1 /* decrypt.c - Decrypt function.
2 * Copyright (C) 2000 Werner Koch (dd9jn)
3 * Copyright (C) 2001, 2002, 2003, 2004, 2017 g10 Code GmbH
5 * This file is part of GPGME.
7 * GPGME is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
12 * GPGME is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this program; if not, see <https://gnu.org/licenses/>.
19 * SPDX-License-Identifier: LGPL-2.1-or-later
40 struct _gpgme_op_decrypt_result result;
42 /* The error code from a FAILURE status line or 0. */
43 gpg_error_t failure_code;
47 /* A flag telling that the a decryption failed and two optional error
48 * codes to further specify the failure for public key decryption and
49 * symmetric decryption. */
51 gpg_error_t pkdecrypt_failed;
52 gpg_error_t symdecrypt_failed;
54 /* At least one secret key is not available. gpg issues NO_SECKEY
55 * status lines for each key the message has been encrypted to but
56 * that secret key is not available. This can't be done for hidden
57 * recipients, though. We track it here to allow for a better error
58 * message than the general DECRYPTION_FAILED. */
61 /* If the engine emits a DECRYPTION_INFO status and that does not
62 * indicate that an integrity protection mode is active, this flag
64 int not_integrity_protected;
66 /* The error code from the first ERROR line. This is in some cases
67 * used to return a better matching error code to the caller. */
68 gpg_error_t first_status_error;
70 /* A pointer to the next pointer of the last recipient in the list.
71 This makes appending new invalid signers painless while
72 preserving the order. */
73 gpgme_recipient_t *last_recipient_p;
75 /* The data object serial number of the plaintext. */
76 uint64_t plaintext_dserial;
81 release_op_data (void *hook)
83 op_data_t opd = (op_data_t) hook;
84 gpgme_recipient_t recipient = opd->result.recipients;
86 free (opd->result.unsupported_algorithm);
87 free (opd->result.file_name);
88 free (opd->result.session_key);
89 free (opd->result.symkey_algo);
93 gpgme_recipient_t next = recipient->next;
100 gpgme_decrypt_result_t
101 gpgme_op_decrypt_result (gpgme_ctx_t ctx)
107 TRACE_BEG (DEBUG_CTX, "gpgme_op_decrypt_result", ctx, "");
109 ctx->ignore_mdc_error = 0; /* Always reset this flag. */
111 err = _gpgme_op_data_lookup (ctx, OPDATA_DECRYPT, &hook, -1, NULL);
115 TRACE_SUC ("result=(null)");
119 /* Make sure that SYMKEY_ALGO has a value. */
120 if (!opd->result.symkey_algo)
122 opd->result.symkey_algo = strdup ("?.?");
123 if (!opd->result.symkey_algo)
125 TRACE_SUC ("result=(null)");
130 if (_gpgme_debug_trace ())
132 gpgme_recipient_t rcp;
134 if (opd->result.unsupported_algorithm)
136 TRACE_LOG ("result: unsupported_algorithm: %s",
137 opd->result.unsupported_algorithm);
139 if (opd->result.wrong_key_usage)
141 TRACE_LOG ("result: wrong key usage");
143 rcp = opd->result.recipients;
146 TRACE_LOG ("result: recipient: keyid=%s, pubkey_algo=%i, "
147 "status=%s", rcp->keyid, rcp->pubkey_algo,
148 gpg_strerror (rcp->status));
151 if (opd->result.file_name)
153 TRACE_LOG ("result: original file name: %s", opd->result.file_name);
157 TRACE_SUC ("result=%p", &opd->result);
163 /* Parse the ARGS of an error status line and record some error
164 * conditions at OPD. Returns 0 on success. */
166 parse_status_error (char *args, op_data_t opd)
174 return trace_gpg_error (GPG_ERR_INV_ENGINE);
176 args2 = strdup (args); /* Split modifies the input string. */
177 nfields = _gpgme_split_fields (args2, field, DIM (field));
181 return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Required arg missing. */
183 err = nfields < 2 ? 0 : atoi (field[1]);
185 if (!strcmp (field[0], "decrypt.algorithm"))
187 if (gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM
189 && strcmp (field[2], "?"))
