2 * Copyright (C) 1998 Free Software Foundation, Inc.
4 * This file is part of GNUPG.
6 * GNUPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GNUPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
43 do_sign( PKT_secret_key *sk, PKT_signature *sig,
44 MD_HANDLE md, int digest_algo )
50 print_pubkey_algo_note(sk->pubkey_algo);
53 digest_algo = md_get_algo(md);
55 print_digest_algo_note( digest_algo );
56 dp = md_read( md, digest_algo );
57 sig->digest_algo = digest_algo;
58 sig->digest_start[0] = dp[0];
59 sig->digest_start[1] = dp[1];
60 frame = encode_md_value( sk->pubkey_algo, md,
61 digest_algo, mpi_get_nbits(sk->skey[0]));
62 rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
65 log_error(_("signing failed: %s\n"), g10_errstr(rc) );
68 char *ustr = get_user_id_string( sig->keyid );
69 log_info(_("%s signature from: %s\n"),
70 pubkey_algo_to_string(sk->pubkey_algo), ustr );
80 complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
84 if( !(rc=check_secret_key( sk, 0 )) )
85 rc = do_sign( sk, sig, md, 0 );
87 /* fixme: should we check whether the signature is okay?
88 * maybe by using an option */
94 hash_for(int pubkey_algo )
96 if( opt.def_digest_algo )
97 return opt.def_digest_algo;
98 if( pubkey_algo == PUBKEY_ALGO_DSA )
99 return DIGEST_ALGO_SHA1;
100 if( pubkey_algo == PUBKEY_ALGO_RSA )
101 return DIGEST_ALGO_MD5;
102 return DEFAULT_DIGEST_ALGO;
106 only_old_style( SK_LIST sk_list )
108 SK_LIST sk_rover = NULL;
111 /* if there are only old style capable key we use the old sytle */
112 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
113 PKT_secret_key *sk = sk_rover->sk;
114 if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
125 * Sign the files whose names are in FILENAME.
126 * If DETACHED has the value true,
127 * make a detached signature. If FILENAMES->d is NULL read from stdin
128 * and ignore the detached mode. Sign the file with all secret keys
129 * which can be taken from LOCUSR, if this is NULL, use the default one
130 * If ENCRYPT is true, use REMUSER (or ask if it is NULL) to encrypt the
131 * signed data for these users.
132 * If OUTFILE is not NULL; this file is used for output and the function
133 * does not ask for overwrite permission; output is then always
134 * uncompressed, non-armored and in binary mode.
137 sign_file( STRLIST filenames, int detached, STRLIST locusr,
138 int encrypt, STRLIST remusr, const char *outfile )
141 armor_filter_context_t afx;
142 compress_filter_context_t zfx;
143 md_filter_context_t mfx;
144 text_filter_context_t tfx;
145 encrypt_filter_context_t efx;
146 IOBUF inp = NULL, out = NULL;
148 PKT_plaintext *pt = NULL;
151 PK_LIST pk_list = NULL;
152 SK_LIST sk_list = NULL;
153 SK_LIST sk_rover = NULL;
155 int old_style = opt.rfc1991;
156 int compr_algo = -1; /* unknown */
159 memset( &afx, 0, sizeof afx);
160 memset( &zfx, 0, sizeof zfx);
161 memset( &mfx, 0, sizeof mfx);
162 memset( &tfx, 0, sizeof tfx);
163 memset( &efx, 0, sizeof efx);
167 fname = filenames->d;
168 multifile = !!filenames->next;
173 if( fname && filenames->next && (!detached || encrypt) )
174 log_bug("multiple files can only be detached signed");
176 if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
179 old_style = only_old_style( sk_list );
182 if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
185 compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR );
189 if( multifile ) /* have list of filenames */
190 inp = NULL; /* we do it later */
