OpenVAS Libraries  9.0.3
nasl_signature.c File Reference
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <locale.h>
#include "nasl_signature.h"
#include "nasl_tree.h"
#include "nasl_var.h"
#include "nasl_func.h"
#include "nasl_lex_ctxt.h"
#include "nasl_debug.h"
Include dependency graph for nasl_signature.c:

Go to the source code of this file.

Functions

int nasl_verify_signature (const char *filename)
 

Function Documentation

◆ nasl_verify_signature()

int nasl_verify_signature ( const char *  filename)

Checks the detached OpenPGP signature of the file given by FILENAME. The name of the signature file is derived from FILENAME by appending ".asc".

If a signature file exists and it contains at least one fully valid signature, the function returns 0. If all of the signatures are not valid or were made by an unknown or untrusted key, the function returns 1. If an error occurs or the file does not have a corresponding detached signature the function returns -1.

Parameters
filenameFilename (e.g. 1.txt) for which to check signature (e.g. 1.txt.asc).
Returns
Zero, if files exists and at least one signature is fully trusted. 1 if all signatures are invalid or untrusted key. -1 on missing file or error.

Definition at line 118 of file nasl_signature.c.

119 {
120  int retcode = -1, sig_count = 0;
121  char *sigfilename = NULL;
122  gsize siglen = 0, flen = 0;
123  gchar * scontent = NULL;
124  gchar * offset = NULL;
125  gchar * endpos = NULL;
126  gchar * fcontent = NULL;
127  gboolean success;
128  gpgme_error_t err;
129  gpgme_ctx_t ctx = openvas_init_gpgme_sysconf_ctx ();
130  gpgme_data_t sig = NULL, text = NULL;
131 
132  if (ctx == NULL)
133  {
134  nasl_trace (NULL, "gpgme context could not be initialized.\n");
135  goto fail;
136  }
137 
138  /* Scriptfile is buffered. */
139  nasl_trace (NULL, "nasl_verify_signature: loading scriptfile '%s'\n",
140  filename);
141  if (!g_file_get_contents (filename, &fcontent, &flen, NULL))
142  goto fail;
143 
144  /* Signatures file is buffered. */
145  sigfilename = g_malloc0 (strlen (filename) + 4 + 1);
146  strcpy (sigfilename, filename);
147  strcat (sigfilename, ".asc");
148  nasl_trace (NULL, "nasl_verify_signature: loading signature file '%s'\n",
149  sigfilename);
150  success = g_file_get_contents (sigfilename, &scontent, NULL, NULL);
151  /* If the signature file doesn't exist, fail without an error message
152  * because an unsigned file is a very common and expected
153  * condition */
154  if (!success)
155  goto fail;
156 
157 /* Start to parse the signature file to find signatures. */
158  offset = g_strstr_len (scontent, strlen(scontent), "-----B");
159  if (!offset)
160  {
161  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
162  sigfilename);
163  goto fail;
164  }
165  endpos = g_strstr_len (offset,-1, "-----E");
166  if (endpos)
167  siglen = strlen(offset) - strlen(endpos) + 17 ;
168  else
169  {
170  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
171  sigfilename);
172  goto fail;
173  }
174 
175  do
176  {
177  sig_count++;
178 
179  /* Load file in memory. */
180  err = gpgme_data_new_from_mem (&text, fcontent, flen, 1);
181  if (err)
182  {
183  print_gpgme_error ("gpgme_data_new_from_file", err);
184  goto fail;
185  }
186 
187  /* Load a founded signature in memory. */
188  err = gpgme_data_new_from_mem (&sig, offset, siglen, 1);
189  if (err)
190  nasl_trace (NULL, "nasl_verify_signature: %s: %s\n",
191  sigfilename, gpgme_strerror (err));
192 
193  /* Verify the signature. */
194  err = gpgme_op_verify (ctx, sig, text, NULL);
195  nasl_trace (NULL, "nasl_verify_signature: gpgme_op_verify "
196  "-> '%d'\n", err);
197  if (err)
198  print_gpgme_error ("gpgme_op_verify", err);
199  else
200  {
201  if (examine_signatures (gpgme_op_verify_result (ctx), sig_count))
202  {
203  retcode = 0;
204  goto fail;
205  }
206  else
207  retcode = 1;
208  }
209 
210  /* Search a new signature. */
211  offset = g_strstr_len (offset + 1, strlen(offset), "-----B");
212  if (offset)
213  {
214  if ( (endpos = g_strstr_len (offset, strlen (offset), "-----E")) )
215  siglen = (strlen(offset) - strlen(endpos) + 17);
216  else
217  {
218  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
219  sigfilename);
220  goto fail;
221  }
222  }
223 
224  gpgme_data_release (sig);
225  sig = NULL;
226  gpgme_data_release (text);
227  text = NULL;
228 
229  } while (offset);
230 
231  fail:
232  g_free (scontent);
233  g_free (fcontent);
234  if (sig)
235  gpgme_data_release (sig);
236  if (text)
237  gpgme_data_release (text);
238  if (ctx != NULL)
239  gpgme_release (ctx);
240  g_free (sigfilename);
241 
242  return retcode;
243 }
#define err(x)
gpgme_ctx_t openvas_init_gpgme_sysconf_ctx(void)
Returns a new gpgme context using the sycconf directory.
Definition: gpgme_util.c:277
void nasl_trace(lex_ctxt *lexic, char *msg,...)
Prints debug message in printf fashion to nasl_trace_fp if it exists.
Definition: nasl_debug.c:165

References err, nasl_trace(), and openvas_init_gpgme_sysconf_ctx().

Here is the call graph for this function: