1 /* mainproc.c - handle packets
2 * Copyright (C) 1998-2009 Free Software Foundation, Inc.
3 * Copyright (C) 2013-2014 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
28 #include "../common/util.h"
30 #include "../common/iobuf.h"
35 #include "../common/status.h"
36 #include "../common/i18n.h"
38 #include "keyserver-internal.h"
40 #include "../common/mbox-util.h"
41 #include "call-dirmngr.h"
42 #include "../common/compliance.h"
44 /* Put an upper limit on nested packets. The 32 is an arbitrary
45 value, a much lower should actually be sufficient. */
46 #define MAX_NESTING_DEPTH 32
49 /* An object to build a list of keyid related info. */
52 struct kidlist_item *next;
60 * Object to hold the processing context.
62 typedef struct mainproc_context *CTX;
63 struct mainproc_context
66 struct mainproc_context *anchor; /* May be useful in the future. */
67 PKT_public_key *last_pubkey;
68 PKT_user_id *last_user_id;
69 md_filter_context_t mfx;
70 int sigs_only; /* Process only signatures and reject all other stuff. */
71 int encrypt_only; /* Process only encryption messages. */
73 /* Name of the file with the complete signature or the file with the
74 detached signature. This is currently only used to deduce the
75 file name of the data file if that has not been given. */
76 const char *sigfilename;
78 /* A structure to describe the signed data in case of a detached
82 /* A file descriptor of the signed data. Only used if not -1. */
84 /* A list of filenames with the data files or NULL. This is only
85 used if DATA_FD is -1. */
87 /* Flag to indicated that either one of the next previous fields
88 is used. This is only needed for better readability. */
93 int last_was_session_key;
94 kbnode_t list; /* The current list of packets. */
95 iobuf_t iobuf; /* Used to get the filename etc. */
96 int trustletter; /* Temporary usage in list_node. */
97 ulong symkeys; /* Number of symmetrically encrypted session keys. */
98 struct kidlist_item *pkenc_list; /* List of encryption packets. */
100 unsigned int sig_seen:1; /* Set to true if a signature packet
102 unsigned int data:1; /* Any data packet seen */
103 unsigned int uncompress_failed:1;
108 /* Counter with the number of literal data packets seen. Note that
109 * this is also bumped at the end of an encryption. This counter is
110 * used for a basic consistency check of a received PGP message. */
111 static int literals_seen;
114 /*** Local prototypes. ***/
115 static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
116 static void list_node (CTX c, kbnode_t node);
117 static void proc_tree (CTX c, kbnode_t node);
122 /* Reset the literal data counter. This is required to setup a new
123 * decryption or verification context. */
125 reset_literals_seen(void)
132 release_list( CTX c )
134 proc_tree (c, c->list);
135 release_kbnode (c->list);
136 while (c->pkenc_list)
138 struct kidlist_item *tmp = c->pkenc_list->next;
139 xfree (c->pkenc_list);
142 c->pkenc_list = NULL;
145 c->any.uncompress_failed = 0;
146 c->last_was_session_key = 0;
153 add_onepass_sig (CTX c, PACKET *pkt)
157 if (c->list) /* Add another packet. */
158 add_kbnode (c->list, new_kbnode (pkt));
159 else /* Insert the first one. */
160 c->list = node = new_kbnode (pkt);
167 add_gpg_control (CTX c, PACKET *pkt)
169 if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
171 /* New clear text signature.
172 * Process the last one and reset everything */
176 if (c->list) /* Add another packet. */
177 add_kbnode (c->list, new_kbnode (pkt));
178 else /* Insert the first one. */
179 c->list = new_kbnode (pkt);
186 add_user_id (CTX c, PACKET *pkt)
190 log_error ("orphaned user ID\n");
193 add_kbnode (c->list, new_kbnode (pkt));
199 add_subkey (CTX c, PACKET *pkt)
203 log_error ("subkey w/o mainkey\n");
206 add_kbnode (c->list, new_kbnode (pkt));
212 add_ring_trust (CTX c, PACKET *pkt)
216 log_error ("ring trust w/o key\n");
219 add_kbnode (c->list, new_kbnode (pkt));
225 add_signature (CTX c, PACKET *pkt)
230 if (pkt->pkttype == PKT_SIGNATURE && !c->list)
232 /* This is the first signature for the following datafile.
233 * GPG does not write such packets; instead it always uses
234 * onepass-sig packets. The drawback of PGP's method
235 * of prepending the signature to the data is
236 * that it is not possible to make a signature from data read
237 * from stdin. (GPG is able to read PGP stuff anyway.) */
238 node = new_kbnode (pkt);
243 return 0; /* oops (invalid packet sequence)*/
244 else if (!c->list->pkt)
245 BUG(); /* so nicht */
247 /* Add a new signature node item at the end. */
248 node = new_kbnode (pkt);
249 add_kbnode (c->list, node);
255 symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
259 if(slen < 17 || slen > 33)
261 log_error ( _("weird size for an encrypted session key (%d)\n"),
263 return GPG_ERR_BAD_KEY;
266 if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
268 if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
270 gcry_cipher_setiv ( hd, NULL, 0 );
271 gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
272 gcry_cipher_close ( hd );
274 /* Here we can only test whether the algo given in decrypted
275 * session key is a valid OpenPGP algo. With 11 defined
276 * symmetric algorithms we will miss 4.3% of wrong passphrases
277 * here. The actual checking is done later during bulk
278 * decryption; we can't bring this check forward easily. */
279 if (openpgp_cipher_test_algo (seskey[0]))
280 return gpg_error (GPG_ERR_BAD_KEY);
282 /* Now we replace the dek components with the real session key to
283 decrypt the contents of the sequencing packet. */
288 if(dek->keylen > DIM(dek->key))
291 memcpy(dek->key, seskey + 1, dek->keylen);
293 /*log_hexdump( "thekey", dek->key, dek->keylen );*/
300 proc_symkey_enc (CTX c, PACKET *pkt)
304 enc = pkt->pkt.symkey_enc;
306 log_error ("invalid symkey encrypted packet\n");
309 int algo = enc->cipher_algo;
310 const char *s = openpgp_cipher_algo_name (algo);
312 if (!openpgp_cipher_test_algo (algo))
317 log_info (_("%s encrypted session key\n"), s );
319 log_info (_("%s encrypted data\n"), s );
323 log_error (_("encrypted with unknown algorithm %d\n"), algo);
325 if (openpgp_md_test_algo (enc->s2k.hash_algo))
327 log_error(_("passphrase generated with unknown digest"
328 " algorithm %d\n"),enc->s2k.hash_algo);
332 c->last_was_session_key = 2;
333 if (!s || opt.list_only)
336 if (opt.override_session_key)
338 c->dek = xmalloc_clear (sizeof *c->dek);
339 if (get_override_session_key (c->dek, opt.override_session_key))
347 c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL, NULL);
350 c->dek->symmetric = 1;
352 /* FIXME: This doesn't work perfectly if a symmetric key
353 comes before a public key in the message - if the
354 user doesn't know the passphrase, then there is a
355 chance that the "decrypted" algorithm will happen to
356 be a valid one, which will make the returned dek
357 appear valid, so we won't try any public keys that
361 if (symkey_decrypt_seskey (c->dek,
362 enc->seskey, enc->seskeylen))
364 if (c->dek->s2k_cacheid[0])
367 log_debug ("cleared passphrase cached with ID:"
368 " %s\n", c->dek->s2k_cacheid);
369 passphrase_clear_cache (c->dek->s2k_cacheid);
376 c->dek->algo_info_printed = 1;
383 free_packet (pkt, NULL);
388 proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
393 /* Check whether the secret key is available and store in this case. */
394 c->last_was_session_key = 1;
395 enc = pkt->pkt.pubkey_enc;
396 /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
397 /* Hmmm: why do I have this algo check here - anyway there is
398 * function to check it. */
400 log_info (_("public key is %s\n"), keystr (enc->keyid));
402 if (is_status_enabled())
405 /* FIXME: For ECC support we need to map the OpenPGP algo number
406 to the Libgcrypt defined one. This is due a chicken-egg
407 problem: We need to have code in Libgcrypt for a new
408 algorithm so to implement a proposed new algorithm before the
409 IANA will finally assign an OpenPGP identifier. */
410 snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
411 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
412 write_status_text (STATUS_ENC_TO, buf);
415 if (!opt.list_only && opt.override_session_key)
417 /* It does not make much sense to store the session key in
418 * secure memory because it has already been passed on the
419 * command line and the GCHQ knows about it. */
420 c->dek = xmalloc_clear (sizeof *c->dek);
421 result = get_override_session_key (c->dek, opt.override_session_key);
428 else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
429 || enc->pubkey_algo == PUBKEY_ALGO_ECDH
430 || enc->pubkey_algo == PUBKEY_ALGO_RSA
431 || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
432 || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
434 /* Note that we also allow type 20 Elgamal keys for decryption.