191 opd->result.unsupported_algorithm = strdup (field[2]);
192 if (!opd->result.unsupported_algorithm)
195 return gpg_error_from_syserror ();
199 else if (!strcmp (field[0], "decrypt.keyusage"))
201 if (gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE)
202 opd->result.wrong_key_usage = 1;
204 else if (!strcmp (field[0], "pkdecrypt_failed"))
206 switch (gpg_err_code (err))
208 case GPG_ERR_CANCELED:
209 case GPG_ERR_FULLY_CANCELED:
210 /* It is better to return with a cancel error code than the
211 * general decryption failed error code. */
212 opd->pkdecrypt_failed = gpg_err_make (gpg_err_source (err),
216 case GPG_ERR_BAD_PASSPHRASE:
217 /* A bad passphrase is severe enough that we return this
219 opd->pkdecrypt_failed = err;
223 /* For now all other error codes are ignored and the
224 * standard DECRYPT_FAILED is returned. */
228 else if (!strcmp (field[0], "nomdc_with_legacy_cipher"))
230 opd->result.legacy_cipher_nomdc = 1;
231 opd->not_integrity_protected = 1;
233 else if (!strcmp (field[0], "symkey_decrypt.maybe_error"))
235 switch (gpg_err_code (err))
237 case GPG_ERR_BAD_PASSPHRASE:
238 /* A bad passphrase is severe enough that we return this
240 opd->symdecrypt_failed = err;
244 /* For now all other error codes are ignored and the
245 * standard DECRYPT_FAILED is returned. */
249 /* Record the first error code. */
250 if (err && !opd->first_status_error)
251 opd->first_status_error = err;
260 parse_enc_to (char *args, gpgme_recipient_t *recp, gpgme_protocol_t protocol)
262 gpgme_recipient_t rec;
266 rec = malloc (sizeof (*rec));
268 return gpg_error_from_syserror ();
271 rec->keyid = rec->_keyid;
274 for (i = 0; i < sizeof (rec->_keyid) - 1; i++)
276 if (args[i] == '\0' || args[i] == ' ')
279 rec->_keyid[i] = args[i];
281 rec->_keyid[i] = '\0';
284 if (*args != '\0' && *args != ' ')
287 return trace_gpg_error (GPG_ERR_INV_ENGINE);
295 gpg_err_set_errno (0);
296 rec->pubkey_algo = _gpgme_map_pk_algo (strtol (args, &tail, 0), protocol);
297 if (errno || args == tail || *tail != ' ')
299 /* The crypto backend does not behave. */
301 return trace_gpg_error (GPG_ERR_INV_ENGINE);
305 /* FIXME: The key length is always 0 right now, so no need to parse
313 /* Parse the ARGS of a
314 * DECRYPTION_INFO <mdc_method> <sym_algo> [<aead_algo>]
315 * status. Returns 0 on success and updates the OPD.
318 parse_decryption_info (char *args, op_data_t opd, gpgme_protocol_t protocol)
324 const char *algostr, *modestr;
327 return trace_gpg_error (GPG_ERR_INV_ENGINE);
329 args2 = strdup (args); /* Split modifies the input string. */
330 nfields = _gpgme_split_fields (args2, field, DIM (field));
334 return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Required arg missing. */
337 mdc = atoi (field[0]);
338 algostr = _gpgme_cipher_algo_name (atoi (field[1]), protocol);
339 aead_algo = nfields < 3? 0 : atoi (field[2]);
340 modestr = _gpgme_cipher_mode_name (aead_algo, protocol);
344 free (opd->result.symkey_algo);
345 if (!aead_algo && mdc != 2)
346 opd->result.symkey_algo = _gpgme_strconcat (algostr, ".PGPCFB", NULL);
348 opd->result.symkey_algo = _gpgme_strconcat (algostr, ".", modestr, NULL);
349 if (!opd->result.symkey_algo)
350 return gpg_error_from_syserror ();
352 if (!mdc && !aead_algo)
353 opd->not_integrity_protected = 1;
360 _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code,
363 gpgme_ctx_t ctx = (gpgme_ctx_t) priv;
368 err = _gpgme_passphrase_status_handler (priv, code, args);
372 err = _gpgme_op_data_lookup (ctx, OPDATA_DECRYPT, &hook, -1, NULL);
379 case GPGME_STATUS_FAILURE:
380 opd->failure_code = _gpgme_parse_failure (args);
383 case GPGME_STATUS_EOF:
384 /* We force an encryption failure if we know that integrity
385 * protection is missing. For modern version of gpg using
386 * modern cipher algorithms this is not required because gpg
387 * will issue a failure anyway. However older gpg versions emit
389 * Fixme: These error values should probably be attributed to
390 * the underlying crypto engine (as error source). */
393 /* This comes from a specialized ERROR status line. */
394 if (opd->pkdecrypt_failed)
395 return opd->pkdecrypt_failed;
396 if (opd->symdecrypt_failed)
397 return opd->symdecrypt_failed;
399 /* For an integrity failure return just DECRYPTION_FAILED;
400 * the actual cause can be taken from an already set
401 * decryption result flag. */
402 if ((opd->not_integrity_protected && !ctx->ignore_mdc_error))
403 return gpg_error (GPG_ERR_DECRYPT_FAILED);
405 /* If we have any other ERROR code we prefer that over
406 * NO_SECKEY because it is probably the better matching
