1 /* gpg-wks-client.c - A client for the Web Key Service protocols.
2 * Copyright (C) 2016 Werner Koch
3 * Copyright (C) 2016 Bundesamt für Sicherheit in der Informationstechnik
5 * This file is part of GnuPG.
7 * This file is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
26 #include "../common/util.h"
27 #include "../common/status.h"
28 #include "../common/i18n.h"
29 #include "../common/sysutils.h"
30 #include "../common/init.h"
31 #include "../common/asshelp.h"
32 #include "../common/userids.h"
33 #include "../common/ccparray.h"
34 #include "../common/exectool.h"
35 #include "../common/mbox-util.h"
36 #include "../common/name-value.h"
37 #include "call-dirmngr.h"
38 #include "mime-maker.h"
39 #include "send-mail.h"
43 /* Constants to identify the commands and options. */
44 enum cmd_and_opt_values
69 /* The list of commands and options. */
70 static ARGPARSE_OPTS opts[] = {
71 ARGPARSE_group (300, ("@Commands:\n ")),
73 ARGPARSE_c (aSupported, "supported",
74 ("check whether provider supports WKS")),
75 ARGPARSE_c (aCheck, "check",
76 ("check whether a key is available")),
77 ARGPARSE_c (aCreate, "create",
78 ("create a publication request")),
79 ARGPARSE_c (aReceive, "receive",
80 ("receive a MIME confirmation request")),
81 ARGPARSE_c (aRead, "read",
82 ("receive a plain text confirmation request")),
84 ARGPARSE_group (301, ("@\nOptions:\n ")),
86 ARGPARSE_s_n (oVerbose, "verbose", ("verbose")),
87 ARGPARSE_s_n (oQuiet, "quiet", ("be somewhat more quiet")),
88 ARGPARSE_s_s (oDebug, "debug", "@"),
89 ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
90 ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"),
91 ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"),
92 ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
94 ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"),
100 /* The list of supported debug flags. */
101 static struct debug_flags_s debug_flags [] =
103 { DBG_MIME_VALUE , "mime" },
104 { DBG_PARSER_VALUE , "parser" },
105 { DBG_CRYPTO_VALUE , "crypto" },
106 { DBG_MEMORY_VALUE , "memory" },
107 { DBG_MEMSTAT_VALUE, "memstat" },
108 { DBG_IPC_VALUE , "ipc" },
109 { DBG_EXTPROG_VALUE, "extprog" },
115 /* Value of the option --fake-submission-addr. */
116 const char *fake_submission_addr;
119 static void wrong_args (const char *text) GPGRT_ATTR_NORETURN;
120 static gpg_error_t command_supported (char *userid);
121 static gpg_error_t command_check (char *userid);
122 static gpg_error_t command_send (const char *fingerprint, char *userid);
123 static gpg_error_t encrypt_response (estream_t *r_output, estream_t input,
124 const char *addrspec,
125 const char *fingerprint);
126 static gpg_error_t read_confirmation_request (estream_t msg);
127 static gpg_error_t command_receive_cb (void *opaque,
128 const char *mediatype, estream_t fp,
133 /* Print usage information and provide strings for help. */
135 my_strusage( int level )
141 case 11: p = "gpg-wks-client"; break;
142 case 12: p = "@GNUPG@"; break;
143 case 13: p = VERSION; break;
144 case 17: p = PRINTABLE_OS_NAME; break;
145 case 19: p = ("Please report bugs to <@EMAIL@>.\n"); break;
149 p = ("Usage: gpg-wks-client [command] [options] [args] (-h for help)");
152 p = ("Syntax: gpg-wks-client [command] [options] [args]\n"
153 "Client for the Web Key Service\n");
156 default: p = NULL; break;
163 wrong_args (const char *text)