191 else if( !(inp = iobuf_open(fname)) ) {
192 log_error("can't open %s: %s\n", fname? fname: "[stdin]",
194 rc = G10ERR_OPEN_FILE;
199 if( !(out = iobuf_create( outfile )) ) {
200 log_error(_("can't create %s: %s\n"), outfile, strerror(errno) );
201 rc = G10ERR_CREATE_FILE;
204 else if( opt.verbose )
205 log_info(_("writing to '%s'\n"), outfile );
207 else if( (rc = open_outfile( fname, opt.armor? 1: detached? 2:0, &out )))
210 /* prepare to calculate the MD over the input */
211 if( opt.textmode && !outfile )
212 iobuf_push_filter( inp, text_filter, &tfx );
213 mfx.md = md_open(0, 0);
215 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
216 PKT_secret_key *sk = sk_rover->sk;
217 md_enable(mfx.md, hash_for(sk->pubkey_algo));
221 iobuf_push_filter( inp, md_filter, &mfx );
223 if( detached && !encrypt && !opt.rfc1991 )
226 if( opt.armor && !outfile )
227 iobuf_push_filter( out, armor_filter, &afx );
228 #ifdef ENABLE_COMMENT_PACKETS
230 write_comment( out, "#created by GNUPG v" VERSION " ("
231 PRINTABLE_OS_NAME ")");
232 if( opt.comment_string )
233 write_comment( out, opt.comment_string );
237 efx.pk_list = pk_list;
238 /* fixme: set efx.cfx.datalen if known */
239 iobuf_push_filter( out, encrypt_filter, &efx );
242 if( opt.compress && !outfile && ( !detached || opt.compress_sigs) ) {
244 ; /* don't use compression */
246 if( old_style || compr_algo == 1 )
248 iobuf_push_filter( out, compress_filter, &zfx );
252 if( !detached && !old_style ) {
254 /* loop over the secret certificates and build headers
255 * The specs now say that the data should be bracket by
256 * the onepass-sig and signature-packet; so we must build it
257 * here in reverse order */
258 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
260 for( ; skcount; skcount-- ) {
262 PKT_onepass_sig *ops;
265 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
270 ops = m_alloc_clear( sizeof *ops );
271 ops->sig_class = opt.textmode && !outfile ? 0x01 : 0x00;
272 ops->digest_algo = hash_for(sk->pubkey_algo);
273 ops->pubkey_algo = sk->pubkey_algo;
274 keyid_from_sk( sk, ops->keyid );
275 ops->last = skcount == 1;
278 pkt.pkttype = PKT_ONEPASS_SIG;
279 pkt.pkt.onepass_sig = ops;
280 rc = build_packet( out, &pkt );
283 log_error("build onepass_sig packet failed: %s\n",
290 /* setup the inner packet */
296 log_info(_("signing:") );
297 /* must walk reverse trough this list */
298 for( sl = strlist_last(filenames); sl;
299 sl = strlist_prev( filenames, sl ) ) {
300 if( !(inp = iobuf_open(sl->d)) ) {
301 log_error(_("can't open %s: %s\n"),
302 sl->d, strerror(errno) );
303 rc = G10ERR_OPEN_FILE;
307 fprintf(stderr, " '%s'", sl->d );
308 iobuf_push_filter( inp, md_filter, &mfx );
309 while( iobuf_get(inp) != -1 )
311 iobuf_close(inp); inp = NULL;
314 putc( '\n', stderr );
317 /* read, so that the filter can calculate the digest */
318 while( iobuf_get(inp) != -1 )
323 if( fname || opt.set_filename ) {
324 char *s = make_basename( opt.set_filename ? opt.set_filename : fname );
325 pt = m_alloc( sizeof *pt + strlen(s) - 1 );
326 pt->namelen = strlen(s);
327 memcpy(pt->name, s, pt->namelen );
330 else { /* no filename */
331 pt = m_alloc( sizeof *pt - 1 );
335 if( !(filesize = iobuf_get_filelength(inp)) )
336 log_info(_("WARNING: '%s' is an empty file\n"), fname );
338 /* because the text_filter modifies the length of the
339 * data, it is not possible to know the used length
340 * without a double read of the file - to avoid that
341 * we simple use partial length packets.
