1 /* mainproc.c - handle packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009 Free Software Foundation, Inc.
4 * Copyright (C) 2013 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
41 #include "keyserver-internal.h"
46 /* Put an upper limit on nested packets. The 32 is an arbitrary
47 value, a much lower should actually be sufficient. */
48 #define MAX_NESTING_DEPTH 32
52 struct kidlist_item *next;
60 * Structure to hold the context
62 typedef struct mainproc_context *CTX;
63 struct mainproc_context
65 struct mainproc_context *anchor; /* May be useful in the future. */
66 PKT_public_key *last_pubkey;
67 PKT_secret_key *last_seckey;
68 PKT_user_id *last_user_id;
69 md_filter_context_t mfx;
70 int sigs_only; /* Process only signatures and reject all other stuff. */
71 int encrypt_only; /* Process only encryption messages. */
73 /* Name of the file with the complete signature or the file with the
74 detached signature. This is currently only used to deduce the
75 file name of the data file if that has not been given. */
76 const char *sigfilename;
78 /* A structure to describe the signed data in case of a detached
82 /* A file descriptor of the the signed data. Only used if not -1. */
84 /* A list of filenames with the data files or NULL. This is only
85 used if DATA_FD is -1. */
87 /* Flag to indicated that either one of the next previous fieldss
88 is used. This is only needed for better readability. */
93 int last_was_session_key;
94 KBNODE list; /* The current list of packets. */
95 IOBUF iobuf; /* Used to get the filename etc. */
96 int trustletter; /* Temporary usage in list_node. */
98 struct kidlist_item *pkenc_list; /* List of encryption packets. */
100 unsigned int sig_seen:1; /* Set to true if a signature packet
102 unsigned int data:1; /* Any data packet seen */
103 unsigned int uncompress_failed:1;
108 static int do_proc_packets( CTX c, IOBUF a );
109 static void list_node( CTX c, KBNODE node );
110 static void proc_tree( CTX c, KBNODE node );
111 static int literals_seen;
114 reset_literals_seen(void)
120 release_list( CTX c )
124 proc_tree(c, c->list );
125 release_kbnode( c->list );
126 while( c->pkenc_list ) {
127 struct kidlist_item *tmp = c->pkenc_list->next;
128 xfree( c->pkenc_list );
131 c->pkenc_list = NULL;
134 c->any.uncompress_failed = 0;
135 c->last_was_session_key = 0;
136 xfree(c->dek); c->dek = NULL;
141 add_onepass_sig( CTX c, PACKET *pkt )
145 if ( c->list ) /* add another packet */
146 add_kbnode( c->list, new_kbnode( pkt ));
147 else /* insert the first one */
148 c->list = node = new_kbnode( pkt );
155 add_gpg_control( CTX c, PACKET *pkt )
157 if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
158 /* New clear text signature.
159 * Process the last one and reset everything */
163 if( c->list ) /* add another packet */
164 add_kbnode( c->list, new_kbnode( pkt ));
165 else /* insert the first one */
166 c->list = new_kbnode( pkt );
174 add_user_id( CTX c, PACKET *pkt )
177 log_error("orphaned user ID\n" );
180 add_kbnode( c->list, new_kbnode( pkt ) );
185 add_subkey( CTX c, PACKET *pkt )
188 log_error("subkey w/o mainkey\n" );
191 add_kbnode( c->list, new_kbnode( pkt ) );
196 add_ring_trust( CTX c, PACKET *pkt )
199 log_error("ring trust w/o key\n" );
202 add_kbnode( c->list, new_kbnode( pkt ) );
208 add_signature( CTX c, PACKET *pkt )
213 if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
214 /* This is the first signature for the following datafile.
215 * GPG does not write such packets; instead it always uses
216 * onepass-sig packets. The drawback of PGP's method
217 * of prepending the signature to the data is
218 * that it is not possible to make a signature from data read
219 * from stdin. (GPG is able to read PGP stuff anyway.) */
220 node = new_kbnode( pkt );
225 return 0; /* oops (invalid packet sequence)*/
226 else if( !c->list->pkt )
227 BUG(); /* so nicht */
229 /* add a new signature node id at the end */
230 node = new_kbnode( pkt );
231 add_kbnode( c->list, node );
236 symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
240 if(slen < 17 || slen > 33)
242 log_error ( _("weird size for an encrypted session key (%d)\n"),
244 return G10ERR_BAD_KEY;
247 if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
249 if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
251 gcry_cipher_setiv ( hd, NULL, 0 );
252 gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
253 gcry_cipher_close ( hd );
255 /* Now we replace the dek components with the real session key to
256 decrypt the contents of the sequencing packet. */
261 if(dek->keylen > DIM(dek->key))
264 /* This is not completely accurate, since a bad passphrase may have
265 resulted in a garbage algorithm byte, but it's close enough since
266 a bogus byte here will fail later. */
267 if(dek->algo==CIPHER_ALGO_IDEA)
270 memcpy(dek->key, seskey + 1, dek->keylen);
272 /*log_hexdump( "thekey", dek->key, dek->keylen );*/
278 proc_symkey_enc( CTX c, PACKET *pkt )
282 enc = pkt->pkt.symkey_enc;
284 log_error ("invalid symkey encrypted packet\n");
287 int algo = enc->cipher_algo;
288 const char *s = openpgp_cipher_algo_name (algo);
290 if (!openpgp_cipher_test_algo (algo))
295 log_info(_("%s encrypted session key\n"), s );
297 log_info(_("%s encrypted data\n"), s );
301 log_error(_("encrypted with unknown algorithm %d\n"), algo );
303 if(openpgp_md_test_algo (enc->s2k.hash_algo))
305 log_error(_("passphrase generated with unknown digest"
306 " algorithm %d\n"),enc->s2k.hash_algo);
310 c->last_was_session_key = 2;
311 if(!s || opt.list_only)
314 if(opt.override_session_key)
316 c->dek = xmalloc_clear( sizeof *c->dek );
317 if(get_override_session_key(c->dek, opt.override_session_key))
325 c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
331 /* FIXME: This doesn't work perfectly if a symmetric
332 key comes before a public key in the message - if
333 the user doesn't know the passphrase, then there is
334 a chance that the "decrypted" algorithm will happen
335 to be a valid one, which will make the returned dek
336 appear valid, so we won't try any public keys that
340 if(symkey_decrypt_seskey(c->dek, enc->seskey,
348 c->dek->algo_info_printed = 1;
359 proc_pubkey_enc( CTX c, PACKET *pkt )
364 /* check whether the secret key is available and store in this case */
365 c->last_was_session_key = 1;
366 enc = pkt->pkt.pubkey_enc;
367 /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
368 /* Hmmm: why do I have this algo check here - anyway there is
369 * function to check it. */
371 log_info(_("public key is %s\n"), keystr(enc->keyid) );
373 if( is_status_enabled() ) {
375 sprintf(buf, "%08lX%08lX %d 0",
376 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
377 write_status_text( STATUS_ENC_TO, buf );
380 if( !opt.list_only && opt.override_session_key ) {
381 /* It does not make much sense to store the session key in
382 * secure memory because it has already been passed on the
383 * command line and the GCHQ knows about it. */
384 c->dek = xmalloc_clear( sizeof *c->dek );
385 result = get_override_session_key ( c->dek, opt.override_session_key );
387 xfree(c->dek); c->dek = NULL;
390 else if( is_ELGAMAL(enc->pubkey_algo)
391 || enc->pubkey_algo == PUBKEY_ALGO_DSA
392 || is_RSA(enc->pubkey_algo)
393 || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
394 /* Note that we also allow type 20 Elgamal keys for decryption.
