security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-19 09:02:22 +02:00
Code Activity

gpg: Unfinished support for v5 signatures.

Browse Source 
* g10/parse-packet.c (parse_signature): Allow for v5 signatures.
* g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
byte count.
* g10/sign.c (hash_sigversion_to_magic): Ditto.
(write_signature_packets): Request v5 sig for v5 keys.  Remove useless
condition.
(make_keysig_packet): Request v5 sig for v5 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-10-24 16:18:27 +02:00
parent 3b88bceb4d
commit 64a1e86fc0
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 54 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/build-packet.c
View File

@ -1536,7 +1536,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
else else
iobuf_put( a, sig->version ); iobuf_put( a, sig->version );
if ( sig->version < 4 ) if ( sig->version < 4 )
iobuf_put (a, 5 ); /* Constant */ iobuf_put (a, 5 ); /* Constant used by pre-v4 signatures. */
iobuf_put (a, sig->sig_class ); iobuf_put (a, sig->sig_class );
if ( sig->version < 4 ) if ( sig->version < 4 )
{ {

16
g10/parse-packet.c
View File

@ -1932,7 +1932,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
{ {
int md5_len = 0; int md5_len = 0;
unsigned n; unsigned n;
int is_v4 = 0; int is_v4or5 = 0;
int rc = 0; int rc = 0;
int i, ndata; int i, ndata;
@ -1945,8 +1945,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
} }
sig->version = iobuf_get_noeof (inp); sig->version = iobuf_get_noeof (inp);
pktlen--; pktlen--;
if (sig->version == 4) if (sig->version == 4 || sig->version == 5)
is_v4 = 1; is_v4or5 = 1;
else if (sig->version != 2 && sig->version != 3) else if (sig->version != 2 && sig->version != 3)
{ {
log_error ("packet(%d) with unknown version %d\n", log_error ("packet(%d) with unknown version %d\n",
@ -1957,7 +1957,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
goto leave; goto leave;
} }
if (!is_v4) if (!is_v4or5)
{ {
if (pktlen == 0) if (pktlen == 0)
goto underflow; goto underflow;
@ -1968,7 +1968,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
goto underflow; goto underflow;
sig->sig_class = iobuf_get_noeof (inp); sig->sig_class = iobuf_get_noeof (inp);
pktlen--; pktlen--;
if (!is_v4) if (!is_v4or5)
{ {
if (pktlen < 12) if (pktlen < 12)
goto underflow; goto underflow;
@ -1987,7 +1987,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
pktlen--; pktlen--;
sig->flags.exportable = 1; sig->flags.exportable = 1;
sig->flags.revocable = 1; sig->flags.revocable = 1;
if (is_v4) /* Read subpackets. */ if (is_v4or5) /* Read subpackets. */
{ {
if (pktlen < 2) if (pktlen < 2)
goto underflow; goto underflow;
@ -2058,7 +2058,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
sig->digest_start[1] = iobuf_get_noeof (inp); sig->digest_start[1] = iobuf_get_noeof (inp);
pktlen--; pktlen--;
if (is_v4 && sig->pubkey_algo) /* Extract required information. */ if (is_v4or5 && sig->pubkey_algo) /* Extract required information. */
{ {
const byte *p; const byte *p;
size_t len; size_t len;
@ -2159,7 +2159,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
(ulong) sig->keyid[0], (ulong) sig->keyid[1], (ulong) sig->keyid[0], (ulong) sig->keyid[1],
sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class, sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
sig->digest_algo, sig->digest_start[0], sig->digest_start[1]); sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
if (is_v4) if (is_v4or5)
{ {
parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL); parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL); parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);

25
g10/sig-check.c
View File

@ -510,7 +510,8 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
} }
else else
{ {
byte buf[6]; byte buf[10];
int i;
size_t n; size_t n;
gcry_md_putc (digest, sig->pubkey_algo); gcry_md_putc (digest, sig->pubkey_algo);
gcry_md_putc (digest, sig->digest_algo); gcry_md_putc (digest, sig->digest_algo);
@ -531,13 +532,21 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
n = 6; n = 6;
} }
/* add some magic per Section 5.2.4 of RFC 4880. */ /* add some magic per Section 5.2.4 of RFC 4880. */
buf[0] = sig->version; i = 0;
buf[1] = 0xff; buf[i++] = sig->version;
buf[2] = n >> 24; buf[i++] = 0xff;
buf[3] = n >> 16; if (sig->version >= 5)
buf[4] = n >> 8; {
buf[5] = n; buf[i++] = 0;
gcry_md_write( digest, buf, 6 ); buf[i++] = 0;
buf[i++] = 0;
buf[i++] = 0;
}
buf[i++] = n >> 24;
buf[i++] = n >> 16;
buf[i++] = n >> 8;
buf[i++] = n;
gcry_md_write (digest, buf, i);
} }
gcry_md_final( digest ); gcry_md_final( digest );

41
g10/sign.c
View File

@ -220,7 +220,8 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
static void static void
hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
{ {
byte buf[6]; byte buf[10];
int i;
size_t n; size_t n;
gcry_md_putc (md, sig->version); gcry_md_putc (md, sig->version);
@ -242,13 +243,21 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
n = 6; n = 6;
} }
/* Add some magic. */ /* Add some magic. */
buf[0] = sig->version; i = 0;
buf[1] = 0xff; buf[i++] = sig->version;
buf[2] = n >> 24; /* (n is only 16 bit, so this is always 0) */ buf[i++] = 0xff;
buf[3] = n >> 16; if (sig->version >= 5)
buf[4] = n >> 8; {
buf[5] = n; buf[i++] = 0;
gcry_md_write (md, buf, 6); buf[i++] = 0;
buf[i++] = 0;
buf[i++] = 0;
}
buf[i++] = n >> 24; /* (n is only 16 bit, so this is always 0) */
buf[i++] = n >> 16;
buf[i++] = n >> 8;
buf[i++] = n;
gcry_md_write (md, buf, i);
} }
@ -731,11 +740,10 @@ write_signature_packets (ctrl_t ctrl,
if (!sig) if (!sig)
return gpg_error_from_syserror (); return gpg_error_from_syserror ();
if (duration || opt.sig_policy_url if (pk->version >= 5)
|| opt.sig_notations || opt.sig_keyserver_url) sig->version = 5; /* Required for v5 keys. */
sig->version = 4;
else else
sig->version = pk->version; sig->version = 4; /*Required. */
keyid_from_pk (pk, sig->keyid); keyid_from_pk (pk, sig->keyid);
sig->digest_algo = hash_for (pk); sig->digest_algo = hash_for (pk);
@ -751,12 +759,8 @@ write_signature_packets (ctrl_t ctrl,
if (gcry_md_copy (&md, hash)) if (gcry_md_copy (&md, hash))
BUG (); BUG ();
if (sig->version >= 4)
{
build_sig_subpkt_from_sig (sig, pk); build_sig_subpkt_from_sig (sig, pk);
mk_notation_policy_etc (sig, NULL, pk); mk_notation_policy_etc (sig, NULL, pk);
}
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
@ -1523,9 +1527,10 @@ make_keysig_packet (ctrl_t ctrl,
|| sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
|| sigclass == 0x30 || sigclass == 0x28 ); || sigclass == 0x30 || sigclass == 0x28 );
if (pksk->version >= 5)
sigversion = 5;
else
sigversion = 4; sigversion = 4;
if (sigversion < pksk->version)
sigversion = pksk->version;
if (!digest_algo) if (!digest_algo)
{ {