407 * code. For example a garbled message with multiple
408 * plaintext will return BAD_DATA here but may also have
409 * indicated a NO_SECKEY. */
410 if (opd->first_status_error)
411 return opd->first_status_error;
413 /* No secret key is pretty common reason. */
414 if (opd->any_no_seckey)
415 return gpg_error (GPG_ERR_NO_SECKEY);
417 /* Generic decryption failed error code. */
418 return gpg_error (GPG_ERR_DECRYPT_FAILED);
422 /* No data was found. */
423 return gpg_error (GPG_ERR_NO_DATA);
425 else if (opd->failure_code)
427 /* The engine returned failure code at program exit. */
428 return opd->failure_code;
432 case GPGME_STATUS_DECRYPTION_INFO:
433 err = parse_decryption_info (args, opd, ctx->protocol);
438 case GPGME_STATUS_DECRYPTION_OKAY:
442 case GPGME_STATUS_DECRYPTION_FAILED:
444 /* Tell the data object that it shall not return any data. We
445 * use the serial number because the data object may be owned by
446 * another thread. We also don't check for an error because it
447 * is possible that the data object has already been destroyed
448 * and we are then not interested in returning an error. */
449 if (!ctx->ignore_mdc_error)
450 _gpgme_data_set_prop (NULL, opd->plaintext_dserial,
451 DATA_PROP_BLANKOUT, 1);
454 case GPGME_STATUS_ERROR:
455 /* Note that this is an informational status code which should
456 * not lead to an error return unless it is something not
457 * related to the backend. However, it is used to return a
458 * better matching final error code. */
459 err = parse_status_error (args, opd);
464 case GPGME_STATUS_ENC_TO:
465 err = parse_enc_to (args, opd->last_recipient_p, ctx->protocol);
469 opd->last_recipient_p = &(*opd->last_recipient_p)->next;
472 case GPGME_STATUS_SESSION_KEY:
473 if (opd->result.session_key)
474 free (opd->result.session_key);
475 opd->result.session_key = strdup(args);
478 case GPGME_STATUS_NO_SECKEY:
480 gpgme_recipient_t rec = opd->result.recipients;
483 if (!strcmp (rec->keyid, args))
485 rec->status = gpg_error (GPG_ERR_NO_SECKEY);
490 /* FIXME: Is this ok? */
492 return trace_gpg_error (GPG_ERR_INV_ENGINE);
493 opd->any_no_seckey = 1;
497 case GPGME_STATUS_PLAINTEXT:
500 err = _gpgme_parse_plaintext (args, &opd->result.file_name, &mime);
503 opd->result.is_mime = !!mime;
507 case GPGME_STATUS_INQUIRE_MAXLEN:
508 if (ctx->status_cb && !ctx->full_status)
510 err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args);
516 case GPGME_STATUS_DECRYPTION_COMPLIANCE_MODE:
517 PARSE_COMPLIANCE_FLAGS (args, &opd->result);
529 decrypt_status_handler (void *priv, gpgme_status_code_t code, char *args)
533 err = _gpgme_progress_status_handler (priv, code, args);
535 err = _gpgme_decrypt_status_handler (priv, code, args);
541 _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx, gpgme_data_t plaintext)
547 err = _gpgme_op_data_lookup (ctx, OPDATA_DECRYPT, &hook,
548 sizeof (*opd), release_op_data);
553 opd->last_recipient_p = &opd->result.recipients;
554 opd->plaintext_dserial = _gpgme_data_get_dserial (plaintext);
560 _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
561 gpgme_decrypt_flags_t flags,
562 gpgme_data_t cipher, gpgme_data_t plain)
566 assert (!(flags & GPGME_DECRYPT_VERIFY));
568 err = _gpgme_op_reset (ctx, synchronous);
572 err = _gpgme_op_decrypt_init_result (ctx, plain);
577 return gpg_error (GPG_ERR_NO_DATA);
579 return gpg_error (GPG_ERR_INV_VALUE);
584 if (ctx->passphrase_cb)
586 err = _gpgme_engine_set_command_handler
587 (ctx->engine, _gpgme_passphrase_command_handler, ctx);
592 _gpgme_engine_set_status_handler (ctx->engine, decrypt_status_handler, ctx);
594 return _gpgme_engine_op_decrypt (ctx->engine,
597 ctx->export_session_keys,
598 ctx->override_session_key,
599 ctx->auto_key_retrieve);
604 gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher,
609 TRACE_BEG (DEBUG_CTX, "gpgme_op_decrypt_start", ctx,
610 "cipher=%p, plain=%p", cipher, plain);
613 return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
615 err = _gpgme_decrypt_start (ctx, 0, 0, cipher, plain);
616 return TRACE_ERR (err);
620 /* Decrypt ciphertext CIPHER within CTX and store the resulting
621 plaintext in PLAIN. */
623 gpgme_op_decrypt (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain)
627 TRACE_BEG (DEBUG_CTX, "gpgme_op_decrypt", ctx,
628 "cipher=%p, plain=%p", cipher, plain);
631 return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
633 err = _gpgme_decrypt_start (ctx, 1, 0, cipher, plain);
635 err = _gpgme_wait_one (ctx);
636 ctx->ignore_mdc_error = 0; /* Always reset. */
637 return TRACE_ERR (err);