165 es_fprintf (es_stderr, _("usage: %s [options] %s\n"), strusage (11), text);
171 /* Command line parsing. */
172 static enum cmd_and_opt_values
173 parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
175 enum cmd_and_opt_values cmd = 0;
176 int no_more_options = 0;
178 while (!no_more_options && optfile_parse (NULL, NULL, NULL, pargs, popts))
180 switch (pargs->r_opt)
182 case oQuiet: opt.quiet = 1; break;
183 case oVerbose: opt.verbose++; break;
185 if (parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags))
187 pargs->r_opt = ARGPARSE_INVALID_ARG;
188 pargs->err = ARGPARSE_PRINT_ERROR;
193 opt.gpg_program = pargs->r.ret_str;
196 opt.use_sendmail = 1;
199 opt.output = pargs->r.ret_str;
201 case oFakeSubmissionAddr:
202 fake_submission_addr = pargs->r.ret_str;
205 wks_set_status_fd (translate_sys2libc_fd_int (pargs->r.ret_int, 1));
216 default: pargs->err = 2; break;
225 /* gpg-wks-client main. */
227 main (int argc, char **argv)
231 enum cmd_and_opt_values cmd;
233 gnupg_reopen_std ("gpg-wks-client");
234 set_strusage (my_strusage);
235 log_set_prefix ("gpg-wks-client", GPGRT_LOG_WITH_PREFIX);
237 /* Make sure that our subsystems are ready. */
239 init_common_subsystems (&argc, &argv);
241 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
242 setup_libassuan_logging (&opt.debug, NULL);
244 /* Parse the command line. */
247 pargs.flags = ARGPARSE_FLAG_KEEP;
248 cmd = parse_arguments (&pargs, opts);
250 if (log_get_errorcount (0))
253 /* Print a warning if an argument looks like an option. */
254 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
258 for (i=0; i < argc; i++)
259 if (argv[i][0] == '-' && argv[i][1] == '-')
260 log_info (("NOTE: '%s' is not considered an option\n"), argv[i]);
263 /* Set defaults for non given options. */
264 if (!opt.gpg_program)
265 opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
267 /* Tell call-dirmngr what options we want. */
268 set_dirmngr_options (opt.verbose, (opt.debug & DBG_IPC_VALUE), 1);
270 /* Run the selected command. */
275 wrong_args ("--supported USER-ID");
276 err = command_supported (argv[0]);
277 if (err && gpg_err_code (err) != GPG_ERR_FALSE)
278 log_error ("checking support failed: %s\n", gpg_strerror (err));
283 wrong_args ("--create FINGERPRINT USER-ID");
284 err = command_send (argv[0], argv[1]);
286 log_error ("creating request failed: %s\n", gpg_strerror (err));
291 wrong_args ("--receive < MIME-DATA");
292 err = wks_receive (es_stdin, command_receive_cb, NULL);
294 log_error ("processing mail failed: %s\n", gpg_strerror (err));
299 wrong_args ("--read < WKS-DATA");
300 err = read_confirmation_request (es_stdin);
302 log_error ("processing mail failed: %s\n", gpg_strerror (err));
307 wrong_args ("--check USER-ID");
308 err = command_check (argv[0]);
318 wks_write_status (STATUS_FAILURE, "- %u", err);
319 else if (log_get_errorcount (0))
320 wks_write_status (STATUS_FAILURE, "- %u", GPG_ERR_GENERAL);
322 wks_write_status (STATUS_SUCCESS, NULL);
323 return log_get_errorcount (0)? 1:0;
328 struct get_key_status_parm_s
336 get_key_status_cb (void *opaque, const char *keyword, char *args)
338 struct get_key_status_parm_s *parm = opaque;
340 /*log_debug ("%s: %s\n", keyword, args);*/
341 if (!strcmp (keyword, "EXPORTED"))
344 if (!ascii_strcasecmp (args, parm->fpr))
350 /* Get a key by fingerprint from gpg's keyring and make sure that the
