Improved detection of bad/invalid signer keys.
authorWerner Koch <wk@gnupg.org>
Thu, 6 Aug 2009 20:12:00 +0000 (20:12 +0000)
committerWerner Koch <wk@gnupg.org>
Thu, 6 Aug 2009 20:12:00 +0000 (20:12 +0000)
13 files changed:
common/ChangeLog
common/status.c
common/status.h
doc/ChangeLog
doc/DETAILS
g10/ChangeLog
g10/cpr.c
g10/seckey-cert.c
g10/skclist.c
sm/ChangeLog
sm/gpgsm.c
sm/server.c
sm/sign.c

index c056c4c..b9c4818 100644 (file)
@@ -1,3 +1,8 @@
+2009-08-06  Werner Koch  <wk@g10code.com>
+
+       * status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New.
+       * status.c (get_inv_recpsgnr_code): New.
+
 2009-07-23  David Shaw  <dshaw@jabberwocky.com>
 
        * srv.c (getsrv): Fix type-punning warning.
index 7012edf..e9f84bf 100644 (file)
@@ -36,3 +36,30 @@ get_status_string ( int no )
     return statusstr_msgstr + statusstr_msgidx[idx];
 }
 
+
+const char *
+get_inv_recpsgnr_code (gpg_error_t err)
+{
+  const char *errstr;
+  
+  switch (gpg_err_code (err))
+    {
+    case GPG_ERR_NO_PUBKEY:       errstr = "1"; break;
+    case GPG_ERR_AMBIGUOUS_NAME:  errstr = "2"; break;
+    case GPG_ERR_WRONG_KEY_USAGE: errstr = "3"; break;
+    case GPG_ERR_CERT_REVOKED:    errstr = "4"; break;
+    case GPG_ERR_CERT_EXPIRED:    errstr = "5"; break;
+    case GPG_ERR_NO_CRL_KNOWN:    errstr = "6"; break;
+    case GPG_ERR_CRL_TOO_OLD:     errstr = "7"; break;
+    case GPG_ERR_NO_POLICY_MATCH: errstr = "8"; break;
+
+    case GPG_ERR_UNUSABLE_SECKEY:
+    case GPG_ERR_NO_SECKEY:       errstr = "9"; break;
+
+    case GPG_ERR_NOT_TRUSTED:     errstr = "10"; break;
+    case GPG_ERR_MISSING_CERT:    errstr = "11"; break;
+    default:                      errstr = "0"; break;
+    }
+
+  return errstr;
+}
index 50a1191..a11f2a3 100644 (file)
@@ -91,7 +91,9 @@ enum
     STATUS_USERID_HINT,
     STATUS_UNEXPECTED,
     STATUS_INV_RECP,
+    STATUS_INV_SGNR,
     STATUS_NO_RECP,
+    STATUS_NO_SGNR,
 
     STATUS_ALREADY_SIGNED,
     STATUS_KEYEXPIRED,
@@ -127,6 +129,7 @@ enum
 
 
 const char *get_status_string (int code);
+const char *get_inv_recpsgnr_code (gpg_error_t err);
 
 
 #endif /*GNUPG_COMMON_STATUS_H*/
index 17d2c52..6289246 100644 (file)
@@ -1,3 +1,7 @@
+2009-08-06  Werner Koch  <wk@g10code.com>
+
+       * DETAILS: Describe the new INV_SNDR and NO_SNDR..
+
 2009-07-31  David Shaw  <dshaw@jabberwocky.com>
 
        * gpg.texi (OpenPGP Options): Don't mention
index cf940c0..f4be2b9 100644 (file)
@@ -361,7 +361,7 @@ more arguments in future versions.
 
     KEYEXPIRED <expire-timestamp>
        The key has expired.  expire-timestamp is the expiration time
-       in seconds sice Epoch.  This status line is not very useful
+       in seconds since Epoch.  This status line is not very useful
        because it will also be emitted for expired subkeys even if
        this subkey is not used.  To check whether a key used to sign
        a message has expired, the EXPKEYSIG status line is to be
@@ -571,7 +571,8 @@ more arguments in future versions.
         Issued by pipemode.
 