435 There are still a couple of those keys in active use as a
438 /* FIXME: Store this all in a list and process it later so that
439 we can prioritize what key to use. This gives a better user
440 experience if wildcard keyids are used. */
441 if (!c->dek && ((!enc->keyid[0] && !enc->keyid[1])
442 || opt.try_all_secrets
443 || have_secret_key_with_kid (enc->keyid)))
446 result = GPG_ERR_MISSING_ACTION; /* fixme: Use better error code. */
449 c->dek = xmalloc_secure_clear (sizeof *c->dek);
450 if ((result = get_session_key (ctrl, enc, c->dek)))
452 /* Error: Delete the DEK. */
459 result = GPG_ERR_NO_SECKEY;
462 result = GPG_ERR_PUBKEY_ALGO;
466 /* Store it for later display. */
467 struct kidlist_item *x = xmalloc (sizeof *x);
468 x->kid[0] = enc->keyid[0];
469 x->kid[1] = enc->keyid[1];
470 x->pubkey_algo = enc->pubkey_algo;
472 x->next = c->pkenc_list;
475 if (!result && opt.verbose > 1)
476 log_info (_("public key encrypted data: good DEK\n"));
479 free_packet(pkt, NULL);
484 * Print the list of public key encrypted packets which we could
488 print_pkenc_list (ctrl_t ctrl, struct kidlist_item *list, int failed)
490 for (; list; list = list->next)
495 if (failed && !list->reason)
497 if (!failed && list->reason)
500 algstr = openpgp_pk_algo_name (list->pubkey_algo);
501 pk = xmalloc_clear (sizeof *pk);
505 pk->pubkey_algo = list->pubkey_algo;
506 if (!get_pubkey (ctrl, pk, list->kid))
509 log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
510 nbits_from_pk (pk), algstr, keystr_from_pk(pk),
511 strtimestamp (pk->timestamp));
512 p = get_user_id_native (ctrl, list->kid);
513 log_printf (_(" \"%s\"\n"), p);
517 log_info (_("encrypted with %s key, ID %s\n"),
518 algstr, keystr(list->kid));
520 free_public_key (pk);
522 if (gpg_err_code (list->reason) == GPG_ERR_NO_SECKEY)
524 if (is_status_enabled())
527 snprintf (buf, sizeof buf, "%08lX%08lX",
528 (ulong)list->kid[0], (ulong)list->kid[1]);
529 write_status_text (STATUS_NO_SECKEY, buf);
532 else if (gpg_err_code (list->reason) == GPG_ERR_MISSING_ACTION)
534 /* Not tested for secret key due to --list-only mode. */
536 else if (list->reason)
538 log_info (_("public key decryption failed: %s\n"),
539 gpg_strerror (list->reason));
540 write_status_error ("pkdecrypt_failed", list->reason);
547 proc_encrypted (CTX c, PACKET *pkt)
550 int early_plaintext = literals_seen;
554 log_info (_("WARNING: multiple plaintexts seen\n"));
555 write_status_errcode ("decryption.early_plaintext", GPG_ERR_BAD_DATA);
556 /* We fail only later so that we can print some more info first. */
562 log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
563 else if (c->symkeys == 1)
564 log_info (_("encrypted with 1 passphrase\n"));
565 print_pkenc_list (c->ctrl, c->pkenc_list, 1 );
566 print_pkenc_list (c->ctrl, c->pkenc_list, 0 );
569 /* FIXME: Figure out the session key by looking at all pkenc packets. */
571 write_status (STATUS_BEGIN_DECRYPTION);
573 /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
576 else if (!c->dek && !c->last_was_session_key)
580 STRING2KEY *s2k = NULL;
583 if (opt.override_session_key)
585 c->dek = xmalloc_clear (sizeof *c->dek);
586 result = get_override_session_key (c->dek, opt.override_session_key);
595 /* Assume this is old style conventional encrypted data. */
596 algo = opt.def_cipher_algo;
598 log_info (_("assuming %s encrypted data\n"),
599 openpgp_cipher_algo_name (algo));
600 else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
602 algo = opt.def_cipher_algo;
604 algo = opt.s2k_cipher_algo;
605 log_info (_("IDEA cipher unavailable, "
606 "optimistically attempting to use %s instead\n"),
607 openpgp_cipher_algo_name (algo));
611 algo = CIPHER_ALGO_IDEA;
612 if (!opt.s2k_digest_algo)
614 /* If no digest is given we assume SHA-1. */
616 s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
619 log_info (_("assuming %s encrypted data\n"), "IDEA");
622 c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL, &canceled);
624 c->dek->algo_info_printed = 1;
626 result = gpg_error (GPG_ERR_CANCELED);
628 result = gpg_error (GPG_ERR_INV_PASSPHRASE);
632 result = GPG_ERR_NO_SECKEY;
634 /* Compute compliance with CO_DE_VS. */
635 if (!result && is_status_enabled ()
636 /* Symmetric encryption and asymmetric encryption voids compliance. */
637 && (c->symkeys != !!c->pkenc_list )
638 /* Overriding session key voids compliance. */
639 && !opt.override_session_key
640 /* Check symmetric cipher. */
641 && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo,
642 GCRY_CIPHER_MODE_CFB))
644 struct kidlist_item *i;
646 PKT_public_key *pk = xmalloc (sizeof *pk);
648 if ( !(c->pkenc_list || c->symkeys) )
649 log_debug ("%s: where else did the session key come from?\n", __func__);
651 /* Now check that every key used to encrypt the session key is
653 for (i = c->pkenc_list; i && compliant; i = i->next)
655 memset (pk, 0, sizeof *pk);
656 pk->pubkey_algo = i->pubkey_algo;
657 if (get_pubkey (c->ctrl, pk, i->kid) != 0
658 || ! gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
659 nbits_from_pk (pk), NULL))
661 release_public_key_parts (pk);
667 write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
668 gnupg_status_compliance_flag (CO_DE_VS),
675 result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
677 /* Trigger the deferred error. */
678 if (!result && early_plaintext)
679 result = gpg_error (GPG_ERR_BAD_DATA);
684 && !opt.ignore_mdc_error
685 && !pkt->pkt.encrypted->mdc_method)
687 /* The message has been decrypted but does not carry an MDC.
