OpenVAS Libraries  9.0.3
nasl_signature.c
Go to the documentation of this file.
1 /* OpenVAS-LibNASL
2  *
3  * Authors:
4  * Bernhard Herzog <bernhard.herzog@intevation.de>
5  *
6  * Copyright:
7  * Copyright (C) 2009 Greenbone Networks GmbH
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License
11  * as published by the Free Software Foundation; either version 2
12  * of the License, or (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #include <stdlib.h>
25 #include <stdio.h>
26 #include <string.h> /* for strlen */
27 #include <locale.h> /* for LC_CTYPE */
28 
29 #include "nasl_signature.h"
30 #include "nasl_tree.h"
31 #include "nasl_var.h"
32 #include "nasl_func.h"
33 #include "nasl_lex_ctxt.h"
34 #include "nasl_debug.h"
35 
42 static void
43 print_gpgme_error (char *function, gpgme_error_t err)
44 {
45  nasl_perror (NULL, "%s failed: %s/%s\n", function, gpgme_strsource (err),
46  gpgme_strerror (err));
47 }
48 
59 static int
60 examine_signatures (gpgme_verify_result_t result, int sig_count)
61 {
62  gpgme_signature_t sig;
63 
64  nasl_trace (NULL, "examine_signatures\n");
65 
66  sig = result->signatures;
67 
68  if (nasl_trace_enabled ())
69  {
70  nasl_trace (NULL, "examine_signatures: signature #%d:\n", sig_count);
71  nasl_trace (NULL, "examine_signatures: summary: %d\n",
72  sig->summary);
73  nasl_trace (NULL, "examine_signatures: validity: %d\n",
74  sig->validity);
75  nasl_trace (NULL, "examine_signatures: status: %s\n",
76  gpg_strerror (sig->status));
77  nasl_trace (NULL, "examine_signatures: timestamp: %ld\n",
78  sig->timestamp);
79  nasl_trace (NULL, "examine_signatures: exp_timestamp: %ld\n",
80  sig->exp_timestamp);
81  nasl_trace (NULL, "examine_signatures: fpr: %s\n", sig->fpr);
82  }
83 
84  if (sig->summary & GPGME_SIGSUM_VALID)
85  {
86  nasl_trace (NULL, "examine_signatures: signature is valid\n");
87  return 1;
88  }
89  else
90  {
91  nasl_trace (NULL, "examine_signatures: signature is invalid\n");
93  }
94 
95  return 0;
96 }
97 
98 
117 int
118 nasl_verify_signature (const char *filename)
119 {
120  int retcode = -1, sig_count = 0;
121  char *sigfilename = NULL;
122  gsize siglen = 0, flen = 0;
123  gchar * scontent = NULL;
124  gchar * offset = NULL;
125  gchar * endpos = NULL;
126  gchar * fcontent = NULL;
127  gboolean success;
128  gpgme_error_t err;
129  gpgme_ctx_t ctx = openvas_init_gpgme_sysconf_ctx ();
130  gpgme_data_t sig = NULL, text = NULL;
131 
132  if (ctx == NULL)
133  {
134  nasl_trace (NULL, "gpgme context could not be initialized.\n");
135  goto fail;
136  }
137 
138  /* Scriptfile is buffered. */
139  nasl_trace (NULL, "nasl_verify_signature: loading scriptfile '%s'\n",
140  filename);
141  if (!g_file_get_contents (filename, &fcontent, &flen, NULL))
142  goto fail;
143 
144  /* Signatures file is buffered. */
145  sigfilename = g_malloc0 (strlen (filename) + 4 + 1);
146  strcpy (sigfilename, filename);
147  strcat (sigfilename, ".asc");
148  nasl_trace (NULL, "nasl_verify_signature: loading signature file '%s'\n",
149  sigfilename);
150  success = g_file_get_contents (sigfilename, &scontent, NULL, NULL);
151  /* If the signature file doesn't exist, fail without an error message
152  * because an unsigned file is a very common and expected
153  * condition */
154  if (!success)
155  goto fail;
156 
157 /* Start to parse the signature file to find signatures. */
158  offset = g_strstr_len (scontent, strlen(scontent), "-----B");
159  if (!offset)
160  {
161  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
162  sigfilename);
163  goto fail;
164  }
165  endpos = g_strstr_len (offset,-1, "-----E");
166  if (endpos)
167  siglen = strlen(offset) - strlen(endpos) + 17 ;
168  else
169  {
170  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
171  sigfilename);
172  goto fail;
173  }
174 
175  do
176  {
177  sig_count++;
178 
179  /* Load file in memory. */
180  err = gpgme_data_new_from_mem (&text, fcontent, flen, 1);
181  if (err)
182  {
183  print_gpgme_error ("gpgme_data_new_from_file", err);
184  goto fail;
185  }
186 
187  /* Load a founded signature in memory. */
188  err = gpgme_data_new_from_mem (&sig, offset, siglen, 1);
189  if (err)
190  nasl_trace (NULL, "nasl_verify_signature: %s: %s\n",
191  sigfilename, gpgme_strerror (err));
192 
193  /* Verify the signature. */
194  err = gpgme_op_verify (ctx, sig, text, NULL);
195  nasl_trace (NULL, "nasl_verify_signature: gpgme_op_verify "
196  "-> '%d'\n", err);
197  if (err)
198  print_gpgme_error ("gpgme_op_verify", err);
199  else
200  {
201  if (examine_signatures (gpgme_op_verify_result (ctx), sig_count))
202  {
203  retcode = 0;
204  goto fail;
205  }
206  else
207  retcode = 1;
208  }
209 
210  /* Search a new signature. */
211  offset = g_strstr_len (offset + 1, strlen(offset), "-----B");
212  if (offset)
213  {
214  if ( (endpos = g_strstr_len (offset, strlen (offset), "-----E")) )
215  siglen = (strlen(offset) - strlen(endpos) + 17);
216  else
217  {
218  nasl_trace (NULL, "nasl_verify_signature: No signature in '%s'\n",
219  sigfilename);
220  goto fail;
221  }
222  }
223 
224  gpgme_data_release (sig);
225  sig = NULL;
226  gpgme_data_release (text);
227  text = NULL;
228 
229  } while (offset);
230 
231  fail:
232  g_free (scontent);
233  g_free (fcontent);
234  if (sig)
235  gpgme_data_release (sig);
236  if (text)
237  gpgme_data_release (text);
238  if (ctx != NULL)
239  gpgme_release (ctx);
240  g_free (sigfilename);
241 
242  return retcode;
243 }
int nasl_trace_enabled(void)
Checks if the nasl_trace_fp is set.
Definition: nasl_debug.c:151
#define err(x)
gpgme_ctx_t openvas_init_gpgme_sysconf_ctx(void)
Returns a new gpgme context using the sycconf directory.
Definition: gpgme_util.c:277
int nasl_verify_signature(const char *filename)
void nasl_trace(lex_ctxt *lexic, char *msg,...)
Prints debug message in printf fashion to nasl_trace_fp if it exists.
Definition: nasl_debug.c:165
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:94