395 There are still a couple of those keys in active use as a
398 /* FIXME: Store this all in a list and process it later so that
399 we can prioritize what key to use. This gives a better user
400 experience if wildcard keyids are used. */
401 if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
402 || opt.try_all_secrets
403 || !seckey_available( enc->keyid )) ) {
407 c->dek = xmalloc_secure_clear( sizeof *c->dek );
408 if( (result = get_session_key( enc, c->dek )) ) {
409 /* error: delete the DEK */
410 xfree(c->dek); c->dek = NULL;
415 result = G10ERR_NO_SECKEY;
418 result = G10ERR_PUBKEY_ALGO;
424 /* store it for later display */
425 struct kidlist_item *x = xmalloc( sizeof *x );
426 x->kid[0] = enc->keyid[0];
427 x->kid[1] = enc->keyid[1];
428 x->pubkey_algo = enc->pubkey_algo;
430 x->next = c->pkenc_list;
433 if( !result && opt.verbose > 1 )
434 log_info( _("public key encrypted data: good DEK\n") );
443 * Print the list of public key encrypted packets which we could
447 print_pkenc_list( struct kidlist_item *list, int failed )
449 for( ; list; list = list->next ) {
453 if ( failed && !list->reason )
455 if ( !failed && list->reason )
458 algstr = openpgp_pk_algo_name ( list->pubkey_algo );
459 pk = xmalloc_clear( sizeof *pk );
463 pk->pubkey_algo = list->pubkey_algo;
464 if( !get_pubkey( pk, list->kid ) )
467 log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
468 nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
469 strtimestamp(pk->timestamp) );
470 p=get_user_id_native(list->kid);
471 log_printf (_(" \"%s\"\n"),p);
475 log_info(_("encrypted with %s key, ID %s\n"),
476 algstr,keystr(list->kid));
478 free_public_key( pk );
480 if( list->reason == G10ERR_NO_SECKEY ) {
481 if( is_status_enabled() ) {
483 snprintf (buf, sizeof buf, "%08lX%08lX",
484 (ulong)list->kid[0], (ulong)list->kid[1]);
485 write_status_text( STATUS_NO_SECKEY, buf );
488 else if (list->reason)
490 log_info(_("public key decryption failed: %s\n"),
491 g10_errstr(list->reason));
492 write_status_error ("pkdecrypt_failed", list->reason);
499 proc_encrypted( CTX c, PACKET *pkt )
506 log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
507 else if(c->symkeys==1)
508 log_info(_("encrypted with 1 passphrase\n"));
509 print_pkenc_list ( c->pkenc_list, 1 );
510 print_pkenc_list ( c->pkenc_list, 0 );
513 /* FIXME: Figure out the session key by looking at all pkenc packets. */
516 write_status( STATUS_BEGIN_DECRYPTION );
518 /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
521 else if( !c->dek && !c->last_was_session_key ) {
523 STRING2KEY s2kbuf, *s2k = NULL;
525 if(opt.override_session_key)
527 c->dek = xmalloc_clear( sizeof *c->dek );
528 result=get_override_session_key(c->dek, opt.override_session_key);
537 /* Assume this is old style conventional encrypted data. */
538 algo = opt.def_cipher_algo;
540 log_info (_("assuming %s encrypted data\n"),
541 openpgp_cipher_algo_name (algo));
542 else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
544 algo = opt.def_cipher_algo;
546 algo = opt.s2k_cipher_algo;
548 log_info (_("IDEA cipher unavailable, "
549 "optimistically attempting to use %s instead\n"),
550 openpgp_cipher_algo_name (algo));
554 algo = CIPHER_ALGO_IDEA;
555 if (!opt.s2k_digest_algo)
557 /* If no digest is given we assume MD5 */
559 s2kbuf.hash_algo = DIGEST_ALGO_MD5;
562 log_info (_("assuming %s encrypted data\n"), "IDEA");
565 c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
567 c->dek->algo_info_printed = 1;
571 result = G10ERR_NO_SECKEY;
574 result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
578 else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
579 && opt.ignore_mdc_error)) {
580 write_status( STATUS_DECRYPTION_OKAY );
581 if( opt.verbose > 1 )
582 log_info(_("decryption okay\n"));
583 if( pkt->pkt.encrypted->mdc_method && !result )
584 write_status( STATUS_GOODMDC );
585 else if(!opt.no_mdc_warn)
586 log_info (_("WARNING: message was not integrity protected\n"));
588 else if( result == G10ERR_BAD_SIGN ) {
589 log_error(_("WARNING: encrypted message has been manipulated!\n"));
590 write_status( STATUS_BADMDC );
591 write_status( STATUS_DECRYPTION_FAILED );
594 if (gpg_err_code (result) == GPG_ERR_BAD_KEY
595 && *c->dek->s2k_cacheid != '\0')
597 log_debug(_("cleared passphrase cached with ID: %s\n"),
598 c->dek->s2k_cacheid);
599 passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
601 write_status( STATUS_DECRYPTION_FAILED );
602 log_error(_("decryption failed: %s\n"), g10_errstr(result));
603 /* Hmmm: does this work when we have encrypted using multiple
604 * ways to specify the session key (symmmetric and PK)*/
606 xfree(c->dek); c->dek = NULL;
608 c->last_was_session_key = 0;
609 write_status( STATUS_END_DECRYPTION );
614 proc_plaintext( CTX c, PACKET *pkt )
616 PKT_plaintext *pt = pkt->pkt.plaintext;
617 int any, clearsig, only_md5, rc;
622 if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
623 log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
624 else if( opt.verbose )
625 log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
626 free_md_filter_context( &c->mfx );
627 if (gcry_md_open (&c->mfx.md, 0, 0))
629 /* fixme: we may need to push the textfilter if we have sigclass 1
630 * and no armoring - Not yet tested
631 * Hmmm, why don't we need it at all if we have sigclass 1
632 * Should we assume that plaintext in mode 't' has always sigclass 1??
