diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/Makefile.am | 61 | ||||
| -rw-r--r-- | g10/gpgv.c | 305 | ||||
| -rw-r--r-- | g10/mainproc.c | 5 | ||||
| -rw-r--r-- | g10/parse-packet.c | 1 | ||||
| -rw-r--r-- | g10/sign.c | 22 |
6 files changed, 365 insertions, 38 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 5a903c625..8bd087ae1 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +Wed Oct 4 15:50:18 CEST 2000 Werner Koch <[email protected]> + + * sign.c (hash_for): New arg to take packet version in account, changed + call callers. + + * gpgv.c: New. + * Makefile.am: Rearranged source files so that gpgv can be build with + at least files as possible. + Mon Sep 18 12:13:52 CEST 2000 Werner Koch <[email protected]> * hkp.c (not_implemented): Print a notice for W32 diff --git a/g10/Makefile.am b/g10/Makefile.am index 6170b1691..fcf443ecb 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -7,7 +7,7 @@ LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@ needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a #noinst_PROGRAMS = gpgd -bin_PROGRAMS = gpg +bin_PROGRAMS = gpg gpgv common_source = \ build-packet.c \ @@ -15,57 +15,64 @@ common_source = \ filter.h \ free-packet.c \ getkey.c \ - keydb.h \ - delkey.c \ - pkclist.c \ - skclist.c \ ringedit.c \ + seskey.c \ + keydb.h \ kbnode.c \ main.h \ mainproc.c \ armor.c \ mdfilter.c \ textfilter.c \ - cipher.c \ misc.c \ options.h \ openfile.c \ keyid.c \ - trustdb.c \ - trustdb.h \ - tdbdump.c \ - tdbio.c \ - tdbio.h \ - hkp.h \ - hkp.c \ packet.h \ parse-packet.c \ - passphrase.c \ - pubkey-enc.c \ - seckey-cert.c \ - seskey.c \ - import.c \ - export.c \ comment.c \ status.c \ status.h \ - sign.c \ plaintext.c \ - encr-data.c \ - encode.c \ - revoke.c \ - keylist.c \ sig-check.c \ - signal.c \ - helptext.c + signal.c gpg_SOURCES = g10.c \ $(common_source) \ + pkclist.c \ + skclist.c \ + pubkey-enc.c \ + passphrase.c \ + seckey-cert.c \ + encr-data.c \ + cipher.c \ + keylist.c \ + encode.c \ + sign.c \ verify.c \ + revoke.c \ decrypt.c \ keyedit.c \ dearmor.c \ - keygen.c + import.c \ + export.c \ + hkp.h \ + hkp.c \ + trustdb.c \ + trustdb.h \ + tdbdump.c \ + tdbio.c \ + tdbio.h \ + delkey.c \ + keygen.c \ + helptext.c + +gpgv_SOURCES = gpgv.c \ + $(common_source) \ + verify.c + + + #gpgd_SOURCES = gpgd.c \ # ks-proto.h \ diff --git a/g10/gpgv.c b/g10/gpgv.c new file mode 100644 index 000000000..bcd97ecb5 --- /dev/null +++ b/g10/gpgv.c @@ -0,0 +1,305 @@ +/* gpgv.c - The GnuPG signature verify utility + * Copyright (C) 2000 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <unistd.h> +#ifdef HAVE_DOSISH_SYSTEM + #include <fcntl.h> /* for setmode() */ +#endif + + +#include "packet.h" +#include "iobuf.h" +#include "memory.h" +#include "util.h" +#include "main.h" +#include "options.h" +#include "keydb.h" +#include "trustdb.h" +#include "mpi.h" +#include "cipher.h" +#include "filter.h" +#include "ttyio.h" +#include "i18n.h" +#include "status.h" +#include "g10defs.h" +#include "hkp.h" + + +enum cmd_and_opt_values { aNull = 0, + oQuiet = 'q', + oVerbose = 'v', + oBatch = 500, + oKeyring, + oIgnoreTimeConflict, + oStatusFD, + oLoggerFD, + oHomedir, +aTest }; + + +static ARGPARSE_OPTS opts[] = { + + { 301, NULL, 0, N_("@\nOptions:\n ") }, + + { oVerbose, "verbose", 0, N_("verbose") }, + { oQuiet, "quiet", 0, N_("be somewhat more quiet") }, + { oKeyring, "keyring" ,2, N_("take the keys from this keyring")}, + { oIgnoreTimeConflict, "ignore-time-conflict", 0, + N_("make timestamp conflicts only a warning") }, + { oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") }, + { oLoggerFD, "logger-fd",1, "@" }, + { oHomedir, "homedir", 2, "@" }, /* defaults to "~/.gnupg" */ + +{0} }; + + + +int g10_errors_seen = 0; + +const char * +strusage( int level ) +{ + const char *p; + switch( level ) { + case 11: p = "gpgv (GnuPG)"; + break; + case 13: p = VERSION; break; + case 17: p = PRINTABLE_OS_NAME; break; + case 19: p = + _("Please report bugs to <[email protected]>.