diff options
| -rw-r--r-- | sm/ChangeLog | 5 | ||||
| -rw-r--r-- | sm/gpgsm.c | 6 | ||||
| -rw-r--r-- | sm/gpgsm.h | 2 | ||||
| -rw-r--r-- | sm/server.c | 14 | ||||
| -rw-r--r-- | sm/verify.c | 49 |
5 files changed, 59 insertions, 17 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog index 42ed3319f..9474a02a5 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,10 @@ 2001-12-20 Werner Koch <[email protected]> + * verify.c (gpgsm_verify): Implemented non-detached signature + verification. Add OUT_FP arg, initialize a writer and changed all + callers. + * server.c (cmd_verify): Pass an out_fp if one has been set. + * base64.c (base64_reader_cb): Try to detect an S/MIME body part. * certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 98d895a13..130697f6b 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1044,11 +1044,11 @@ main ( int argc, char **argv) case aVerify: if (!argc) - gpgsm_verify (&ctrl, 0, -1); /* normal signature from stdin */ + gpgsm_verify (&ctrl, 0, -1, NULL); /* normal signature from stdin */ else if (argc == 1) - gpgsm_verify (&ctrl, open_read (*argv), -1); /* normal signature */ + gpgsm_verify (&ctrl, open_read (*argv), -1, NULL); /* std signature */ else if (argc == 2) /* detached signature (sig, detached) */ - gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1])); + gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL); else wrong_args (_("--verify [signature [detached_data]]")); break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 8717b2cad..450b0a291 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -164,7 +164,7 @@ void gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp); int gpgsm_import (CTRL ctrl, int in_fd); /*-- verify.c --*/ -int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd); +int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp); /*-- sign.c --*/ int gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp); diff --git a/sm/server.c b/sm/server.c index f1d0031d2..6af69e5f4 100644 --- a/sm/server.c +++ b/sm/server.c @@ -262,12 +262,24 @@ cmd_verify (ASSUAN_CONTEXT ctx, char *line) int rc; CTRL ctrl = assuan_get_pointer (ctx); int fd = assuan_get_input_fd (ctx); + int out_fd = assuan_get_output_fd (ctx); + FILE *out_fp = NULL; if (fd == -1) return set_error (No_Input, NULL); + if (out_fd != -1) + { + out_fp = fdopen ( dup(out_fd), "w"); + if (!out_fp) + return set_error (General_Error, "fdopen() failed"); + } + rc = gpgsm_verify (assuan_get_pointer (ctx), fd, - ctrl->server_local->message_fd); + ctrl->server_local->message_fd, out_fp); + if (out_fp) + fclose (out_fp); + if (!rc) { /* close and reset the fd */ diff --git a/sm/verify.c b/sm/verify.c index b52b905fd..350e4f42c 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -83,9 +83,7 @@ store_cert (KsbaCert cert) } - - - +/* Hash the data for a detached signature */ static void hash_data (int fd, GCRY_MD_HD md) { @@ -112,16 +110,20 @@ hash_data (int fd, GCRY_MD_HD md) } + /* Perform a verify operation. To verify detached signatures, data_fd - must be different than -1 */ + must be different than -1. With OUT_FP given and a non-detached + signature, the signed material is written to that stream. */ int -gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) +gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp) { int i, rc; Base64Context b64reader = NULL; + Base64Context b64writer = NULL; KsbaError err; KsbaReader reader; + KsbaWriter writer = NULL; KsbaCMS cms = NULL; KsbaStopReason stopreason; KsbaCert cert; @@ -157,6 +159,16 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) goto leave; } + if (out_fp) + { + rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer); + if (rc) + { + log_error ("can't create writer: %s\n", gnupg_strerror (rc)); + goto leave; + } + } + cms = ksba_cms_new (); if (!cms) { @@ -164,7 +176,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) goto leave; } - err = ksba_cms_set_reader_writer (cms, reader, NULL); + err = ksba_cms_set_reader_writer (cms, reader, writer); if (err) { log_debug ("ksba_cms_set_reader_writer failed: %s\n", @@ -199,12 +211,6 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) is_detached = 1; log_debug ("Detached signature\n"); } - if (stopreason == KSBA_SR_BEGIN_DATA) - { - log_error ("error: only detached signatures are supportted\n"); - rc = GNUPG_Not_Implemented; - goto leave; - } if (stopreason == KSBA_SR_NEED_HASH || stopreason == KSBA_SR_BEGIN_DATA) @@ -228,10 +234,28 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) } hash_data (data_fd, data_md); } + else + { + ksba_cms_set_hash_function (cms, HASH_FNC, data_md); + } + } + else if (stopreason == KSBA_SR_END_DATA) + { /* The data bas been hashed */ + } } while (stopreason != KSBA_SR_READY); + if (b64writer) + { + rc = gpgsm_finish_writer (b64writer); + if (rc) + { + log_error ("write failed: %s\n", gnupg_strerror (rc)); + goto leave; + } + } + if (data_fd != -1 && !is_detached) { log_error ("data given for a non-detached signature\n"); @@ -418,6 +442,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd) leave: ksba_cms_release (cms); gpgsm_destroy_reader (b64reader); + gpgsm_destroy_writer (b64writer); keydb_release (kh); gcry_md_close (data_md); if (fp) |