1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,

do_check): If ret_pk is set, fill in the pk used to verify the signature.
Change all callers in getkey.c, mainproc.c, and sig-check.c.

* keylist.c (list_keyblock_colon): Use the ret_pk from above to put the
fingerprint of the signing key in "sig" records during a --with-colons
--check-sigs.  This requires --no-sig-cache as well since we don't cache
fingerprints.
This commit is contained in:
David Shaw 2003-07-20 00:10:13 +00:00
parent fa2faef48f
commit 06442ab0da
7 changed files with 81 additions and 26 deletions

View File

@ -1,3 +1,15 @@
2003-07-19 David Shaw <dshaw@jabberwocky.com>
* packet.h, main.h, sig-check.c (signature_check2,
check_key_signature2, do_check): If ret_pk is set, fill in the pk
used to verify the signature. Change all callers in getkey.c,
mainproc.c, and sig-check.c.
* keylist.c (list_keyblock_colon): Use the ret_pk from above to
put the fingerprint of the signing key in "sig" records during a
--with-colons --check-sigs. This requires --no-sig-cache as well
since we don't cache fingerprints.
2003-07-10 David Shaw <dshaw@jabberwocky.com> 2003-07-10 David Shaw <dshaw@jabberwocky.com>
* parse-packet.c (parse_signature): No need to reserve 8 bytes for * parse-packet.c (parse_signature): No need to reserve 8 bytes for

View File

@ -1604,7 +1604,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
ultimate trust flag. */ ultimate trust flag. */
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0 if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
&& check_key_signature2(keyblock,k,ultimate_pk, && check_key_signature2(keyblock,k,ultimate_pk,
NULL,&dummy,&dum2)==0 NULL,NULL,&dummy,&dum2)==0
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE) && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
{ {
free_public_key(ultimate_pk); free_public_key(ultimate_pk);

View File

@ -1032,8 +1032,10 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
} }
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) { else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
int sigrc; int sigrc,fprokay=0;
char *sigstr; char *sigstr;
size_t fplen;
byte fparray[MAX_FINGERPRINT_LEN];
if( !any ) { /* no user id, (maybe a revocation follows)*/ if( !any ) { /* no user id, (maybe a revocation follows)*/
if( sig->sig_class == 0x20 ) if( sig->sig_class == 0x20 )
@ -1067,8 +1069,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
continue; continue;
} }
if( opt.check_sigs ) { if( opt.check_sigs ) {
PKT_public_key *signer_pk=NULL;
u32 dummy;
int dum2;
fflush(stdout); fflush(stdout);
rc = check_key_signature( keyblock, node, NULL ); if(opt.no_sig_cache)
signer_pk=m_alloc_clear(sizeof(PKT_public_key));
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
NULL, &dummy, &dum2);
switch( rc ) { switch( rc ) {
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case G10ERR_BAD_SIGN: sigrc = '-'; break; case G10ERR_BAD_SIGN: sigrc = '-'; break;
@ -1076,6 +1086,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
case G10ERR_UNU_PUBKEY: sigrc = '?'; break; case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break; default: sigrc = '%'; break;
} }
if(opt.no_sig_cache)
{
if(rc==0)
{
fingerprint_from_pk (signer_pk, fparray, &fplen);
fprokay=1;
}
free_public_key(signer_pk);
}
} }
else { else {
rc = 0; rc = 0;
@ -1109,7 +1129,22 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string( stdout, p, n, ':' ); print_string( stdout, p, n, ':' );
m_free(p); m_free(p);
} }
printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l'); printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
if(opt.no_sig_cache && opt.check_sigs && fprokay)
{
size_t i;
printf(":");
for (i=0; i < fplen ; i++ )
printf ("%02X", fparray[i] );
printf(":");
}
printf("\n");
/* fixme: check or list other sigs here */ /* fixme: check or list other sigs here */
} }
} }

View File

@ -129,7 +129,8 @@ int sign_symencrypt_file (const char *fname, STRLIST locusr);
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig); int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ); int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
int *is_selfsig, u32 *r_expiredate, int *r_expired ); PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired );
/*-- delkey.c --*/ /*-- delkey.c --*/
int delete_keys( STRLIST names, int secret, int allow_both ); int delete_keys( STRLIST names, int secret, int allow_both );

