sig_class == 0x00 ) {
811 if (gcry_md_copy (&md, c->mfx.md ))
814 else /* detached signature */
816 /* signature_check() will enable the md*/
817 if (gcry_md_open (&md, 0, 0 ))
821 else if( sig->sig_class == 0x01 ) {
822 /* how do we know that we have to hash the (already hashed) text
823 * in canonical mode ??? (calculating both modes???) */
825 if (gcry_md_copy (&md, c->mfx.md ))
827 if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
830 else { /* detached signature */
831 log_debug("Do we really need this here?");
832 /* signature_check() will enable the md*/
833 if (gcry_md_open (&md, 0, 0 ))
835 if (gcry_md_open (&md2, 0, 0 ))
839 else if( (sig->sig_class&~3) == 0x10
840 || sig->sig_class == 0x18
841 || sig->sig_class == 0x1f
842 || sig->sig_class == 0x20
843 || sig->sig_class == 0x28
844 || sig->sig_class == 0x30 ) {
845 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
846 || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
847 return check_key_signature( c->list, node, is_selfsig );
849 else if( sig->sig_class == 0x20 ) {
850 log_error (_("standalone revocation - "
851 "use \"gpg --import\" to apply\n"));
852 return G10ERR_NOT_PROCESSED;
855 log_error("invalid root packet for sigclass %02x\n",
857 return G10ERR_SIG_CLASS;
861 return G10ERR_SIG_CLASS;
862 rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
863 if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
864 rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
873 print_userid( PACKET *pkt )
877 if( pkt->pkttype != PKT_USER_ID ) {
878 printf("ERROR: unexpected packet type %d", pkt->pkttype );
881 if( opt.with_colons )
883 if(pkt->pkt.user_id->attrib_data)
885 pkt->pkt.user_id->numattribs,
886 pkt->pkt.user_id->attrib_len);
888 print_string( stdout, pkt->pkt.user_id->name,
889 pkt->pkt.user_id->len, ':');
892 print_utf8_string( stdout, pkt->pkt.user_id->name,
893 pkt->pkt.user_id->len );
898 * List the certificate in a user friendly way
902 list_node( CTX c, KBNODE node )
909 else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
910 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
911 PKT_public_key *pk = node->pkt->pkt.public_key;
913 if( opt.with_colons )
916 keyid_from_pk( pk, keyid );
918 c->trustletter = opt.fast_list_mode?
919 0 : get_validity_info( pk, NULL );
920 printf("%s:", mainkey? "pub":"sub" );
922 putchar( c->trustletter );
923 printf(":%u:%d:%08lX%08lX:%s:%s::",
926 (ulong)keyid[0],(ulong)keyid[1],
927 colon_datestr_from_pk( pk ),
928 colon_strtime (pk->expiredate) );
929 if( mainkey && !opt.fast_list_mode )
930 putchar( get_ownertrust_info (pk) );
932 if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
933 putchar('\n'); any=1;
934 if( opt.fingerprint )
935 print_fingerprint( pk, NULL, 0 );
936 printf("rtv:1:%u:\n",
937 node->next->pkt->pkt.ring_trust->trustval );
941 printf("%s %4u%c/%s %s%s",
942 mainkey? "pub":"sub", nbits_from_pk( pk ),
943 pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
944 datestr_from_pk( pk ), mainkey?" ":"");
947 /* and now list all userids with their signatures */
948 for( node = node->next; node; node = node->next ) {
949 if( node->pkt->pkttype == PKT_SIGNATURE ) {
951 if( node->pkt->pkt.signature->sig_class == 0x20 )
959 else if( node->pkt->pkttype == PKT_USER_ID ) {
961 if( opt.with_colons )
962 printf("%s:::::::::",
963 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
965 printf( "uid%*s", 28, "" );
967 print_userid( node->pkt );
968 if( opt.with_colons )
971 if( opt.fingerprint && !any )
972 print_fingerprint( pk, NULL, 0 );
975 && node->next->pkt->pkttype == PKT_RING_TRUST ) {
976 printf("rtv:2:%u:\n",
977 node->next->pkt->pkt.ring_trust?
