mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-16 00:29:50 +02:00
* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,
do_check): If ret_pk is set, fill in the pk used to verify the signature. Change all callers in getkey.c, mainproc.c, and sig-check.c. * keylist.c (list_keyblock_colon): Use the ret_pk from above to put the fingerprint of the signing key in "sig" records during a --with-colons --check-sigs. This requires --no-sig-cache as well since we don't cache fingerprints.
This commit is contained in:
David Shaw
parent
fa2faef48f
commit
06442ab0da
|
|
@ -1,3 +1,15 @@
|
||||||
|
2003-07-19 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* packet.h, main.h, sig-check.c (signature_check2,
|
||||||
|
check_key_signature2, do_check): If ret_pk is set, fill in the pk
|
||||||
|
used to verify the signature. Change all callers in getkey.c,
|
||||||
|
mainproc.c, and sig-check.c.
|
||||||
|
|
||||||
|
* keylist.c (list_keyblock_colon): Use the ret_pk from above to
|
||||||
|
put the fingerprint of the signing key in "sig" records during a
|
||||||
|
--with-colons --check-sigs. This requires --no-sig-cache as well
|
||||||
|
since we don't cache fingerprints.
|
||||||
|
|
||||||
2003-07-10 David Shaw <dshaw@jabberwocky.com>
|
2003-07-10 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* parse-packet.c (parse_signature): No need to reserve 8 bytes for
|
* parse-packet.c (parse_signature): No need to reserve 8 bytes for
|
||||||
|
|
|
||||||
|
|
@ -1604,7 +1604,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
||||||
ultimate trust flag. */
|
ultimate trust flag. */
|
||||||
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
|
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
|
||||||
&& check_key_signature2(keyblock,k,ultimate_pk,
|
&& check_key_signature2(keyblock,k,ultimate_pk,
|
||||||
NULL,&dummy,&dum2)==0
|
NULL,NULL,&dummy,&dum2)==0
|
||||||
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
|
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
|
||||||
{
|
{
|
||||||
free_public_key(ultimate_pk);
|
free_public_key(ultimate_pk);
|
||||||
|
|
|
||||||
|
|
@ -1032,8 +1032,10 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||||
}
|
}
|
||||||
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
|
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
|
||||||
PKT_signature *sig = node->pkt->pkt.signature;
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
int sigrc;
|
int sigrc,fprokay=0;
|
||||||
char *sigstr;
|
char *sigstr;
|
||||||
|
size_t fplen;
|
||||||
|
byte fparray[MAX_FINGERPRINT_LEN];
|
||||||
|
|
||||||
if( !any ) { /* no user id, (maybe a revocation follows)*/
|
if( !any ) { /* no user id, (maybe a revocation follows)*/
|
||||||
if( sig->sig_class == 0x20 )
|
if( sig->sig_class == 0x20 )
|
||||||
|
|
@ -1067,8 +1069,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if( opt.check_sigs ) {
|
if( opt.check_sigs ) {
|
||||||
|
PKT_public_key *signer_pk=NULL;
|
||||||
|
u32 dummy;
|
||||||
|
int dum2;
|
||||||
|
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
rc = check_key_signature( keyblock, node, NULL );
|
if(opt.no_sig_cache)
|
||||||
|
signer_pk=m_alloc_clear(sizeof(PKT_public_key));
|
||||||
|
|
||||||
|
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
|
||||||
|
NULL, &dummy, &dum2);
|
||||||
switch( rc ) {
|
switch( rc ) {
|
||||||
case 0: sigrc = '!'; break;
|
case 0: sigrc = '!'; break;
|
||||||
case G10ERR_BAD_SIGN: sigrc = '-'; break;
|
case G10ERR_BAD_SIGN: sigrc = '-'; break;
|
||||||
|
|
@ -1076,6 +1086,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||||
case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
|
