Coverage Report

Created: 2022-12-08 06:10

/src/gnupg/g10/verify.c
Line
Count
Source (jump to first uncovered line)
1
/* verify.c - Verify signed data
2
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2005, 2006,
3
 *               2007, 2010 Free Software Foundation, Inc.
4
 *
5
 * This file is part of GnuPG.
6
 *
7
 * GnuPG is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 3 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * GnuPG is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
19
 */
20
21
#include <config.h>
22
#include <stdio.h>
23
#include <stdlib.h>
24
#include <string.h>
25
#include <errno.h>
26
27
#include "gpg.h"
28
#include "options.h"
29
#include "packet.h"
30
#include "../common/status.h"
31
#include "../common/iobuf.h"
32
#include "keydb.h"
33
#include "../common/util.h"
34
#include "main.h"
35
#include "filter.h"
36
#include "../common/ttyio.h"
37
#include "../common/i18n.h"
38
39
40
/****************
41
 * Assume that the input is a signature and verify it without
42
 * generating any output.  With no arguments, the signature packet
43
 * is read from stdin (it may be a detached signature when not
44
 * used in batch mode). If only a sigfile is given, it may be a complete
45
 * signature or a detached signature in which case the signed stuff
46
 * is expected from stdin. With more than 1 argument, the first should
47
 * be a detached signature and the remaining files are the signed stuff.
48
 */
49
50
int
51
verify_signatures (ctrl_t ctrl, int nfiles, char **files )
52
0
{
53
0
    IOBUF fp;
54
0
    armor_filter_context_t *afx = NULL;
55
0
    progress_filter_context_t *pfx = new_progress_context ();
56
0
    const char *sigfile;
57
0
    int i, rc;
58
0
    strlist_t sl;
59
60
    /* Decide whether we should handle a detached or a normal signature,
61
     * which is needed so that the code later can hash the correct data and
62
     * not have a normal signature act as detached signature and ignoring the
63
     * intended signed material from the 2nd file or stdin.
64
     * 1. gpg <file        - normal
65
     * 2. gpg file         - normal (or detached)
66
     * 3. gpg file <file2  - detached
67
     * 4. gpg file file2   - detached
68
     * The question is how decide between case 2 and 3?  The only way
69
     * we can do it is by reading one byte from stdin and then unget
70
     * it; the problem here is that we may be reading from the
71
     * terminal (which could be detected using isatty() but won't work
72
     * when under control of a pty using program (e.g. expect)) and
73
     * might get us in trouble when stdin is used for another purpose
74
     * (--passphrase-fd 0).  So we have to break with the behaviour
75
     * prior to gpg 1.0.4 by assuming that case 3 is a normal
76
     * signature (where file2 is ignored and require for a detached
77
     * signature to indicate signed material comes from stdin by using
78
     * case 4 with a file2 of "-".
79
     *
80
     * Actually we don't have to change anything here but can handle
81
     * that all quite easily in mainproc.c
82
     */
83
84
0
    sigfile = nfiles? *files : NULL;
85
86
    /* open the signature file */
87
0
    fp = iobuf_open(sigfile);
88
0
    if (fp && is_secured_file (iobuf_get_fd (fp)))
89
0
      {
90
0
        iobuf_close (fp);
91
0
        fp = NULL;
92
0
        gpg_err_set_errno (EPERM);
93
0
      }
94
0
    if( !fp ) {
95
0
        rc = gpg_error_from_syserror ();
96
0
  log_error(_("can't open '%s': %s\n"),
97
0
                  print_fname_stdin(sigfile), gpg_strerror (rc));
98
0
        goto leave;
99
0
    }
100
0
    handle_progress (pfx, fp, sigfile);
101
102
0
    if ( !opt.no_armor && use_armor_filter( fp ) )
103
0
      {
104
0
        afx = new_armor_context ();
105
0
  push_armor_filter (afx, fp);
106
0
      }
107
108
0
    sl = NULL;
109
0
    for(i=nfiles-1 ; i > 0 ; i-- )
110
0
  add_to_strlist( &sl, files[i] );
111
0
    rc = proc_signature_packets (ctrl, NULL, fp, sl, sigfile );
112
0
    free_strlist(sl);
113
0
    iobuf_close(fp);
114
0
    if( (afx && afx->no_openpgp_data && rc == -1)
115
0
        || gpg_err_code (rc) == GPG_ERR_NO_DATA ) {
116
0
  log_error(_("the signature could not be verified.\n"
117
0
       "Please remember that the signature file (.sig or .asc)\n"
118
0
       "should be the first file given on the command line.\n") );
119
0
  rc = 0;
120
0
    }
121
122
0
 leave:
123
0
    release_armor_context (afx);
124
0
    release_progress_context (pfx);
125
0
    return rc;
126
0
}
127
128
129
130
void
131