688 * The option --ignore-mdc-error has also not been used. To
689 * avoid attacks changing an MDC message to a non-MDC message,
691 log_error (_("WARNING: message was not integrity protected\n"));
692 if (!pkt->pkt.encrypted->mdc_method
693 && (openpgp_cipher_get_algo_blklen (c->dek->algo) == 8
694 || c->dek->algo == CIPHER_ALGO_TWOFISH))
696 /* Before 2.2.8 we did not fail hard for a missing MDC if
697 * one of the old ciphers where used. Although these cases
698 * are rare in practice we print a hint on how to decrypt
702 _("Hint: If this message was created before the year 2003 it is\n"
703 "likely that this message is legitimate. This is because back\n"
704 "then integrity protection was not widely used.\n"));
705 log_info (_("Use the option '%s' to decrypt anyway.\n"),
706 "--ignore-mdc-error");
707 write_status_errcode ("nomdc_with_legacy_cipher",
708 GPG_ERR_DECRYPT_FAILED);
710 log_info (_("decryption forced to fail!\n"));
711 write_status (STATUS_DECRYPTION_FAILED);
713 else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
714 && opt.ignore_mdc_error))
716 write_status (STATUS_DECRYPTION_OKAY);
718 log_info(_("decryption okay\n"));
719 if (pkt->pkt.encrypted->mdc_method && !result)
720 write_status (STATUS_GOODMDC);
722 log_info (_("WARNING: message was not integrity protected\n"));
724 else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE)
726 glo_ctrl.lasterr = result;
727 log_error (_("WARNING: encrypted message has been manipulated!\n"));
728 write_status (STATUS_BADMDC);
729 write_status (STATUS_DECRYPTION_FAILED);
733 if ((gpg_err_code (result) == GPG_ERR_BAD_KEY
734 || gpg_err_code (result) == GPG_ERR_CIPHER_ALGO)
735 && *c->dek->s2k_cacheid != '\0')
738 log_debug ("cleared passphrase cached with ID: %s\n",
739 c->dek->s2k_cacheid);
740 passphrase_clear_cache (c->dek->s2k_cacheid);
742 glo_ctrl.lasterr = result;
743 write_status (STATUS_DECRYPTION_FAILED);
744 log_error (_("decryption failed: %s\n"), gpg_strerror (result));
745 /* Hmmm: does this work when we have encrypted using multiple
746 * ways to specify the session key (symmmetric and PK). */
751 free_packet (pkt, NULL);
752 c->last_was_session_key = 0;
753 write_status (STATUS_END_DECRYPTION);
755 /* Bump the counter even if we have not seen a literal data packet
756 * inside an encryption container. This acts as a sentinel in case
757 * a misplace extra literal data packets follows after this
758 * encrypted packet. */
764 proc_plaintext( CTX c, PACKET *pkt )
766 PKT_plaintext *pt = pkt->pkt.plaintext;
767 int any, clearsig, rc;
770 /* This is a literal data packet. Bumb a counter for later checks. */
773 if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
774 log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
775 else if (opt.verbose)
777 /* We don't use print_utf8_buffer because that would require a
778 * string change which we don't want in 2.2. It is also not
779 * clear whether the filename is always utf-8 encoded. */
780 char *tmp = make_printable_string (pt->name, pt->namelen, 0);
781 log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
785 free_md_filter_context (&c->mfx);
786 if (gcry_md_open (&c->mfx.md, 0, 0))
788 /* fixme: we may need to push the textfilter if we have sigclass 1
789 * and no armoring - Not yet tested
790 * Hmmm, why don't we need it at all if we have sigclass 1
791 * Should we assume that plaintext in mode 't' has always sigclass 1??
792 * See: Russ Allbery's mail 1999-02-09
795 for (n=c->list; n; n = n->next )
797 if (n->pkt->pkttype == PKT_ONEPASS_SIG)
799 /* The onepass signature case. */
800 if (n->pkt->pkt.onepass_sig->digest_algo)
802 if (!opt.skip_verify)
803 gcry_md_enable (c->mfx.md,
804 n->pkt->pkt.onepass_sig->digest_algo);
809 else if (n->pkt->pkttype == PKT_GPG_CONTROL
810 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
812 /* The clearsigned message case. */
813 size_t datalen = n->pkt->pkt.gpg_control->datalen;
814 const byte *data = n->pkt->pkt.gpg_control->data;
816 /* Check that we have at least the sigclass and one hash. */
818 log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n");
819 /* Note that we don't set the clearsig flag for not-dash-escaped
821 clearsig = (*data == 0x01);
822 for (data++, datalen--; datalen; datalen--, data++)
823 if (!opt.skip_verify)
824 gcry_md_enable (c->mfx.md, *data);
826 break; /* Stop here as one-pass signature packets are not
829 else if (n->pkt->pkttype == PKT_SIGNATURE)
831 /* The SIG+LITERAL case that PGP used to use. */
832 if (!opt.skip_verify)
833 gcry_md_enable (c->mfx.md, n->pkt->pkt.signature->digest_algo);
838 if (!any && !opt.skip_verify)
840 /* This is for the old GPG LITERAL+SIG case. It's not legal
841 according to 2440, so hopefully it won't come up that often.
842 There is no good way to specify what algorithms to use in
843 that case, so these there are the historical answer. */
844 gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
845 gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
849 gcry_md_debug (c->mfx.md, "verify");
851 gcry_md_debug (c->mfx.md2, "verify2");
856 if (literals_seen > 1)
858 log_info (_("WARNING: multiple plaintexts seen\n"));
860 if (!opt.flags.allow_multiple_messages)
862 write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
863 log_inc_errorcount ();
864 rc = gpg_error (GPG_ERR_UNEXPECTED);
870 /* It we are in --verify mode, we do not want to output the
871 * signed text. However, if --output is also used we do what
872 * has been requested and write out the signed data. */
873 rc = handle_plaintext (pt, &c->mfx,
874 (opt.outfp || opt.outfile)? 0 : c->sigs_only,
876 if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
878 /* Can't write output but we hash it anyway to check the
880 rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
885 log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
887 free_packet (pkt, NULL);
888 c->last_was_session_key = 0;
890 /* We add a marker control packet instead of the plaintext packet.
