Package: gnupg
Version: 1.4.12-7+deb7u1
Severity: normal
Dear Maintainer,
the current release versions of gnupg (1.4 a swell as 2) blindly import
anything returned from a keyserver; even when requesting a key by its most
specific identifier (full fingerprint), the server is free to return anything -
a different key, or even a bunch of keys. Up until today, it was even possible
to inject secret keys into a system by just running an mitm attack against the
keyserver or its client (a patch has been included to prevent this).
While the trust model of gpg prevents the worst, being able to pollute the
keyring
of a victim with unwanted keys creates a situation that might confuse the user
and
lead to mistakes compromising security (e.g. by selecting a wrong and possible
falsified key).
Gnupg should check any keys returned from a keyserver request for plausibility
with
the initial request and reject anything not matching the criteria set.
The attached patch provides this functionality.
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnupg depends on:
ii dpkg 1.16.10
ii gpgv 1.4.12-7+deb7u1
ii install-info 4.13a.dfsg.1-10
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-38
ii libreadline6 6.2+dfsg-0.1
ii libusb-0.1-4 2:0.1.12-20+nmu1
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages gnupg recommends:
pn gnupg-curl <none>
ii libldap-2.4-2 2.4.31-1+nmu2
Versions of packages gnupg suggests:
ii eog 3.4.2-1+build1
pn gnupg-doc <none>
ii imagemagick 8:6.7.7.10-5+deb7u2
ii libpcsclite1 1.8.4-1+deb7u1
-- no debconf information
>From a521598c9850566fab9c6e5065ea0bda9ec45872 Mon Sep 17 00:00:00 2001
From: Stefan Tomanek <toma...@internet-sicherheit.de>
Date: Thu, 12 Sep 2013 12:07:50 +0200
Subject: [PATCH] filter and verify keyserver responses
This changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
It also prevents the accidental import of secret keys through key server
responses.
---
g10/import.c | 47 ++++++++++++++++++++++++++++++++---------------
g10/keyserver.c | 45 +++++++++++++++++++++++++++++++++++++++++++--
g10/main.h | 4 +++-
3 files changed, 78 insertions(+), 18 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index 90fc2d6..75f211a 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -59,14 +59,17 @@ struct stats_s {
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options );
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg );
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static void revocation_present(KBNODE keyblock);
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
- unsigned int options,int from_sk);
+ unsigned int options,int from_sk,
+ import_filter filter, void *filter_arg);
static int import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options);
+ struct stats_s *stats, unsigned int options,
+ import_filter filter, void *filter_arg );
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -163,7 +166,8 @@ import_release_stats_handle (void *p)
static int
import_keys_internal( IOBUF inp, char **fnames, int nnames,
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
- unsigned int options )
+ unsigned int options,
+ import_filter filter, void *filter_arg )
{
int i, rc = 0;
struct stats_s *stats = stats_handle;
@@ -172,7 +176,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
stats = import_new_stats_handle ();
if (inp) {
- rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
+ rc = import( inp, "[stream]", stats, fpr, fpr_len, options, filter, filter_arg);
}
else {
int once = (!fnames && !nnames);
@@ -192,7 +196,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else
{
- rc = import( inp2, fname, stats, fpr, fpr_len, options );
+ rc = import( inp2, fname, stats, fpr, fpr_len, options, NULL, NULL );
iobuf_close(inp2);
/* Must invalidate that ugly cache to actually close it. */
iobuf_ioctl (NULL, 2, 0, (char*)fname);
@@ -223,19 +227,21 @@ void
import_keys( char **fnames, int nnames,
void *stats_handle, unsigned int options )
{
- import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
+ import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options,NULL,NULL);
}
int
import_keys_stream( IOBUF inp, void *stats_handle,
- unsigned char **fpr, size_t *fpr_len,unsigned int options )
+ unsigned char **fpr, size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg )
{
- return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
+ return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options,filter,filter_arg);
}
static int
import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options )
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg )
{
PACKET *pending_pkt = NULL;
KBNODE keyblock = NULL;
@@ -252,9 +258,10 @@ import( IOBUF inp, const char* fname,struct stats_s *stats,
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
- rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
+ rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0,
+ filter, filter_arg);
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
- rc = import_secret_one( fname, keyblock, stats, options );
+ rc = import_secret_one( fname, keyblock, stats, options, filter, filter_arg );
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock, stats );
@@ -738,7 +745,7 @@ check_prefs(KBNODE keyblock)
static int
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk )
+ int from_sk, import_filter filter, void *filter_arg)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -778,6 +785,10 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
return 0;
}
+ if (filter && filter(pk, NULL, filter_arg)) {
+ log_error( _("key %s: rejected by import filter\n"), keystr_from_pk(pk));
+ return 0;
+ }
if (opt.interactive) {
if(is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
@@ -1146,7 +1157,8 @@ sec_to_pub_keyblock(KBNODE sec_keyblock)
*/
static int
import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options)
+ struct stats_s *stats, unsigned int options,
+ import_filter filter, void *filter_arg )
{
PKT_secret_key *sk;
KBNODE node, uidnode;
@@ -1162,6 +1174,11 @@ import_secret_one( const char *fname, KBNODE keyblock,
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+ if (filter && filter(NULL, sk, filter_arg)) {
+ log_error( _("secret key %s: rejected by import filter\n"), keystr_from_sk(sk));
+ return 0;
+ }
+
if( opt.verbose )
{
log_info( "sec %4u%c/%s %s ",
@@ -1235,7 +1252,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
if(pub_keyblock)
{
import_one(fname,pub_keyblock,stats,
- NULL,NULL,opt.import_options,1);
+ NULL,NULL,opt.import_options,1,NULL,NULL);
release_kbnode(pub_keyblock);
}
}
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 440c6a1..4d4d708 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -971,6 +971,46 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+static int
+keyserver_retrieval_filter(PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+{
+ KEYDB_SEARCH_DESC *desc = arg;
+ u32 keyid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fpr_len = 0;
+
+ /* we definitely do not want to import secret keys! */
+ if (sk) {
+ return 1;
+ }
+
+ fingerprint_from_pk(pk, fpr, &fpr_len);
+ keyid_from_pk(pk, keyid);
+
+ /* compare requested and returned fingerprints if available */
+ if (desc->mode == KEYDB_SEARCH_MODE_FPR20) {
+ if (fpr_len != 20 || memcmp(fpr, desc->u.fpr, 20)) {
+ return 1;
+ }
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) {
+ if (fpr_len != 16 || memcmp(fpr, desc->u.fpr, 16)) {
+ return 1;
+ }
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) {
+ if (memcmp(keyid, desc->u.kid, sizeof(keyid))) {
+ return 1;
+ }
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) {
+ if (memcmp(&keyid[1], &desc->u.kid[1], 1)) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
static int
keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
int count,int *prog,unsigned char **fpr,size_t *fpr_len,
@@ -1518,7 +1558,8 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
line-by-line and make a temp iobuf for each key. */
import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len,
- opt.keyserver_options.import_options);
+ opt.keyserver_options.import_options,
+ &keyserver_retrieval_filter, desc);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
@@ -2050,7 +2091,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
opt.no_armor=1;
rc=import_keys_stream(key,NULL,fpr,fpr_len,
- opt.keyserver_options.import_options);
+ opt.keyserver_options.import_options,NULL,NULL);
opt.no_armor=armor_status;
diff --git a/g10/main.h b/g10/main.h
index eadac1f..73a5529 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -207,11 +207,13 @@ MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
MD_HANDLE md, int hash_algo );
/*-- import.c --*/
+typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg);
int parse_import_options(char *str,unsigned int *options,int noisy);
void import_keys( char **fnames, int nnames,
void *stats_hd, unsigned int options );
int import_keys_stream( IOBUF inp,void *stats_hd,unsigned char **fpr,
- size_t *fpr_len,unsigned int options );
+ size_t *fpr_len,unsigned int options,
+ import_filter constr, void *filter_arg);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
--
1.7.10.4