351 * mail address ADDRSPEC is included in the key. The key is returned
352 * as a new memory stream at R_KEY. */
354 get_key (estream_t *r_key, const char *fingerprint, const char *addrspec)
358 const char **argv = NULL;
359 estream_t key = NULL;
360 struct get_key_status_parm_s parm;
361 char *filterexp = NULL;
363 memset (&parm, 0, sizeof parm);
367 key = es_fopenmem (0, "w+b");
370 err = gpg_error_from_syserror ();
371 log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
375 /* Prefix the key with the MIME content type. */
376 es_fputs ("Content-Type: application/pgp-keys\n"
379 filterexp = es_bsprintf ("keep-uid=mbox = %s", addrspec);
382 err = gpg_error_from_syserror ();
383 log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
387 ccparray_init (&ccp, 0);
389 ccparray_put (&ccp, "--no-options");
391 ccparray_put (&ccp, "--quiet");
392 else if (opt.verbose > 1)
393 ccparray_put (&ccp, "--verbose");
394 ccparray_put (&ccp, "--batch");
395 ccparray_put (&ccp, "--status-fd=2");
396 ccparray_put (&ccp, "--always-trust");
397 ccparray_put (&ccp, "--armor");
398 ccparray_put (&ccp, "--export-options=export-minimal");
399 ccparray_put (&ccp, "--export-filter");
400 ccparray_put (&ccp, filterexp);
401 ccparray_put (&ccp, "--export");
402 ccparray_put (&ccp, "--");
403 ccparray_put (&ccp, fingerprint);
405 ccparray_put (&ccp, NULL);
406 argv = ccparray_get (&ccp, NULL);
409 err = gpg_error_from_syserror ();
412 parm.fpr = fingerprint;
413 err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL,
415 get_key_status_cb, &parm);
416 if (!err && parm.count > 1)
417 err = gpg_error (GPG_ERR_TOO_MANY);
418 else if (!err && !parm.found)
419 err = gpg_error (GPG_ERR_NOT_FOUND);
422 log_error ("export failed: %s\n", gpg_strerror (err));
439 struct decrypt_stream_parm_s
447 decrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
449 struct decrypt_stream_parm_s *decinfo = opaque;
452 log_debug ("gpg status: %s %s\n", keyword, args);
453 if (!strcmp (keyword, "DECRYPTION_KEY") && !decinfo->fpr)
457 if (split_fields (args, fields, DIM (fields)) >= 3)
459 decinfo->fpr = xstrdup (fields[0]);
460 decinfo->mainfpr = xstrdup (fields[1]);
461 decinfo->otrust = *fields[2];
466 /* Decrypt the INPUT stream to a new stream which is stored at success
469 decrypt_stream (estream_t *r_output, struct decrypt_stream_parm_s *decinfo,
478 memset (decinfo, 0, sizeof *decinfo);
480 output = es_fopenmem (0, "w+b");
483 err = gpg_error_from_syserror ();
484 log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
488 ccparray_init (&ccp, 0);
490 ccparray_put (&ccp, "--no-options");
491 /* We limit the output to 64 KiB to avoid DoS using compression
492 * tricks. A regular client will anyway only send a minimal key;
493 * that is one w/o key signatures and attribute packets. */
494 ccparray_put (&ccp, "--max-output=0x10000");
496 ccparray_put (&ccp, "--quiet");
497 else if (opt.verbose > 1)
498 ccparray_put (&ccp, "--verbose");
499 ccparray_put (&ccp, "--batch");
500 ccparray_put (&ccp, "--status-fd=2");
501 ccparray_put (&ccp, "--decrypt");
502 ccparray_put (&ccp, "--");
504 ccparray_put (&ccp, NULL);
505 argv = ccparray_get (&ccp, NULL);
508 err = gpg_error_from_syserror ();
511 err = gnupg_exec_tool_stream (opt.gpg_program, argv, input,
513 decrypt_stream_status_cb, decinfo);
514 if (!err && (!decinfo->fpr || !decinfo->mainfpr || !decinfo->otrust))
515 err = gpg_error (GPG_ERR_INV_ENGINE);
518 log_error ("decryption failed: %s\n", gpg_strerror (err));
521 else if (opt.verbose)
522 log_info ("decryption succeeded\n");
531 xfree (decinfo->fpr);
532 xfree (decinfo->mainfpr);
533 memset (decinfo, 0, sizeof *decinfo);
543 /* Check whether the provider supports the WKS protocol. */
545 command_supported (char *userid)
548 char *addrspec = NULL;
549 char *submission_to = NULL;
551 if (!strchr (userid, '@'))
553 char *tmp = xstrconcat ("foo@", userid, NULL);
554 addrspec = mailbox_from_userid (tmp);
558 addrspec = mailbox_from_userid (userid);
561 log_error (_("\"%s\" is not a proper mail address\n"), userid);
562 err = gpg_error (GPG_ERR_INV_USER_ID);
566 /* Get the submission address. */
567 err = wkd_get_submission_address (addrspec, &submission_to);
570 if (gpg_err_code (err) == GPG_ERR_NO_DATA
571 || gpg_err_code (err) == GPG_ERR_UNKNOWN_HOST)
574 log_info ("provider for '%s' does NOT support WKS (%s)\n",
575 addrspec, gpg_strerror (err));
576 err = gpg_error (GPG_ERR_FALSE);
577 log_inc_errorcount ();
582 log_info ("provider for '%s' supports WKS\n", addrspec);
585 xfree (submission_to);
592 /* Check whether the key for USERID is available in the WKD. */
594 command_check (char *userid)
597 char *addrspec = NULL;
598 estream_t key = NULL;
600 strlist_t mboxes = NULL;
604 addrspec = mailbox_from_userid (userid);
607 log_error (_("\"%s\" is not a proper mail address\n"), userid);
608 err = gpg_error (GPG_ERR_INV_USER_ID);
612 /* Get the submission address. */
613 err = wkd_get_key (addrspec, &key);
614 switch (gpg_err_code (err))
618 log_info ("public key for '%s' found via WKD\n", addrspec);
619 /* Fixme: Check that the key contains the user id. */
622 case GPG_ERR_NO_DATA: /* No such key. */
624 log_info ("public key for '%s' NOT found via WKD\n", addrspec);
625 err = gpg_error (GPG_ERR_NO_PUBKEY);
626 log_inc_errorcount ();
629 case GPG_ERR_UNKNOWN_HOST:
631 log_info ("error looking up '%s' via WKD: %s\n",
632 addrspec, gpg_strerror (err));
633 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
637 log_error ("error looking up '%s' via WKD: %s\n",
638 addrspec, gpg_strerror (err));
645 /* Look closer at the key. */
646 err = wks_list_key (key, &fpr, &mboxes);
649 log_error ("error parsing key: %s\n",
650 err? gpg_strerror (err) : "no fingerprint found");
651 err = gpg_error (GPG_ERR_NO_PUBKEY);
656 log_info ("fingerprint: %s\n", fpr);
658 for (sl = mboxes; sl; sl = sl->next)
660 if (!strcmp (sl->d, addrspec))
663 log_info (" addr-spec: %s\n", sl->d);
667 log_error ("public key for '%s' has no user id with the mail address\n",
669 err = gpg_error (GPG_ERR_CERT_REVOKED);
674 free_strlist (mboxes);
682 /* Locate the key by fingerprint and userid and send a publication
685 command_send (const char *fingerprint, char *userid)
688 KEYDB_SEARCH_DESC desc;
689 char *addrspec = NULL;
690 estream_t key = NULL;
691 estream_t keyenc = NULL;
692 char *submission_to = NULL;
693 mime_maker_t mime = NULL;
694 struct policy_flags_s policy;
698 memset (&policy, 0, sizeof policy);
700 if (classify_user_id (fingerprint, &desc, 1)
701 || !(desc.mode == KEYDB_SEARCH_MODE_FPR
702 || desc.mode == KEYDB_SEARCH_MODE_FPR20))
704 log_error (_("\"%s\" is not a fingerprint\n"), fingerprint);
705 err = gpg_error (GPG_ERR_INV_NAME);
708 addrspec = mailbox_from_userid (userid);
711 log_error (_("\"%s\" is not a proper mail address\n"), userid);
712 err = gpg_error (GPG_ERR_INV_USER_ID);
715 err = get_key (&key, fingerprint, addrspec);
719 domain = strchr (addrspec, '@');
723 /* Get the submission address. */
724 if (fake_submission_addr)
726 submission_to = xstrdup (fake_submission_addr);
730 err = wkd_get_submission_address (addrspec, &submission_to);
733 log_error (_("error looking up submission address for domain '%s': %s\n"),
734 domain, gpg_strerror (err));
735 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
736 log_error (_("this domain probably doesn't support WKS.\n"));
739 log_info ("submitting request to '%s'\n", submission_to);
741 /* Get the policy flags. */
742 if (!fake_submission_addr)
746 err = wkd_get_policy_flags (addrspec, &mbuf);
747 if (err && gpg_err_code (err) != GPG_ERR_NO_DATA)
749 log_error ("error reading policy flags for '%s': %s\n",
750 submission_to, gpg_strerror (err));
755 err = wks_parse_policy (&policy, mbuf, 1);
762 if (policy.auth_submit)
763 log_info ("no confirmation required for '%s'\n", addrspec);
765 /* Hack to support old providers. */
766 if (policy.auth_submit && !ascii_strcasecmp (domain, "posteo.de"))
768 log_info ("Warning: Using draft-1 method for domain '%s'\n", domain);
772 /* Encrypt the key part. */
776 err = encrypt_response (&keyenc, key, submission_to, fingerprint);
784 err = mime_maker_new (&mime, NULL);
787 err = mime_maker_add_header (mime, "From", addrspec);
790 err = mime_maker_add_header (mime, "To", submission_to);
793 err = mime_maker_add_header (mime, "Subject", "Key publishing request");
797 /* Tell server which draft we support. */
798 err = mime_maker_add_header (mime, "Wks-Draft-Version",
799 STR2(WKS_DRAFT_VERSION));
808 err = mime_maker_add_header (mime, "Content-type",
809 "application/pgp-keys");
813 if (es_fclose_snatch (key, &data, &datalen))
815 err = gpg_error_from_syserror ();
819 /* We need to skip over the first line which has a content-type
820 * header not needed here. */
821 for (n=0; n < datalen ; n++)
822 if (((const char *)data)[n] == '\n')
828 err = mime_maker_add_body_data (mime, (char*)data + n, datalen - n);
835 err = mime_maker_add_header (mime, "Content-Type",
836 "multipart/encrypted; "
837 "protocol=\"application/pgp-encrypted\"");
840 err = mime_maker_add_container (mime);
844 err = mime_maker_add_header (mime, "Content-Type",
845 "application/pgp-encrypted");
848 err = mime_maker_add_body (mime, "Version: 1\n");
851 err = mime_maker_add_header (mime, "Content-Type",
852 "application/octet-stream");
856 err = mime_maker_add_stream (mime, &keyenc);
861 err = wks_send_mime (mime);
864 mime_maker_release (mime);
865 xfree (submission_to);
875 encrypt_response_status_cb (void *opaque, const char *keyword, char *args)
877 gpg_error_t *failure = opaque;
881 log_debug ("gpg status: %s %s\n", keyword, args);
883 if (!strcmp (keyword, "FAILURE"))
885 if (split_fields (args, fields, DIM (fields)) >= 2
886 && !strcmp (fields[0], "encrypt"))
887 *failure = strtoul (fields[1], NULL, 10);
893 /* Encrypt the INPUT stream to a new stream which is stored at success
894 * at R_OUTPUT. Encryption is done for ADDRSPEC and for FINGERPRINT
895 * (so that the sent message may later be inspected by the user). We
896 * currently retrieve that key from the WKD, DANE, or from "local".