342 * FIXME: We have to do the double read when opt.rfc1991
345 if( opt.textmode && !outfile )
349 filesize = 0; /* stdin */
350 pt->timestamp = make_timestamp();
351 pt->mode = opt.textmode && !outfile ? 't':'b';
353 pt->new_ctb = !pt->len && !opt.rfc1991;
355 pkt.pkttype = PKT_PLAINTEXT;
356 pkt.pkt.plaintext = pt;
357 /*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
358 if( (rc = build_packet( out, &pkt )) )
359 log_error("build_packet(PLAINTEXT) failed: %s\n", g10_errstr(rc) );
363 /* loop over the secret certificates */
364 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
371 /* build the signature packet */
372 /* fixme: this code is partly duplicated in make_keysig_packet */
373 sig = m_alloc_clear( sizeof *sig );
374 sig->version = old_style || opt.force_v3_sigs ? 3 : sk->version;
375 keyid_from_sk( sk, sig->keyid );
376 sig->digest_algo = hash_for(sk->pubkey_algo);
377 sig->pubkey_algo = sk->pubkey_algo;
378 sig->timestamp = make_timestamp();
379 sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00;
381 md = md_copy( mfx.md );
383 if( sig->version >= 4 ) {
384 build_sig_subpkt_from_sig( sig );
385 md_putc( md, sig->version );
387 md_putc( md, sig->sig_class );
388 if( sig->version < 4 ) {
389 u32 a = sig->timestamp;
390 md_putc( md, (a >> 24) & 0xff );
391 md_putc( md, (a >> 16) & 0xff );
392 md_putc( md, (a >> 8) & 0xff );
393 md_putc( md, a & 0xff );
399 md_putc( md, sig->pubkey_algo );
400 md_putc( md, sig->digest_algo );
401 if( sig->hashed_data ) {
402 n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
403 md_write( md, sig->hashed_data, n+2 );
409 buf[0] = sig->version;
411 buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
415 md_write( md, buf, 6 );
420 rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
423 if( !rc ) { /* and write it */
425 pkt.pkttype = PKT_SIGNATURE;
426 pkt.pkt.signature = sig;
427 rc = build_packet( out, &pkt );
430 log_error("build signature packet failed: %s\n", g10_errstr(rc) );
444 release_sk_list( sk_list );
445 release_pk_list( pk_list );
452 * Note: We do not calculate the hash over the last CR,LF
455 write_dash_escaped( IOBUF inp, IOBUF out, MD_HANDLE md )
461 if( opt.not_dash_escaped ) {
463 while( (c = iobuf_get(inp)) != -1 ) {
468 if( lastlf != '\n' ) {
469 /* add a missing trailing LF */
471 iobuf_put( out, '\n' );
477 while( (c = iobuf_get(inp)) != -1 ) {
478 /* Note: We don't escape "From " because the MUA should cope with it */
482 iobuf_put( out, ' ' );
515 else if( state == 2 ) { /* file ended with a new line */
518 iobuf_put( out, '\n');
522 iobuf_put( out, '\n' );
524 return 0; /* fixme: add error handling */
529 * make a clear signature. note that opt.armor is not needed
532 clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
534 armor_filter_context_t afx;
535 text_filter_context_t tfx;
536 MD_HANDLE textmd = NULL;
537 IOBUF inp = NULL, out = NULL;
540 SK_LIST sk_list = NULL;
541 SK_LIST sk_rover = NULL;
542 int old_style = opt.rfc1991;
545 memset( &afx, 0, sizeof afx);
546 memset( &tfx, 0, sizeof tfx);
549 if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
552 old_style = only_old_style( sk_list );
555 if( !(inp = iobuf_open(fname)) ) {
556 log_error("can't open %s: %s\n", fname? fname: "[stdin]",
558 rc = G10ERR_OPEN_FILE;
563 if( !(out = iobuf_create( outfile )) ) {
564 log_error(_("can't create %s: %s\n"), outfile, strerror(errno) );
565 rc = G10ERR_CREATE_FILE;
568 else if( opt.verbose )
569 log_info(_("writing to '%s'\n"), outfile );
571 else if( (rc = open_outfile( fname, 1, &out )) )
574 iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" );
576 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
577 PKT_secret_key *sk = sk_rover->sk;
578 if( hash_for(sk->pubkey_algo) == DIGEST_ALGO_MD5 )
586 if( old_style || only_md5 )
587 iobuf_writestr(out, "\n" );
592 iobuf_writestr(out, "Hash: " );
593 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
594 PKT_secret_key *sk = sk_rover->sk;
595 s = digest_algo_to_string( hash_for(sk->pubkey_algo) );
598 iobuf_put(out, ',' );
599 iobuf_writestr(out, s );
604 iobuf_writestr(out, "\n" );
605 if( opt.not_dash_escaped )
607 "NotDashEscaped: You need GnuPG to verify this message\n" );
608 iobuf_writestr(out, "\n" );
612 textmd = md_open(0, 0);