633 * See: Russ Allbery's mail 1999-02-09
635 any = clearsig = only_md5 = 0;
636 for(n=c->list; n; n = n->next )
638 if( n->pkt->pkttype == PKT_ONEPASS_SIG )
640 /* For the onepass signature case */
641 if( n->pkt->pkt.onepass_sig->digest_algo )
643 gcry_md_enable (c->mfx.md,
644 n->pkt->pkt.onepass_sig->digest_algo);
645 if( !any && n->pkt->pkt.onepass_sig->digest_algo
652 if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
655 else if( n->pkt->pkttype == PKT_GPG_CONTROL
656 && n->pkt->pkt.gpg_control->control
657 == CTRLPKT_CLEARSIGN_START )
659 /* For the clearsigned message case */
660 size_t datalen = n->pkt->pkt.gpg_control->datalen;
661 const byte *data = n->pkt->pkt.gpg_control->data;
663 /* check that we have at least the sigclass and one hash */
665 log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
666 /* Note that we don't set the clearsig flag for not-dash-escaped
668 clearsig = (*data == 0x01);
669 for( data++, datalen--; datalen; datalen--, data++ )
670 gcry_md_enable (c->mfx.md, *data);
672 break; /* Stop here as one-pass signature packets are not
675 else if(n->pkt->pkttype==PKT_SIGNATURE)
677 /* For the SIG+LITERAL case that PGP used to use. */
678 gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
683 if( !any && !opt.skip_verify )
685 /* This is for the old GPG LITERAL+SIG case. It's not legal
686 according to 2440, so hopefully it won't come up that
687 often. There is no good way to specify what algorithms to
688 use in that case, so these three are the historical
690 gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
691 gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
692 gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
694 if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
695 /* This is a kludge to work around a bug in pgp2. It does only
696 * catch those mails which are armored. To catch the non-armored
697 * pgp mails we could see whether there is the signature packet
698 * in front of the plaintext. If someone needs this, send me a patch.
700 if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
704 gcry_md_debug ( c->mfx.md, "verify" );
706 gcry_md_debug ( c->mfx.md2, "verify2" );
713 log_info (_("WARNING: multiple plaintexts seen\n"));
715 if (!opt.flags.allow_multiple_messages)
717 write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
718 log_inc_errorcount ();
719 rc = gpg_error (GPG_ERR_UNEXPECTED);
725 rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
726 if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
728 /* Can't write output but we hash it anyway to check the
730 rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
735 log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
737 c->last_was_session_key = 0;
739 /* We add a marker control packet instead of the plaintext packet.
740 * This is so that we can later detect invalid packet sequences.
742 n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
744 add_kbnode (c->list, n);
751 proc_compressed_cb( IOBUF a, void *info )
753 if ( ((CTX)info)->signed_data.used
754 && ((CTX)info)->signed_data.data_fd != -1)
755 return proc_signature_packets_by_fd (info, a,
756 ((CTX)info)->signed_data.data_fd);
758 return proc_signature_packets (info, a,
759 ((CTX)info)->signed_data.data_names,
760 ((CTX)info)->sigfilename );
764 proc_encrypt_cb( IOBUF a, void *info )
766 return proc_encryption_packets( info, a );
770 proc_compressed( CTX c, PACKET *pkt )
772 PKT_compressed *zd = pkt->pkt.compressed;
775 /*printf("zip: compressed data packet\n");*/
777 rc = handle_compressed (c, zd, proc_compressed_cb, c);
778 else if (c->encrypt_only)
779 rc = handle_compressed (c, zd, proc_encrypt_cb, c);
781 rc = handle_compressed (c, zd, NULL, NULL);
783 if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
785 if (!c->any.uncompress_failed)
789 for (cc=c; cc; cc = cc->anchor)
790 cc->any.uncompress_failed = 1;
791 log_error ("uncompressing failed: %s\n", g10_errstr(rc));
795 log_error("uncompressing failed: %s\n", g10_errstr(rc));
798 c->last_was_session_key = 0;
803 * check the signature
804 * Returns: 0 = valid signature or an error code
807 do_check_sig( CTX c, KBNODE node, int *is_selfsig,
808 int *is_expkey, int *is_revkey )
811 gcry_md_hd_t md = NULL, md2 = NULL;
814 assert( node->pkt->pkttype == PKT_SIGNATURE );
817 sig = node->pkt->pkt.signature;
819 algo = sig->digest_algo;
820 rc = openpgp_md_test_algo(algo);
824 if( sig->sig_class == 0x00 ) {
827 if (gcry_md_copy (&md, c->mfx.md ))
830 else /* detached signature */
832 /* signature_check() will enable the md*/
833 if (gcry_md_open (&md, 0, 0 ))
837 else if( sig->sig_class == 0x01 ) {
838 /* how do we know that we have to hash the (already hashed) text
839 * in canonical mode ??? (calculating both modes???) */
841 if (gcry_md_copy (&md, c->mfx.md ))
843 if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
846 else { /* detached signature */
847 log_debug("Do we really need this here?");
848 /* signature_check() will enable the md*/
849 if (gcry_md_open (&md, 0, 0 ))
851 if (gcry_md_open (&md2, 0, 0 ))
855 else if( (sig->sig_class&~3) == 0x10
856 || sig->sig_class == 0x18
857 || sig->sig_class == 0x1f
858 || sig->sig_class == 0x20
859 || sig->sig_class == 0x28
860 || sig->sig_class == 0x30 ) {
861 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
862 || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
863 return check_key_signature( c->list, node, is_selfsig );
865 else if( sig->sig_class == 0x20 ) {
866 log_error (_("standalone revocation - "
867 "use \"gpg --import\" to apply\n"));
868 return G10ERR_NOT_PROCESSED;
871 log_error("invalid root packet for sigclass %02x\n",
873 return G10ERR_SIG_CLASS;
877 return G10ERR_SIG_CLASS;
878 rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
879 if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
880 rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
889 print_userid( PACKET *pkt )
893 if( pkt->pkttype != PKT_USER_ID ) {
894 printf("ERROR: unexpected packet type %d", pkt->pkttype );
897 if( opt.with_colons )
899 if(pkt->pkt.user_id->attrib_data)
901 pkt->pkt.user_id->numattribs,
902 pkt->pkt.user_id->attrib_len);
904 print_string( stdout, pkt->pkt.user_id->name,
905 pkt->pkt.user_id->len, ':');
908 print_utf8_string( stdout, pkt->pkt.user_id->name,
909 pkt->pkt.user_id->len );
914 * List the certificate in a user friendly way
918 list_node( CTX c, KBNODE node )
924 else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
925 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
926 PKT_public_key *pk = node->pkt->pkt.public_key;
928 if( opt.with_colons )
931 keyid_from_pk( pk, keyid );
933 c->trustletter = opt.fast_list_mode?