891 * This is so that we can later detect invalid packet sequences. */
892 n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
894 add_kbnode (c->list, n);
901 proc_compressed_cb (iobuf_t a, void *info)
903 if ( ((CTX)info)->signed_data.used
904 && ((CTX)info)->signed_data.data_fd != -1)
905 return proc_signature_packets_by_fd (((CTX)info)->ctrl, info, a,
906 ((CTX)info)->signed_data.data_fd);
908 return proc_signature_packets (((CTX)info)->ctrl, info, a,
909 ((CTX)info)->signed_data.data_names,
910 ((CTX)info)->sigfilename );
915 proc_encrypt_cb (iobuf_t a, void *info )
918 return proc_encryption_packets (c->ctrl, info, a );
923 proc_compressed (CTX c, PACKET *pkt)
925 PKT_compressed *zd = pkt->pkt.compressed;
928 /*printf("zip: compressed data packet\n");*/
930 rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
931 else if( c->encrypt_only )
932 rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
934 rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
936 if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
938 if (!c->any.uncompress_failed)
942 for (cc=c; cc; cc = cc->anchor)
943 cc->any.uncompress_failed = 1;
944 log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
948 log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
950 free_packet (pkt, NULL);
951 c->last_was_session_key = 0;
957 * Check the signature. If R_PK is not NULL a copy of the public key
958 * used to verify the signature will be stored there, or NULL if not
959 * found. Returns: 0 = valid signature or an error code
962 do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
963 int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
966 gcry_md_hd_t md = NULL;
967 gcry_md_hd_t md2 = NULL;
968 gcry_md_hd_t md_good = NULL;
974 log_assert (node->pkt->pkttype == PKT_SIGNATURE);
977 sig = node->pkt->pkt.signature;
979 algo = sig->digest_algo;
980 rc = openpgp_md_test_algo (algo);
984 if (sig->sig_class == 0x00)
988 if (gcry_md_copy (&md, c->mfx.md ))
991 else /* detached signature */
993 /* check_signature() will enable the md. */
994 if (gcry_md_open (&md, 0, 0 ))
998 else if (sig->sig_class == 0x01)
1000 /* How do we know that we have to hash the (already hashed) text
1001 in canonical mode ??? (calculating both modes???) */
1004 if (gcry_md_copy (&md, c->mfx.md ))
1006 if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2))
1009 else /* detached signature */
1011 log_debug ("Do we really need this here?");
1012 /* check_signature() will enable the md*/
1013 if (gcry_md_open (&md, 0, 0 ))
1015 if (gcry_md_open (&md2, 0, 0 ))
1019 else if ((sig->sig_class&~3) == 0x10
1020 || sig->sig_class == 0x18
1021 || sig->sig_class == 0x1f
1022 || sig->sig_class == 0x20
1023 || sig->sig_class == 0x28
1024 || sig->sig_class == 0x30)
1026 if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
1027 || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1029 return check_key_signature (c->ctrl, c->list, node, is_selfsig);
1031 else if (sig->sig_class == 0x20)
1033 log_error (_("standalone revocation - "
1034 "use \"gpg --import\" to apply\n"));
1035 return GPG_ERR_NOT_PROCESSED;
1039 log_error ("invalid root packet for sigclass %02x\n", sig->sig_class);
1040 return GPG_ERR_SIG_CLASS;
1044 return GPG_ERR_SIG_CLASS;
1046 /* We only get here if we are checking the signature of a binary
1047 (0x00) or text document (0x01). */
1048 rc = check_signature2 (c->ctrl, sig, md, NULL, is_expkey, is_revkey, r_pk);
1051 else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
1053 PKT_public_key *pk2;
1055 rc = check_signature2 (c->ctrl, sig, md2, NULL, is_expkey, is_revkey,
1062 free_public_key (*r_pk);
1070 unsigned char *buffer = gcry_md_read (md_good, sig->digest_algo);
1071 sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
1072 memcpy (sig->digest, buffer, sig->digest_len);
1076 gcry_md_close (md2);
1083 print_userid (PACKET *pkt)
1088 if (pkt->pkttype != PKT_USER_ID)
1090 es_printf ("ERROR: unexpected packet type %d", pkt->pkttype );
1093 if (opt.with_colons)
1095 if (pkt->pkt.user_id->attrib_data)
1097 pkt->pkt.user_id->numattribs,
1098 pkt->pkt.user_id->attrib_len);
1100 es_write_sanitized (es_stdout, pkt->pkt.user_id->name,
1101 pkt->pkt.user_id->len, ":", NULL);
1104 print_utf8_buffer (es_stdout, pkt->pkt.user_id->name,
1105 pkt->pkt.user_id->len );
1110 * List the keyblock in a user friendly way
1113 list_node (CTX c, kbnode_t node)
1117 else if (node->pkt->pkttype == PKT_PUBLIC_KEY
1118 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1120 PKT_public_key *pk = node->pkt->pkt.public_key;
1122 if (opt.with_colons)
1126 keyid_from_pk( pk, keyid );
1127 if (pk->flags.primary)
1128 c->trustletter = (opt.fast_list_mode
1132 node->pkt->pkttype == PKT_PUBLIC_KEY
1135 es_printf ("%s:", pk->flags.primary? "pub":"sub" );
1137 es_putc (c->trustletter, es_stdout);
1138 es_printf (":%u:%d:%08lX%08lX:%s:%s::",
1139 nbits_from_pk( pk ),
1141 (ulong)keyid[0],(ulong)keyid[1],
1142 colon_datestr_from_pk( pk ),
1143 colon_strtime (pk->expiredate) );
1144 if (pk->flags.primary && !opt.fast_list_mode)
1145 es_putc (get_ownertrust_info (c->ctrl, pk, 1), es_stdout);
1146 es_putc (':', es_stdout);
1147 es_putc ('\n', es_stdout);
1151 print_key_line (c->ctrl, es_stdout, pk, 0);
1154 if (opt.keyid_format == KF_NONE && !opt.with_colons)
1155 ; /* Already printed. */
1156 else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
1157 print_fingerprint (c->ctrl, NULL, pk, 0);
1159 if (pk->flags.primary)
1161 int kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
1163 /* Now list all userids with their signatures. */
1164 for (node = node->next; node; node = node->next)
1166 if (node->pkt->pkttype == PKT_SIGNATURE)
1168 list_node (c, node );
1170 else if (node->pkt->pkttype == PKT_USER_ID)
1172 if (opt.with_colons)
1173 es_printf ("%s:::::::::",
1174 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1176 es_printf ("uid%*s",
1177 kl + (opt.legacy_list_mode? 9:11),
1179 print_userid (node->pkt);
1180 if (opt.with_colons)
1181 es_putc (':', es_stdout);
1182 es_putc ('\n', es_stdout);
1184 else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1186 list_node(c, node );
1191 else if (node->pkt->pkttype == PKT_SECRET_KEY
1192 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1195 log_debug ("FIXME: No way to print secret key packets here\n");
1196 /* fixme: We may use a function to turn a secret key packet into
1197 a public key one and use that here. */
1199 else if (node->pkt->pkttype == PKT_SIGNATURE)
1201 PKT_signature *sig = node->pkt->pkt.signature;
1211 if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
1212 es_fputs ("rev", es_stdout);
1214 es_fputs ("sig", es_stdout);
1218 rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL, NULL);
1219 switch (gpg_err_code (rc2))
1221 case 0: sigrc = '!'; break;
1222 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1223 case GPG_ERR_NO_PUBKEY:
1224 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1225 default: sigrc = '%'; break;
1228 else /* Check whether this is a self signature. */
1232 if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
1233 || c->list->pkt->pkttype == PKT_SECRET_KEY )
1235 keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
1237 if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
1242 if (opt.with_colons)
1244 es_putc (':', es_stdout);
1246 es_putc (sigrc, es_stdout);
1247 es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1248 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1249 colon_datestr_from_sig (sig),
1250 colon_expirestr_from_sig (sig));
1252 if (sig->trust_depth || sig->trust_value)
1253 es_printf ("%d %d",sig->trust_depth,sig->trust_value);
1254 es_putc (':', es_stdout);
1256 if (sig->trust_regexp)
1257 es_write_sanitized (es_stdout, sig->trust_regexp,
1258 strlen (sig->trust_regexp), ":", NULL);
1259 es_putc (':', es_stdout);
1262 es_printf ("%c %s %s ",
1263 sigrc, keystr (sig->keyid), datestr_from_sig(sig));
1265 es_printf ("[%s] ", gpg_strerror (rc2) );
1266 else if (sigrc == '?')
1268 else if (is_selfsig)
1270 if (opt.with_colons)
1271 es_putc (':', es_stdout);
1272 es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
1273 if (opt.with_colons)
1274 es_putc (':', es_stdout);
1276 else if (!opt.fast_list_mode)
1278 p = get_user_id (c->ctrl, sig->keyid, &n, NULL);
1279 es_write_sanitized (es_stdout, p, n,
1280 opt.with_colons?":":NULL, NULL );
1283 if (opt.with_colons)
1284 es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1285 es_putc ('\n', es_stdout);
1288 log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
1293 proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1296 CTX c = xmalloc_clear (sizeof *c);
1300 rc = do_proc_packets (ctrl, c, a);
1308 proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
1309 strlist_t signedfiles, const char *sigfilename )
1311 CTX c = xmalloc_clear (sizeof *c);
1318 c->signed_data.data_fd = -1;
1319 c->signed_data.data_names = signedfiles;
1320 c->signed_data.used = !!signedfiles;
1322 c->sigfilename = sigfilename;
1323 rc = do_proc_packets (ctrl, c, a);
1325 /* If we have not encountered any signature we print an error
1326 messages, send a NODATA status back and return an error code.
