1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,

do_check): If ret_pk is set, fill in the pk used to verify the signature.
Change all callers in getkey.c, mainproc.c, and sig-check.c.

* keylist.c (list_keyblock_colon): Use the ret_pk from above to put the
fingerprint of the signing key in "sig" records during a --with-colons
--check-sigs.  This requires --no-sig-cache as well since we don't cache
fingerprints.
This commit is contained in:
David Shaw 2003-07-20 00:10:13 +00:00
parent fa2faef48f
commit 06442ab0da
7 changed files with 81 additions and 26 deletions

View File

@ -1,3 +1,15 @@
2003-07-19 David Shaw <dshaw@jabberwocky.com>
* packet.h, main.h, sig-check.c (signature_check2,
check_key_signature2, do_check): If ret_pk is set, fill in the pk
used to verify the signature. Change all callers in getkey.c,
mainproc.c, and sig-check.c.
* keylist.c (list_keyblock_colon): Use the ret_pk from above to
put the fingerprint of the signing key in "sig" records during a
--with-colons --check-sigs. This requires --no-sig-cache as well
since we don't cache fingerprints.
2003-07-10 David Shaw <dshaw@jabberwocky.com>
* parse-packet.c (parse_signature): No need to reserve 8 bytes for

View File

@ -1604,7 +1604,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
ultimate trust flag. */
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
&& check_key_signature2(keyblock,k,ultimate_pk,
NULL,&dummy,&dum2)==0
NULL,NULL,&dummy,&dum2)==0
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
{
free_public_key(ultimate_pk);

View File

@ -1032,8 +1032,10 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
}
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
int sigrc;
int sigrc,fprokay=0;
char *sigstr;
size_t fplen;
byte fparray[MAX_FINGERPRINT_LEN];
if( !any ) { /* no user id, (maybe a revocation follows)*/
if( sig->sig_class == 0x20 )
@ -1067,8 +1069,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
continue;
}
if( opt.check_sigs ) {
PKT_public_key *signer_pk=NULL;
u32 dummy;
int dum2;
fflush(stdout);
rc = check_key_signature( keyblock, node, NULL );
if(opt.no_sig_cache)
signer_pk=m_alloc_clear(sizeof(PKT_public_key));
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
NULL, &dummy, &dum2);
switch( rc ) {
case 0: sigrc = '!'; break;
case G10ERR_BAD_SIGN: sigrc = '-'; break;
@ -1076,6 +1086,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break;
}
if(opt.no_sig_cache)
{
if(rc==0)
{
fingerprint_from_pk (signer_pk, fparray, &fplen);
fprokay=1;
}
free_public_key(signer_pk);
}
}
else {
rc = 0;
@ -1109,7 +1129,22 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string( stdout, p, n, ':' );
m_free(p);
}
printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
if(opt.no_sig_cache && opt.check_sigs && fprokay)
{
size_t i;
printf(":");
for (i=0; i < fplen ; i++ )
printf ("%02X", fparray[i] );
printf(":");
}
printf("\n");
/* fixme: check or list other sigs here */
}
}

View File

@ -129,7 +129,8 @@ int sign_symencrypt_file (const char *fname, STRLIST locusr);
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
int *is_selfsig, u32 *r_expiredate, int *r_expired );
PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired );
/*-- delkey.c --*/
int delete_keys( STRLIST names, int secret, int allow_both );

View File

@ -722,9 +722,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
}
else
return G10ERR_SIG_CLASS;
rc = signature_check2( sig, md, &dummy, is_expkey );
rc = signature_check2( sig, md, &dummy, is_expkey, NULL );
if( rc == G10ERR_BAD_SIGN && md2 )
rc = signature_check2( sig, md2, &dummy, is_expkey );
rc = signature_check2( sig, md2, &dummy, is_expkey, NULL );
md_close(md);
md_close(md2);

View File

@ -460,8 +460,8 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest );
int signature_check2( PKT_signature *sig, MD_HANDLE digest,
u32 *r_expiredate, int *r_expired );
int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
int *r_expired, PKT_public_key *ret_pk );
/*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk );

View File

@ -39,8 +39,8 @@ struct cmp_help_context_s {
MD_HANDLE md;
};
static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest, int *r_expired );
static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int *r_expired, PKT_public_key *ret_pk);
/****************
* Check the signature which is contained in SIG.
@ -52,12 +52,12 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
{
u32 dummy;
int dum2;
return signature_check2( sig, digest, &dummy, &dum2 );
return signature_check2( sig, digest, &dummy, &dum2, NULL );
}
int
signature_check2( PKT_signature *sig, MD_HANDLE digest,
u32 *r_expiredate, int *r_expired )
signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
int *r_expired, PKT_public_key *ret_pk )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
@ -80,7 +80,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
invalid subkey */
else {
*r_expiredate = pk->expiredate;
rc = do_check( pk, sig, digest, r_expired );
rc = do_check( pk, sig, digest, r_expired, ret_pk );
}
free_public_key( pk );
@ -260,7 +260,7 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
static int
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int *r_expired )
int *r_expired, PKT_public_key *ret_pk )
{
MPI result = NULL;
int rc=0;
@ -347,6 +347,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
rc = G10ERR_BAD_SIGN;
}
if(!rc && ret_pk)
copy_public_key(ret_pk,pk);
return rc;
}
@ -475,14 +478,18 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{
u32 dummy;
int dum2;
return check_key_signature2(root, node, NULL, is_selfsig, &dummy, &dum2 );
return check_key_signature2(root, node, NULL, NULL,
is_selfsig, &dummy, &dum2 );
}
/* If check_pk is set, then use it to check the signature in node
rather than getting it from root or the keydb. */
rather than getting it from root or the keydb. If ret_pk is set,
fill in the public key that was used to verify the signature.
ret_pk is only meaningful when the verification was successful. */
int
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
int *is_selfsig, u32 *r_expiredate, int *r_expired )
PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired )
{
MD_HANDLE md;
PKT_public_key *pk;
@ -531,7 +538,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{
md = md_open( algo, 0 );
hash_public_key( md, pk );
rc = do_check( pk, sig, md, r_expired );
rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@ -543,7 +550,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md = md_open( algo, 0 );
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md, r_expired );
rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@ -569,7 +576,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md = md_open( algo, 0 );
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md, r_expired );
rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@ -584,7 +591,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
else if( sig->sig_class == 0x1f ) { /* direct key signature */
md = md_open( algo, 0 );
hash_public_key( md, pk );
rc = do_check( pk, sig, md, r_expired );
rc = do_check( pk, sig, md, r_expired, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@ -602,12 +609,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{
if( is_selfsig )
*is_selfsig = 1;
rc = do_check( pk, sig, md, r_expired );
rc = do_check( pk, sig, md, r_expired, ret_pk );
}
else if (check_pk)
rc=do_check(check_pk,sig,md,r_expired);
rc=do_check(check_pk,sig,md,r_expired, ret_pk);
else
rc = signature_check2( sig, md, r_expiredate, r_expired );
rc = signature_check2( sig, md, r_expiredate, r_expired, ret_pk);
cache_sig_result ( sig, rc );
md_close(md);