934 0 : get_validity_info( pk, NULL );
935 printf("%s:", mainkey? "pub":"sub" );
937 putchar( c->trustletter );
938 printf(":%u:%d:%08lX%08lX:%s:%s::",
941 (ulong)keyid[0],(ulong)keyid[1],
942 colon_datestr_from_pk( pk ),
943 colon_strtime (pk->expiredate) );
944 if( mainkey && !opt.fast_list_mode )
945 putchar( get_ownertrust_info (pk) );
950 printf("%s %4u%c/%s %s",
951 mainkey? "pub":"sub", nbits_from_pk( pk ),
952 pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
953 datestr_from_pk (pk));
959 printf(_("revoked: %s"),revokestr_from_pk(pk));
962 else if (pk->expiredate && !opt.with_colons)
965 printf(_("expires: %s"),expirestr_from_pk(pk));
971 if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
972 print_fingerprint (pk, NULL, 0);
976 if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
977 printf("rtv:1:%u:\n", node->next->pkt->pkt.ring_trust->trustval);
981 /* and now list all userids with their signatures */
982 for( node = node->next; node; node = node->next ) {
983 if( node->pkt->pkttype == PKT_SIGNATURE ) {
986 else if( node->pkt->pkttype == PKT_USER_ID ) {
987 if( opt.with_colons )
988 printf("%s:::::::::",
989 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
991 printf( "uid%*s", 28, "" );
992 print_userid( node->pkt );
993 if( opt.with_colons )
998 && node->next->pkt->pkttype == PKT_RING_TRUST ) {
999 printf("rtv:2:%u:\n",
1000 node->next->pkt->pkt.ring_trust?
1001 node->next->pkt->pkt.ring_trust->trustval : 0);
1004 else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
1005 list_node(c, node );
1010 else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
1011 || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1012 PKT_secret_key *sk = node->pkt->pkt.secret_key;
1014 if( opt.with_colons )
1017 keyid_from_sk( sk, keyid );
1018 printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
1019 mainkey? "sec":"ssb",
1020 nbits_from_sk( sk ),
1022 (ulong)keyid[0],(ulong)keyid[1],
1023 colon_datestr_from_sk( sk ),
1024 colon_strtime (sk->expiredate));
1027 printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
1028 nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
1029 keystr_from_sk( sk ), datestr_from_sk( sk ));
1032 if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
1033 print_fingerprint (NULL, sk,0);
1036 /* and now list all userids with their signatures */
1037 for( node = node->next; node; node = node->next ) {
1038 if( node->pkt->pkttype == PKT_SIGNATURE ) {
1039 list_node(c, node );
1041 else if( node->pkt->pkttype == PKT_USER_ID ) {
1042 if( opt.with_colons )
1043 printf("%s:::::::::",
1044 node->pkt->pkt.user_id->attrib_data?"uat":"uid");
1046 printf( "uid%*s", 28, "" );
1047 print_userid( node->pkt );
1048 if( opt.with_colons )
1052 else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
1053 list_node(c, node );
1058 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
1059 PKT_signature *sig = node->pkt->pkt.signature;
1069 if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
1070 fputs("rev", stdout);
1072 fputs("sig", stdout);
1073 if( opt.check_sigs ) {
1075 rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
1076 switch (gpg_err_code (rc2)) {
1077 case 0: sigrc = '!'; break;
1078 case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
1079 case GPG_ERR_NO_PUBKEY:
1080 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
1081 default: sigrc = '%'; break;
1084 else { /* check whether this is a self signature */
1087 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
1088 || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
1089 if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
1090 keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
1092 keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
1094 if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
1098 if( opt.with_colons ) {
1102 printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
1103 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1104 colon_datestr_from_sig(sig),
1105 colon_expirestr_from_sig(sig));
1107 if(sig->trust_depth || sig->trust_value)
1108 printf("%d %d",sig->trust_depth,sig->trust_value);
1111 if(sig->trust_regexp)
1112 print_string(stdout,sig->trust_regexp,
1113 strlen(sig->trust_regexp),':');
1118 sigrc, keystr(sig->keyid), datestr_from_sig(sig));
1120 printf("[%s] ", g10_errstr(rc2) );
1121 else if( sigrc == '?' )
1123 else if( is_selfsig ) {
1124 if( opt.with_colons )
1126 fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
1127 if( opt.with_colons )
1130 else if( !opt.fast_list_mode ) {
1131 p = get_user_id( sig->keyid, &n );
1132 print_string( stdout, p, n, opt.with_colons );
1135 if( opt.with_colons )
1136 printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
1140 log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
1146 proc_packets( void *anchor, IOBUF a )
1149 CTX c = xmalloc_clear( sizeof *c );
1152 rc = do_proc_packets( c, a );
1160 proc_signature_packets( void *anchor, IOBUF a,
1161 strlist_t signedfiles, const char *sigfilename )
1163 CTX c = xmalloc_clear( sizeof *c );
1169 c->signed_data.data_fd = -1;
1170 c->signed_data.data_names = signedfiles;
1171 c->signed_data.used = !!signedfiles;
1173 c->sigfilename = sigfilename;
1174 rc = do_proc_packets( c, a );
1176 /* If we have not encountered any signature we print an error
1177 messages, send a NODATA status back and return an error code.
1178 Using log_error is required because verify_files does not check
1179 error codes for each file but we want to terminate the process
1181 if (!rc && !c->any.sig_seen)
1183 write_status_text (STATUS_NODATA, "4");
1184 log_error (_("no signature found\n"));
1185 rc = G10ERR_NO_DATA;
1188 /* Propagate the signature seen flag upward. Do this only on
1189 success so that we won't issue the nodata status several
1191 if (!rc && c->anchor && c->any.sig_seen)
1192 c->anchor->any.sig_seen = 1;
1199 proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
1202 CTX c = xcalloc (1, sizeof *c);
1207 c->signed_data.data_fd = signed_data_fd;
1208 c->signed_data.data_names = NULL;
1209 c->signed_data.used = (signed_data_fd != -1);
1211 rc = do_proc_packets ( c, a );
1213 /* If we have not encountered any signature we print an error
1214 messages, send a NODATA status back and return an error code.
1215 Using log_error is required because verify_files does not check
1216 error codes for each file but we want to terminate the process
1218 if (!rc && !c->any.sig_seen)
1220 write_status_text (STATUS_NODATA, "4");
1221 log_error (_("no signature found\n"));
1222 rc = gpg_error (GPG_ERR_NO_DATA);
1225 /* Propagate the signature seen flag upward. Do this only on success
1226 so that we won't issue the nodata status several times. */
1227 if (!rc && c->anchor && c->any.sig_seen)
1228 c->anchor->any.sig_seen = 1;
1236 proc_encryption_packets( void *anchor, IOBUF a )
1238 CTX c = xmalloc_clear( sizeof *c );
1242 c->encrypt_only = 1;
1243 rc = do_proc_packets( c, a );
1250 check_nesting (CTX c)
1254 for (level=0; c; c = c->anchor)
1257 if (level > MAX_NESTING_DEPTH)
1259 log_error ("input data with too deeply nested packets\n");
1260 write_status_text (STATUS_UNEXPECTED, "1");
1261 return GPG_ERR_BAD_DATA;
1268 do_proc_packets( CTX c, IOBUF a )
1275 rc = check_nesting (c);
1279 pkt = xmalloc( sizeof *pkt );
1282 while( (rc=parse_packet(a, pkt)) != -1 ) {
1286 /* stop processing when an invalid packet has been encountered
1287 * but don't do so when we are doing a --list-packets. */
1288 if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
1289 && opt.list_packets != 2 )
1294 if( opt.list_packets ) {
1295 switch( pkt->pkttype ) {
1296 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1297 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1299 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1300 case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
1301 default: newpkt = 0; break;
1304 else if( c->sigs_only ) {
1305 switch( pkt->pkttype ) {
1306 case PKT_PUBLIC_KEY:
1307 case PKT_SECRET_KEY:
1309 case PKT_SYMKEY_ENC:
1310 case PKT_PUBKEY_ENC:
1312 case PKT_ENCRYPTED_MDC:
1313 write_status_text( STATUS_UNEXPECTED, "0" );
1314 rc = G10ERR_UNEXPECTED;
1316 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1317 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1318 case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
1319 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1320 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1321 default: newpkt = 0; break;
1324 else if( c->encrypt_only ) {
1325 switch( pkt->pkttype ) {
1326 case PKT_PUBLIC_KEY:
1327 case PKT_SECRET_KEY:
1329 write_status_text( STATUS_UNEXPECTED, "0" );
1330 rc = G10ERR_UNEXPECTED;
1332 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1333 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1334 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1336 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1337 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1338 case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
1339 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1340 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1341 default: newpkt = 0; break;
1345 switch( pkt->pkttype ) {
1346 case PKT_PUBLIC_KEY:
1347 case PKT_SECRET_KEY:
1349 c->list = new_kbnode( pkt );
1352 case PKT_PUBLIC_SUBKEY:
1353 case PKT_SECRET_SUBKEY:
1354 newpkt = add_subkey( c, pkt );
1356 case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
1357 case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
1358 case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
1359 case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
1361 case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
1362 case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
1363 case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break;
1364 case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
1365 case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
1366 case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
1367 default: newpkt = 0; break;
1374 /* This is a very ugly construct and frankly, I don't remember why
1375 * I used it. Adding the MDC check here is a hack.
1376 * The right solution is to initiate another context for encrypted
1377 * packet and not to reuse the current one ... It works right
1378 * when there is a compression packet inbetween which adds just
1380 * Hmmm: Rewrite this whole module here??
1382 if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
1383 c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
1388 pkt = xmalloc( sizeof *pkt );
1394 if( rc == G10ERR_INVALID_PACKET )
1395 write_status_text( STATUS_NODATA, "3" );
1399 write_status_text( STATUS_NODATA, "2" );
1407 free_md_filter_context( &c->mfx );
1412 /* Helper for pka_uri_from_sig to parse the to-be-verified address out
1413 of the notation data. */
1415 get_pka_address (PKT_signature *sig)
1417 pka_info_t *pka = NULL;
1418 struct notation *nd,*notation;
1420 notation=sig_to_notation(sig);
1422 for(nd=notation;nd;nd=nd->next)
1424 if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
1425 continue; /* Not the notation we want. */
1427 /* For now we only use the first valid PKA notation. In future
1428 we might want to keep additional PKA notations in a linked
1430 if (is_valid_mailbox (nd->value))
1432 pka = xmalloc (sizeof *pka + strlen(nd->value));
1436 strcpy (pka->email, nd->value);
1441 free_notation(notation);
1447 /* Return the URI from a DNS PKA record. If this record has already
1448 be retrieved for the signature we merely return it; if not we go
1449 out and try to get that DNS record. */
1451 pka_uri_from_sig (PKT_signature *sig)
1453 if (!sig->flags.pka_tried)
1455 assert (!sig->pka_info);
1456 sig->flags.pka_tried = 1;
1457 sig->pka_info = get_pka_address (sig);
1462 uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
1465 sig->pka_info->valid = 1;
1469 sig->pka_info->uri = uri;
1473 return sig->pka_info? sig->pka_info->uri : NULL;
1478 check_sig_and_print( CTX c, KBNODE node )
1480 PKT_signature *sig = node->pkt->pkt.signature;
1482 int rc, is_expkey=0, is_revkey=0;
1484 if (opt.skip_verify)
1486 log_info(_("signature verification suppressed\n"));
1490 /* Check that the message composition is valid.
1492 Per RFC-2440bis (-15) allowed:
1494 S{1,n} -- detached signature.
1495 S{1,n} P -- old style PGP2 signature
1496 O{1,n} P S{1,n} -- standard OpenPGP signature.
1497 C P S{1,n} -- cleartext signature.
1500 O = One-Pass Signature packet.
1501 S = Signature packet.
1502 P = OpenPGP Message packet (Encrypted | Compressed | Literal)
1503 (Note that the current rfc2440bis draft also allows
1504 for a signed message but that does not work as it
1505 introduces ambiguities.)
1506 We keep track of these packages using the marker packet
1507 CTRLPKT_PLAINTEXT_MARK.
1508 C = Marker packet for cleartext signatures.
1510 We reject all other messages.
1512 Actually we are calling this too often, i.e. for verification of
1513 each message but better have some duplicate work than to silently
1514 introduce a bug here.
1518 int n_onepass, n_sig;
1520 /* log_debug ("checking signature packet composition\n"); */
1521 /* dump_kbnode (c->list); */
1525 if ( n->pkt->pkttype == PKT_SIGNATURE )
1527 /* This is either "S{1,n}" case (detached signature) or
1528 "S{1,n} P" (old style PGP2 signature). */
1529 for (n = n->next; n; n = n->next)
1530 if (n->pkt->pkttype != PKT_SIGNATURE)
1533 ; /* Okay, this is a detached signature. */
1534 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1535 && (n->pkt->pkt.gpg_control->control
1536 == CTRLPKT_PLAINTEXT_MARK) )
1539 goto ambiguous; /* We only allow one P packet. */
1544 else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
1546 /* This is the "O{1,n} P S{1,n}" case (standard signature). */
1547 for (n_onepass=1, n = n->next;
1548 n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
1550 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1551 && (n->pkt->pkt.gpg_control->control
1552 == CTRLPKT_PLAINTEXT_MARK)))
1554 for (n_sig=0, n = n->next;
1555 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1560 /* If we wanted to disallow multiple sig verification, we'd do
1561 something like this:
1563 if (n && !opt.allow_multisig_verification)
1566 However, now that we have --allow-multiple-messages, this
1567 can stay allowable as we can't get here unless multiple
1568 messages (i.e. multiple literals) are allowed. */
1570 if (n_onepass != n_sig)
1572 log_info ("number of one-pass packets does not match "
1573 "number of signature packets\n");
1577 else if (n->pkt->pkttype == PKT_GPG_CONTROL
1578 && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
1580 /* This is the "C P S{1,n}" case (clear text signature). */
1582 if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
1583 && (n->pkt->pkt.gpg_control->control
1584 == CTRLPKT_PLAINTEXT_MARK)))
1586 for (n_sig=0, n = n->next;
1587 n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
1595 log_error(_("can't handle this ambiguous signature data\n"));
1601 /* (Indendation below not yet changed to GNU style.) */
1603 astr = openpgp_pk_algo_name ( sig->pubkey_algo );
1606 log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
1607 log_info(_(" using %s key %s\n"),
1608 astr? astr: "?",keystr(sig->keyid));
1611 log_info(_("Signature made %s using %s key ID %s\n"),
1612 asctimestamp(sig->timestamp), astr? astr: "?",
1613 keystr(sig->keyid));
1615 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1617 /* If the key isn't found, check for a preferred keyserver */
1619 if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
1625 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
1627 /* According to my favorite copy editor, in English
1628 grammar, you say "at" if the key is located on a web
1629 page, but "from" if it is located on a keyserver. I'm
1630 not going to even try to make two strings here :) */
1631 log_info(_("Key available at: ") );
1632 print_utf8_string( log_get_stream(), p, n );
1635 if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1636 && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1638 struct keyserver_spec *spec;
1640 spec=parse_preferred_keyserver(sig);
1645 glo_ctrl.in_auto_key_retrieve++;
1646 res=keyserver_import_keyid(sig->keyid,spec);
1647 glo_ctrl.in_auto_key_retrieve--;
1649 rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1650 free_keyserver_spec(spec);
1659 /* If the preferred keyserver thing above didn't work, our second
1660 try is to use the URI from a DNS PKA record. */
1661 if ( rc == G10ERR_NO_PUBKEY
1662 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
1663 && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
1665 const char *uri = pka_uri_from_sig (sig);
1669 /* FIXME: We might want to locate the key using the
1670 fingerprint instead of the keyid. */
1672 struct keyserver_spec *spec;
1674 spec = parse_keyserver_uri (uri, 1, NULL, 0);
1677 glo_ctrl.in_auto_key_retrieve++;
1678 res = keyserver_import_keyid (sig->keyid, spec);
1679 glo_ctrl.in_auto_key_retrieve--;
1680 free_keyserver_spec (spec);
1682 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1687 /* If the preferred keyserver thing above didn't work and we got
1688 no information from the DNS PKA, this is a third try. */
1690 if( rc == G10ERR_NO_PUBKEY && opt.keyserver
1691 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
1695 glo_ctrl.in_auto_key_retrieve++;
1696 res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
1697 glo_ctrl.in_auto_key_retrieve--;
1699 rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
1702 if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
1703 KBNODE un, keyblock;
1704 int count=0, statno;
1706 PKT_public_key *pk=NULL;
1709 statno=STATUS_BADSIG;
1710 else if(sig->flags.expired)
1711 statno=STATUS_EXPSIG;
1713 statno=STATUS_EXPKEYSIG;
1715 statno=STATUS_REVKEYSIG;
1717 statno=STATUS_GOODSIG;
1719 keyblock = get_pubkeyblock( sig->keyid );
1721 sprintf (keyid_str, "%08lX%08lX [uncertain] ",
1722 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
1724 /* find and print the primary user ID */
