/**************** * Get the session key from a pubkey enc paket and return * it in DEK, which should have been allocated in secure memory. */ int get_session_key( PKT_pubkey_enc *k, DEK *dek ) { PKT_secret_key *sk = NULL; int rc; rc = check_pubkey_algo( k->pubkey_algo ); if( rc ) goto leave; if( (k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets ) { sk = m_alloc_clear( sizeof *sk ); sk->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/ if( !(rc = get_seckey( sk, k->keyid )) ) rc = get_it( k, dek, sk, k->keyid ); } else { /* anonymous receiver: Try all available secret keys */ void *enum_context = NULL; u32 keyid[2]; for(;;) { if( sk ) free_secret_key( sk ); sk = m_alloc_clear( sizeof *sk ); rc=enum_secret_keys( &enum_context, sk, 1); if( rc ) { rc = G10ERR_NO_SECKEY; break; } if( sk->pubkey_algo != k->pubkey_algo ) continue; keyid_from_sk( sk, keyid ); log_info(_("anonymous receiver; trying secret key %08lX ...\n"), (ulong)keyid[1] ); rc = check_secret_key( sk, 1 ); /* ask only once */ if( !rc ) rc = get_it( k, dek, sk, keyid ); if( !rc ) { log_info(_("okay, we are the anonymous recipient.\n") ); break; } } enum_secret_keys( &enum_context, NULL, 0 ); /* free context */ } leave: if( sk ) free_secret_key( sk ); return rc; }
/* Return information about the given algorithm WHAT selects the kind of information returned: GCRYCTL_TEST_ALGO: Returns 0 when the specified algorithm is available for use. Buffer must be NULL, nbytes may have the address of a variable with the required usage of the algorithm. It may be 0 for don't care or a combination of the GCRY_PK_USAGE_xxx flags; GCRYCTL_GET_ALGO_USAGE: Return the usage flags for the given algo. An invalid algo returns 0. Disabled algos are ignored here because we only want to know whether the algo is at all capable of the usage. Note: Because this function is in most cases used to return an integer value, we can make it easier for the caller to just look at the return value. The caller will in all cases consult the value and thereby detecting whether a error occurred or not (i.e. while checking the block size) */ gcry_err_code_t _gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) { gcry_err_code_t rc = 0; switch (what) { case GCRYCTL_TEST_ALGO: { int use = nbytes ? *nbytes : 0; if (buffer) rc = GPG_ERR_INV_ARG; else if (check_pubkey_algo (algorithm, use)) rc = GPG_ERR_PUBKEY_ALGO; break; } case GCRYCTL_GET_ALGO_USAGE: { gcry_pk_spec_t *spec; spec = spec_from_algo (algorithm); *nbytes = spec? spec->use : 0; break; } case GCRYCTL_GET_ALGO_NPKEY: { /* FIXME? */ int npkey = pubkey_get_npkey (algorithm); *nbytes = npkey; break; } case GCRYCTL_GET_ALGO_NSKEY: { /* FIXME? */ int nskey = pubkey_get_nskey (algorithm); *nbytes = nskey; break; } case GCRYCTL_GET_ALGO_NSIGN: { /* FIXME? */ int nsign = pubkey_get_nsig (algorithm); *nbytes = nsign; break; } case GCRYCTL_GET_ALGO_NENCR: { /* FIXME? */ int nencr = pubkey_get_nenc (algorithm); *nbytes = nencr; break; } default: rc = GPG_ERR_INV_OP; } return rc; }
int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, int *r_expired, int *r_revoked, PKT_public_key *ret_pk ) { PKT_public_key *pk = xmalloc_clear( sizeof *pk ); int rc=0; if( (rc=check_digest_algo(sig->digest_algo)) ) ; /* we don't have this digest */ else if((rc=check_pubkey_algo(sig->pubkey_algo))) ; /* we don't have this pubkey algo */ else if(!md_algo_present(digest,sig->digest_algo)) { /* Sanity check that the md has a context for the hash that the sig is expecting. This can happen if a onepass sig header does not match the actual sig, and also if the clearsign "Hash:" header is missing or does not match the actual sig. */ log_info(_("WARNING: signature digest conflict in message\n")); rc=G10ERR_GENERAL; } else if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; else if(!pk->is_valid && !pk->is_primary) rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an invalid subkey */ else { if(r_expiredate) *r_expiredate = pk->expiredate; rc = do_check( pk, sig, digest, r_expired, r_revoked, ret_pk ); /* Check the backsig. This is a 0x19 signature from the subkey on the primary key. The idea here is that it should not be possible for someone to "steal" subkeys and claim them as their own. The attacker couldn't actually use the subkey, but they could try and claim ownership of any signaures issued by it. */ if(rc==0 && !pk->is_primary && pk->backsig<2) { if(pk->backsig==0) { log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); log_info(_("please see %s for more information\n"), "http://www.gnupg.org/faq/subkey-cross-certify.html"); /* --require-cross-certification makes this warning an error. TODO: change the default to require this after more keys have backsigs. */ if(opt.flags.require_cross_cert) rc=G10ERR_GENERAL; } else if(pk->backsig==1) { log_info(_("WARNING: signing subkey %s has an invalid" " cross-certification\n"),keystr_from_pk(pk)); rc=G10ERR_GENERAL; } } } free_public_key( pk ); if( !rc && sig->sig_class < 2 && is_status_enabled() ) { /* This signature id works best with DLP algorithms because * they use a random parameter for every signature. Instead of * this sig-id we could have also used the hash of the document * and the timestamp, but the drawback of this is, that it is * not possible to sign more than one identical document within * one second. Some remote batch processing applications might * like this feature here */ MD_HANDLE md; u32 a = sig->timestamp; int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p, *buffer; md = md_open( DIGEST_ALGO_RMD160, 0); md_putc( digest, sig->pubkey_algo ); md_putc( digest, sig->digest_algo ); md_putc( digest, (a >> 24) & 0xff ); md_putc( digest, (a >> 16) & 0xff ); md_putc( digest, (a >> 8) & 0xff ); md_putc( digest, a & 0xff ); for(i=0; i < nsig; i++ ) { unsigned n = mpi_get_nbits( sig->data[i]); md_putc( md, n>>8); md_putc( md, n ); p = mpi_get_buffer( sig->data[i], &n, NULL ); md_write( md, p, n ); xfree(p); } md_final( md ); p = make_radix64_string( md_read( md, 0 ), 20 ); buffer = xmalloc( strlen(p) + 60 ); sprintf( buffer, "%s %s %lu", p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp ); write_status_text( STATUS_SIG_ID, buffer ); xfree(buffer); xfree(p); md_close(md); }