613 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
614 PKT_secret_key *sk = sk_rover->sk;
615 md_enable(textmd, hash_for(sk->pubkey_algo));
617 /*md_start_debug( textmd, "create" );*/
618 if( !opt.not_dash_escaped )
619 iobuf_push_filter( inp, text_filter, &tfx );
620 rc = write_dash_escaped( inp, out, textmd );
625 iobuf_push_filter( out, armor_filter, &afx );
627 /* loop over the secret certificates */
628 for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
635 /* build the signature packet */
636 /* fixme: this code is duplicated above */
637 sig = m_alloc_clear( sizeof *sig );
638 sig->version = old_style || opt.force_v3_sigs ? 3 : sk->version;
639 keyid_from_sk( sk, sig->keyid );
640 sig->digest_algo = hash_for(sk->pubkey_algo);
641 sig->pubkey_algo = sk->pubkey_algo;
642 sig->timestamp = make_timestamp();
643 sig->sig_class = 0x01;
645 md = md_copy( textmd );
646 if( sig->version >= 4 ) {
647 build_sig_subpkt_from_sig( sig );
648 md_putc( md, sig->version );
650 md_putc( md, sig->sig_class );
651 if( sig->version < 4 ) {
652 u32 a = sig->timestamp;
653 md_putc( md, (a >> 24) & 0xff );
654 md_putc( md, (a >> 16) & 0xff );
655 md_putc( md, (a >> 8) & 0xff );
656 md_putc( md, a & 0xff );
662 md_putc( md, sig->pubkey_algo );
663 md_putc( md, sig->digest_algo );
664 if( sig->hashed_data ) {
665 n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
666 md_write( md, sig->hashed_data, n+2 );
672 buf[0] = sig->version;
674 buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
678 md_write( md, buf, 6 );
683 rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
686 if( !rc ) { /* and write it */
688 pkt.pkttype = PKT_SIGNATURE;
689 pkt.pkt.signature = sig;
690 rc = build_packet( out, &pkt );
693 log_error("build signature packet failed: %s\n", g10_errstr(rc) );
707 release_sk_list( sk_list );
713 * Create a signature packet for the given public key certificate
714 * and the user id and return it in ret_sig. User signature class SIGCLASS
715 * user-id is not used (and may be NULL if sigclass is 0x20)
716 * If digest_algo is 0 the function selects an appropriate one.
719 make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
720 PKT_user_id *uid, PKT_public_key *subpk,
722 int sigclass, int digest_algo,
723 int (*mksubpkt)(PKT_signature *, void *), void *opaque
730 assert( (sigclass >= 0x10 && sigclass <= 0x13)
731 || sigclass == 0x20 || sigclass == 0x18 );
733 switch( sk->pubkey_algo ) {
734 case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;
735 case PUBKEY_ALGO_RSA_S:
736 case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break;
737 default: digest_algo = DIGEST_ALGO_RMD160; break;
740 md = md_open( digest_algo, 0 );
742 /* hash the public key certificate and the user id */
743 hash_public_key( md, pk );
744 if( sigclass == 0x18 ) { /* subkey binding */
745 hash_public_key( md, subpk );
747 else if( sigclass != 0x20 ) {
748 if( sk->version >=4 ) {
750 buf[0] = 0xb4; /* indicates a userid packet */
751 buf[1] = uid->len >> 24; /* always use 4 length bytes */
752 buf[2] = uid->len >> 16;
753 buf[3] = uid->len >> 8;
755 md_write( md, buf, 5 );
757 md_write( md, uid->name, uid->len );
759 /* and make the signature packet */
760 sig = m_alloc_clear( sizeof *sig );
761 sig->version = sk->version;
762 keyid_from_sk( sk, sig->keyid );
763 sig->pubkey_algo = sk->pubkey_algo;
764 sig->digest_algo = digest_algo;
765 sig->timestamp = make_timestamp();
766 sig->sig_class = sigclass;
767 if( sig->version >= 4 )
768 build_sig_subpkt_from_sig( sig );
770 if( sig->version >= 4 && mksubpkt )
771 rc = (*mksubpkt)( sig, opaque );
774 if( sig->version >= 4 )
775 md_putc( md, sig->version );
776 md_putc( md, sig->sig_class );
777 if( sig->version < 4 ) {
778 u32 a = sig->timestamp;
779 md_putc( md, (a >> 24) & 0xff );
780 md_putc( md, (a >> 16) & 0xff );
781 md_putc( md, (a >> 8) & 0xff );
782 md_putc( md, a & 0xff );
788 md_putc( md, sig->pubkey_algo );
789 md_putc( md, sig->digest_algo );
790 if( sig->hashed_data ) {
791 n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
792 md_write( md, sig->hashed_data, n+2 );
798 buf[0] = sig->version;
800 buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
804 md_write( md, buf, 6 );
809 rc = complete_sig( sig, sk, md );
814 free_seckey_enc( sig );
projects / gnupg.git / blob