     INV_RECP <reason> <requested_recipient>
-        Issued for each unusable recipient. The reasons codes
+    INV_SGNR <reason> <requested_sender>
+        Issued for each unusable recipient/sender. The reasons codes
         currently in use are:
           0 := "No specific reason given".
           1 := "Not Found"
@@ -584,13 +585,20 @@ more arguments in future versions.
           8 := "Policy mismatch"
           9 := "Not a secret key"
         10 := "Key not trusted"
-         11 := "Missing certifciate"  (e.g. intermediate or root cert.)
+         11 := "Missing certificate"  (e.g. intermediate or root cert.)
+
+        Note that for historical reasons the INV_RECP status is also
+        used for gpgsm's SIGNER command where it relates to signer's
+        of course.  Newer GnuPG versions are using INV_SGNR;
+        applications should ignore the INV_RECP during the sender's
+        command processing once they have seen an INV_SGNR.  We use
+        different code so that we can distinguish them while doing an
+        encrypt+sign.
 
-        Note that this status is also used for gpgsm's SIGNER command
-        where it relates to signer's of course.
 
     NO_RECP <reserved>
-        Issued when no recipients are usable.
+    NO_SGNR <reserved>
+        Issued when no recipients/senders are usable.
 
     ALREADY_SIGNED <long-keyid>
         Warning: This is experimental and might be removed at any time.
index 4137f1d..7e6a6f7 100644 (file)
@@ -1,3 +1,9 @@
+2009-08-06  Werner Koch  <wk@g10code.com>
+
+       * skclist.c (build_sk_list): Print INV_SGNR status line.
+       * seckey-cert.c (do_check): Return G10ERR_UNU_SECKEY instead of
+       general error.
+
 2009-08-05  Werner Koch  <wk@g10code.com>
 
        * card-util.c: Enable readline support also in GnuPG-2.
index a20a811..1533ac6 100644 (file)
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -202,6 +202,12 @@ write_status_text_and_buffer ( int no, const char *string,
             if (first && string) {
                 fputs (string, statusfp);
                 count += strlen (string);
+                /* Make sure that there is space after the string.  */
+                if (*string && string[strlen (string)-1] != ' ')
+                  {
+                    putc (' ', statusfp);
+                    count++;
+                  }
             }
             first = 0;
         }
index 8216735..1398b18 100644 (file)
@@ -53,7 +53,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
 
        if( sk->protect.s2k.mode == 1001 ) {
            log_info(_("secret key parts are not available\n"));
-           return G10ERR_GENERAL;
+           return G10ERR_UNU_SECKEY;
        }
        if( sk->protect.algo == CIPHER_ALGO_NONE )
            BUG();
index d644e71..70b375a 100644 (file)
@@ -128,6 +128,8 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
        if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
          free_secret_key( sk ); sk = NULL;
          log_error("no default secret key: %s\n", g10_errstr(rc) );
+          write_status_text (STATUS_INV_SGNR,
+                             get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY));
        }
        else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) )
          {
@@ -138,6 +140,8 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
                log_info(_("key is not flagged as insecure - "
                           "can't use it with the faked RNG!\n"));
                free_secret_key( sk ); sk = NULL;
+                write_status_text (STATUS_INV_SGNR, 
+                                   get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED));
              }
            else
              {
@@ -152,6 +156,7 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
          {
            free_secret_key( sk ); sk = NULL;
            log_error("invalid default secret key: %s\n", g10_errstr(rc) );
+            write_status_text (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc));
          }
       }
     else {
@@ -176,6 +181,9 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
                free_secret_key( sk ); sk = NULL;
                log_error(_("skipped \"%s\": %s\n"),
                          locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
              }
             else if ( key_present_in_sk_list(sk_list, sk) == 0) {
                 free_secret_key(sk); sk = NULL;
@@ -186,6 +194,9 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
                free_secret_key( sk ); sk = NULL;
                log_error(_("skipped \"%s\": %s\n"),
                          locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
              }
            else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) ) {
                SK_LIST r;
@@ -197,11 +208,19 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
                             _("this is a PGP generated Elgamal key which"
                               " is not secure for signatures!"));
                    free_secret_key( sk ); sk = NULL;
+                    write_status_text_and_buffer 
+                      (STATUS_INV_SGNR, 
+                       get_inv_recpsgnr_code (GPG_ERR_WRONG_KEY_USAGE), 
+                       locusr->d, strlen (locusr->d), -1);
                  }
                else if( random_is_faked() && !is_insecure( sk ) ) {
                    log_info(_("key is not flagged as insecure - "
                               "can't use it with the faked RNG!\n"));
                    free_secret_key( sk ); sk = NULL;
+                    write_status_text_and_buffer 
+                      (STATUS_INV_SGNR, 
+                       get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED), 
+                       locusr->d, strlen (locusr->d), -1);
                }
                else {
                    r = xmalloc( sizeof *r );
@@ -214,6 +233,9 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
            else {
                free_secret_key( sk ); sk = NULL;
                log_error("skipped \"%s\": %s\n", locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
            }
        }
     }
@@ -221,6 +243,7 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 
     if( !rc && !sk_list ) {
        log_error("no valid signators\n");
+        write_status_text (STATUS_NO_SGNR, "0");
        rc = G10ERR_NO_USER_ID;
     }
 
index a88b079..4ac4457 100644 (file)
@@ -1,3 +1,13 @@
+2009-08-06  Werner Koch  <wk@g10code.com>
+
+       * sign.c (gpgsm_sign): Print INV_SNDR for a bad default key.
+
+       * server.c (cmd_signer): Remove unneeded case for -1.  Send
+       INV_SGNR.  Use new map function.
+       (cmd_recipient): Use new map function.
+       * gpgsm.c (do_add_recipient): Use new map function for INV_RECP.
+       (main): Ditto.  Also send INV_SGNR.
+
 2009-07-30  Werner Koch  <wk@g10code.com>
 
        * call-agent.c (learn_cb): Do not store as ephemeral.
index 93e9076..042e5d3 100644 (file)
@@ -704,17 +704,7 @@ do_add_recipient (ctrl_t ctrl, const char *name,
         {
           log_error ("can't encrypt to `%s': %s\n", name, gpg_strerror (rc));
           gpgsm_status2 (ctrl, STATUS_INV_RECP,
-                     gpg_err_code (rc) == -1?                         "1":
-                     gpg_err_code (rc) == GPG_ERR_NO_PUBKEY?          "1":
-                     gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME?     "2":
-                     gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE?    "3":
-                     gpg_err_code (rc) == GPG_ERR_CERT_REVOKED?       "4":
-                     gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED?       "5":
-                     gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN?       "6":
-                     gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD?        "7":
-                     gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH?    "8":
-                     "0",
-                     name, NULL);
+                         get_inv_recpsgnr_code (rc), name, NULL);
         }
       else
         log_info (_("NOTE: won't be able to encrypt to `%s': %s\n"),
@@ -1570,19 +1560,10 @@ main ( int argc, char **argv)
             {
               log_error (_("can't sign using `%s': %s\n"),
                          sl->d, gpg_strerror (rc));
+              gpgsm_status2 (&ctrl, STATUS_INV_SGNR,
+                             get_inv_recpsgnr_code (rc), sl->d, NULL);
               gpgsm_status2 (&ctrl, STATUS_INV_RECP,
-                         gpg_err_code (rc) == -1?                      "1":
-                         gpg_err_code (rc) == GPG_ERR_NO_PUBKEY?       "1":
-                         gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME?  "2":
-                         gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
-                         gpg_err_code (rc) == GPG_ERR_CERT_REVOKED?    "4":
-                         gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED?    "5":
-                         gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN?    "6":
-                         gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD?     "7":
-                         gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
-                         gpg_err_code (rc) == GPG_ERR_NO_SECKEY?       "9":
-                         "0",
-                         sl->d, NULL);
+                             get_inv_recpsgnr_code (rc), sl->d, NULL);
             }
         }
       