897 * "local" is last to prefer the latest key version but use a local
898 * copy in case we are working offline. It might be useful for the
899 * server to send the fingerprint of its encryption key - or even the
900 * entire key back. */
902 encrypt_response (estream_t *r_output, estream_t input, const char *addrspec,
903 const char *fingerprint)
909 gpg_error_t gpg_err = 0;
913 output = es_fopenmem (0, "w+b");
916 err = gpg_error_from_syserror ();
917 log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
921 ccparray_init (&ccp, 0);
923 ccparray_put (&ccp, "--no-options");
925 ccparray_put (&ccp, "--quiet");
926 else if (opt.verbose > 1)
927 ccparray_put (&ccp, "--verbose");
928 ccparray_put (&ccp, "--batch");
929 ccparray_put (&ccp, "--status-fd=2");
930 ccparray_put (&ccp, "--always-trust");
931 ccparray_put (&ccp, "--armor");
932 if (fake_submission_addr)
933 ccparray_put (&ccp, "--auto-key-locate=clear,local");
935 ccparray_put (&ccp, "--auto-key-locate=clear,wkd,dane,local");
936 ccparray_put (&ccp, "--recipient");
937 ccparray_put (&ccp, addrspec);
938 ccparray_put (&ccp, "--recipient");
939 ccparray_put (&ccp, fingerprint);
940 ccparray_put (&ccp, "--encrypt");
941 ccparray_put (&ccp, "--");
943 ccparray_put (&ccp, NULL);
944 argv = ccparray_get (&ccp, NULL);
947 err = gpg_error_from_syserror ();
950 err = gnupg_exec_tool_stream (opt.gpg_program, argv, input,
952 encrypt_response_status_cb, &gpg_err);
957 log_error ("encryption failed: %s\n", gpg_strerror (err));
973 send_confirmation_response (const char *sender, const char *address,
974 const char *nonce, int encrypt,
975 const char *fingerprint)
978 estream_t body = NULL;
979 estream_t bodyenc = NULL;
980 mime_maker_t mime = NULL;
982 body = es_fopenmem (0, "w+b");
985 err = gpg_error_from_syserror ();
986 log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
990 /* It is fine to use 8 bit encoding because that is encrypted and
991 * only our client will see it. */
994 es_fputs ("Content-Type: application/vnd.gnupg.wks\n"
995 "Content-Transfer-Encoding: 8bit\n"
1000 es_fprintf (body, ("type: confirmation-response\n"
1011 err = encrypt_response (&bodyenc, body, sender, fingerprint);
1018 err = mime_maker_new (&mime, NULL);
1021 err = mime_maker_add_header (mime, "From", address);
1024 err = mime_maker_add_header (mime, "To", sender);
1027 err = mime_maker_add_header (mime, "Subject", "Key publication confirmation");
1030 err = mime_maker_add_header (mime, "Wks-Draft-Version",
1031 STR2(WKS_DRAFT_VERSION));
1037 err = mime_maker_add_header (mime, "Content-Type",
1038 "multipart/encrypted; "
1039 "protocol=\"application/pgp-encrypted\"");
1042 err = mime_maker_add_container (mime);
1046 err = mime_maker_add_header (mime, "Content-Type",
1047 "application/pgp-encrypted");
1050 err = mime_maker_add_body (mime, "Version: 1\n");
1053 err = mime_maker_add_header (mime, "Content-Type",
1054 "application/octet-stream");
1058 err = mime_maker_add_stream (mime, &bodyenc);
1064 err = mime_maker_add_header (mime, "Content-Type",
1065 "application/vnd.gnupg.wks");
1068 err = mime_maker_add_stream (mime, &body);
1073 err = wks_send_mime (mime);
1076 mime_maker_release (mime);
1077 es_fclose (bodyenc);
1083 /* Reply to a confirmation request. The MSG has already been
1084 * decrypted and we only need to send the nonce back. MAINFPR is
1085 * either NULL or the primary key fingerprint of the key used to
1086 * decrypt the request. */
1088 process_confirmation_request (estream_t msg, const char *mainfpr)
1093 const char *value, *sender, *address, *fingerprint, *nonce;
1095 err = nvc_parse (&nvc, NULL, msg);
1098 log_error ("parsing the WKS message failed: %s\n", gpg_strerror (err));
1104 log_debug ("request follows:\n");
1105 nvc_write (nvc, log_get_stream ());
1108 /* Check that this is a confirmation request. */
1109 if (!((item = nvc_lookup (nvc, "type:")) && (value = nve_value (item))
1110 && !strcmp (value, "confirmation-request")))
1113 log_error ("received unexpected wks message '%s'\n", value);
1115 log_error ("received invalid wks message: %s\n", "'type' missing");
