*** empty log message ***

2025-01-30 16:17:02 +01:00 · 1998-01-14 12:34:05 +00:00 · 1998-01-14 12:34:05 +00:00 · 1ce26aa6d6
commit 1ce26aa6d6
parent 922e57dd57
3 changed files with 127 additions and 35 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -45,8 +45,8 @@ CONFIG_HEADER_IN = config.h.in
 mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs
 CONFIG_HEADER = ./config.h
 DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
-Makefile.in NEWS README TODO acconfig.h config.h.in configure \
-configure.in stamp-h.in
+Makefile.in NEWS README TODO acconfig.h config.h.in configure.in \
+stamp-h.in


 PACKAGE = @PACKAGE@
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -85,7 +85,7 @@ Record type 3:	(cache record)
     1 byte   value 3
     1 byte   reserved
     1 u32    Local-Id.
-     8 bytes  keyid of the primary key
+     8 bytes  keyid of the primary key (needed?)
     1 byte   cache-is-valid the following stuff is only
 	      valid if this is set.
     1 byte   reserved
@ -107,3 +107,26 @@ Record type 3:	(cache record)
 		4 = fully trusted
 		5 = ultimately trusted (have secret key too).

+Record type 4  (sigrec)
+-------------
+    Used to keep track of valid key signatures. Self-signatures are not
+    stored.
+
+     1 byte   value 4
+     1 byte   reserved
+     1 u32    Local-Id of owners (pubkey record)
+     1 u32    chain: next sigrec of this owner or 0 to indicate the
+	      last sigrec.
+     6 times
+	1 u32  Local_id of signators pubkey record
+	1 byte reserved
+
+Record type 5  (next-sigrec)
+-------------
+    This is the same as record type 4 but the record type is 5 and the
+    local-id is only used to verify the internal db structure. You can
+    not search for such a record; access is done based on the chain field
+    in segrec or netx-sigrec.  This is, so that we can handle sigrecords
+    more easier - there is no need to handle multiple sigrecs when searching
+    for such a record.
+
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -37,6 +37,7 @@


 #define TRUST_RECORD_LEN 40
+#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)

 struct trust_record {
    byte rectype;
@ -62,10 +63,11 @@ struct trust_record {
 	    byte reserved;
 	    byte fingerprint[20];
 	    byte ownertrust;
+	    /* fixme: indicate a flag to */
 	} pubkey;
 	struct {	    /* cache record */
-	    u32 local_id;
-	    u32 keyid[2];
+	    u32 owner;
+	    u32 keyid[2];	/* needed?? */
 	    byte valid;
 	    byte reserved;
 	    byte blockhash[20];
@ -74,6 +76,14 @@ struct trust_record {
 	    byte n_fully;
 	    byte trustlevel;
 	} cache;
+	struct {
+	    u32 owner;	/* local_id of record owner (pubkey record) */
+	    u32 chain;	/* offset of next record or NULL for last one */
+	    struct {
+		u32  local_id; /* of pubkey record of signator (0=unused) */
+		byte flag;     /* reserved */
+	    } sig[SIGS_PER_RECORD];
+	} sigrec;
    } r;
 };
 typedef struct trust_record TRUSTREC;
@ -201,7 +211,7 @@ read_record( u32 recnum, TRUSTREC *rec )
 {
    byte buf[TRUST_RECORD_LEN], *p;
    int rc = 0;
-    int n;
+    int n, i;

    if( db_fd == -1 )
 	open_db();
@ -284,6 +294,15 @@ read_record( u32 recnum, TRUSTREC *rec )
 	rec->r.cache.n_fully = *p++;
 	rec->r.cache.trustlevel = *p++;
 	break;
+      case 4:
+      case 5:
+	rec->r.sigrec.owner   = buftou32(p); p += 4;
+	rec->r.sigrec.chain   = buftou32(p); p += 4;
+	for(i=0; i < SIGS_PER_RECORD; i++ ) {
+	    rec->r.sigrec.sig[i].local_id = buftou32(p); p += 4;
+	    rec->r.sigrec.sig[i].flag = *p++;
+	}
+	break;
      default:
 	log_error("%s: invalid record type %d at recnum %lu\n",
 					db_name, rec->rectype, (ulong)recnum );
@ -303,7 +322,7 @@ write_record( u32 recnum, TRUSTREC *rec )
 {
    byte buf[TRUST_RECORD_LEN], *p;
    int rc = 0;
-    int n;
+    int i, n;

    if( db_fd == -1 )
 	open_db();
@ -342,6 +361,15 @@ write_record( u32 recnum, TRUSTREC *rec )
 	*p++ = rec->r.cache.n_fully;
 	*p++ = rec->r.cache.trustlevel;
 	break;
+      case 4:
+      case 5:
+	u32tobuf(p, rec->r.sigrec.owner); p += 4;
+	u32tobuf(p, rec->r.sigrec.chain); p += 4;
+	for(i=0; i < SIGS_PER_RECORD; i++ ) {
+	    u32tobuf(p, rec->r.sigrec.sig[i].local_id); p += 4;
+	    *p++ = rec->r.sigrec.sig[i].flag;
+	}
+	break;
      default:
 	log_bug(NULL);
    }
@ -375,11 +403,11 @@ new_local_id()
 }