index f6c8af9..b88dc69 100644 (file)
@@ -384,20 +384,8 @@ cmd_recipient (assuan_context_t ctx, char *line)
                                 &ctrl->server_local->recplist, 0);
   if (rc)
     {
-      gpg_err_code_t r = gpg_err_code (rc);
       gpgsm_status2 (ctrl, STATUS_INV_RECP,
-                   r == -1? "1":
-                   r == GPG_ERR_NO_PUBKEY?       "1":
-                   r == GPG_ERR_AMBIGUOUS_NAME?  "2":
-                   r == GPG_ERR_WRONG_KEY_USAGE? "3":
-                   r == GPG_ERR_CERT_REVOKED?    "4":
-                   r == GPG_ERR_CERT_EXPIRED?    "5":
-                   r == GPG_ERR_NO_CRL_KNOWN?    "6":
-                   r == GPG_ERR_CRL_TOO_OLD?     "7":
-                   r == GPG_ERR_NO_POLICY_MATCH? "8":
-                   r == GPG_ERR_MISSING_CERT?   "11":
-                   "0",
-                   line, NULL);
+                     get_inv_recpsgnr_code (rc), line, NULL);
     }
 
   return rc;
@@ -415,10 +403,7 @@ cmd_recipient (assuan_context_t ctx, char *line)
   has to take care of this.  All SIGNER commands are cumulative until
   a RESET but they are *not* reset by an SIGN command becuase it can
   be expected that set of signers are used for more than one sign
-  operation.  
-
-  Note that this command returns an INV_RECP status which is a bit
-  strange, but they are very similar.  */
+  operation.  */
 static int 
 cmd_signer (assuan_context_t ctx, char *line)
 {
@@ -429,21 +414,12 @@ cmd_signer (assuan_context_t ctx, char *line)
                               &ctrl->server_local->signerlist, 0);
   if (rc)
     {
-      gpg_err_code_t r = gpg_err_code (rc);
-      gpgsm_status2 (ctrl, STATUS_INV_RECP,
-                   r == -1?                          "1":
-                   r == GPG_ERR_NO_PUBKEY?           "1":
-                   r == GPG_ERR_AMBIGUOUS_NAME?      "2":
-                   r == GPG_ERR_WRONG_KEY_USAGE?     "3":
-                   r == GPG_ERR_CERT_REVOKED?        "4":
-                   r == GPG_ERR_CERT_EXPIRED?        "5":
-                   r == GPG_ERR_NO_CRL_KNOWN?        "6":
-                   r == GPG_ERR_CRL_TOO_OLD?         "7":
-                   r == GPG_ERR_NO_POLICY_MATCH?     "8":
-                   r == GPG_ERR_NO_SECKEY?           "9":
-                   r == GPG_ERR_MISSING_CERT?       "11":
-                   "0",
-                  line, NULL);
+      gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                     get_inv_recpsgnr_code (rc), line, NULL);
+      /* For compatibiliy reasons we also issue the old code after the
+         new one.  */
+      gpgsm_status2 (ctrl, STATUS_INV_RECP, 
+                     get_inv_recpsgnr_code (rc), line, NULL);
     }
   return rc;
 }
index 0569052..776a5a5 100644 (file)
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -372,6 +372,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       if (!cert)
         {
           log_error ("no default signer found\n");
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                         get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
           rc = gpg_error (GPG_ERR_GENERAL);
           goto leave;
         }
@@ -382,7 +384,15 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       if (!rc)
         rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
       if (rc)
-        goto leave;
+        {
+          char *tmpfpr;
+
+          tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                         get_inv_recpsgnr_code (rc), tmpfpr, NULL);
+          xfree (tmpfpr);
+          goto leave;
+        }
 
       /* That one is fine - create signerlist. */
       signerlist = xtrycalloc (1, sizeof *signerlist);