978 node->next->pkt->pkt.ring_trust->trustval : 0);
982 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
997 printf(_("revoked: %s"),revokestr_from_pk(pk));
1000 else if( pk->expiredate )
1003 printf(_("expires: %s"),expirestr_from_pk(pk));
1010 if( !mainkey && opt.fingerprint > 1 )
1011 print_fingerprint( pk, NULL, 0 );
1013 else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1014 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1015 PKT_secret_key *sk = node->pkt->pkt.secret_key;
1017 if( opt.with_colons )
1020 keyid_from_sk( sk, keyid );
1021 printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
1022 mainkey? "sec":"ssb",
1023 nbits_from_sk( sk ),
1025 (ulong)keyid[0],(ulong)keyid[1],
1026 colon_datestr_from_sk( sk ),
1027 colon_strtime (sk->expiredate)
1028 /* fixme: add LID */ );
1031 printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
1032 nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
1033 keystr_from_sk( sk ), datestr_from_sk( sk ));
1035 /* and now list all userids with their signatures */
1036 for( node = node->next; node; node = node->next ) {
1037 if( node->pkt->pkttype == PKT_SIGNATURE ) {
1039 if( node->pkt->pkt.signature->sig_class == 0x20 )
1045 list_node(c, node );
1047 else if( node->pkt->pkttype == PKT_USER_ID ) {
1049 if( opt.with_colons )
1050 printf("%s:::::::::",
1051 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1053 printf( "uid%*s", 28, "" );
1055 print_userid( node->pkt );
1056 if( opt.with_colons )
1059 if( opt.fingerprint && !any )
1060 print_fingerprint( NULL, sk, 0 );
1063 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1068 list_node(c, node );
1074 if( !mainkey && opt.fingerprint > 1 )
1075 print_fingerprint( NULL, sk, 0 );
1077 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
1078 PKT_signature *sig = node->pkt->pkt.signature;
1088 if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
1089 fputs("rev", stdout);
1091 fputs("sig", stdout);
1092 if( opt.check_sigs ) {
1094 rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
1095 switch (gpg_err_code (rc2)) {
1096 case 0: sigrc = '!'; break;
1097 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1098 case GPG_ERR_NO_PUBKEY:
1099 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1100 default: sigrc = '%'; break;
1103 else { /* check whether this is a self signature */
1106 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
1107 || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
1108 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
1109 keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
1111 keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
1113 if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
1117 if( opt.with_colons ) {
1121 printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1122 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1123 colon_datestr_from_sig(sig),
1124 colon_expirestr_from_sig(sig));
1126 if(sig->trust_depth || sig->trust_value)
1127 printf("%d %d",sig->trust_depth,sig->trust_value);
1130 if(sig->trust_regexp)
1131 print_string(stdout,sig->trust_regexp,
1132 strlen(sig->trust_regexp),':');
1137 sigrc, keystr(sig->keyid), datestr_from_sig(sig));
1139 printf("[%s] ", g10_errstr(rc2) );
1140 else if( sigrc == '?' )
1142 else if( is_selfsig ) {
1143 if( opt.with_colons )
1145 fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
1146 if( opt.with_colons )
1149 else if( !opt.fast_list_mode ) {
1150 p = get_user_id( sig->keyid, &n );
1151 print_string( stdout, p, n, opt.with_colons );
1154 if( opt.with_colons )
1155 printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1159 log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
1165 proc_packets( void *anchor, IOBUF a )
1168 CTX c = xmalloc_clear( sizeof *c );
1171 rc = do_proc_packets( c, a );
1179 proc_signature_packets( void *anchor, IOBUF a,
1180 strlist_t signedfiles, const char *sigfilename )
1182 CTX c = xmalloc_clear( sizeof *c );
1188 c->signed_data.data_fd = -1;
1189 c->signed_data.data_names = signedfiles;
1190 c->signed_data.used = !!signedfiles;
1192 c->sigfilename = sigfilename;
1193 rc = do_proc_packets( c, a );
1195 /* If we have not encountered any signature we print an error
1196 messages, send a NODATA status back and return an error code.