 /****************
- * Scan the trustdb for a record of type RECTYPE which maches PKC
+ * Scan the trustdb for a record of type RECTYPE which matches PKC
 * The local_id is set to the correct value
 */
 static int
-scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
+scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
 {
    u32 recnum;
    u32 keyid[2];
@ -391,7 +419,7 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
    assert( rectype == 2 || rectype == 3 );

    if( DBG_TRUST )
-	log_debug("trustdb: scan_record\n");
+	log_debug("trustdb: scan_record_by_pkc\n");
    keyid_from_pkc( pkc, keyid );
    fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
    assert( fingerlen == 20 || fingerlen == 16 );
@ -421,7 +449,53 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
    }
    no_io_dbg = 0;
    if( DBG_TRUST )
-	log_debug("trustdb: scan_record: eof or error\n");
+	log_debug("trustdb: scan_record_by_pkc: %s\n", rc==-1?"eof": g10_errstr(rc));
+    if( rc != -1 )
+	log_error("%s: scan_record_by_pkc failed: %s\n",db_name, g10_errstr(rc) );
+    return rc;
+}
+
+/****************
+ * scan the DB for a record of type RECTYPE which can be localized
+ * with LOCAL_ID
+ */
+static int
+scan_record( u32 local_id, TRUSTREC *rec, int rectype, u32 *r_recnum )
+{
+    u32 recnum;
+    u32 keyid[2];
+    int dbg = DBG_TRUST;
+    int rc;
+
+    assert( rectype == 3 || rectype == 4 );
+
+    if( DBG_TRUST )
+	log_debug("trustdb: scan_record type %d local_id %lu\n",
+						rectype, (ulong)local_id);
+    no_io_dbg = 1;
+    for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
+	if( rec->rectype != rectype )
+	    continue;
+	if( rec->rectype == 34 ) {
+	    if( rec->r.cache.owner == local_id ) { /* found */
+		*r_recnum = recnum;
+		no_io_dbg = 0;
+		return 0;
+	    }
+	}
+	else if( rec->rectype == 4 ) {
+	    if( rec->r.sigrec.owner == local_id ) { /* found */
+		*r_recnum = recnum;
+		no_io_dbg = 0;
+		return 0;
+	    }
+	}
+	else
+	    log_bug("not yet implemented\n");
+    }
+    no_io_dbg = 0;
+    if( DBG_TRUST )
+	log_debug("trustdb: scan_record: %s\n", rc==-1?"eof": g10_errstr(rc));
    if( rc != -1 )
 	log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) );
    return rc;
@ -429,7 +503,6 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )



-
 /***********************************************
 *************	trust logic  *******************
 ***********************************************/
@ -536,6 +609,18 @@ check_sigs( KBNODE keyblock )
 }


+/****************
+ * If we do not have sigrecs for the given key, build them and write them
+ * to the trustdb
+ */
+static int
+build_sigrecs( KBNODE keyblock )
+{
+}
+
+
+
+
 /****************
 * Recursive check the signatures.
 */
@ -563,20 +648,13 @@ walk( KBNODE keyblock, int levels )


 /****************
- *
- *
- *
- *
- *
- *
- *
- *
- *
 *
 */
 static int
 check_trust()
 {
+    /* check the ca
+
 }


@ -637,7 +715,7 @@ check_trustdb( int level )
 *	found:
 *	    Do we have a valid cache record for it?
 *		yes: return trustlevel from cache
- *		no:  make a cache record
+ *		no:  make a cache record and all the other stuff
 *	not found:
 *	    Return with a trustlevel, saying that we do not have
 *	    a trust record for it. The caller may use insert_trust_record()
@ -666,8 +744,8 @@ check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
 	}
    }
    else { /* no local_id: scan the trustdb */
-	if( (rc=scan_record( pkc, &rec, 2 )) && rc != -1 ) {
-	    log_error("check_pkc_trust: scan_record(2) failed: %s\n",
+	if( (rc=scan_record_by_pkc( pkc, &rec, 2 )) && rc != -1 ) {
+	    log_error("check_pkc_trust: scan_record_by_pkc(2) failed: %s\n",
 							    g10_errstr(rc));
 	    return G10ERR_TRUSTDB;
 	}
@ -679,6 +757,8 @@ check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
    }
    /* fixme: do some additional checks on the pubkey record */

+    /* see wether we have a cache record */
+

  leave:
    if( opt.verbose )
@ -751,23 +831,12 @@ update_trust_record( PKT_public_cert *pkc, int new_trust )
    }
    /* check keyid, fingerprint etc ? */

-    recnum = new_local_id();
-    /* build record */
-    memset( &rec, 0, sizeof rec );
-    rec.rectype = 2; /* the pubkey record */
-    rec.r.pubkey.local_id = recnum;
-    rec.r.pubkey.keyid[0] = keyid[0];
-    rec.r.pubkey.keyid[1] = keyid[1];
-    rec.r.pubkey.algo = pkc->pubkey_algo;
-    memcpy(rec.r.pubkey.fingerprint, fingerprint, fingerlen );
    rec.r.pubkey.ownertrust = 0;
    if( write_record( recnum, &rec ) ) {
 	log_error("insert_trust_record: write failed\n");
 	return G10ERR_TRUSTDB;
    }

-    pkc->local_id = recnum;
-
    return 0;
 }