1725 for( un=keyblock; un; un = un->next ) {
1728 if(un->pkt->pkttype==PKT_PUBLIC_KEY)
1730 pk=un->pkt->pkt.public_key;
1733 if( un->pkt->pkttype != PKT_USER_ID )
1735 if ( !un->pkt->pkt.user_id->created )
1737 if ( un->pkt->pkt.user_id->is_revoked )
1739 if ( un->pkt->pkt.user_id->is_expired )
1741 if ( !un->pkt->pkt.user_id->is_primary )
1743 /* We want the textual primary user ID here */
1744 if ( un->pkt->pkt.user_id->attrib_data )
1749 /* Get it before we print anything to avoid interrupting
1750 the output with the "please do a --check-trustdb"
1752 valid=get_validity(pk,un->pkt->pkt.user_id);
1754 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1755 write_status_text_and_buffer (statno, keyid_str,
1756 un->pkt->pkt.user_id->name,
1757 un->pkt->pkt.user_id->len,
1760 p=utf8_to_native(un->pkt->pkt.user_id->name,
1761 un->pkt->pkt.user_id->len,0);
1764 log_info(_("BAD signature from \"%s\""),p);
1765 else if(sig->flags.expired)
1766 log_info(_("Expired signature from \"%s\""),p);
1768 log_info(_("Good signature from \"%s\""),p);
1772 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1773 log_printf (" [%s]\n",trust_value_to_string(valid));
1778 if( !count ) { /* just in case that we have no valid textual
1782 /* Try for an invalid textual userid */
1783 for( un=keyblock; un; un = un->next ) {
1784 if( un->pkt->pkttype == PKT_USER_ID &&
1785 !un->pkt->pkt.user_id->attrib_data )
1789 /* Try for any userid at all */
1791 for( un=keyblock; un; un = un->next ) {
1792 if( un->pkt->pkttype == PKT_USER_ID )
1797 if (opt.trust_model==TM_ALWAYS || !un)
1798 keyid_str[17] = 0; /* cut off the "[uncertain]" part */
1800 write_status_text_and_buffer (statno, keyid_str,
1801 un? un->pkt->pkt.user_id->name:"[?]",
1802 un? un->pkt->pkt.user_id->len:3,
1806 p=utf8_to_native(un->pkt->pkt.user_id->name,
1807 un->pkt->pkt.user_id->len,0);
1812 log_info(_("BAD signature from \"%s\""),p);
1813 else if(sig->flags.expired)
1814 log_info(_("Expired signature from \"%s\""),p);
1816 log_info(_("Good signature from \"%s\""),p);
1817 if (opt.trust_model!=TM_ALWAYS && un)
1818 log_printf (" %s",_("[uncertain]") );
1822 /* If we have a good signature and already printed
1823 * the primary user ID, print all the other user IDs */
1825 && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
1827 for( un=keyblock; un; un = un->next ) {
1828 if( un->pkt->pkttype != PKT_USER_ID )
1830 if((un->pkt->pkt.user_id->is_revoked
1831 || un->pkt->pkt.user_id->is_expired)
1832 && !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
1834 /* Only skip textual primaries */
1835 if ( un->pkt->pkt.user_id->is_primary &&
1836 !un->pkt->pkt.user_id->attrib_data )
1839 if(un->pkt->pkt.user_id->attrib_data)
1841 dump_attribs(un->pkt->pkt.user_id,pk,NULL);
1843 if(opt.verify_options&VERIFY_SHOW_PHOTOS)
1844 show_photos(un->pkt->pkt.user_id->attribs,
1845 un->pkt->pkt.user_id->numattribs,
1846 pk,NULL,un->pkt->pkt.user_id);
1849 p=utf8_to_native(un->pkt->pkt.user_id->name,
1850 un->pkt->pkt.user_id->len,0);
1851 log_info(_(" aka \"%s\""),p);
1854 if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
1857 if(un->pkt->pkt.user_id->is_revoked)
1859 else if(un->pkt->pkt.user_id->is_expired)
1862 valid=trust_value_to_string(get_validity(pk,
1865 log_printf (" [%s]\n",valid);
1871 release_kbnode( keyblock );
1875 if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
1876 show_policy_url(sig,0,1);
1878 show_policy_url(sig,0,2);
1880 if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
1881 show_keyserver_url(sig,0,1);
1883 show_keyserver_url(sig,0,2);
1885 if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
1886 show_notation(sig,0,1,
1887 ((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
1888 ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
1890 show_notation(sig,0,2,0);
1893 if( !rc && is_status_enabled() ) {
1894 /* print a status response with the fingerprint */
1895 PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
1897 if( !get_pubkey( vpk, sig->keyid ) ) {
1898 byte array[MAX_FINGERPRINT_LEN], *p;
1899 char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
1903 fingerprint_from_pk( vpk, array, &n );
1905 for(i=0; i < n ; i++, p++, bufp += 2)
1906 sprintf(bufp, "%02X", *p );
1907 /* TODO: Replace the reserved '0' in the field below
1908 with bits for status flags (policy url, notation,
1909 etc.). Remember to make the buffer larger to
1911 sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
1912 strtimestamp( sig->timestamp ),
1913 (ulong)sig->timestamp,(ulong)sig->expiredate,
1914 sig->version,sig->pubkey_algo,sig->digest_algo,
1916 bufp = bufp + strlen (bufp);
1917 if (!vpk->is_primary) {
1920 akid[0] = vpk->main_keyid[0];
1921 akid[1] = vpk->main_keyid[1];
1922 free_public_key (vpk);
1923 vpk = xmalloc_clear( sizeof *vpk );
1924 if (get_pubkey (vpk, akid)) {
1925 /* impossible error, we simply return a zeroed out fpr */
1926 n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
1927 memset (array, 0, n);
1930 fingerprint_from_pk( vpk, array, &n );
1933 for(i=0; i < n ; i++, p++, bufp += 2)
1934 sprintf(bufp, "%02X", *p );
1935 write_status_text( STATUS_VALIDSIG, buf );
1937 free_public_key( vpk );
1942 if(opt.verify_options&VERIFY_PKA_LOOKUPS)
1943 pka_uri_from_sig (sig); /* Make sure PKA info is available. */
1944 rc = check_signatures_trust( sig );
1947 if(sig->flags.expired)
1949 log_info(_("Signature expired %s\n"),
1950 asctimestamp(sig->expiredate));
1951 rc=G10ERR_GENERAL; /* need a better error here? */
1953 else if(sig->expiredate)
1954 log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
1957 log_info(_("%s signature, digest algorithm %s\n"),
1958 sig->sig_class==0x00?_("binary"):
1959 sig->sig_class==0x01?_("textmode"):_("unknown"),
1960 gcry_md_algo_name (sig->digest_algo));
1963 g10_errors_seen = 1;
1964 if( opt.batch && rc )
