security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-03 22:48:03 +02:00
Code Activity

*** empty log message ***

Browse Source
This commit is contained in:
Werner Koch 1998-01-14 12:34:05 +00:00
parent 922e57dd57
commit 1ce26aa6d6
3 changed files with 127 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.in
View File

@ -45,8 +45,8 @@ CONFIG_HEADER_IN = config.h.in
mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs
CONFIG_HEADER = ./config.h CONFIG_HEADER = ./config.h
DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \ DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
Makefile.in NEWS README TODO acconfig.h config.h.in configure \ Makefile.in NEWS README TODO acconfig.h config.h.in configure.in \
configure.in stamp-h.in stamp-h.in
PACKAGE = @PACKAGE@ PACKAGE = @PACKAGE@

25
doc/DETAILS
View File

@ -85,7 +85,7 @@ Record type 3: (cache record)
1 byte value 3 1 byte value 3
1 byte reserved 1 byte reserved
1 u32 Local-Id. 1 u32 Local-Id.
8 bytes keyid of the primary key 8 bytes keyid of the primary key (needed?)
1 byte cache-is-valid the following stuff is only 1 byte cache-is-valid the following stuff is only
valid if this is set. valid if this is set.
1 byte reserved 1 byte reserved
@ -107,3 +107,26 @@ Record type 3: (cache record)
4 = fully trusted 4 = fully trusted
5 = ultimately trusted (have secret key too). 5 = ultimately trusted (have secret key too).
Record type 4 (sigrec)
-------------
Used to keep track of valid key signatures. Self-signatures are not
stored.
1 byte value 4
1 byte reserved
1 u32 Local-Id of owners (pubkey record)
1 u32 chain: next sigrec of this owner or 0 to indicate the
last sigrec.
6 times
1 u32 Local_id of signators pubkey record
1 byte reserved
Record type 5 (next-sigrec)
-------------
This is the same as record type 4 but the record type is 5 and the
local-id is only used to verify the internal db structure. You can
not search for such a record; access is done based on the chain field
in segrec or netx-sigrec. This is, so that we can handle sigrecords
more easier - there is no need to handle multiple sigrecs when searching
for such a record.