case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
|
||||||
default: sigrc = '%'; break;
|
default: sigrc = '%'; break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(opt.no_sig_cache)
|
||||||
|
{
|
||||||
|
if(rc==0)
|
||||||
|
{
|
||||||
|
fingerprint_from_pk (signer_pk, fparray, &fplen);
|
||||||
|
fprokay=1;
|
||||||
|
}
|
||||||
|
free_public_key(signer_pk);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
rc = 0;
|
rc = 0;
|
||||||
|
|
@ -1109,7 +1129,22 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||||
print_string( stdout, p, n, ':' );
|
print_string( stdout, p, n, ':' );
|
||||||
m_free(p);
|
m_free(p);
|
||||||
}
|
}
|
||||||
printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
|
printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
|
||||||
|
|
||||||
|
if(opt.no_sig_cache && opt.check_sigs && fprokay)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
printf(":");
|
||||||
|
|
||||||
|
for (i=0; i < fplen ; i++ )
|
||||||
|
printf ("%02X", fparray[i] );
|
||||||
|
|
||||||
|
printf(":");
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("\n");
|
||||||
|
|
||||||
/* fixme: check or list other sigs here */
|
/* fixme: check or list other sigs here */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -129,7 +129,8 @@ int sign_symencrypt_file (const char *fname, STRLIST locusr);
|
||||||
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
|
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
|
||||||
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
|
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
|
||||||
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
int *is_selfsig, u32 *r_expiredate, int *r_expired );
|
PKT_public_key *ret_pk, int *is_selfsig,
|
||||||
|
u32 *r_expiredate, int *r_expired );
|
||||||
|
|
||||||
/*-- delkey.c --*/
|
/*-- delkey.c --*/
|
||||||
int delete_keys( STRLIST names, int secret, int allow_both );
|
int delete_keys( STRLIST names, int secret, int allow_both );
|
||||||
|
|
|
||||||
|
|
@ -722,9 +722,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
return G10ERR_SIG_CLASS;
|
return G10ERR_SIG_CLASS;
|
||||||
rc = signature_check2( sig, md, &dummy, is_expkey );
|
rc = signature_check2( sig, md, &dummy, is_expkey, NULL );
|
||||||
if( rc == G10ERR_BAD_SIGN && md2 )
|
if( rc == G10ERR_BAD_SIGN && md2 )
|
||||||
rc = signature_check2( sig, md2, &dummy, is_expkey );
|
rc = signature_check2( sig, md2, &dummy, is_expkey, NULL );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
md_close(md2);
|
md_close(md2);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -460,8 +460,8 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
|
||||||
|
|
||||||
/*-- sig-check.c --*/
|
/*-- sig-check.c --*/
|
||||||
int signature_check( PKT_signature *sig, MD_HANDLE digest );
|
int signature_check( PKT_signature *sig, MD_HANDLE digest );
|
||||||
int signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
|
||||||
u32 *r_expiredate, int *r_expired );
|
int *r_expired, PKT_public_key *ret_pk );
|
||||||
|
|
||||||
/*-- seckey-cert.c --*/
|
/*-- seckey-cert.c --*/
|
||||||
int is_secret_key_protected( PKT_secret_key *sk );
|
int is_secret_key_protected( PKT_secret_key *sk );
|
||||||
|
|
|
||||||
|
|
@ -39,8 +39,8 @@ struct cmp_help_context_s {
|
||||||
MD_HANDLE md;
|
MD_HANDLE md;
|
||||||
};
|
};
|
||||||
|
|
||||||
static int do_check( PKT_public_key *pk, PKT_signature *sig,
|
static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||||
MD_HANDLE digest, int *r_expired );
|
int *r_expired, PKT_public_key *ret_pk);
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Check the signature which is contained in SIG.
|
* Check the signature which is contained in SIG.
