OpenVAS Scanner 22.7.9
Functions
nasl_signature.c File Reference
#include "nasl_signature.h"
#include "nasl_debug.h"
#include "nasl_func.h"
#include "nasl_lex_ctxt.h"
#include "nasl_tree.h"
#include "nasl_var.h"
#include <gvm/util/gpgmeutils.h>
#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
Include dependency graph for nasl_signature.c:

Go to the source code of this file.

Functions

static void print_gpgme_error (char *function, gpgme_error_t err)
 Prints an error message for errors returned by gpgme.
 
static int examine_signatures (gpgme_verify_result_t result, int sig_count)
 Checks whether the signature verification result contains one.
 
int nasl_verify_signature (const char *filename, const char *fcontent, size_t flen)
 

Function Documentation

◆ examine_signatures()

static int examine_signatures ( gpgme_verify_result_t  result,
int  sig_count 
)
static

Checks whether the signature verification result contains one.

signature and whether signature is fully valid.

The function returns 1 if the signature is fully valid and 0 otherwise.

Parameters
resultThe verification result to examine.
Returns
1 if the signature is found and it is fully valid, 0 otherwise.

Definition at line 44 of file nasl_signature.c.

45{
46 gpgme_signature_t sig;
47
48 nasl_trace (NULL, "examine_signatures\n");
49
50 sig = result->signatures;
51
52 if (nasl_trace_enabled ())
53 {
54 nasl_trace (NULL, "examine_signatures: signature #%d:\n", sig_count);
55 nasl_trace (NULL, "examine_signatures: summary: %d\n", sig->summary);
56 nasl_trace (NULL, "examine_signatures: validity: %d\n", sig->validity);
57 nasl_trace (NULL, "examine_signatures: status: %s\n",
58 gpg_strerror (sig->status));
59 nasl_trace (NULL, "examine_signatures: timestamp: %ld\n",
60 sig->timestamp);
61 nasl_trace (NULL, "examine_signatures: exp_timestamp: %ld\n",
62 sig->exp_timestamp);
63 nasl_trace (NULL, "examine_signatures: fpr: %s\n", sig->fpr);
64 }
65
66 if (sig->summary & GPGME_SIGSUM_VALID)
67 {
68 nasl_trace (NULL, "examine_signatures: signature is valid\n");
69 return 1;
70 }
71 else
72 {
73 nasl_trace (NULL, "examine_signatures: signature is invalid\n");
74 }
75
76 return 0;
77}
nasl_trace_enabled
int nasl_trace_enabled(void)
Checks if the nasl_trace_fp is set.
Definition: nasl_debug.c:161
nasl_trace
void nasl_trace(lex_ctxt *lexic, char *msg,...)
Prints debug message in printf fashion to nasl_trace_fp if it exists.
Definition: nasl_debug.c:175

References nasl_trace(), and nasl_trace_enabled().

Referenced by nasl_verify_signature().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nasl_verify_signature()

int nasl_verify_signature ( const char *  filename,
const char *  fcontent,
size_t  flen 
)

Checks the detached OpenPGP signature of the file given by FILENAME. The name of the signature file is derived from FILENAME by appending ".asc".

If a signature file exists and it contains at least one fully valid signature, the function returns 0. If all of the signatures are not valid or were made by an unknown or untrusted key, the function returns 1. If an error occurs or the file does not have a corresponding detached signature the function returns -1.

Parameters
filenameFilename (e.g. 1.txt) for which to check signature (e.g. 1.txt.asc).
Returns
Zero, if files exists and at least one signature is fully trusted. 1 if all signatures are invalid or untrusted key. -1 on missing file or error.

Definition at line 98 of file nasl_signature.c.