1969 sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
1970 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1971 sig->pubkey_algo, sig->digest_algo,
1972 sig->sig_class, (ulong)sig->timestamp, rc );
1973 write_status_text( STATUS_ERRSIG, buf );
1974 if( rc == G10ERR_NO_PUBKEY ) {
1976 write_status_text( STATUS_NO_PUBKEY, buf );
1978 if( rc != G10ERR_NOT_PROCESSED )
1979 log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
1986 * Process the tree which starts at node
1989 proc_tree( CTX c, KBNODE node )
1994 if( opt.list_packets || opt.list_only )
1997 /* we must skip our special plaintext marker packets here becuase
1998 they may be the root packet. These packets are only used in
1999 addionla checks and skipping them here doesn't matter */
2001 && node->pkt->pkttype == PKT_GPG_CONTROL
2002 && node->pkt->pkt.gpg_control->control
2003 == CTRLPKT_PLAINTEXT_MARK ) {
2009 c->trustletter = ' ';
2010 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2011 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2012 merge_keys_and_selfsig( node );
2013 list_node( c, node );
2015 else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
2016 merge_keys_and_selfsig( node );
2017 list_node( c, node );
2019 else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
2020 /* check all signatures */
2021 if( !c->any.data ) {
2022 int use_textmode = 0;
2024 free_md_filter_context( &c->mfx );
2025 /* prepare to create all requested message digests */
2026 if (gcry_md_open (&c->mfx.md, 0, 0))
2029 /* fixme: why looking for the signature packet and not the
2031 for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2033 gcry_md_enable (c->mfx.md,
2034 n1->pkt->pkt.signature->digest_algo);
2037 if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
2040 /* Ask for file and hash it. */
2041 if( c->sigs_only ) {
2042 if (c->signed_data.used && c->signed_data.data_fd != -1)
2043 rc = hash_datafile_by_fd (c->mfx.md, NULL,
2044 c->signed_data.data_fd,
2047 rc = hash_datafiles (c->mfx.md, NULL,
2048 c->signed_data.data_names,
2053 rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
2054 iobuf_get_real_fname(c->iobuf),
2058 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2062 else if ( c->signed_data.used ) {
2063 log_error (_("not a detached signature\n") );
2067 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2068 check_sig_and_print( c, n1 );
2070 else if( node->pkt->pkttype == PKT_GPG_CONTROL
2071 && node->pkt->pkt.gpg_control->control
2072 == CTRLPKT_CLEARSIGN_START ) {
2073 /* clear text signed message */
2074 if( !c->any.data ) {
2075 log_error("cleartext signature without data\n" );
2078 else if ( c->signed_data.used ) {
2079 log_error (_("not a detached signature\n") );
2083 for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
2084 check_sig_and_print( c, n1 );
2086 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2087 PKT_signature *sig = node->pkt->pkt.signature;
2090 n1=find_next_kbnode(node, PKT_SIGNATURE);
2093 byte class=sig->sig_class;
2094 byte hash=sig->digest_algo;
2096 for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
2098 /* We can't currently handle multiple signatures of
2099 different classes or digests (we'd pretty much have
2100 to run a different hash context for each), but if
2101 they are all the same, make an exception. */
2102 if(n1->pkt->pkt.signature->sig_class!=class
2103 || n1->pkt->pkt.signature->digest_algo!=hash)
2106 log_info(_("WARNING: multiple signatures detected. "
2107 "Only the first will be checked.\n"));
2113 if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
2114 log_info(_("standalone signature of class 0x%02x\n"),
2116 else if( !c->any.data ) {
2117 /* detached signature */
2118 free_md_filter_context( &c->mfx );
2119 if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
2122 if( !opt.pgp2_workarounds )
2124 else if( sig->digest_algo == DIGEST_ALGO_MD5
2125 && is_RSA( sig->pubkey_algo ) ) {
2126 /* enable a workaround for a pgp2 bug */
2127 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
2130 else if( sig->digest_algo == DIGEST_ALGO_SHA1
2131 && sig->pubkey_algo == PUBKEY_ALGO_DSA
2132 && sig->sig_class == 0x01 ) {
2133 /* enable the workaround also for pgp5 when the detached
2134 * signature has been created in textmode */
2135 if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
2138 #if 0 /* workaround disabled */
2139 /* Here we have another hack to work around a pgp 2 bug
2140 * It works by not using the textmode for detached signatures;
2141 * this will let the first signature check (on md) fail
2142 * but the second one (on md2) which adds an extra CR should
2143 * then produce the "correct" hash. This is very, very ugly
2144 * hack but it may help in some cases (and break others)
2146 /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
2148 if ( DBG_HASHING ) {
2149 gcry_md_debug( c->mfx.md, "verify" );
2151 gcry_md_debug( c->mfx.md2, "verify2" );
2153 if( c->sigs_only ) {
2154 if (c->signed_data.used && c->signed_data.data_fd != -1)
2155 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
2156 c->signed_data.data_fd,
2157 (sig->sig_class == 0x01));
2159 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
2160 c->signed_data.data_names,
2162 (sig->sig_class == 0x01));
2165 rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
2166 iobuf_get_real_fname(c->iobuf),
2167 (sig->sig_class == 0x01) );
2170 log_error("can't hash datafile: %s\n", g10_errstr(rc));
2174 else if ( c->signed_data.used ) {
2175 log_error (_("not a detached signature\n") );
2178 else if (!opt.quiet)
2179 log_info(_("old style (PGP 2.x) signature\n"));
2182 for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
2183 check_sig_and_print( c, n1 );
2185 check_sig_and_print( c, node );
2188 dump_kbnode (c->list);
2189 log_error(_("invalid root packet detected in proc_tree()\n"));