1327 Using log_error is required because verify_files does not check
1328 error codes for each file but we want to terminate the process
1330 if (!rc && !c->any.sig_seen)
1332 write_status_text (STATUS_NODATA, "4");
1333 log_error (_("no signature found\n"));
1334 rc = GPG_ERR_NO_DATA;
1337 /* Propagate the signature seen flag upward. Do this only on success
1338 so that we won't issue the nodata status several times. */
1339 if (!rc && c->anchor && c->any.sig_seen)
1340 c->anchor->any.sig_seen = 1;
1348 proc_signature_packets_by_fd (ctrl_t ctrl,
1349 void *anchor, iobuf_t a, int signed_data_fd )
1354 c = xtrycalloc (1, sizeof *c);
1356 return gpg_error_from_syserror ();
1362 c->signed_data.data_fd = signed_data_fd;
1363 c->signed_data.data_names = NULL;
1364 c->signed_data.used = (signed_data_fd != -1);
1366 rc = do_proc_packets (ctrl, c, a);
1368 /* If we have not encountered any signature we print an error
1369 messages, send a NODATA status back and return an error code.
1370 Using log_error is required because verify_files does not check
1371 error codes for each file but we want to terminate the process
1373 if (!rc && !c->any.sig_seen)
1375 write_status_text (STATUS_NODATA, "4");
1376 log_error (_("no signature found\n"));
1377 rc = gpg_error (GPG_ERR_NO_DATA);
1380 /* Propagate the signature seen flag upward. Do this only on success
1381 so that we won't issue the nodata status several times. */
1382 if (!rc && c->anchor && c->any.sig_seen)
1383 c->anchor->any.sig_seen = 1;
1391 proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
1393 CTX c = xmalloc_clear (sizeof *c);
1398 c->encrypt_only = 1;
1399 rc = do_proc_packets (ctrl, c, a);
1406 check_nesting (CTX c)
1410 for (level=0; c; c = c->anchor)
1413 if (level > MAX_NESTING_DEPTH)
1415 log_error ("input data with too deeply nested packets\n");
1416 write_status_text (STATUS_UNEXPECTED, "1");
1417 return GPG_ERR_BAD_DATA;
1425 do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
1428 struct parse_packet_ctx_s parsectx;
1433 rc = check_nesting (c);
1437 pkt = xmalloc( sizeof *pkt );
1440 init_parse_packet (&parsectx, a);
1441 while ((rc=parse_packet (&parsectx, pkt)) != -1)
1446 free_packet (pkt, &parsectx);
1447 /* Stop processing when an invalid packet has been encountered
1448 * but don't do so when we are doing a --list-packets. */
1449 if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1450 && opt.list_packets == 0)
1455 if (opt.list_packets)
1457 switch (pkt->pkttype)
1459 case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1460 case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1462 case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1463 case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1464 default: newpkt = 0; break;
1467 else if (c->sigs_only)
1469 switch (pkt->pkttype)
1471 case PKT_PUBLIC_KEY:
1472 case PKT_SECRET_KEY:
1474 case PKT_SYMKEY_ENC:
1475 case PKT_PUBKEY_ENC:
1477 case PKT_ENCRYPTED_MDC:
1478 write_status_text( STATUS_UNEXPECTED, "0" );
1479 rc = GPG_ERR_UNEXPECTED;
1482 case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1483 case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1484 case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1485 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1486 case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1487 default: newpkt = 0; break;
1490 else if (c->encrypt_only)
1492 switch (pkt->pkttype)
1494 case PKT_PUBLIC_KEY:
1495 case PKT_SECRET_KEY:
1497 write_status_text (STATUS_UNEXPECTED, "0");
1498 rc = GPG_ERR_UNEXPECTED;
1501 case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1502 case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1503 case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1505 case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1506 case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1507 case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1508 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1509 case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
1510 default: newpkt = 0; break;
1515 switch (pkt->pkttype)
1517 case PKT_PUBLIC_KEY:
1518 case PKT_SECRET_KEY:
1520 c->list = new_kbnode (pkt);
1523 case PKT_PUBLIC_SUBKEY:
1524 case PKT_SECRET_SUBKEY:
1525 newpkt = add_subkey (c, pkt);
1527 case PKT_USER_ID: newpkt = add_user_id (c, pkt); break;
1528 case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break;
1529 case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break;
1530 case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break;
1532 case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
1533 case PKT_PLAINTEXT: proc_plaintext (c, pkt); break;
1534 case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
1535 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
1536 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1537 case PKT_RING_TRUST: newpkt = add_ring_trust (c, pkt); break;
1538 default: newpkt = 0; break;
1545 /* This is a very ugly construct and frankly, I don't remember why
1546 * I used it. Adding the MDC check here is a hack.
1547 * The right solution is to initiate another context for encrypted
1548 * packet and not to reuse the current one ... It works right
1549 * when there is a compression packet between which adds just
1551 * Hmmm: Rewrite this whole module here??
1553 if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
1554 c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
1560 pkt = xmalloc (sizeof *pkt);
1564 free_packet (pkt, &parsectx);
1567 if (rc == GPG_ERR_INV_PACKET)
1568 write_status_text (STATUS_NODATA, "3");
1573 write_status_text (STATUS_NODATA, "2");
1579 free_packet (pkt, &parsectx);
1580 deinit_parse_packet (&parsectx);
1582 free_md_filter_context (&c->mfx);
1587 /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1588 of the notation data. */
1590 get_pka_address (PKT_signature *sig)
1592 pka_info_t *pka = NULL;
1593 struct notation *nd,*notation;
1595 notation=sig_to_notation(sig);
1597 for(nd=notation;nd;nd=nd->next)
1599 if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1600 continue; /* Not the notation we want. */
1602 /* For now we only use the first valid PKA notation. In future
1603 we might want to keep additional PKA notations in a linked
1605 if (is_valid_mailbox (nd->value))
1607 pka = xmalloc (sizeof *pka + strlen(nd->value));
1611 strcpy (pka->email, nd->value);
1616 free_notation(notation);
1622 /* Return the URI from a DNS PKA record. If this record has already
1623 be retrieved for the signature we merely return it; if not we go
1624 out and try to get that DNS record. */
1626 pka_uri_from_sig (CTX c, PKT_signature *sig)
1628 if (!sig->flags.pka_tried)
1630 log_assert (!sig->pka_info);
1631 sig->flags.pka_tried = 1;
1632 sig->pka_info = get_pka_address (sig);
1639 if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
1640 &fpr, &fprlen, &url))
1642 if (fpr && fprlen == sizeof sig->pka_info->fpr)
1644 memcpy (sig->pka_info->fpr, fpr, fprlen);
1647 sig->pka_info->valid = 1;
1651 sig->pka_info->uri = url;
1660 return sig->pka_info? sig->pka_info->uri : NULL;
1664 /* Return true if the AKL has the WKD method specified. */
1666 akl_has_wkd_method (void)
1670 for (akl = opt.auto_key_locate; akl; akl = akl->next)
1671 if (akl->type == AKL_WKD)
1677 /* Return the ISSUER fingerprint buffer and its lenbgth at R_LEN.
1678 * Returns NULL if not available. The returned buffer is valid as
1679 * long as SIG is not modified. */
1681 issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
1686 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
1687 if (p && n == 21 && p[0] == 4)
1697 /* Return the ISSUER fingerprint string in human readable format if
1698 * available. Caller must release the string. */
1699 /* FIXME: Move to another file. */
1701 issuer_fpr_string (PKT_signature *sig)
1706 p = issuer_fpr_raw (sig, &n);
1707 return p? bin2hex (p, n, NULL) : NULL;
1712 print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
1713 PKT_signature *sig, int rc)
1717 write_status_text_and_buffer (statno, keyid_str,
1718 un? un->pkt->pkt.user_id->name:"[?]",
1719 un? un->pkt->pkt.user_id->len:3,
1723 p = utf8_to_native (un->pkt->pkt.user_id->name,
1724 un->pkt->pkt.user_id->len, 0);
1726 p = xstrdup ("[?]");
1729 log_info (_("BAD signature from \"%s\""), p);
1730 else if (sig->flags.expired)
1731 log_info (_("Expired signature from \"%s\""), p);
1733 log_info (_("Good signature from \"%s\""), p);
1740 check_sig_and_print (CTX c, kbnode_t node)
1742 PKT_signature *sig = node->pkt->pkt.signature;
1747 char *issuer_fpr = NULL;
1748 PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
1750 if (opt.skip_verify)
1752 log_info(_("signature verification suppressed\n"));
1756 /* Check that the message composition is valid.