99{
100 int retcode = -1, sig_count = 0;
101 char *sigfilename = NULL;
102 gsize siglen = 0;
103 gchar *scontent = NULL;
104 gchar *offset = NULL;
105 gchar *endpos = NULL;
106 gchar *path = g_build_filename (OPENVAS_GPG_BASE_DIR, "gnupg", NULL);
107 gboolean success;
108 gpgme_error_t err;
109 gpgme_ctx_t ctx = gvm_init_gpgme_ctx_from_dir (path);
110 gpgme_data_t sig = NULL, text = NULL;
111
112 g_free (path);
113 if (ctx == NULL)
114 {
115 nasl_trace (NULL, "gpgme context could not be initialized.\n");
116 goto fail;
117 }
118
119 /* Signatures file is buffered. */
120 sigfilename = g_malloc0 (strlen (filename) + 4 + 1);
121 strcpy (sigfilename, filename);
122 strcat (sigfilename, ".asc");
123 nasl_trace (NULL, "nasl_verify_signature: loading signature file '%s'\n",
124 sigfilename);
125
126 success = g_file_get_contents (sigfilename, &scontent, NULL, NULL);
127 /* If the signature file doesn't exist, fail without an error message
128 * because an unsigned file is a very common and expected
129 * condition */
130 if (!success)
131 goto fail;
132
133 /* Start to parse the signature file to find signatures. */
134 offset = g_strstr_len (scontent, strlen (scontent), "-----B");
135 if (!offset)
136 {
137 nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
138 sigfilename);
139 goto fail;
140 }
141 endpos = g_strstr_len (offset, -1, "-----E");
142 if (endpos)
143 siglen = strlen (offset) - strlen (endpos) + 17;
144 else
145 {
146 nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
147 sigfilename);
148 goto fail;
149 }
150
151 do
152 {
153 sig_count++;
154
155 /* Load file in memory. */
156 err = gpgme_data_new_from_mem (&text, fcontent, flen, 1);
157 if (err)
158 {
159 print_gpgme_error ("gpgme_data_new_from_file", err);
160 goto fail;
161 }
162
163 /* Load a founded signature in memory. */
164 err = gpgme_data_new_from_mem (&sig, offset, siglen, 1);
165 if (err)
166 nasl_trace (NULL, "nasl_verify_signature: %s: %s\n", sigfilename,
167 gpgme_strerror (err));
168
169 /* Verify the signature. */
170 err = gpgme_op_verify (ctx, sig, text, NULL);
171 nasl_trace (NULL,
172 "nasl_verify_signature: gpgme_op_verify "
173 "-> '%d'\n",
174 err);
175 if (err)
176 print_gpgme_error ("gpgme_op_verify", err);
177 else
178 {
179 if (examine_signatures (gpgme_op_verify_result (ctx), sig_count))
180 {
181 retcode = 0;
182 goto fail;
183 }
184 else
185 retcode = 1;
186 }
187
188 /* Search a new signature. */
189 offset = g_strstr_len (offset + 1, strlen (offset), "-----B");
190 if (offset)
191 {
192 if ((endpos = g_strstr_len (offset, strlen (offset), "-----E")))
193 siglen = (strlen (offset) - strlen (endpos) + 17);
194 else
195 {
196 nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
197 sigfilename);
198 goto fail;
199 }
200 }
201
202 gpgme_data_release (sig);
203 sig = NULL;
204 gpgme_data_release (text);
205 text = NULL;
206 }
207 while (offset);
208
209fail:
210 g_free (scontent);
211 if (sig)
212 gpgme_data_release (sig);
213 if (text)
214 gpgme_data_release (text);
215 if (ctx != NULL)
216 gpgme_release (ctx);
217 g_free (sigfilename);
218
219 return retcode;
220}
examine_signatures
static int examine_signatures(gpgme_verify_result_t result, int sig_count)
Checks whether the signature verification result contains one.
Definition: nasl_signature.c:44
print_gpgme_error
static void print_gpgme_error(char *function, gpgme_error_t err)
Prints an error message for errors returned by gpgme.
Definition: nasl_signature.c:27

References examine_signatures(), nasl_trace(), and print_gpgme_error().

Here is the call graph for this function:

◆ print_gpgme_error()

static void print_gpgme_error ( char *  function,
gpgme_error_t  err 
)
static

Prints an error message for errors returned by gpgme.

Parameters
functionCalling function name (debug info).
errThe gpgme error that caused the problem.

Definition at line 27 of file nasl_signature.c.

28{
29 nasl_perror (NULL, "%s failed: %s/%s\n", function, gpgme_strsource (err),
30 gpgme_strerror (err));
31}
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111

References nasl_perror().

Referenced by nasl_verify_signature().

Here is the call graph for this function:
Here is the caller graph for this function: