gpg: Make use of the included key block in a signature.

* g10/import.c (read_key_from_file): Rename to ... (read_key_from_file_or_buffer): this and add new parameters. Adjust callers. (import_included_key_block): New. * g10/packet.h (PKT_signature): Add field flags.key_block. * g10/parse-packet.c (parse_signature): Set that flags. * g10/sig-check.c (check_signature2): Add parm forced_pk and change all callers. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Try the included key block if no key is available. -- This is is the second part to support the new Key Block subpacket. The idea is that after having received a signed mail, it is instantly possible to reply encrypted - without the need for any centralized infrastructure. There is one case where this does not work: A signed mail is received using a specified signer ID (e.g. using gpg --sender option) and the key block with only that user ID is thus imported. The next time a mail is received using the same key but with a different user ID; the signatures checks out using the key imported the last time. However, the new user id is not imported. Now when trying to reply to that last mail, no key will be found. We need to see whether we can update a key in such a case. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org> Backported from master Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-03-13 17:14:34 +01:00 · 2020-03-13 17:14:34 +01:00 · b42d9f540c
commit b42d9f540c
parent d79ebee64e
11 changed files with 254 additions and 56 deletions
--- a/g10/import.c
+++ b/g10/import.c
@ -316,7 +316,9 @@ import_release_stats_handle (import_stats_t p)
 * file.
 */
 gpg_error_t
-read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)
+read_key_from_file_or_buffer (ctrl_t ctrl, const char *fname,
+                              const void *buffer, size_t buflen,
+                              kbnode_t *r_keyblock)
 {
  gpg_error_t err;
  iobuf_t inp;
@ -330,35 +332,45 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)

  *r_keyblock = NULL;

-  inp = iobuf_open (fname);
-  if (!inp)
-    err = gpg_error_from_syserror ();
-  else if (is_secured_file (iobuf_get_fd (inp)))
-    {
-      iobuf_close (inp);
-      inp = NULL;
-      err = gpg_error (GPG_ERR_EPERM);
-    }
-  else
-    err = 0;
-  if (err)
-    {
-      log_error (_("can't open '%s': %s\n"),
-                 iobuf_is_pipe_filename (fname)? "[stdin]": fname,
-                 gpg_strerror (err));
-      if (gpg_err_code (err) == GPG_ERR_ENOENT)
-        err = gpg_error (GPG_ERR_NO_PUBKEY);
-      goto leave;
-    }
+  log_assert (!!fname ^ !!buffer);

-  /* Push the armor filter.  */
-  {
-    armor_filter_context_t *afx;
-    afx = new_armor_context ();
-    afx->only_keyblocks = 1;
-    push_armor_filter (afx, inp);
-    release_armor_context (afx);
-  }
+  if (fname)
+    {
+      inp = iobuf_open (fname);
+      if (!inp)
+        err = gpg_error_from_syserror ();
+      else if (is_secured_file (iobuf_get_fd (inp)))
+        {
+          iobuf_close (inp);
+          inp = NULL;
+          err = gpg_error (GPG_ERR_EPERM);
+        }
+      else
+        err = 0;
+      if (err)
+        {
+          log_error (_("can't open '%s': %s\n"),
+                     iobuf_is_pipe_filename (fname)? "[stdin]": fname,
+                     gpg_strerror (err));
+          if (gpg_err_code (err) == GPG_ERR_ENOENT)
+            err = gpg_error (GPG_ERR_NO_PUBKEY);
+          goto leave;
+        }
+
+      /* Push the armor filter.  */
+      {
+        armor_filter_context_t *afx;
+        afx = new_armor_context ();
+        afx->only_keyblocks = 1;
+        push_armor_filter (afx, inp);
+        release_armor_context (afx);
+      }
+
+    }
+  else  /* Read from buffer (No armor expected).  */
+    {
+      inp = iobuf_temp_with_content (buffer, buflen);
+    }

  /* Read the first non-v3 keyblock.  */
  while (!(err = read_block (inp, 0, &pending_pkt, &keyblock, &v3keys)))
@ -373,7 +385,8 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)
    {
      if (gpg_err_code (err) != GPG_ERR_INV_KEYRING)
        log_error (_("error reading '%s': %s\n"),
-                   iobuf_is_pipe_filename (fname)? "[stdin]": fname,
+                   fname? (iobuf_is_pipe_filename (fname)? "[stdin]": fname)
+                   /* */ : "[buffer]",
                   gpg_strerror (err));
      goto leave;
    }
@ -409,7 +422,8 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)
    {
      iobuf_close (inp);
      /* Must invalidate that ugly cache to actually close the file. */
-      iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
+      if (fname)
+        iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
    }
  release_kbnode (keyblock);
  /* FIXME: Do we need to free PENDING_PKT ? */
@ -417,6 +431,38 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)
 }


+/* Import an already checked public key which was included in a
+ * signature and the signature verified out using this key.  */
+gpg_error_t
+import_included_key_block (ctrl_t ctrl, kbnode_t keyblock)
+{
+  gpg_error_t err;
+  struct import_stats_s *stats;
+  import_filter_t save_filt;
+  int save_armor = opt.armor;
+
+  opt.armor = 0;
+  stats = import_new_stats_handle ();
+  save_filt = save_and_clear_import_filter ();
+  if (!save_filt)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  /* FIXME: Should we introduce a dedicated KEYORG ? */
+  err = import_one (ctrl, keyblock,
+                    stats, NULL, 0, 0, 0, 0,
+                    NULL, NULL, KEYORG_UNKNOWN, NULL, NULL);
+
+ leave:
+  restore_import_filter (save_filt);
+  import_release_stats_handle (stats);
+  opt.armor = save_armor;
+  return err;
+}
+
+

 /*
 * Import the public keys from the given filename. Input may be armored.