1197 Using log_error is required because verify_files does not check
1198 error codes for each file but we want to terminate the process
1200 if (!rc && !c->any_sig_seen)
1202 write_status_text (STATUS_NODATA, "4");
1203 log_error (_("no signature found\n"));
1204 rc = G10ERR_NO_DATA;
1207 /* Propagate the signature seen flag upward. Do this only on
1208 success so that we won't issue the nodata status several
1210 if (!rc && c->anchor && c->any_sig_seen)
1211 c->anchor->any_sig_seen = 1;
1218 proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
1221 CTX c = xcalloc (1, sizeof *c);
1226 c->signed_data.data_fd = signed_data_fd;
1227 c->signed_data.data_names = NULL;
1228 c->signed_data.used = (signed_data_fd != -1);
1230 rc = do_proc_packets ( c, a );
1232 /* If we have not encountered any signature we print an error
1233 messages, send a NODATA status back and return an error code.
1234 Using log_error is required because verify_files does not check
1235 error codes for each file but we want to terminate the process
1237 if (!rc && !c->any_sig_seen)
1239 write_status_text (STATUS_NODATA, "4");
1240 log_error (_("no signature found\n"));
1241 rc = gpg_error (GPG_ERR_NO_DATA);
1244 /* Propagate the signature seen flag upward. Do this only on success
1245 so that we won't issue the nodata status several times. */
1246 if (!rc && c->anchor && c->any_sig_seen)
1247 c->anchor->any_sig_seen = 1;
1255 proc_encryption_packets( void *anchor, IOBUF a )
1257 CTX c = xmalloc_clear( sizeof *c );
1261 c->encrypt_only = 1;
1262 rc = do_proc_packets( c, a );
1269 do_proc_packets( CTX c, IOBUF a )
1271 PACKET *pkt = xmalloc( sizeof *pkt );
1278 while( (rc=parse_packet(a, pkt)) != -1 ) {
1282 /* stop processing when an invalid packet has been encountered
1283 * but don't do so when we are doing a --list-packets. */
1284 if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1285 && opt.list_packets != 2 )
1290 if( opt.list_packets ) {
1291 switch( pkt->pkttype ) {
1292 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1293 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1295 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1296 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1297 default: newpkt = 0; break;
1300 else if( c->sigs_only ) {
1301 switch( pkt->pkttype ) {
1302 case PKT_PUBLIC_KEY:
1303 case PKT_SECRET_KEY:
1305 case PKT_SYMKEY_ENC:
1306 case PKT_PUBKEY_ENC:
1308 case PKT_ENCRYPTED_MDC:
1309 write_status_text( STATUS_UNEXPECTED, "0" );
1310 rc = G10ERR_UNEXPECTED;
1312 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1313 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1314 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1315 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1316 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1317 default: newpkt = 0; break;
1320 else if( c->encrypt_only ) {
1321 switch( pkt->pkttype ) {
1322 case PKT_PUBLIC_KEY:
1323 case PKT_SECRET_KEY:
1325 write_status_text( STATUS_UNEXPECTED, "0" );
1326 rc = G10ERR_UNEXPECTED;
1328 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1329 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1330 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1332 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1333 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1334 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1335 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1336 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1337 default: newpkt = 0; break;
1341 switch( pkt->pkttype ) {
1342 case PKT_PUBLIC_KEY:
1343 case PKT_SECRET_KEY:
1345 c->list = new_kbnode( pkt );
1348 case PKT_PUBLIC_SUBKEY:
1349 case PKT_SECRET_SUBKEY:
1350 newpkt = add_subkey( c, pkt );
1352 case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
1353 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1354 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1355 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1357 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1358 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1359 case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
1360 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1361 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1362 case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
1363 default: newpkt = 0; break;
1366 /* This is a very ugly construct and frankly, I don't remember why
1367 * I used it. Adding the MDC check here is a hack.
1368 * The right solution is to initiate another context for encrypted
1369 * packet and not to reuse the current one ... It works right
1370 * when there is a compression packet inbetween which adds just
1372 * Hmmm: Rewrite this whole module here??
1374 if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
1375 c->have_data = pkt->pkttype == PKT_PLAINTEXT;
1380 pkt = xmalloc( sizeof *pkt );
1386 if( rc == G10ERR_INVALID_PACKET )
1387 write_status_text( STATUS_NODATA, "3" );
1391 write_status_text( STATUS_NODATA, "2" );
1399 free_md_filter_context( &c->mfx );
1404 /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1405 of the notation data. */
1407 get_pka_address (PKT_signature *sig)
1409 pka_info_t *pka = NULL;
1410 struct notation *nd,*notation;
1412 notation=sig_to_notation(sig);
1414 for(nd=notation;nd;nd=nd->next)
1416 if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1417 continue; /* Not the notation we want. */
1419 /* For now we only use the first valid PKA notation. In future
1420 we might want to keep additional PKA notations in a linked
1422 if (is_valid_mailbox (nd->value))
1424 pka = xmalloc (sizeof *pka + strlen(nd->value));
1428 strcpy (pka->email, nd->value);
1433 free_notation(notation);
1439 /* Return the URI from a DNS PKA record. If this record has already
1440 be retrieved for the signature we merely return it; if not we go
1441 out and try to get that DNS record. */
1443 pka_uri_from_sig (PKT_signature *sig)
1445 if (!sig->flags.pka_tried)
1447 assert (!sig->pka_info);
1448 sig->flags.pka_tried = 1;
1449 sig->pka_info = get_pka_address (sig);
1454 uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
1457 sig->pka_info->valid = 1;
1461 sig->pka_info->uri = uri;
1465 return sig->pka_info? sig->pka_info->uri : NULL;
1470 check_sig_and_print( CTX c, KBNODE node )
1472 PKT_signature *sig = node->pkt->pkt.signature;
1474 int rc, is_expkey=0, is_revkey=0;
1476 if (opt.skip_verify)
1478 log_info(_("signature verification suppressed\n"));
1482 /* Check that the message composition is valid.
1484 Per RFC-2440bis (-15) allowed:
1486 S{1,n} -- detached signature.
1487 S{1,n} P -- old style PGP2 signature
1488 O{1,n} P S{1,n} -- standard OpenPGP signature.
1489 C P S{1,n} -- cleartext signature.
1492 O = One-Pass Signature packet.
1493 S = Signature packet.
1494 P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1495 (Note that the current rfc2440bis draft also allows
1496 for a signed message but that does not work as it
1497 introduces ambiguities.)
1498 We keep track of these packages using the marker packet
1499 CTRLPKT_PLAINTEXT_MARK.
1500 C = Marker packet for cleartext signatures.
1502 We reject all other messages.
1504 Actually we are calling this too often, i.e. for verification of
1505 each message but better have some duplicate work than to silently
1506 introduce a bug here.
