From 726b36b647ba9b2693d13dc140c851c92dadf6ac Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sun, 20 Jul 2003 02:09:06 +0000 Subject: [PATCH] * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add verify-options "show-validity" and "show-long-keyid" to show trustdb validity and long keyids during (file) signature verification. --- g10/ChangeLog | 5 ++++ g10/g10.c | 4 +++- g10/mainproc.c | 63 +++++++++++++++++++++++++++++++++++--------------- g10/options.h | 10 ++++---- 4 files changed, 58 insertions(+), 24 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 7c532dd56..cc669274e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,10 @@ 2003-07-19 David Shaw + * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add + verify-options "show-validity" and "show-long-keyid" to show + trustdb validity and long keyids during (file) signature + verification. + * packet.h, main.h, sig-check.c (signature_check2, check_key_signature2, do_check): If ret_pk is set, fill in the pk used to verify the signature. Change all callers in getkey.c, diff --git a/g10/g10.c b/g10/g10.c index 27a000c3e..c2dab50f1 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -1757,9 +1757,9 @@ main( int argc, char **argv ) {"show-photos",LIST_SHOW_PHOTOS}, {"show-policy-url",LIST_SHOW_POLICY}, {"show-notation",LIST_SHOW_NOTATION}, - {"show-keyring",LIST_SHOW_KEYRING}, {"show-validity",LIST_SHOW_VALIDITY}, {"show-long-keyid",LIST_SHOW_LONG_KEYID}, + {"show-keyring",LIST_SHOW_KEYRING}, {NULL,0} }; @@ -1781,6 +1781,8 @@ main( int argc, char **argv ) {"show-policy-url",VERIFY_SHOW_POLICY}, {"show-notation",VERIFY_SHOW_NOTATION}, {"show-preferred-keyserver",VERIFY_SHOW_KEYSERVER}, + {"show-validity",VERIFY_SHOW_VALIDITY}, + {"show-long-keyid",VERIFY_SHOW_LONG_KEYID}, {NULL,0} }; diff --git a/g10/mainproc.c b/g10/mainproc.c index 0bd1a56eb..ea3b82db5 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1270,8 +1270,16 @@ check_sig_and_print( CTX c, KBNODE node ) tstr = asctimestamp(sig->timestamp); astr = pubkey_algo_to_string( sig->pubkey_algo ); - log_info(_("Signature made %.*s using %s key ID %08lX\n"), - (int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] ); + if(opt.verify_options&VERIFY_SHOW_LONG_KEYID) + { + log_info(_("Signature made %.*s\n"),(int)strlen(tstr), tstr); + log_info(_(" using %s key %08lX%08lX\n"), + astr? astr: "?",(ulong)sig->keyid[0],(ulong)sig->keyid[1] ); + } + else + log_info(_("Signature made %.*s using %s key ID %08lX\n"), + (int)strlen(tstr), tstr, astr? astr: "?", + (ulong)sig->keyid[1] ); rc = do_check_sig(c, node, NULL, &is_expkey ); if( rc == G10ERR_NO_PUBKEY && opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) { @@ -1304,6 +1312,7 @@ check_sig_and_print( CTX c, KBNODE node ) KBNODE un, keyblock; int count=0, statno; char keyid_str[50]; + PKT_public_key *pk=NULL; if(rc) statno=STATUS_BADSIG; @@ -1321,6 +1330,11 @@ check_sig_and_print( CTX c, KBNODE node ) /* find and print the primary user ID */ for( un=keyblock; un; un = un->next ) { + if(un->pkt->pkttype==PKT_PUBLIC_KEY) + { + pk=un->pkt->pkt.public_key; + continue; + } if( un->pkt->pkttype != PKT_USER_ID ) continue; if ( !un->pkt->pkt.user_id->created ) @@ -1334,7 +1348,9 @@ check_sig_and_print( CTX c, KBNODE node ) /* We want the textual user ID here */ if ( un->pkt->pkt.user_id->attrib_data ) continue; - + + assert(pk); + keyid_str[17] = 0; /* cut off the "[uncertain]" part */ write_status_text_and_buffer (statno, keyid_str, un->pkt->pkt.user_id->name, @@ -1346,7 +1362,12 @@ check_sig_and_print( CTX c, KBNODE node ) : _("Good signature from \"")); print_utf8_string( log_stream(), un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->len ); - fputs("\"\n", log_stream() ); + if(opt.verify_options&VERIFY_SHOW_VALIDITY) + fprintf(log_stream(),"\" [%s]\n", + trust_value_to_string(get_validity(pk, + un->pkt->pkt.user_id))); + else + fputs("\"\n", log_stream() ); count++; } if( !count ) { /* just in case that we have no valid textual @@ -1390,10 +1411,7 @@ check_sig_and_print( CTX c, KBNODE node ) /* If we have a good signature and already printed * the primary user ID, print all the other user IDs */ if ( count && !rc ) { - PKT_public_key *pk=NULL; for( un=keyblock; un; un = un->next ) { - if(un->pkt->pkttype==PKT_PUBLIC_KEY) - pk=un->pkt->pkt.public_key; if( un->pkt->pkttype != PKT_USER_ID ) continue; if ( un->pkt->pkt.user_id->is_revoked ) @@ -1417,7 +1435,14 @@ check_sig_and_print( CTX c, KBNODE node ) log_info( _(" aka \"")); print_utf8_string( log_stream(), un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->len ); - fputs("\"\n", log_stream() ); + + if(opt.verify_options&VERIFY_SHOW_VALIDITY) + fprintf(log_stream(),"\" [%s]\n", + trust_value_to_string(get_validity(pk, + un->pkt-> + pkt.user_id))); + else + fputs("\"\n", log_stream() ); } } release_kbnode( keyblock ); @@ -1437,15 +1462,15 @@ check_sig_and_print( CTX c, KBNODE node ) if( !rc && is_status_enabled() ) { /* print a status response with the fingerprint */ - PKT_public_key *pk = m_alloc_clear( sizeof *pk ); + PKT_public_key *vpk = m_alloc_clear( sizeof *vpk ); - if( !get_pubkey( pk, sig->keyid ) ) { + if( !get_pubkey( vpk, sig->keyid ) ) { byte array[MAX_FINGERPRINT_LEN], *p; char buf[MAX_FINGERPRINT_LEN*4+90], *bufp; size_t i, n; bufp = buf; - fingerprint_from_pk( pk, array, &n ); + fingerprint_from_pk( vpk, array, &n ); p = array; for(i=0; i < n ; i++, p++, bufp += 2) sprintf(bufp, "%02X", *p ); @@ -1459,27 +1484,27 @@ check_sig_and_print( CTX c, KBNODE node ) sig->version,sig->pubkey_algo,sig->digest_algo, sig->sig_class); bufp = bufp + strlen (bufp); - if (!pk->is_primary) { + if (!vpk->is_primary) { u32 akid[2]; - akid[0] = pk->main_keyid[0]; - akid[1] = pk->main_keyid[1]; - free_public_key (pk); - pk = m_alloc_clear( sizeof *pk ); - if (get_pubkey (pk, akid)) { + akid[0] = vpk->main_keyid[0]; + akid[1] = vpk->main_keyid[1]; + free_public_key (vpk); + vpk = m_alloc_clear( sizeof *vpk ); + if (get_pubkey (vpk, akid)) { /* impossible error, we simply return a zeroed out fpr */ n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20; memset (array, 0, n); } else - fingerprint_from_pk( pk, array, &n ); + fingerprint_from_pk( vpk, array, &n ); } p = array; for(i=0; i < n ; i++, p++, bufp += 2) sprintf(bufp, "%02X", *p ); write_status_text( STATUS_VALIDSIG, buf ); } - free_public_key( pk ); + free_public_key( vpk ); } if( !rc ) diff --git a/g10/options.h b/g10/options.h index 7413ffb7e..b45525c95 100644 --- a/g10/options.h +++ b/g10/options.h @@ -234,9 +234,11 @@ struct { #define LIST_SHOW_VALIDITY 16 #define LIST_SHOW_LONG_KEYID 32 -#define VERIFY_SHOW_PHOTOS 1 -#define VERIFY_SHOW_POLICY 2 -#define VERIFY_SHOW_NOTATION 4 -#define VERIFY_SHOW_KEYSERVER 8 +#define VERIFY_SHOW_PHOTOS 1 +#define VERIFY_SHOW_POLICY 2 +#define VERIFY_SHOW_NOTATION 4 +#define VERIFY_SHOW_KEYSERVER 8 +#define VERIFY_SHOW_VALIDITY 16 +#define VERIFY_SHOW_LONG_KEYID 32 #endif /*G10_OPTIONS_H*/