gpg: Unfinished support for v5 signatures.

* g10/parse-packet.c (parse_signature): Allow for v5 signatures. * g10/sig-check.c (check_signature_end_simple): Support the 64bit v5 byte count. * g10/sign.c (hash_sigversion_to_magic): Ditto. (write_signature_packets): Request v5 sig for v5 keys. Remove useless condition. (make_keysig_packet): Request v5 sig for v5 keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-02-02 16:43:03 +01:00 · 2018-10-24 16:18:27 +02:00 · 2018-10-24 16:18:27 +02:00 · 64a1e86fc0
commit 64a1e86fc0
parent 3b88bceb4d
4 changed files with 54 additions and 40 deletions
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -1536,7 +1536,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
  else
    iobuf_put( a, sig->version );
  if ( sig->version < 4 )
-    iobuf_put (a, 5 ); /* Constant */
+    iobuf_put (a, 5 ); /* Constant used by pre-v4 signatures. */
  iobuf_put (a, sig->sig_class );
  if ( sig->version < 4 )
    {
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1932,7 +1932,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 {
  int md5_len = 0;
  unsigned n;
-  int is_v4 = 0;
+  int is_v4or5 = 0;
  int rc = 0;
  int i, ndata;

@ -1945,8 +1945,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
    }
  sig->version = iobuf_get_noeof (inp);
  pktlen--;
-  if (sig->version == 4)
-    is_v4 = 1;
+  if (sig->version == 4 || sig->version == 5)
+    is_v4or5 = 1;
  else if (sig->version != 2 && sig->version != 3)
    {
      log_error ("packet(%d) with unknown version %d\n",
@ -1957,7 +1957,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
      goto leave;
    }

-  if (!is_v4)
+  if (!is_v4or5)
    {
      if (pktlen == 0)
 	goto underflow;
@ -1968,7 +1968,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
    goto underflow;
  sig->sig_class = iobuf_get_noeof (inp);
  pktlen--;
-  if (!is_v4)
+  if (!is_v4or5)
    {
      if (pktlen < 12)
 	goto underflow;
@ -1987,7 +1987,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
  pktlen--;
  sig->flags.exportable = 1;
  sig->flags.revocable = 1;
-  if (is_v4) /* Read subpackets.  */
+  if (is_v4or5) /* Read subpackets.  */
    {
      if (pktlen < 2)
 	goto underflow;
@ -2058,7 +2058,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
  sig->digest_start[1] = iobuf_get_noeof (inp);
  pktlen--;

-  if (is_v4 && sig->pubkey_algo)  /* Extract required information.  */
+  if (is_v4or5 && sig->pubkey_algo)  /* Extract required information.  */
    {
      const byte *p;
      size_t len;
@ -2159,7 +2159,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
                  (ulong) sig->keyid[0], (ulong) sig->keyid[1],
                  sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
                  sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
-      if (is_v4)
+      if (is_v4or5)
 	{
 	  parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
 	  parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -510,7 +510,8 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
    }
  else
    {
-      byte buf[6];
+      byte buf[10];
+      int i;
      size_t n;
      gcry_md_putc (digest, sig->pubkey_algo);
      gcry_md_putc (digest, sig->digest_algo);
@ -531,13 +532,21 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
 	  n = 6;
 	}
 	/* add some magic per Section 5.2.4 of RFC 4880.  */
-	buf[0] = sig->version;
-	buf[1] = 0xff;
-	buf[2] = n >> 24;
-	buf[3] = n >> 16;
-	buf[4] = n >>  8;
-	buf[5] = n;
-	gcry_md_write( digest, buf, 6 );
+        i = 0;
+	buf[i++] = sig->version;
+	buf[i++] = 0xff;
+        if (sig->version >= 5)
+          {
+            buf[i++] = 0;
+            buf[i++] = 0;
+            buf[i++] = 0;
+            buf[i++] = 0;
+          }
+	buf[i++] = n >> 24;
+	buf[i++] = n >> 16;
+	buf[i++] = n >>  8;
+	buf[i++] = n;
+	gcry_md_write (digest, buf, i);
    }
    gcry_md_final( digest );

@ -572,7 +581,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig )
 {
  if (uid->attrib_data)
    {
-      if (sig->version >=4)
+      if (sig->version >= 4)
        {
          byte buf[5];
          buf[0] = 0xd1;		   /* packet of type 17 */
@ -586,7 +595,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig )
    }
  else
    {
-      if (sig->version >=4)
+      if (sig->version >= 4)
        {
          byte buf[5];
          buf[0] = 0xb4;	      /* indicates a userid packet */
--- a/g10/sign.c
+++ b/g10/sign.c
@ -220,7 +220,8 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
 static void
 hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
 {
-  byte buf[6];
+  byte buf[10];
+  int i;
  size_t n;

  gcry_md_putc (md, sig->version);
@ -242,13 +243,21 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
      n = 6;
    }
  /* Add some magic.  */
-  buf[0] = sig->version;
-  buf[1] = 0xff;
-  buf[2] = n >> 24;         /* (n is only 16 bit, so this is always 0) */
-  buf[3] = n >> 16;
-  buf[4] = n >>  8;
-  buf[5] = n;
-  gcry_md_write (md, buf, 6);
+  i = 0;
+  buf[i++] = sig->version;
+  buf[i++] = 0xff;
+  if (sig->version >= 5)
+    {
+      buf[i++] = 0;
+      buf[i++] = 0;
+      buf[i++] = 0;
+      buf[i++] = 0;
+    }
+  buf[i++] = n >> 24;         /* (n is only 16 bit, so this is always 0) */
+  buf[i++] = n >> 16;
+  buf[i++] = n >>  8;
+  buf[i++] = n;
+  gcry_md_write (md, buf, i);
 }


@ -731,11 +740,10 @@ write_signature_packets (ctrl_t ctrl,
      if (!sig)
        return gpg_error_from_syserror ();

-      if (duration || opt.sig_policy_url
-          || opt.sig_notations || opt.sig_keyserver_url)
-        sig->version = 4;
+      if (pk->version >= 5)
+        sig->version = 5;  /* Required for v5 keys.  */
      else
-        sig->version = pk->version;
+        sig->version = 4;  /*Required.  */

      keyid_from_pk (pk, sig->keyid);
      sig->digest_algo = hash_for (pk);
@ -751,12 +759,8 @@ write_signature_packets (ctrl_t ctrl,
      if (gcry_md_copy (&md, hash))
        BUG ();

-      if (sig->version >= 4)
-        {
-          build_sig_subpkt_from_sig (sig, pk);
-          mk_notation_policy_etc (sig, NULL, pk);
-        }
-
+      build_sig_subpkt_from_sig (sig, pk);
+      mk_notation_policy_etc (sig, NULL, pk);
      hash_sigversion_to_magic (md, sig);
      gcry_md_final (md);

@ -1523,9 +1527,10 @@ make_keysig_packet (ctrl_t ctrl,
              || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
              || sigclass == 0x30 || sigclass == 0x28 );

-  sigversion = 4;
-  if (sigversion < pksk->version)
-    sigversion = pksk->version;
+  if (pksk->version >= 5)
+    sigversion = 5;
+  else
+    sigversion = 4;

  if (!digest_algo)
    {