/**
* Check the PGP signature for the given file path.
* If base64_sig is provided, it will be used as the signature data after
* decoding. If base64_sig is NULL, expect a signature file next to path
* (e.g. "%s.sig").
*
* The return value will be 0 if nothing abnormal happened during the signature
* check, and -1 if an error occurred while checking signatures or if a
* signature could not be found; pm_errno will be set. Note that "abnormal"
* does not include a failed signature; the value in siglist should be checked
* to determine if the signature(s) are good.
* @param handle the context handle
* @param path the full path to a file
* @param base64_sig optional PGP signature data in base64 encoding
* @param siglist a pointer to storage for signature results
* @return 0 in normal cases, -1 if the something failed in the check process
*/
int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
const char *base64_sig, alpm_siglist_t *siglist)
{
int ret = -1, sigcount;
gpgme_error_t gpg_err = 0;
gpgme_ctx_t ctx;
gpgme_data_t filedata, sigdata;
gpgme_verify_result_t verify_result;
gpgme_signature_t gpgsig;
char *sigpath = NULL;
unsigned char *decoded_sigdata = NULL;
FILE *file = NULL, *sigfile = NULL;
if(!path || _alpm_access(handle, NULL, path, R_OK) != 0) {
RET_ERR(handle, ALPM_ERR_NOT_A_FILE, -1);
}
if(!siglist) {
RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1);
}
siglist->count = 0;
if(!base64_sig) {
sigpath = _alpm_sigpath(handle, path);
if(_alpm_access(handle, NULL, sigpath, R_OK) != 0
|| (sigfile = fopen(sigpath, "rb")) == NULL) {
_alpm_log(handle, ALPM_LOG_DEBUG, "sig path %s could not be opened\n",
sigpath);
handle->pm_errno = ALPM_ERR_SIG_MISSING;
goto error;
}
}
/* does the file we are verifying exist? */
file = fopen(path, "rb");
if(file == NULL) {
handle->pm_errno = ALPM_ERR_NOT_A_FILE;
goto error;
}
if(init_gpgme(handle)) {
/* pm_errno was set in gpgme_init() */
goto error;
}
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signature for %s\n", path);
memset(&ctx, 0, sizeof(ctx));
memset(&sigdata, 0, sizeof(sigdata));
memset(&filedata, 0, sizeof(filedata));
gpg_err = gpgme_new(&ctx);
CHECK_ERR();
/* create our necessary data objects to verify the signature */
gpg_err = gpgme_data_new_from_stream(&filedata, file);
CHECK_ERR();
/* next create data object for the signature */
if(base64_sig) {
/* memory-based, we loaded it from a sync DB */
size_t data_len;
int decode_ret = alpm_decode_signature(base64_sig,
&decoded_sigdata, &data_len);
if(decode_ret) {
handle->pm_errno = ALPM_ERR_SIG_INVALID;
goto gpg_error;
}
gpg_err = gpgme_data_new_from_mem(&sigdata,
(char *)decoded_sigdata, data_len, 0);
} else {
/* file-based, it is on disk */
gpg_err = gpgme_data_new_from_stream(&sigdata, sigfile);
}
CHECK_ERR();
/* here's where the magic happens */
gpg_err = gpgme_op_verify(ctx, sigdata, filedata, NULL);
CHECK_ERR();
verify_result = gpgme_op_verify_result(ctx);
CHECK_ERR();
if(!verify_result || !verify_result->signatures) {
_alpm_log(handle, ALPM_LOG_DEBUG, "no signatures returned\n");
handle->pm_errno = ALPM_ERR_SIG_MISSING;
goto gpg_error;
}
for(gpgsig = verify_result->signatures, sigcount = 0;
gpgsig; gpgsig = gpgsig->next, sigcount++);
_alpm_log(handle, ALPM_LOG_DEBUG, "%d signatures returned\n", sigcount);
CALLOC(siglist->results, sigcount, sizeof(alpm_sigresult_t),
handle->pm_errno = ALPM_ERR_MEMORY; goto gpg_error);
siglist->count = sigcount;
for(gpgsig = verify_result->signatures, sigcount = 0; gpgsig;
gpgsig = gpgsig->next, sigcount++) {
alpm_list_t *summary_list, *summary;
alpm_sigstatus_t status;
alpm_sigvalidity_t validity;
gpgme_key_t key;
alpm_sigresult_t *result;
_alpm_log(handle, ALPM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr);
summary_list = list_sigsum(gpgsig->summary);
for(summary = summary_list; summary; summary = summary->next) {
_alpm_log(handle, ALPM_LOG_DEBUG, "summary: %s\n", (const char *)summary->data);
}
alpm_list_free(summary_list);
_alpm_log(handle, ALPM_LOG_DEBUG, "status: %s\n", gpgme_strerror(gpgsig->status));
_alpm_log(handle, ALPM_LOG_DEBUG, "timestamp: %lu\n", gpgsig->timestamp);
if((time_t)gpgsig->timestamp > time(NULL)) {
_alpm_log(handle, ALPM_LOG_DEBUG,
"signature timestamp is greater than system time.\n");
}
_alpm_log(handle, ALPM_LOG_DEBUG, "exp_timestamp: %lu\n", gpgsig->exp_timestamp);
_alpm_log(handle, ALPM_LOG_DEBUG, "validity: %s; reason: %s\n",
string_validity(gpgsig->validity),
gpgme_strerror(gpgsig->validity_reason));
result = siglist->results + sigcount;
gpg_err = gpgme_get_key(ctx, gpgsig->fpr, &key, 0);
if(gpg_err_code(gpg_err) == GPG_ERR_EOF) {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
gpg_err = GPG_ERR_NO_ERROR;
/* we dupe the fpr in this case since we have no key to point at */
STRDUP(result->key.fingerprint, gpgsig->fpr,
handle->pm_errno = ALPM_ERR_MEMORY; goto gpg_error);
} else {
/**
* Check the PGP signature for the given file path.
* If base64_sig is provided, it will be used as the signature data after
* decoding. If base64_sig is NULL, expect a signature file next to path
* (e.g. "%s.sig").
*
* The return value will be 0 if nothing abnormal happened during the signature
* check, and -1 if an error occurred while checking signatures or if a
* signature could not be found; pm_errno will be set. Note that "abnormal"
* does not include a failed signature; the value in #result should be checked
* to determine if the signature(s) are good.
* @param handle the context handle
* @param path the full path to a file
* @param base64_sig optional PGP signature data in base64 encoding
* @result
* @return 0 in normal cases, -1 if the something failed in the check process
*/
int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
const char *base64_sig, alpm_sigresult_t *result)
{
int ret = -1, sigcount;
gpgme_error_t err;
gpgme_ctx_t ctx;
gpgme_data_t filedata, sigdata;
gpgme_verify_result_t verify_result;
gpgme_signature_t gpgsig;
char *sigpath = NULL;
unsigned char *decoded_sigdata = NULL;
FILE *file = NULL, *sigfile = NULL;
if(!path || access(path, R_OK) != 0) {
RET_ERR(handle, ALPM_ERR_NOT_A_FILE, -1);
}
if(!result) {
RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1);
}
result->count = 0;
if(!base64_sig) {
size_t len = strlen(path) + 5;
CALLOC(sigpath, len, sizeof(char), RET_ERR(handle, ALPM_ERR_MEMORY, -1));
snprintf(sigpath, len, "%s.sig", path);
if(!access(sigpath, R_OK) == 0) {
/* sigcount is 0 */
}
}
if(init_gpgme(handle)) {
/* pm_errno was set in gpgme_init() */
return -1;
}
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signature for %s\n", path);
memset(&ctx, 0, sizeof(ctx));
memset(&sigdata, 0, sizeof(sigdata));
memset(&filedata, 0, sizeof(filedata));
err = gpgme_new(&ctx);
CHECK_ERR();
/* create our necessary data objects to verify the signature */
file = fopen(path, "rb");
if(file == NULL) {
handle->pm_errno = ALPM_ERR_NOT_A_FILE;
goto error;
}
err = gpgme_data_new_from_stream(&filedata, file);
CHECK_ERR();
/* next create data object for the signature */
if(base64_sig) {
/* memory-based, we loaded it from a sync DB */
int data_len;
int decode_ret = decode_signature(base64_sig,
&decoded_sigdata, &data_len);
if(decode_ret) {
handle->pm_errno = ALPM_ERR_SIG_INVALID;
goto error;
}
err = gpgme_data_new_from_mem(&sigdata,
(char *)decoded_sigdata, data_len, 0);
} else {
/* file-based, it is on disk */
sigfile = fopen(sigpath, "rb");
if(sigfile == NULL) {
handle->pm_errno = ALPM_ERR_SIG_MISSING;
goto error;
}
err = gpgme_data_new_from_stream(&sigdata, sigfile);
}
CHECK_ERR();
/* here's where the magic happens */
err = gpgme_op_verify(ctx, sigdata, filedata, NULL);
CHECK_ERR();
verify_result = gpgme_op_verify_result(ctx);
CHECK_ERR();
if(!verify_result || !verify_result->signatures) {
_alpm_log(handle, ALPM_LOG_DEBUG, "no signatures returned\n");
handle->pm_errno = ALPM_ERR_SIG_MISSING;
goto error;
}
for(gpgsig = verify_result->signatures, sigcount = 0;
gpgsig; gpgsig = gpgsig->next, sigcount++);