1510 int n_onepass, n_sig;
1512 /* log_debug ("checking signature packet composition\n"); */
1513 /* dump_kbnode (c->list); */
1517 if ( n->pkt->pkttype == PKT_SIGNATURE )
1519 /* This is either "S{1,n}" case (detached signature) or
1520 "S{1,n} P" (old style PGP2 signature). */
1521 for (n = n->next; n; n = n->next)
1522 if (n->pkt->pkttype != PKT_SIGNATURE)
1525 ; /* Okay, this is a detached signature. */
1526 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1527 && (n->pkt->pkt.gpg_control->control
1528 == CTRLPKT_PLAINTEXT_MARK) )
1531 goto ambiguous; /* We only allow one P packet. */
1536 else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1538 /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1539 for (n_onepass=1, n = n->next;
1540 n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1542 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1543 && (n->pkt->pkt.gpg_control->control
1544 == CTRLPKT_PLAINTEXT_MARK)))
1546 for (n_sig=0, n = n->next;
1547 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1552 /* If we wanted to disallow multiple sig verification, we'd do
1553 something like this:
1555 if (n && !opt.allow_multisig_verification)
1558 However, now that we have --allow-multiple-messages, this
1559 can stay allowable as we can't get here unless multiple
1560 messages (i.e. multiple literals) are allowed. */
1562 if (n_onepass != n_sig)
1564 log_info ("number of one-pass packets does not match "
1565 "number of signature packets\n");
1569 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1570 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1572 /* This is the "C P S{1,n}" case (clear text signature). */
1574 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1575 && (n->pkt->pkt.gpg_control->control
1576 == CTRLPKT_PLAINTEXT_MARK)))
1578 for (n_sig=0, n = n->next;
1579 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1587 log_error(_("can't handle this ambiguous signature data\n"));
1593 /* (Indendation below not yet changed to GNU style.) */
1595 astr = gcry_pk_algo_name ( sig->pubkey_algo );
1598 log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
1599 log_info(_(" using %s key %s\n"),
1600 astr? astr: "?",keystr(sig->keyid));
1603 log_info(_("Signature made %s using %s key ID %s\n"),
1604 asctimestamp(sig->timestamp), astr? astr: "?",
1605 keystr(sig->keyid));
1607 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1609 /* If the key isn't found, check for a preferred keyserver */
1611 if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
1617 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1619 /* According to my favorite copy editor, in English
1620 grammar, you say "at" if the key is located on a web
1621 page, but "from" if it is located on a keyserver. I'm
1622 not going to even try to make two strings here :) */
1623 log_info(_("Key available at: ") );
1624 print_utf8_string( log_get_stream(), p, n );
1627 if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1628 && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1630 struct keyserver_spec *spec;
1632 spec=parse_preferred_keyserver(sig);
1637 glo_ctrl.in_auto_key_retrieve++;
1638 res=keyserver_import_keyid(sig->keyid,spec);
1639 glo_ctrl.in_auto_key_retrieve--;
1641 rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1642 free_keyserver_spec(spec);
1651 /* If the preferred keyserver thing above didn't work, our second
1652 try is to use the URI from a DNS PKA record. */
1653 if ( rc == G10ERR_NO_PUBKEY
1654 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1655 && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
1657 const char *uri = pka_uri_from_sig (sig);
1661 /* FIXME: We might want to locate the key using the
1662 fingerprint instead of the keyid. */
1664 struct keyserver_spec *spec;
1666 spec = parse_keyserver_uri (uri, 1, NULL, 0);
1669 glo_ctrl.in_auto_key_retrieve++;
1670 res = keyserver_import_keyid (sig->keyid, spec);
1671 glo_ctrl.in_auto_key_retrieve--;
1672 free_keyserver_spec (spec);
1674 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1679 /* If the preferred keyserver thing above didn't work and we got
1680 no information from the DNS PKA, this is a third try. */