print_file_status( int status, const char *name, int what )
132
0
{
133
0
    char *p = xmalloc(strlen(name)+10);
134
0
    sprintf(p, "%d %s", what, name );
135
0
    write_status_text( status, p );
136
0
    xfree(p);
137
0
}
138
139
140
static int
141
verify_one_file (ctrl_t ctrl, const char *name )
142
0
{
143
0
    IOBUF fp;
144
0
    armor_filter_context_t *afx = NULL;
145
0
    progress_filter_context_t *pfx = new_progress_context ();
146
0
    int rc;
147
148
0
    print_file_status( STATUS_FILE_START, name, 1 );
149
0
    fp = iobuf_open(name);
150
0
    if (fp)
151
0
      iobuf_ioctl (fp, IOBUF_IOCTL_NO_CACHE, 1, NULL);
152
0
    if (fp && is_secured_file (iobuf_get_fd (fp)))
153
0
      {
154
0
        iobuf_close (fp);
155
0
        fp = NULL;
156
0
        gpg_err_set_errno (EPERM);
157
0
      }
158
0
    if( !fp ) {
159
0
        rc = gpg_error_from_syserror ();
160
0
  log_error(_("can't open '%s': %s\n"),
161
0
                  print_fname_stdin(name), strerror (errno));
162
0
  print_file_status( STATUS_FILE_ERROR, name, 1 );
163
0
        goto leave;
164
0
    }
165
0
    handle_progress (pfx, fp, name);
166
167
0
    if( !opt.no_armor ) {
168
0
  if( use_armor_filter( fp ) ) {
169
0
            afx = new_armor_context ();
170
0
      push_armor_filter (afx, fp);
171
0
  }
172
0
    }
173
174
0
    rc = proc_signature_packets (ctrl, NULL, fp, NULL, name );
175
0
    iobuf_close(fp);
176
0
    write_status( STATUS_FILE_DONE );
177
178
0
    reset_literals_seen();
179
180
0
 leave:
181
0
    release_armor_context (afx);
182
0
    release_progress_context (pfx);
183
0
    return rc;
184
0
}
185
186
/****************
187
 * Verify each file given in the files array or read the names of the
188
 * files from stdin.
189
 * Note:  This function can not handle detached signatures.
190
 */
191
int
192
verify_files (ctrl_t ctrl, int nfiles, char **files )
193
0
{
194
0
    int i, rc;
195
0
    int first_rc = 0;
196
197
0
    if( !nfiles ) { /* read the filenames from stdin */
198
0
  char line[2048];
199
0
  unsigned int lno = 0;
200
201
0
  while( fgets(line, DIM(line), stdin) ) {
202
0
      lno++;
203
0
      if( !*line || line[strlen(line)-1] != '\n' ) {
204
0
    log_error(_("input line %u too long or missing LF\n"), lno );
205
0
    return GPG_ERR_GENERAL;
206
0
      }
207
      /* This code does not work on MSDOS but hwo cares there are
208
       * also no script languages available.  We don't strip any
209
       * spaces, so that we can process nearly all filenames */
210
0
      line[strlen(line)-1] = 0;
211
0
      rc = verify_one_file (ctrl, line);
212
0
            if (!first_rc)
213
0
              first_rc = rc;
214
0
  }
215
216
0
    }
217
0
    else {  /* take filenames from the array */
218
0
  for(i=0; i < nfiles; i++ )
219
0
          {
220
0
            rc = verify_one_file (ctrl, files[i]);
221
0
            if (!first_rc)
222
0
              first_rc = rc;
223
0
          }
224
0
    }
225
226
0
    return first_rc;
227
0
}
228
229
230
231
232
/* Perform a verify operation.  To verify detached signatures, DATA_FD
233
   shall be the descriptor of the signed data; for regular signatures
234
   it needs to be -1.  If OUT_FP is not NULL and DATA_FD is not -1 the
235
   the signed material gets written that stream.
236
237
   FIXME: OUTFP is not yet implemented.
238
*/
239
int
240
gpg_verify (ctrl_t ctrl, int sig_fd, int data_fd, estream_t out_fp)
241
0
{
242
0
  int rc;
243
0
  iobuf_t fp;
244
0
  armor_filter_context_t *afx = NULL;
245
0
  progress_filter_context_t *pfx = new_progress_context ();
246
247
0
  (void)ctrl;
248
0
  (void)out_fp;
249
250
0
  if (is_secured_file (sig_fd))
251
0
    {
252
0
      fp = NULL;
253
0
      gpg_err_set_errno (EPERM);
254
0
    }
255
0
  else
256
0
    fp = iobuf_fdopen_nc (sig_fd, "rb");
257
0
  if (!fp)
258
0
    {
259
0
      rc = gpg_error_from_syserror ();
260
0
      log_error (_("can't open fd %d: %s\n"), sig_fd, strerror (errno));
261
0
      goto leave;
262
0
    }
263
264
0
  handle_progress (pfx, fp, NULL);
265
266
0
  if ( !opt.no_armor && use_armor_filter (fp) )
267
0
    {
268
0
      afx = new_armor_context ();
269
0
      push_armor_filter (afx, fp);
270
0
    }
271
272
0
  rc = proc_signature_packets_by_fd (ctrl, NULL, fp, data_fd);
273
274
0
  if ( afx && afx->no_openpgp_data
275
0
       && (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) )
276
0
    rc = gpg_error (GPG_ERR_NO_DATA);
277
278
0
 leave:
279
0
  iobuf_close (fp);
280
0
  release_progress_context (pfx);
281
0
  release_armor_context (afx);
282
0
  return rc;
283
0
}