133
g10/trustdb.c
View File

@ -37,6 +37,7 @@
#define TRUST_RECORD_LEN 40 #define TRUST_RECORD_LEN 40
#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
struct trust_record { struct trust_record {
byte rectype; byte rectype;
@ -62,10 +63,11 @@ struct trust_record {
byte reserved; byte reserved;
byte fingerprint[20]; byte fingerprint[20];
byte ownertrust; byte ownertrust;
/* fixme: indicate a flag to */
} pubkey; } pubkey;
struct { /* cache record */ struct { /* cache record */
u32 local_id; u32 owner;
u32 keyid[2]; u32 keyid[2]; /* needed?? */
byte valid; byte valid;
byte reserved; byte reserved;
byte blockhash[20]; byte blockhash[20];
@ -74,6 +76,14 @@ struct trust_record {
byte n_fully; byte n_fully;
byte trustlevel; byte trustlevel;
} cache; } cache;
struct {
u32 owner; /* local_id of record owner (pubkey record) */
u32 chain; /* offset of next record or NULL for last one */
struct {
u32 local_id; /* of pubkey record of signator (0=unused) */
byte flag; /* reserved */
} sig[SIGS_PER_RECORD];
} sigrec;
} r; } r;
}; };
typedef struct trust_record TRUSTREC; typedef struct trust_record TRUSTREC;
@ -201,7 +211,7 @@ read_record( u32 recnum, TRUSTREC *rec )
{ {
byte buf[TRUST_RECORD_LEN], *p; byte buf[TRUST_RECORD_LEN], *p;
int rc = 0; int rc = 0;
int n; int n, i;
if( db_fd == -1 ) if( db_fd == -1 )
open_db(); open_db();
@ -284,6 +294,15 @@ read_record( u32 recnum, TRUSTREC *rec )
rec->r.cache.n_fully = *p++; rec->r.cache.n_fully = *p++;
rec->r.cache.trustlevel = *p++; rec->r.cache.trustlevel = *p++;
break; break;
case 4:
case 5:
rec->r.sigrec.owner = buftou32(p); p += 4;
rec->r.sigrec.chain = buftou32(p); p += 4;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
rec->r.sigrec.sig[i].local_id = buftou32(p); p += 4;
rec->r.sigrec.sig[i].flag = *p++;
}
break;
default: default:
log_error("%s: invalid record type %d at recnum %lu\n", log_error("%s: invalid record type %d at recnum %lu\n",
db_name, rec->rectype, (ulong)recnum ); db_name, rec->rectype, (ulong)recnum );
@ -303,7 +322,7 @@ write_record( u32 recnum, TRUSTREC *rec )
{ {
byte buf[TRUST_RECORD_LEN], *p; byte buf[TRUST_RECORD_LEN], *p;
int rc = 0; int rc = 0;
int n; int i, n;
if( db_fd == -1 ) if( db_fd == -1 )
open_db(); open_db();
@ -342,6 +361,15 @@ write_record( u32 recnum, TRUSTREC *rec )
*p++ = rec->r.cache.n_fully; *p++ = rec->r.cache.n_fully;
*p++ = rec->r.cache.trustlevel; *p++ = rec->r.cache.trustlevel;
break; break;
case 4:
case 5:
u32tobuf(p, rec->r.sigrec.owner); p += 4;
u32tobuf(p, rec->r.sigrec.chain); p += 4;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
u32tobuf(p, rec->r.sigrec.sig[i].local_id); p += 4;
*p++ = rec->r.sigrec.sig[i].flag;
}
break;
default: default:
log_bug(NULL); log_bug(NULL);
} }
@ -375,11 +403,11 @@ new_local_id()
} }
/**************** /****************
* Scan the trustdb for a record of type RECTYPE which maches PKC * Scan the trustdb for a record of type RECTYPE which matches PKC
* The local_id is set to the correct value * The local_id is set to the correct value
*/ */
static int static int
scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype ) scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
{ {
u32 recnum; u32 recnum;
u32 keyid[2]; u32 keyid[2];
@ -391,7 +419,7 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
assert( rectype == 2 || rectype == 3 ); assert( rectype == 2 || rectype == 3 );
if( DBG_TRUST ) if( DBG_TRUST )
log_debug("trustdb: scan_record\n"); log_debug("trustdb: scan_record_by_pkc\n");
keyid_from_pkc( pkc, keyid ); keyid_from_pkc( pkc, keyid );
fingerprint = fingerprint_from_pkc( pkc, &fingerlen ); fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
assert( fingerlen == 20 || fingerlen == 16 ); assert( fingerlen == 20 || fingerlen == 16 );
@ -421,7 +449,53 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
} }
no_io_dbg = 0; no_io_dbg = 0;
if( DBG_TRUST ) if( DBG_TRUST )
log_debug("trustdb: scan_record: eof or error\n"); log_debug("trustdb: scan_record_by_pkc: %s\n", rc==-1?"eof": g10_errstr(rc));
if( rc != -1 )
log_error("%s: scan_record_by_pkc failed: %s\n",db_name, g10_errstr(rc) );