1758 * Per RFC-2440bis (-15) allowed:
1760 * S{1,n} -- detached signature.
1761 * S{1,n} P -- old style PGP2 signature
1762 * O{1,n} P S{1,n} -- standard OpenPGP signature.
1763 * C P S{1,n} -- cleartext signature.
1766 * O = One-Pass Signature packet.
1767 * S = Signature packet.
1768 * P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1769 * (Note that the current rfc2440bis draft also allows
1770 * for a signed message but that does not work as it
1771 * introduces ambiguities.)
1772 * We keep track of these packages using the marker packet
1773 * CTRLPKT_PLAINTEXT_MARK.
1774 * C = Marker packet for cleartext signatures.
1776 * We reject all other messages.
1778 * Actually we are calling this too often, i.e. for verification of
1779 * each message but better have some duplicate work than to silently
1780 * introduce a bug here.
1784 int n_onepass, n_sig;
1786 /* log_debug ("checking signature packet composition\n"); */
1787 /* dump_kbnode (c->list); */
1791 if ( n->pkt->pkttype == PKT_SIGNATURE )
1793 /* This is either "S{1,n}" case (detached signature) or
1794 "S{1,n} P" (old style PGP2 signature). */
1795 for (n = n->next; n; n = n->next)
1796 if (n->pkt->pkttype != PKT_SIGNATURE)
1799 ; /* Okay, this is a detached signature. */
1800 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1801 && (n->pkt->pkt.gpg_control->control
1802 == CTRLPKT_PLAINTEXT_MARK) )
1805 goto ambiguous; /* We only allow one P packet. */
1810 else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1812 /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1813 for (n_onepass=1, n = n->next;
1814 n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1816 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1817 && (n->pkt->pkt.gpg_control->control
1818 == CTRLPKT_PLAINTEXT_MARK)))
1820 for (n_sig=0, n = n->next;
1821 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1826 /* If we wanted to disallow multiple sig verification, we'd do
1827 something like this:
1829 if (n && !opt.allow_multisig_verification)
1832 However, now that we have --allow-multiple-messages, this
1833 can stay allowable as we can't get here unless multiple
1834 messages (i.e. multiple literals) are allowed. */
1836 if (n_onepass != n_sig)
1838 log_info ("number of one-pass packets does not match "
1839 "number of signature packets\n");
1843 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1844 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1846 /* This is the "C P S{1,n}" case (clear text signature). */
1848 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1849 && (n->pkt->pkt.gpg_control->control
1850 == CTRLPKT_PLAINTEXT_MARK)))
1852 for (n_sig=0, n = n->next;
1853 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1861 log_error(_("can't handle this ambiguous signature data\n"));
1866 if (sig->signers_uid)
1867 write_status_buffer (STATUS_NEWSIG,
1868 sig->signers_uid, strlen (sig->signers_uid), 0);
1870 write_status_text (STATUS_NEWSIG, NULL);
1872 astr = openpgp_pk_algo_name ( sig->pubkey_algo );
1873 issuer_fpr = issuer_fpr_string (sig);
1877 log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1878 log_info (_(" using %s key %s\n"),
1879 astr? astr: "?", issuer_fpr);
1882 else if (!keystrlen () || keystrlen () > 8)
1884 log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
1885 log_info (_(" using %s key %s\n"),
1886 astr? astr: "?", keystr(sig->keyid));
1888 else /* Legacy format. */
1889 log_info (_("Signature made %s using %s key ID %s\n"),
1890 asctimestamp(sig->timestamp), astr? astr: "?",
1891 keystr(sig->keyid));
1893 /* In verbose mode print the signers UID. */
1894 if (sig->signers_uid)
1895 log_info (_(" issuer \"%s\"\n"), sig->signers_uid);
1897 rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1899 /* If the key isn't found, check for a preferred keyserver. Note
1900 * that this is only done if honor-keyserver-url has been set. We
1901 * test for this in the loop so that we can show info about the
1902 * preferred keyservers. */
1903 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1904 && sig->flags.pref_ks)
1909 int any_pref_ks = 0;
1911 while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1913 /* According to my favorite copy editor, in English grammar,
1914 you say "at" if the key is located on a web page, but
1915 "from" if it is located on a keyserver. I'm not going to
1916 even try to make two strings here :) */
1917 log_info(_("Key available at: ") );
1918 print_utf8_buffer (log_get_stream(), p, n);
1922 if ((opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1923 && (opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL))
1925 struct keyserver_spec *spec;
1927 spec = parse_preferred_keyserver (sig);
1933 log_debug ("trying auto-key-retrieve method %s\n",
1936 free_public_key (pk);
1938 glo_ctrl.in_auto_key_retrieve++;
1939 res = keyserver_import_keyid (c->ctrl, sig->keyid,spec, 1);
1940 glo_ctrl.in_auto_key_retrieve--;
1942 rc = do_check_sig (c, node, NULL,
1943 &is_expkey, &is_revkey, &pk);
1944 else if (DBG_LOOKUP)
1945 log_debug ("lookup via %s failed: %s\n", "Pref-KS",
1946 gpg_strerror (res));
1947 free_keyserver_spec (spec);
1956 && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1957 && !(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL))
1958 log_info (_("Note: Use '%s' to make use of this info\n"),
1959 "--keyserver-option honor-keyserver-url");
1962 /* If the above methods didn't work, our next try is to retrieve the
1963 * key from the WKD. This requires that WKD is in the AKL and the
1964 * Signer's UID is in the signature. */
1965 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1966 && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1967 && !opt.flags.disable_signer_uid
1968 && akl_has_wkd_method ()
1969 && sig->signers_uid)
1974 log_debug ("trying auto-key-retrieve method %s\n", "WKD");
1975 free_public_key (pk);
1977 glo_ctrl.in_auto_key_retrieve++;
1978 res = keyserver_import_wkd (c->ctrl, sig->signers_uid, 1, NULL, NULL);
1979 glo_ctrl.in_auto_key_retrieve--;
1980 /* Fixme: If the fingerprint is embedded in the signature,
1981 * compare it to the fingerprint of the returned key. */
1983 rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
1984 else if (DBG_LOOKUP)
1985 log_debug ("lookup via %s failed: %s\n", "WKD", gpg_strerror (res));
1988 /* If the avove methods didn't work, our next try is to use the URI
1989 * from a DNS PKA record. This is a legacy method which will
1990 * eventually be removed. */
1991 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
1992 && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
1993 && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
1995 const char *uri = pka_uri_from_sig (c, sig);
1999 /* FIXME: We might want to locate the key using the
2000 fingerprint instead of the keyid. */
2002 struct keyserver_spec *spec;
2004 spec = parse_keyserver_uri (uri, 1);
2008 log_debug ("trying auto-key-retrieve method %s\n", "PKA");
2010 free_public_key (pk);
2012 glo_ctrl.in_auto_key_retrieve++;
2013 res = keyserver_import_keyid (c->ctrl, sig->keyid, spec, 1);
2014 glo_ctrl.in_auto_key_retrieve--;
2015 free_keyserver_spec (spec);
2017 rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
2018 else if (DBG_LOOKUP)
2019 log_debug ("lookup via %s failed: %s\n", "PKA",
2020 gpg_strerror (res));
2025 /* If the above methods didn't work, our next try is to locate
2026 * the key via its fingerprint from a keyserver. This requires
2027 * that the signers fingerprint is encoded in the signature. */
2028 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2029 && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