1682 if( rc == G10ERR_NO_PUBKEY && opt.keyserver
1683 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1687 glo_ctrl.in_auto_key_retrieve++;
1688 res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
1689 glo_ctrl.in_auto_key_retrieve--;
1691 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1694 if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
1695 KBNODE un, keyblock;
1696 int count=0, statno;
1698 PKT_public_key *pk=NULL;
1701 statno=STATUS_BADSIG;
1702 else if(sig->flags.expired)
1703 statno=STATUS_EXPSIG;
1705 statno=STATUS_EXPKEYSIG;
1707 statno=STATUS_REVKEYSIG;
1709 statno=STATUS_GOODSIG;
1711 keyblock = get_pubkeyblock( sig->keyid );
1713 sprintf (keyid_str, "%08lX%08lX [uncertain] ",
1714 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1716 /* find and print the primary user ID */
1717 for( un=keyblock; un; un = un->next ) {
1720 if(un->pkt->pkttype==PKT_PUBLIC_KEY)
1722 pk=un->pkt->pkt.public_key;
1725 if( un->pkt->pkttype != PKT_USER_ID )
1727 if ( !un->pkt->pkt.user_id->created )
1729 if ( un->pkt->pkt.user_id->is_revoked )
1731 if ( un->pkt->pkt.user_id->is_expired )
1733 if ( !un->pkt->pkt.user_id->is_primary )
1735 /* We want the textual primary user ID here */
1736 if ( un->pkt->pkt.user_id->attrib_data )
1741 /* Get it before we print anything to avoid interrupting
1742 the output with the "please do a --check-trustdb"
1744 valid=get_validity(pk,un->pkt->pkt.user_id);
1746 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1747 write_status_text_and_buffer (statno, keyid_str,
1748 un->pkt->pkt.user_id->name,
1749 un->pkt->pkt.user_id->len,
1752 p=utf8_to_native(un->pkt->pkt.user_id->name,
1753 un->pkt->pkt.user_id->len,0);
1756 log_info(_("BAD signature from \"%s\""),p);
1757 else if(sig->flags.expired)
1758 log_info(_("Expired signature from \"%s\""),p);
1760 log_info(_("Good signature from \"%s\""),p);
1764 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1765 log_printf (" [%s]\n",trust_value_to_string(valid));
1770 if( !count ) { /* just in case that we have no valid textual
1774 /* Try for an invalid textual userid */
1775 for( un=keyblock; un; un = un->next ) {
1776 if( un->pkt->pkttype == PKT_USER_ID &&
1777 !un->pkt->pkt.user_id->attrib_data )
1781 /* Try for any userid at all */
1783 for( un=keyblock; un; un = un->next ) {
1784 if( un->pkt->pkttype == PKT_USER_ID )
1789 if (opt.trust_model==TM_ALWAYS || !un)
1790 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1792 write_status_text_and_buffer (statno, keyid_str,
1793 un? un->pkt->pkt.user_id->name:"[?]",
1794 un? un->pkt->pkt.user_id->len:3,
1798 p=utf8_to_native(un->pkt->pkt.user_id->name,
1799 un->pkt->pkt.user_id->len,0);
1804 log_info(_("BAD signature from \"%s\""),p);
1805 else if(sig->flags.expired)
1806 log_info(_("Expired signature from \"%s\""),p);
1808 log_info(_("Good signature from \"%s\""),p);
1809 if (opt.trust_model!=TM_ALWAYS && un)
1810 log_printf (" %s",_("[uncertain]") );
1814 /* If we have a good signature and already printed
1815 * the primary user ID, print all the other user IDs */
1817 && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
1819 for( un=keyblock; un; un = un->next ) {
1820 if( un->pkt->pkttype != PKT_USER_ID )
1822 if((un->pkt->pkt.user_id->is_revoked
1823 || un->pkt->pkt.user_id->is_expired)
1824 && !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
1826 /* Only skip textual primaries */
1827 if ( un->pkt->pkt.user_id->is_primary &&
1828 !un->pkt->pkt.user_id->attrib_data )
1831 if(un->pkt->pkt.user_id->attrib_data)
1833 dump_attribs(un->pkt->pkt.user_id,pk,NULL);
1835 if(opt.verify_options&VERIFY_SHOW_PHOTOS)
1836 show_photos(un->pkt->pkt.user_id->attribs,
1837 un->pkt->pkt.user_id->numattribs,
1838 pk,NULL,un->pkt->pkt.user_id);
1841 p=utf8_to_native(un->pkt->pkt.user_id->name,
1842 un->pkt->pkt.user_id->len,0);
1843 log_info(_(" aka \"%s\""),p);
1846 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1849 if(un->pkt->pkt.user_id->is_revoked)
1851 else if(un->pkt->pkt.user_id->is_expired)
1854 valid=trust_value_to_string(get_validity(pk,
1857 log_printf (" [%s]\n",valid);
1863 release_kbnode( keyblock );