View File

@ -722,9 +722,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
} }
else else
return G10ERR_SIG_CLASS; return G10ERR_SIG_CLASS;
rc = signature_check2( sig, md, &dummy, is_expkey ); rc = signature_check2( sig, md, &dummy, is_expkey, NULL );
if( rc == G10ERR_BAD_SIGN && md2 ) if( rc == G10ERR_BAD_SIGN && md2 )
rc = signature_check2( sig, md2, &dummy, is_expkey ); rc = signature_check2( sig, md2, &dummy, is_expkey, NULL );
md_close(md); md_close(md);
md_close(md2); md_close(md2);

View File

@ -460,8 +460,8 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/ /*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest ); int signature_check( PKT_signature *sig, MD_HANDLE digest );
int signature_check2( PKT_signature *sig, MD_HANDLE digest, int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
u32 *r_expiredate, int *r_expired ); int *r_expired, PKT_public_key *ret_pk );
/*-- seckey-cert.c --*/ /*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk ); int is_secret_key_protected( PKT_secret_key *sk );

View File

@ -39,8 +39,8 @@ struct cmp_help_context_s {
MD_HANDLE md; MD_HANDLE md;
}; };
static int do_check( PKT_public_key *pk, PKT_signature *sig, static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
MD_HANDLE digest, int *r_expired ); int *r_expired, PKT_public_key *ret_pk);
/**************** /****************
* Check the signature which is contained in SIG. * Check the signature which is contained in SIG.
@ -52,12 +52,12 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
{ {
u32 dummy; u32 dummy;
int dum2; int dum2;
return signature_check2( sig, digest, &dummy, &dum2 ); return signature_check2( sig, digest, &dummy, &dum2, NULL );
} }
int int
signature_check2( PKT_signature *sig, MD_HANDLE digest, signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
u32 *r_expiredate, int *r_expired ) int *r_expired, PKT_public_key *ret_pk )
{ {
PKT_public_key *pk = m_alloc_clear( sizeof *pk ); PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0; int rc=0;
@ -80,7 +80,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
invalid subkey */ invalid subkey */
else { else {
*r_expiredate = pk->expiredate; *r_expiredate = pk->expiredate;
rc = do_check( pk, sig, digest, r_expired ); rc = do_check( pk, sig, digest, r_expired, ret_pk );
} }
free_public_key( pk ); free_public_key( pk );
@ -260,7 +260,7 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
static int static int
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int *r_expired ) int *r_expired, PKT_public_key *ret_pk )
{ {
MPI result = NULL; MPI result = NULL;
int rc=0; int rc=0;
@ -347,6 +347,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
rc = G10ERR_BAD_SIGN; rc = G10ERR_BAD_SIGN;
} }
if(!rc && ret_pk)
copy_public_key(ret_pk,pk);
return rc; return rc;
} }
@ -475,14 +478,18 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{ {
u32 dummy; u32 dummy;
int dum2; int dum2;
return check_key_signature2(root, node, NULL, is_selfsig, &dummy, &dum2 ); return check_key_signature2(root, node, NULL, NULL,
is_selfsig, &dummy, &dum2 );
} }
/* If check_pk is set, then use it to check the signature in node /* If check_pk is set, then use it to check the signature in node
rather than getting it from root or the keydb. */ rather than getting it from root or the keydb. If ret_pk is set,
fill in the public key that was used to verify the signature.
ret_pk is only meaningful when the verification was successful. */
int int
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
int *is_selfsig, u32 *r_expiredate, int *r_expired ) PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired )
{ {
MD_HANDLE md; MD_HANDLE md;
PKT_public_key *pk; PKT_public_key *pk;
@ -531,7 +538,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{ {
md = md_open( algo, 0 ); md = md_open( algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
md_close(md); md_close(md);
} }
@ -543,7 +550,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md = md_open( algo, 0 ); md = md_open( algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key ); hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
md_close(md); md_close(md);
} }
@ -569,7 +576,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md = md_open( algo, 0 ); md = md_open( algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key ); hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
md_close(md); md_close(md);
} }
@ -584,7 +591,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
else if( sig->sig_class == 0x1f ) { /* direct key signature */ else if( sig->sig_class == 0x1f ) { /* direct key signature */
md = md_open( algo, 0 ); md = md_open( algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
md_close(md); md_close(md);
} }
@ -602,12 +609,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{ {
if( is_selfsig ) if( is_selfsig )
*is_selfsig = 1; *is_selfsig = 1;
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, ret_pk );
} }
else if (check_pk) else if (check_pk)
rc=do_check(check_pk,sig,md,r_expired); rc=do_check(check_pk,sig,md,r_expired, ret_pk);
else else
rc = signature_check2( sig, md, r_expiredate, r_expired ); rc = signature_check2( sig, md, r_expiredate, r_expired, ret_pk);
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
md_close(md); md_close(md);