2030 && keyserver_any_configured (c->ctrl))
2036 p = issuer_fpr_raw (sig, &n);
2039 /* v4 packet with a SHA-1 fingerprint. */
2041 log_debug ("trying auto-key-retrieve method %s\n", "KS");
2043 free_public_key (pk);
2045 glo_ctrl.in_auto_key_retrieve++;
2046 res = keyserver_import_fprint (c->ctrl, p, n, opt.keyserver, 1);
2047 glo_ctrl.in_auto_key_retrieve--;
2049 rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
2050 else if (DBG_LOOKUP)
2051 log_debug ("lookup via %s failed: %s\n", "KS", gpg_strerror (res));
2055 if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
2057 kbnode_t un, keyblock;
2061 PKT_public_key *mainpk = NULL;
2064 statno = STATUS_BADSIG;
2065 else if (sig->flags.expired)
2066 statno = STATUS_EXPSIG;
2068 statno = STATUS_EXPKEYSIG;
2070 statno = STATUS_REVKEYSIG;
2072 statno = STATUS_GOODSIG;
2074 /* FIXME: We should have the public key in PK and thus the
2075 * keyblock has already been fetched. Thus we could use the
2076 * fingerprint or PK itself to lookup the entire keyblock. That
2077 * would best be done with a cache. */
2078 keyblock = get_pubkeyblock_for_sig (c->ctrl, sig);
2080 snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
2081 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
2083 /* Find and print the primary user ID along with the
2084 "Good|Expired|Bad signature" line. */
2085 for (un=keyblock; un; un = un->next)
2089 if (un->pkt->pkttype==PKT_PUBLIC_KEY)
2091 mainpk = un->pkt->pkt.public_key;
2094 if (un->pkt->pkttype != PKT_USER_ID)
2096 if (!un->pkt->pkt.user_id->created)
2098 if (un->pkt->pkt.user_id->flags.revoked)
2100 if (un->pkt->pkt.user_id->flags.expired)
2102 if (!un->pkt->pkt.user_id->flags.primary)
2104 /* We want the textual primary user ID here */
2105 if (un->pkt->pkt.user_id->attrib_data)
2108 log_assert (mainpk);
2110 /* Since this is just informational, don't actually ask the
2111 user to update any trust information. (Note: we register
2112 the signature later.) Because print_good_bad_signature
2113 does not print a LF we need to compute the validity
2114 before calling that function. */
2115 if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
2116 valid = get_validity (c->ctrl, keyblock, mainpk,
2117 un->pkt->pkt.user_id, NULL, 0);
2119 valid = 0; /* Not used. */
2121 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
2123 print_good_bad_signature (statno, keyid_str, un, sig, rc);
2125 if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
2126 log_printf (" [%s]\n",trust_value_to_string(valid));
2133 log_assert (mainpk);
2135 /* In case we did not found a valid textual userid above
2136 we print the first user id packet or a "[?]" instead along
2137 with the "Good|Expired|Bad signature" line. */
2140 /* Try for an invalid textual userid */
2141 for (un=keyblock; un; un = un->next)
2143 if (un->pkt->pkttype == PKT_USER_ID
2144 && !un->pkt->pkt.user_id->attrib_data)
2148 /* Try for any userid at all */
2151 for (un=keyblock; un; un = un->next)
2153 if (un->pkt->pkttype == PKT_USER_ID)
2158 if (opt.trust_model==TM_ALWAYS || !un)
2159 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
2161 print_good_bad_signature (statno, keyid_str, un, sig, rc);
2163 if (opt.trust_model != TM_ALWAYS && un)
2164 log_printf (" %s",_("[uncertain]") );
2168 /* If we have a good signature and already printed
2169 * the primary user ID, print all the other user IDs */
2172 && !(opt.verify_options & VERIFY_SHOW_PRIMARY_UID_ONLY))
2175 for( un=keyblock; un; un = un->next)
2177 if (un->pkt->pkttype != PKT_USER_ID)
2179 if ((un->pkt->pkt.user_id->flags.revoked
2180 || un->pkt->pkt.user_id->flags.expired)
2181 && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
2183 /* Skip textual primary user ids which we printed above. */
2184 if (un->pkt->pkt.user_id->flags.primary
2185 && !un->pkt->pkt.user_id->attrib_data )
2188 /* If this user id has attribute data, print that. */
2189 if (un->pkt->pkt.user_id->attrib_data)
2191 dump_attribs (un->pkt->pkt.user_id, mainpk);
2193 if (opt.verify_options&VERIFY_SHOW_PHOTOS)
2194 show_photos (c->ctrl,
2195 un->pkt->pkt.user_id->attribs,
2196 un->pkt->pkt.user_id->numattribs,
2197 mainpk ,un->pkt->pkt.user_id);
2200 p = utf8_to_native (un->pkt->pkt.user_id->name,
2201 un->pkt->pkt.user_id->len, 0);
2202 log_info (_(" aka \"%s\""), p);
2205 if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
2209 if (un->pkt->pkt.user_id->flags.revoked)
2210 valid = _("revoked");
2211 else if (un->pkt->pkt.user_id->flags.expired)
2212 valid = _("expired");
2214 /* Since this is just informational, don't
2215 actually ask the user to update any trust
2217 valid = (trust_value_to_string
2218 (get_validity (c->ctrl, keyblock, mainpk,
2219 un->pkt->pkt.user_id, NULL, 0)));
2220 log_printf (" [%s]\n",valid);
2227 /* For good signatures print notation data. */
2230 if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
2231 show_policy_url (sig, 0, 1);
2233 show_policy_url (sig, 0, 2);
2235 if ((opt.verify_options & VERIFY_SHOW_KEYSERVER_URLS))
2236 show_keyserver_url (sig, 0, 1);
2238 show_keyserver_url (sig, 0, 2);
2240 if ((opt.verify_options & VERIFY_SHOW_NOTATIONS))
2243 (((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)
2244 + ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0)));
2246 show_notation (sig, 0, 2, 0);
2249 /* For good signatures print the VALIDSIG status line. */
2250 if (!rc && is_status_enabled () && pk)
2252 char pkhex[MAX_FINGERPRINT_LEN*2+1];
2253 char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
2255 hexfingerprint (pk, pkhex, sizeof pkhex);
2256 hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
2258 /* TODO: Replace the reserved '0' in the field below with
2259 bits for status flags (policy url, notation, etc.). */
2260 write_status_printf (STATUS_VALIDSIG,
2261 "%s %s %lu %lu %d 0 %d %d %02X %s",
2263 strtimestamp (sig->timestamp),
2264 (ulong)sig->timestamp,
2265 (ulong)sig->expiredate,
2266 sig->version, sig->pubkey_algo,
2272 /* Print compliance warning for Good signatures. */
2273 if (!rc && pk && !opt.quiet
2274 && !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo,
2275 pk->pkey, nbits_from_pk (pk), NULL))
2277 log_info (_("WARNING: This key is not suitable for signing"
2279 gnupg_compliance_option_string (opt.compliance));
2282 /* For good signatures compute and print the trust information.
2283 Note that in the Tofu trust model this may ask the user on
2284 how to resolve a conflict. */
2287 if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
2288 pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
2289 rc = check_signatures_trust (c->ctrl, sig);
2292 /* Print extra information about the signature. */
2293 if (sig->flags.expired)
2295 log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
2296 rc = GPG_ERR_GENERAL; /* Need a better error here? */
2298 else if (sig->expiredate)
2299 log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
2303 char pkstrbuf[PUBKEY_STRING_SIZE];
2306 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
2310 log_info (_("%s signature, digest algorithm %s%s%s\n"),
2311 sig->sig_class==0x00?_("binary"):
2312 sig->sig_class==0x01?_("textmode"):_("unknown"),
2313 gcry_md_algo_name (sig->digest_algo),
2314 *pkstrbuf?_(", key algorithm "):"", pkstrbuf);
2317 /* Print final warnings. */
2318 if (!rc && !c->signed_data.used)
2320 /* Signature is basically good but we test whether the
2322 gpg --verify FILE.sig
2324 gpg --verify FILE.sig FILE
2325 to verify a detached signature. If we figure out that a
2326 data file with a matching name exists, we print a warning.