|
||||||
|
|
@ -52,12 +52,12 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
|
||||||
{
|
{
|
||||||
u32 dummy;
|
u32 dummy;
|
||||||
int dum2;
|
int dum2;
|
||||||
return signature_check2( sig, digest, &dummy, &dum2 );
|
return signature_check2( sig, digest, &dummy, &dum2, NULL );
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
|
||||||
u32 *r_expiredate, int *r_expired )
|
int *r_expired, PKT_public_key *ret_pk )
|
||||||
{
|
{
|
||||||
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
||||||
int rc=0;
|
int rc=0;
|
||||||
|
|
@ -80,7 +80,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
||||||
invalid subkey */
|
invalid subkey */
|
||||||
else {
|
else {
|
||||||
*r_expiredate = pk->expiredate;
|
*r_expiredate = pk->expiredate;
|
||||||
rc = do_check( pk, sig, digest, r_expired );
|
rc = do_check( pk, sig, digest, r_expired, ret_pk );
|
||||||
}
|
}
|
||||||
|
|
||||||
free_public_key( pk );
|
free_public_key( pk );
|
||||||
|
|
@ -260,7 +260,7 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||||
int *r_expired )
|
int *r_expired, PKT_public_key *ret_pk )
|
||||||
{
|
{
|
||||||
MPI result = NULL;
|
MPI result = NULL;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
|
|
@ -347,6 +347,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||||
rc = G10ERR_BAD_SIGN;
|
rc = G10ERR_BAD_SIGN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!rc && ret_pk)
|
||||||
|
copy_public_key(ret_pk,pk);
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -475,14 +478,18 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
|
||||||
{
|
{
|
||||||
u32 dummy;
|
u32 dummy;
|
||||||
int dum2;
|
int dum2;
|
||||||
return check_key_signature2(root, node, NULL, is_selfsig, &dummy, &dum2 );
|
return check_key_signature2(root, node, NULL, NULL,
|
||||||
|
is_selfsig, &dummy, &dum2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If check_pk is set, then use it to check the signature in node
|
/* If check_pk is set, then use it to check the signature in node
|
||||||
rather than getting it from root or the keydb. */
|
rather than getting it from root or the keydb. If ret_pk is set,
|
||||||
|
fill in the public key that was used to verify the signature.
|
||||||
|
ret_pk is only meaningful when the verification was successful. */
|
||||||
int
|
int
|
||||||
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
int *is_selfsig, u32 *r_expiredate, int *r_expired )
|
PKT_public_key *ret_pk, int *is_selfsig,
|
||||||
|
u32 *r_expiredate, int *r_expired )
|
||||||
{
|
{
|
||||||
MD_HANDLE md;
|
MD_HANDLE md;
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
|
|
@ -531,7 +538,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
{
|
{
|
||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
rc = do_check( pk, sig, md, r_expired );
|
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||||
cache_sig_result ( sig, rc );
|
cache_sig_result ( sig, rc );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
|
|
@ -543,7 +550,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
hash_public_key( md, snode->pkt->pkt.public_key );
|
hash_public_key( md, snode->pkt->pkt.public_key );
|
||||||
rc = do_check( pk, sig, md, r_expired );
|
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||||
cache_sig_result ( sig, rc );
|
cache_sig_result ( sig, rc );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
|
|
@ -569,7 +576,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
hash_public_key( md, snode->pkt->pkt.public_key );
|
hash_public_key( md, snode->pkt->pkt.public_key );
|
||||||
rc = do_check( pk, sig, md, r_expired );
|
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||||
cache_sig_result ( sig, rc );
|
cache_sig_result ( sig, rc );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
|
|
@ -584,7 +591,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
else if( sig->sig_class == 0x1f ) { /* direct key signature */
|
else if( sig->sig_class == 0x1f ) { /* direct key signature */
|
||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
rc = do_check( pk, sig, md, r_expired );
|
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||||
cache_sig_result ( sig, rc );
|
cache_sig_result ( sig, rc );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
|
|
@ -602,12 +609,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||||
{
|
{
|
||||||
if( is_selfsig )
|
if( is_selfsig )
|
||||||
*is_selfsig = 1;
|
*is_selfsig = 1;
|
||||||
rc = do_check( pk, sig, md, r_expired );
|
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||||
}
|
}
|
||||||
else if (check_pk)
|
else if (check_pk)
|
||||||
rc=do_check(check_pk,sig,md,r_expired);
|
rc=do_check(check_pk,sig,md,r_expired, ret_pk);
|
||||||
else
|
else
|
||||||
rc = signature_check2( sig, md, r_expiredate, r_expired );
|
rc = signature_check2( sig, md, r_expiredate, r_expired, ret_pk);
|
||||||
|
|
||||||
cache_sig_result ( sig, rc );
|
cache_sig_result ( sig, rc );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user