return rc;
}
/****************
* scan the DB for a record of type RECTYPE which can be localized
* with LOCAL_ID
*/
static int
scan_record( u32 local_id, TRUSTREC *rec, int rectype, u32 *r_recnum )
{
u32 recnum;
u32 keyid[2];
int dbg = DBG_TRUST;
int rc;
assert( rectype == 3 || rectype == 4 );
if( DBG_TRUST )
log_debug("trustdb: scan_record type %d local_id %lu\n",
rectype, (ulong)local_id);
no_io_dbg = 1;
for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
if( rec->rectype != rectype )
continue;
if( rec->rectype == 34 ) {
if( rec->r.cache.owner == local_id ) { /* found */
*r_recnum = recnum;
no_io_dbg = 0;
return 0;
}
}
else if( rec->rectype == 4 ) {
if( rec->r.sigrec.owner == local_id ) { /* found */
*r_recnum = recnum;
no_io_dbg = 0;
return 0;
}
}
else
log_bug("not yet implemented\n");
}
no_io_dbg = 0;
if( DBG_TRUST )
log_debug("trustdb: scan_record: %s\n", rc==-1?"eof": g10_errstr(rc));
if( rc != -1 ) if( rc != -1 )
log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) ); log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) );
return rc; return rc;
@ -429,7 +503,6 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
/*********************************************** /***********************************************
************* trust logic ******************* ************* trust logic *******************
***********************************************/ ***********************************************/
@ -536,6 +609,18 @@ check_sigs( KBNODE keyblock )
} }
/****************
* If we do not have sigrecs for the given key, build them and write them
* to the trustdb
*/
static int
build_sigrecs( KBNODE keyblock )
{
}
/**************** /****************
* Recursive check the signatures. * Recursive check the signatures.
*/ */
@ -563,20 +648,13 @@ walk( KBNODE keyblock, int levels )
/**************** /****************
*
*
*
*
*
*
*
*
*
* *
*/ */
static int static int
check_trust() check_trust()
{ {
/* check the ca
} }
@ -637,7 +715,7 @@ check_trustdb( int level )
* found: * found:
* Do we have a valid cache record for it? * Do we have a valid cache record for it?
* yes: return trustlevel from cache * yes: return trustlevel from cache
* no: make a cache record * no: make a cache record and all the other stuff
* not found: * not found:
* Return with a trustlevel, saying that we do not have * Return with a trustlevel, saying that we do not have
* a trust record for it. The caller may use insert_trust_record() * a trust record for it. The caller may use insert_trust_record()
@ -666,8 +744,8 @@ check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
} }
} }
else { /* no local_id: scan the trustdb */ else { /* no local_id: scan the trustdb */
if( (rc=scan_record( pkc, &rec, 2 )) && rc != -1 ) { if( (rc=scan_record_by_pkc( pkc, &rec, 2 )) && rc != -1 ) {
log_error("check_pkc_trust: scan_record(2) failed: %s\n", log_error("check_pkc_trust: scan_record_by_pkc(2) failed: %s\n",
g10_errstr(rc)); g10_errstr(rc));
return G10ERR_TRUSTDB; return G10ERR_TRUSTDB;
} }
@ -679,6 +757,8 @@ check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
} }
/* fixme: do some additional checks on the pubkey record */ /* fixme: do some additional checks on the pubkey record */
/* see wether we have a cache record */
leave: leave:
if( opt.verbose ) if( opt.verbose )
@ -751,23 +831,12 @@ update_trust_record( PKT_public_cert *pkc, int new_trust )
} }
/* check keyid, fingerprint etc ? */ /* check keyid, fingerprint etc ? */
recnum = new_local_id();
/* build record */
memset( &rec, 0, sizeof rec );
rec.rectype = 2; /* the pubkey record */
rec.r.pubkey.local_id = recnum;
rec.r.pubkey.keyid[0] = keyid[0];
rec.r.pubkey.keyid[1] = keyid[1];
rec.r.pubkey.algo = pkc->pubkey_algo;
memcpy(rec.r.pubkey.fingerprint, fingerprint, fingerlen );
rec.r.pubkey.ownertrust = 0; rec.r.pubkey.ownertrust = 0;
if( write_record( recnum, &rec ) ) { if( write_record( recnum, &rec ) ) {
log_error("insert_trust_record: write failed\n"); log_error("insert_trust_record: write failed\n");
return G10ERR_TRUSTDB; return G10ERR_TRUSTDB;
} }
pkc->local_id = recnum;
return 0; return 0;
} }