\n"); + break; + case 1: + case 40: p = + _("Usage: gpgv [options] [files] (-h for help)"); + break; + case 41: p = + _("Syntax: gpg [options] [files]\n" + "Check signatures against known trusted keys\n"); + break; + + default: p = default_strusage(level); + } + return p; +} + + + + +static void +i18n_init(void) +{ + #ifdef USE_SIMPLE_GETTEXT + set_gettext_file( PACKAGE ); + #else + #ifdef ENABLE_NLS + #ifdef HAVE_LC_MESSAGES + setlocale( LC_TIME, "" ); + setlocale( LC_MESSAGES, "" ); + #else + setlocale( LC_ALL, "" ); + #endif + bindtextdomain( PACKAGE, G10_LOCALEDIR ); + textdomain( PACKAGE ); + #endif + #endif +} + + +int +main( int argc, char **argv ) +{ + ARGPARSE_ARGS pargs; + int rc=0; + STRLIST sl; + STRLIST nrings=NULL; + unsigned configlineno; + + log_set_name("gpgv"); + init_signals(); + i18n_init(); + opt.command_fd = -1; /* no command fd */ + opt.pgp2_workarounds = 1; + opt.auto_key_retrieve = 1; + opt.always_trust = 1; + opt.batch = 1; + + #ifdef __MINGW32__ + opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" ); + #else + opt.homedir = getenv("GNUPGHOME"); + #endif + if( !opt.homedir || !*opt.homedir ) { + opt.homedir = GNUPG_HOMEDIR; + } + tty_no_terminal(1); + tty_batchmode(1); + disable_dotlock(); + + pargs.argc = &argc; + pargs.argv = &argv; + pargs.flags= 1; /* do not remove the args */ + while( optfile_parse( NULL, NULL, &configlineno, &pargs, opts) ) { + switch( pargs.r_opt ) { + case oQuiet: opt.quiet = 1; break; + case oVerbose: g10_opt_verbose++; + opt.verbose++; opt.list_sigs=1; break; + case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; + case oStatusFD: set_status_fd( pargs.r.ret_int ); break; + case oLoggerFD: log_set_logfile( NULL, pargs.r.ret_int ); break; + case oHomedir: opt.homedir = pargs.r.ret_str; break; + default : pargs.err = 2; break; + } + } + + if( log_get_errorcount(0) ) + g10_exit(2); + + g10_opt_homedir = opt.homedir; + + if( opt.verbose > 1 ) + set_packet_list_mode(1); + + if( !nrings ) /* no keyring given: use default one */ + add_keyblock_resource("trustedkeys.gpg", 0, 0); + for(sl = nrings; sl; sl = sl->next ) + add_keyblock_resource( sl->d, 0, 0 ); + + FREE_STRLIST(nrings); + + if( (rc = verify_signatures( argc, argv ) )) + log_error("verify signatures failed: %s\n", g10_errstr(rc) ); + + /* cleanup */ + g10_exit(0); + return 8; /*NEVER REACHED*/ +} + + +void +g10_exit( int rc ) +{ + rc = rc? rc : log_get_errorcount(0)? 2 : + g10_errors_seen? 1 : 0; + exit(rc ); +} + + +/* Stub: + * We have to override the trustcheck from pkclist.c becuase + * this utility assumes that all keys in the keyring are trustworthy + */ +int +check_signatures_trust( PKT_signature *sig ) +{ + return 0; +} + + +/* Stub: + * We don't have the trustdb , so we have to provide some stub functions + * instead + */ +int +keyid_from_lid( ulong lid, u32 *keyid ) +{ + return G10ERR_TRUSTDB; +} + +/* Stub: */ +int +query_trust_info( PKT_public_key *pk, const byte *namehash ) +{ + return '?'; +} + +/* Stub: */ +int +get_ownertrust_info( ulong lid ) +{ + return '?'; +} + + +/* Stub: + * Because we only work with trusted keys, it does not make sense to + * get them from a keyserver + */ +int +hkp_ask_import( u32 *keyid ) +{ + return -1; +} + +/* Stub: + * No encryption here but mainproc links to these functions. + */ +int +get_session_key( PKT_pubkey_enc *k, DEK *dek ) +{ + return G10ERR_GENERAL; +} +/* Stub: */ +int +get_override_session_key( DEK *dek, const char *string ) +{ + return G10ERR_GENERAL; +} +/* Stub: */ +int +decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) +{ + return G10ERR_GENERAL; +} + + +/* Stub: + * No interactive commnds, so we don't need the helptexts + */ +void +display_online_help( const char *keyword ) +{ +} + +/* Stub: + * We don't use secret keys, but getkey.c links to this + */ +int +check_secret_key( PKT_secret_key *sk, int n ) +{ + return G10ERR_GENERAL; +} + +/* Stub: + * No secret key, so no passphrase needed + */ +DEK * +passphrase_to_dek( u32 *keyid, int pubkey_algo, + int cipher_algo, STRING2KEY *s2k, int mode ) +{ + return NULL; +} + + diff --git a/g10/mainproc.c b/g10/mainproc.c index 882db04e2..6449d3823 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1262,6 +1262,11 @@ proc_tree( CTX c, KBNODE node ) */ /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */ #endif + if ( DBG_HASHING ) { + md_start_debug( c->mfx.md, "verify" ); + if ( c->mfx.md2 ) + md_start_debug( c->mfx.md2, "verify2" ); + } if( c->sigs_only ) { rc = hash_datafiles( c->mfx.md, c->mfx.md2, c->signed_data, c->sigfilename, diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 91aa231b0..3521951b9 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1734,6 +1734,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, if( version != 1 ) { log_error("encrypted_mdc packet with unknown version %d\n", version); + /*skip_rest(inp, pktlen); should we really do this? */ goto leave; } ed->mdc_method = DIGEST_ALGO_SHA1; diff --git a/g10/sign.c b/g10/sign.c index 5d87dad84..588b70372 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -162,13 +162,13 @@ complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ) } static int -hash_for(int pubkey_algo ) +hash_for(int pubkey_algo, int packet_version ) { if( opt.def_digest_algo ) return opt.def_digest_algo; if( pubkey_algo == PUBKEY_ALGO_DSA ) return DIGEST_ALGO_SHA1; - if( pubkey_algo == PUBKEY_ALGO_RSA ) + if( pubkey_algo == PUBKEY_ALGO_RSA && packet_version < 4 ) return DIGEST_ALGO_MD5; return DEFAULT_DIGEST_ALGO; } @@ -304,7 +304,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - md_enable(mfx.md, hash_for(sk->pubkey_algo)); + md_enable(mfx.md, hash_for(sk->pubkey_algo, sk->version )); } if( !multifile ) @@ -361,7 +361,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, sk = sk_rover->sk; ops = m_alloc_clear( sizeof *ops ); ops->sig_class = opt.textmode && !outfile ? 0x01 : 0x00; - ops->digest_algo = hash_for(sk->pubkey_algo); + ops->digest_algo = hash_for(sk->pubkey_algo, sk->version); ops->pubkey_algo = sk->pubkey_algo; keyid_from_sk( sk, ops->keyid ); ops->last = skcount == 1; @@ -488,7 +488,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, sig = m_alloc_clear( sizeof *sig ); sig->version = old_style || opt.force_v3_sigs ? 3 : sk->version; keyid_from_sk( sk, sig->keyid ); - sig->digest_algo = hash_for(sk->pubkey_algo); + sig->digest_algo = hash_for(sk->pubkey_algo, sk->version); sig->pubkey_algo = sk->pubkey_algo; sig->timestamp = make_timestamp(); sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00; @@ -538,7 +538,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, } md_final( md ); - rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) ); + rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo, sk->version) ); md_close( md ); if( !rc ) { /* and write it */ @@ -621,7 +621,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - if( hash_for(sk->pubkey_algo) == DIGEST_ALGO_MD5 ) + if( hash_for(sk->pubkey_algo, sk->version) == DIGEST_ALGO_MD5 ) only_md5 = 1; else { only_md5 = 0; @@ -640,7 +640,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) iobuf_writestr(out, "Hash: " ); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - int i = hash_for(sk->pubkey_algo); + int i = hash_for(sk->pubkey_algo, sk->version); if( !hashs_seen[ i & 0xff ] ) { s = digest_algo_to_string( i ); @@ -665,7 +665,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) textmd = md_open(0, 0); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - md_enable(textmd, hash_for(sk->pubkey_algo)); + md_enable(textmd, hash_for(sk->pubkey_algo, sk->version)); } if ( DBG_HASHING ) md_start_debug( textmd, "clearsign" ); @@ -690,7 +690,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) sig = m_alloc_clear( sizeof *sig ); sig->version = old_style || opt.force_v3_sigs ? 3 : sk->version; keyid_from_sk( sk, sig->keyid ); - sig->digest_algo = hash_for(sk->pubkey_algo); + sig->digest_algo = hash_for(sk->pubkey_algo, sk->version); sig->pubkey_algo = sk->pubkey_algo; sig->timestamp = make_timestamp(); sig->sig_class = 0x01; @@ -739,7 +739,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } md_final( md ); - rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) ); + rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo, sk->version) ); md_close( md ); if( !rc ) { /* and write it */ |