1867 if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
1868 show_policy_url(sig,0,1);
1870 show_policy_url(sig,0,2);
1872 if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
1873 show_keyserver_url(sig,0,1);
1875 show_keyserver_url(sig,0,2);
1877 if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
1878 show_notation(sig,0,1,
1879 ((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
1880 ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
1882 show_notation(sig,0,2,0);
1885 if( !rc && is_status_enabled() ) {
1886 /* print a status response with the fingerprint */
1887 PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
1889 if( !get_pubkey( vpk, sig->keyid ) ) {
1890 byte array[MAX_FINGERPRINT_LEN], *p;
1891 char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
1895 fingerprint_from_pk( vpk, array, &n );
1897 for(i=0; i < n ; i++, p++, bufp += 2)
1898 sprintf(bufp, "%02X", *p );
1899 /* TODO: Replace the reserved '0' in the field below
1900 with bits for status flags (policy url, notation,
1901 etc.). Remember to make the buffer larger to
1903 sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
1904 strtimestamp( sig->timestamp ),
1905 (ulong)sig->timestamp,(ulong)sig->expiredate,
1906 sig->version,sig->pubkey_algo,sig->digest_algo,
1908 bufp = bufp + strlen (bufp);
1909 if (!vpk->is_primary) {
1912 akid[0] = vpk->main_keyid[0];
1913 akid[1] = vpk->main_keyid[1];
1914 free_public_key (vpk);
1915 vpk = xmalloc_clear( sizeof *vpk );
1916 if (get_pubkey (vpk, akid)) {
1917 /* impossible error, we simply return a zeroed out fpr */
1918 n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
1919 memset (array, 0, n);
1922 fingerprint_from_pk( vpk, array, &n );
1925 for(i=0; i < n ; i++, p++, bufp += 2)
1926 sprintf(bufp, "%02X", *p );
1927 write_status_text( STATUS_VALIDSIG, buf );
1929 free_public_key( vpk );
1934 if(opt.verify_options&VERIFY_PKA_LOOKUPS)
1935 pka_uri_from_sig (sig); /* Make sure PKA info is available. */
1936 rc = check_signatures_trust( sig );
1939 if(sig->flags.expired)
1941 log_info(_("Signature expired %s\n"),
1942 asctimestamp(sig->expiredate));
1943 rc=G10ERR_GENERAL; /* need a better error here? */
1945 else if(sig->expiredate)
1946 log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
1949 log_info(_("%s signature, digest algorithm %s\n"),
1950 sig->sig_class==0x00?_("binary"):
1951 sig->sig_class==0x01?_("textmode"):_("unknown"),
1952 gcry_md_algo_name (sig->digest_algo));
1955 g10_errors_seen = 1;
1956 if( opt.batch && rc )
1961 sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
1962 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1963 sig->pubkey_algo, sig->digest_algo,
1964 sig->sig_class, (ulong)sig->timestamp, rc );
1965 write_status_text( STATUS_ERRSIG, buf );
1966 if( rc == G10ERR_NO_PUBKEY ) {
1968 write_status_text( STATUS_NO_PUBKEY, buf );
1970 if( rc != G10ERR_NOT_PROCESSED )
1971 log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
1978 * Process the tree which starts at node
1981 proc_tree( CTX c, KBNODE node )
1986 if( opt.list_packets || opt.list_only )
1989 /* we must skip our special plaintext marker packets here becuase
1990 they may be the root packet. These packets are only used in
1991 addionla checks and skipping them here doesn't matter */
1993 && node->pkt->pkttype == PKT_GPG_CONTROL
1994 && node->pkt->pkt.gpg_control->control
1995 == CTRLPKT_PLAINTEXT_MARK ) {
2001 c->trustletter = ' ';
2002 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2003 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2004 merge_keys_and_selfsig( node );
2005 list_node( c, node );
2007 else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
2008 merge_keys_and_selfsig( node );
2009 list_node( c, node );
2011 else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
2012 /* check all signatures */
2013 if( !c->have_data ) {
2014 int use_textmode = 0;
2016 free_md_filter_context( &c->mfx );
2017 /* prepare to create all requested message digests */
2018 if (gcry_md_open (&c->mfx.md, 0, 0))
2021 /* fixme: why looking for the signature packet and not the
2023 for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2025 gcry_md_enable (c->mfx.md,
2026 n1->pkt->pkt.signature->digest_algo);
2029 if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2032 /* Ask for file and hash it. */
2033 if( c->sigs_only ) {
2034 if (c->signed_data.used && c->signed_data.data_fd != -1)
2035 rc = hash_datafile_by_fd (c->mfx.md, NULL,
2036 c->signed_data.data_fd,
2039 rc = hash_datafiles (c->mfx.md, NULL,
2040 c->signed_data.data_names,
2045 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2046 iobuf_get_real_fname(c->iobuf),
2050 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2054 else if ( c->signed_data.used ) {
2055 log_error (_("not a detached signature\n") );
2059 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2060 check_sig_and_print( c, n1 );
2062 else if( node->pkt->pkttype == PKT_GPG_CONTROL
2063 && node->pkt->pkt.gpg_control->control
2064 == CTRLPKT_CLEARSIGN_START ) {
2065 /* clear text signed message */
2066 if( !c->have_data ) {
2067 log_error("cleartext signature without data\n" );
2070 else if ( c->signed_data.used ) {
2071 log_error (_("not a detached signature\n") );
2075 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2076 check_sig_and_print( c, n1 );
2078 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2079 PKT_signature *sig = node->pkt->pkt.signature;
2082 n1=find_next_kbnode(node, PKT_SIGNATURE);
2085 byte class=sig->sig_class;
2086 byte hash=sig->digest_algo;
2088 for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2090 /* We can't currently handle multiple signatures of
2091 different classes or digests (we'd pretty much have
2092 to run a different hash context for each), but if
2093 they are all the same, make an exception. */
2094 if(n1->pkt->pkt.signature->sig_class!=class
2095 || n1->pkt->pkt.signature->digest_algo!=hash)
2098 log_info(_("WARNING: multiple signatures detected. "
2099 "Only the first will be checked.\n"));
2105 if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
2106 log_info(_("standalone signature of class 0x%02x\n"),
2108 else if( !c->have_data ) {
2109 /* detached signature */
2110 free_md_filter_context( &c->mfx );
2111 if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
2114 if( !opt.pgp2_workarounds )
2116 else if( sig->digest_algo == DIGEST_ALGO_MD5
2117 && is_RSA( sig->pubkey_algo ) ) {
2118 /* enable a workaround for a pgp2 bug */
2119 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
2122 else if( sig->digest_algo == DIGEST_ALGO_SHA1
2123 && sig->pubkey_algo == PUBKEY_ALGO_DSA
2124 && sig->sig_class == 0x01 ) {
2125 /* enable the workaround also for pgp5 when the detached
2126 * signature has been created in textmode */
2127 if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
2130 #if 0 /* workaround disabled */
2131 /* Here we have another hack to work around a pgp 2 bug
2132 * It works by not using the textmode for detached signatures;
2133 * this will let the first signature check (on md) fail
2134 * but the second one (on md2) which adds an extra CR should
2135 * then produce the "correct" hash. This is very, very ugly
2136 * hack but it may help in some cases (and break others)
2138 /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
2140 if ( DBG_HASHING ) {
2141 gcry_md_start_debug( c->mfx.md, "verify" );
2143 gcry_md_start_debug( c->mfx.md2, "verify2" );
2145 if( c->sigs_only ) {
2146 if (c->signed_data.used && c->signed_data.data_fd != -1)
2147 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2148 c->signed_data.data_fd,
2149 (sig->sig_class == 0x01));
2151 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2152 c->signed_data.data_names,
2154 (sig->sig_class == 0x01));
2157 rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
2158 iobuf_get_real_fname(c->iobuf),
2159 (sig->sig_class == 0x01) );
2162 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2166 else if ( c->signed_data.used ) {
2167 log_error (_("not a detached signature\n") );
2170 else if (!opt.quiet)
2171 log_info(_("old style (PGP 2.x) signature\n"));
2174 for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
2175 check_sig_and_print( c, n1 );
2177 check_sig_and_print( c, node );
2180 dump_kbnode (c->list);
2181 log_error(_("invalid root packet detected in proc_tree()\n"));