2328 The problem is that the first form would also verify a
2329 standard signature. This behavior could be used to
2330 create a made up .sig file for a tarball by creating a
2331 standard signature from a valid detached signature packet
2332 (for example from a signed git tag). Then replace the
2333 sig file on the FTP server along with a changed tarball.
2334 Using the first form the verify command would correctly
2335 verify the signature but don't even consider the tarball. */
2339 dfile = get_matching_datafile (c->sigfilename);
2342 for (n = c->list; n; n = n->next)
2343 if (n->pkt->pkttype != PKT_SIGNATURE)
2347 /* Not only signature packets in the tree thus this
2348 is not a detached signature. */
2349 log_info (_("WARNING: not a detached signature; "
2350 "file '%s' was NOT verified!\n"), dfile);
2356 /* Compute compliance with CO_DE_VS. */
2357 if (pk && is_status_enabled ()
2358 && gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
2359 nbits_from_pk (pk), NULL)
2360 && gnupg_digest_is_compliant (CO_DE_VS, sig->digest_algo))
2361 write_status_strings (STATUS_VERIFICATION_COMPLIANCE_MODE,
2362 gnupg_status_compliance_flag (CO_DE_VS),
2365 free_public_key (pk);
2367 release_kbnode( keyblock );
2369 g10_errors_seen = 1;
2370 if (opt.batch && rc)
2375 write_status_printf (STATUS_ERRSIG, "%08lX%08lX %d %d %02x %lu %d %s",
2376 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
2377 sig->pubkey_algo, sig->digest_algo,
2378 sig->sig_class, (ulong)sig->timestamp,
2380 issuer_fpr? issuer_fpr:"-");
2381 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
2383 write_status_printf (STATUS_NO_PUBKEY, "%08lX%08lX",
2384 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
2386 if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
2387 log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
2390 free_public_key (pk);
2397 * Process the tree which starts at node
2400 proc_tree (CTX c, kbnode_t node)
2405 if (opt.list_packets || opt.list_only)
2408 /* We must skip our special plaintext marker packets here because
2409 they may be the root packet. These packets are only used in
2410 additional checks and skipping them here doesn't matter. */
2412 && node->pkt->pkttype == PKT_GPG_CONTROL
2413 && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
2420 c->trustletter = ' ';
2421 if (node->pkt->pkttype == PKT_PUBLIC_KEY
2422 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2424 merge_keys_and_selfsig (c->ctrl, node);
2425 list_node (c, node);
2427 else if (node->pkt->pkttype == PKT_SECRET_KEY)
2429 merge_keys_and_selfsig (c->ctrl, node);
2430 list_node (c, node);
2432 else if (node->pkt->pkttype == PKT_ONEPASS_SIG)
2434 /* Check all signatures. */
2437 int use_textmode = 0;
2439 free_md_filter_context (&c->mfx);
2440 /* Prepare to create all requested message digests. */
2441 rc = gcry_md_open (&c->mfx.md, 0, 0);
2445 /* Fixme: why looking for the signature packet and not the
2447 for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2448 gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo);
2450 if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2453 /* Ask for file and hash it. */
2456 if (c->signed_data.used && c->signed_data.data_fd != -1)
2457 rc = hash_datafile_by_fd (c->mfx.md, NULL,
2458 c->signed_data.data_fd,
2461 rc = hash_datafiles (c->mfx.md, NULL,
2462 c->signed_data.data_names,
2468 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2469 iobuf_get_real_fname (c->iobuf),
2476 log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2480 else if (c->signed_data.used)
2482 log_error (_("not a detached signature\n"));
2486 for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2487 check_sig_and_print (c, n1);
2490 else if (node->pkt->pkttype == PKT_GPG_CONTROL
2491 && node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
2493 /* Clear text signed message. */
2496 log_error ("cleartext signature without data\n");
2499 else if (c->signed_data.used)
2501 log_error (_("not a detached signature\n"));
2505 for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
2506 check_sig_and_print (c, n1);
2509 else if (node->pkt->pkttype == PKT_SIGNATURE)
2511 PKT_signature *sig = node->pkt->pkt.signature;
2512 int multiple_ok = 1;
2514 n1 = find_next_kbnode (node, PKT_SIGNATURE);
2517 byte class = sig->sig_class;
2518 byte hash = sig->digest_algo;
2520 for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2522 /* We can't currently handle multiple signatures of
2523 * different classes (we'd pretty much have to run a
2524 * different hash context for each), but if they are all
2525 * the same and it is detached signature, we make an
2526 * exception. Note that the old code also disallowed
2527 * multiple signatures if the digest algorithms are
2528 * different. We softened this restriction only for
2529 * detached signatures, to be on the safe side. */
2530 if (n1->pkt->pkt.signature->sig_class != class
2532 && n1->pkt->pkt.signature->digest_algo != hash))
2535 log_info (_("WARNING: multiple signatures detected. "
2536 "Only the first will be checked.\n"));
2542 if (sig->sig_class != 0x00 && sig->sig_class != 0x01)
2544 log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class);
2546 else if (!c->any.data)
2548 /* Detached signature */
2549 free_md_filter_context (&c->mfx);
2550 rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0);
2552 goto detached_hash_err;
2556 /* If we have and want to handle multiple signatures we
2557 * need to enable all hash algorithms for the context. */
2558 for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE)); )
2559 if (!openpgp_md_test_algo (n1->pkt->pkt.signature->digest_algo))
2560 gcry_md_enable (c->mfx.md,
2561 map_md_openpgp_to_gcry
2562 (n1->pkt->pkt.signature->digest_algo));
2565 if (RFC2440 || RFC4880)
2566 ; /* Strict RFC mode. */
2567 else if (sig->digest_algo == DIGEST_ALGO_SHA1
2568 && sig->pubkey_algo == PUBKEY_ALGO_DSA
2569 && sig->sig_class == 0x01)
2571 /* Enable a workaround for a pgp5 bug when the detached
2572 * signature has been created in textmode. Note that we
2573 * do not implement this for multiple signatures with
2574 * different hash algorithms. */
2575 rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
2577 goto detached_hash_err;
2580 /* Here we used to have another hack to work around a pgp
2581 * 2 bug: It worked by not using the textmode for detached
2582 * signatures; this would let the first signature check
2583 * (on md) fail but the second one (on md2), which adds an
2584 * extra CR would then have produced the "correct" hash.
2585 * This is very, very ugly hack but it may haved help in
2586 * some cases (and break others).
2587 * c->mfx.md2? 0 :(sig->sig_class == 0x01)
2592 gcry_md_debug (c->mfx.md, "verify");
2594 gcry_md_debug (c->mfx.md2, "verify2");
2599 if (c->signed_data.used && c->signed_data.data_fd != -1)
2600 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2601 c->signed_data.data_fd,
2602 (sig->sig_class == 0x01));
2604 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2605 c->signed_data.data_names,
2607 (sig->sig_class == 0x01));
2611 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2612 iobuf_get_real_fname(c->iobuf),
2613 (sig->sig_class == 0x01));
2619 log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
2623 else if (c->signed_data.used)
2625 log_error (_("not a detached signature\n"));
2628 else if (!opt.quiet)
2629 log_info (_("old style (PGP 2.x) signature\n"));
2633 for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2634 check_sig_and_print (c, n1);
2637 check_sig_and_print (c, node);
2642 dump_kbnode (c->list);
2643 log_error ("invalid root packet detected in proc_tree()\n");