1116 err = gpg_error (GPG_ERR_UNEXPECTED_MSG);
1120 /* Get the fingerprint. */
1121 if (!((item = nvc_lookup (nvc, "fingerprint:"))
1122 && (value = nve_value (item))
1123 && strlen (value) >= 40))
1125 log_error ("received invalid wks message: %s\n",
1126 "'fingerprint' missing or invalid");
1127 err = gpg_error (GPG_ERR_INV_DATA);
1130 fingerprint = value;
1132 /* Check that the fingerprint matches the key used to decrypt the
1133 * message. In --read mode or with the old format we don't have the
1134 * decryption key; thus we can't bail out. */
1135 if (!mainfpr || ascii_strcasecmp (mainfpr, fingerprint))
1137 log_info ("target fingerprint: %s\n", fingerprint);
1138 log_info ("but decrypted with: %s\n", mainfpr);
1139 log_error ("confirmation request not decrypted with target key\n");
1142 err = gpg_error (GPG_ERR_INV_DATA);
1147 /* Get the address. */
1148 if (!((item = nvc_lookup (nvc, "address:")) && (value = nve_value (item))
1149 && is_valid_mailbox (value)))
1151 log_error ("received invalid wks message: %s\n",
1152 "'address' missing or invalid");
1153 err = gpg_error (GPG_ERR_INV_DATA);
1157 /* FIXME: Check that the "address" matches the User ID we want to
1160 /* Get the sender. */
1161 if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
1162 && is_valid_mailbox (value)))
1164 log_error ("received invalid wks message: %s\n",
1165 "'sender' missing or invalid");
1166 err = gpg_error (GPG_ERR_INV_DATA);
1170 /* FIXME: Check that the "sender" matches the From: address. */
1172 /* Get the nonce. */
1173 if (!((item = nvc_lookup (nvc, "nonce:")) && (value = nve_value (item))
1174 && strlen (value) > 16))
1176 log_error ("received invalid wks message: %s\n",
1177 "'nonce' missing or too short");
1178 err = gpg_error (GPG_ERR_INV_DATA);
1183 /* Send the confirmation. If no key was found, try again without
1185 err = send_confirmation_response (sender, address, nonce, 1, fingerprint);
1186 if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY)
1188 log_info ("no encryption key found - sending response in the clear\n");
1189 err = send_confirmation_response (sender, address, nonce, 0, NULL);
1198 /* Read a confirmation request and decrypt it if needed. This
1199 * function may not be used with a mail or MIME message but only with
1200 * the actual encrypted or plaintext WKS data. */
1202 read_confirmation_request (estream_t msg)
1206 estream_t plaintext = NULL;
1208 /* We take a really simple approach to check whether MSG is
1209 * encrypted: We know that an encrypted message is always armored
1210 * and thus starts with a few dashes. It is even sufficient to
1211 * check for a single dash, because that can never be a proper first
1212 * WKS data octet. We need to skip leading spaces, though. */
1213 while ((c = es_fgetc (msg)) == ' ' || c == '\t' || c == '\r' || c == '\n')
1217 log_error ("can't process an empty message\n");
1218 return gpg_error (GPG_ERR_INV_DATA);
1220 if (es_ungetc (c, msg) != c)
1222 log_error ("error ungetting octet from message\n");
1223 return gpg_error (GPG_ERR_INTERNAL);
1227 err = process_confirmation_request (msg, NULL);
1230 struct decrypt_stream_parm_s decinfo;
1232 err = decrypt_stream (&plaintext, &decinfo, msg);
1234 log_error ("decryption failed: %s\n", gpg_strerror (err));
1235 else if (decinfo.otrust != 'u')
1237 err = gpg_error (GPG_ERR_WRONG_SECKEY);
1238 log_error ("key used to decrypt the confirmation request"
1239 " was not generated by us\n");
1242 err = process_confirmation_request (plaintext, decinfo.mainfpr);
1243 xfree (decinfo.fpr);
1244 xfree (decinfo.mainfpr);
1247 es_fclose (plaintext);
1252 /* Called from the MIME receiver to process the plain text data in MSG. */
1254 command_receive_cb (void *opaque, const char *mediatype,
1255 estream_t msg, unsigned int flags)
1262 if (!strcmp (mediatype, "application/vnd.gnupg.wks"))
1263 err = read_confirmation_request (msg);
1266 log_info ("ignoring unexpected message of type '%s'\n", mediatype);
1267 err = gpg_error (GPG_ERR_UNEXPECTED_MSG);
projects / gnupg.git / blob