_alpm_log(handle, ALPM_LOG_DEBUG, "%d signatures returned\n", sigcount);
result->status = calloc(sigcount, sizeof(alpm_sigstatus_t));
result->uid = calloc(sigcount, sizeof(char*));
if(!result->status || !result->uid) {
handle->pm_errno = ALPM_ERR_MEMORY;
goto error;
}
result->count = sigcount;
for(gpgsig = verify_result->signatures, sigcount = 0; gpgsig;
gpgsig = gpgsig->next, sigcount++) {
alpm_list_t *summary_list, *summary;
alpm_sigstatus_t status;
gpgme_key_t key;
_alpm_log(handle, ALPM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr);
summary_list = list_sigsum(gpgsig->summary);
for(summary = summary_list; summary; summary = summary->next) {
_alpm_log(handle, ALPM_LOG_DEBUG, "summary: %s\n", (const char *)summary->data);
}
alpm_list_free(summary_list);
_alpm_log(handle, ALPM_LOG_DEBUG, "status: %s\n", gpgme_strerror(gpgsig->status));
_alpm_log(handle, ALPM_LOG_DEBUG, "timestamp: %lu\n", gpgsig->timestamp);
_alpm_log(handle, ALPM_LOG_DEBUG, "exp_timestamp: %lu\n", gpgsig->exp_timestamp);
_alpm_log(handle, ALPM_LOG_DEBUG, "validity: %s; reason: %s\n",
string_validity(gpgsig->validity),
gpgme_strerror(gpgsig->validity_reason));
err = gpgme_get_key(ctx, gpgsig->fpr, &key, 0);
if(gpg_err_code(err) == GPG_ERR_EOF) {
_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
err = GPG_ERR_NO_ERROR;
} else {
CHECK_ERR();
if(key->uids) {
const char *uid = key->uids->uid;
STRDUP(result->uid[sigcount], uid,
handle->pm_errno = ALPM_ERR_MEMORY; goto error);
_alpm_log(handle, ALPM_LOG_DEBUG, "key user: %s\n", uid);
}
gpgme_key_unref(key);
}
if(gpgsig->summary & GPGME_SIGSUM_VALID) {
/* definite good signature */
_alpm_log(handle, ALPM_LOG_DEBUG, "result: valid signature\n");
status = ALPM_SIGSTATUS_VALID;
} else if(gpgsig->summary & GPGME_SIGSUM_GREEN) {
/* good signature */
_alpm_log(handle, ALPM_LOG_DEBUG, "result: green signature\n");
status = ALPM_SIGSTATUS_VALID;
} else if(gpgsig->summary & GPGME_SIGSUM_RED) {
/* definite bad signature, error */
_alpm_log(handle, ALPM_LOG_DEBUG, "result: red signature\n");
status = ALPM_SIGSTATUS_BAD;
} else if(gpgsig->summary & GPGME_SIGSUM_KEY_MISSING) {
_alpm_log(handle, ALPM_LOG_DEBUG, "result: signature from unknown key\n");
status = ALPM_SIGSTATUS_UNKNOWN;
} else if(gpgsig->summary & GPGME_SIGSUM_KEY_EXPIRED) {
_alpm_log(handle, ALPM_LOG_DEBUG, "result: key expired\n");
status = ALPM_SIGSTATUS_BAD;
} else if(gpgsig->summary & GPGME_SIGSUM_SIG_EXPIRED) {
_alpm_log(handle, ALPM_LOG_DEBUG, "result: signature expired\n");
status = ALPM_SIGSTATUS_BAD;
} else {
/* we'll capture everything else here */
_alpm_log(handle, ALPM_LOG_DEBUG, "result: invalid signature\n");
status = ALPM_SIGSTATUS_BAD;
}
result->status[sigcount] = status;
}
ret = 0;
error:
gpgme_data_release(sigdata);
gpgme_data_release(filedata);
gpgme_release(ctx);
if(sigfile) {
fclose(sigfile);
}
if(file) {
fclose(file);
}
FREE(sigpath);
FREE(decoded_sigdata);
if(gpg_err_code(err) != GPG_ERR_NO_ERROR) {
_alpm_log(handle, ALPM_LOG_ERROR, _("GPGME error: %s\n"), gpgme_strerror(err));
RET_ERR(handle, ALPM_ERR_GPGME, -1);
}
return ret;
}
