mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
* keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create
backsigs. * getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs and verify they are valid. If DO_BACKSIGS is not defined, fake this as always valid. * packet.h, parse-packet.c (parse_signature): Make parse_signature non-static so we can parse 0x19s in self-sigs. * main.h, sig-check.c (check_backsig): Check a 0x19 signature. (signature_check2): Give a backsig warning if there is no or a bad 0x19 with signatures from a subkey.
This commit is contained in:
David Shaw
parent
8030362eae
commit
4a07655935
7 changed files with 123 additions and 7 deletions
|
|
@ -75,11 +75,29 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
|||
else if(!pk->is_valid && !pk->is_primary)
|
||||
rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
|
||||
invalid subkey */
|
||||
else {
|
||||
else
|
||||
{
|
||||
if(r_expiredate)
|
||||
*r_expiredate = pk->expiredate;
|
||||
rc = do_check( pk, sig, digest, r_expired, r_revoked );
|
||||
}
|
||||
|
||||
/* Check the backsig. This is a 0x19 signature from the
|
||||
subkey on the primary key. The idea here is that it should
|
||||
not be possible for someone to "steal" subkeys and claim
|
||||
them as their own. The attacker couldn't actually use the
|
||||
subkey, but they could try and claim ownership of any
|
||||
signaures issued by it. */
|
||||
if(rc==0 && !pk->is_primary && pk->backsig<2)
|
||||
{
|
||||
if(pk->backsig==0)
|
||||
log_info(_("WARNING: signing subkey %08lX is not"
|
||||
" cross-certified\n"),(ulong)keyid_from_pk(pk,NULL));
|
||||
else
|
||||
log_info(_("WARNING: signing subkey %08lX has an invalid"
|
||||
" cross-certification\n"),
|
||||
(ulong)keyid_from_pk(pk,NULL));
|
||||
}
|
||||
}
|
||||
|
||||
free_public_key( pk );
|
||||
|
||||
|
|
@ -473,6 +491,38 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
|
|||
return rc;
|
||||
}
|
||||
|
||||
/* Backsigs (0x19) have the same format as binding sigs (0x18), but
|
||||
this function is simpler than check_key_signature in a few ways.
|
||||
For example, there is no support for expiring backsigs since it is
|
||||
questionable what such a thing actually means. Note also that the
|
||||
sig cache check here, unlike other sig caches in GnuPG, is not
|
||||
persistent. */
|
||||
int
|
||||
check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
|
||||
PKT_signature *backsig)
|
||||
{
|
||||
MD_HANDLE md;
|
||||
int rc;
|
||||
|
||||
if(!opt.no_sig_cache && backsig->flags.checked)
|
||||
{
|
||||
if((rc=check_digest_algo(backsig->digest_algo)))
|
||||
return rc;
|
||||
|
||||
return backsig->flags.valid? 0 : G10ERR_BAD_SIGN;
|
||||
}
|
||||
|
||||
md=md_open(backsig->digest_algo,0);
|
||||
hash_public_key(md,main_pk);
|
||||
hash_public_key(md,sub_pk);
|
||||
rc=do_check(sub_pk,backsig,md,NULL,NULL);
|
||||
cache_sig_result(backsig,rc);
|
||||
md_close(md);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* check the signature pointed to by NODE. This is a key signature.
|
||||
* If the function detects a self-signature, it uses the PK from
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue