security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

gpg: Simplify the tofu interface by using the public key packet.

Browse Source 
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--

This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-11-13 16:42:59 +01:00
parent 7de8376430
commit e7d7160ab7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 18 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/gpg.h
View File

@ -37,7 +37,9 @@
/* Number of bits we accept when reading or writing MPIs. */
#define MAX_EXTERN_MPI_BITS 16384
/* The maximum length of a binary fingerprints.
/* The maximum length of a binary fingerprints. This is used to
provide a static buffer and will be increased if we need to support
longer fingerprints.
Warning: At some places we still use 20 instead of this macro. */
#define MAX_FINGERPRINT_LEN 20

37
g10/tofu.c
View File

@ -168,15 +168,6 @@ tofu_cache_dump (struct db *db)
# define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months")
#endif
static char *
fingerprint_str (const byte *fingerprint_bin)
{
char *fingerprint = bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, NULL);
if (! fingerprint)
log_fatal ("bin2hex failed: %s\n",
gpg_strerror (gpg_error_from_syserror()));
return fingerprint;
}
/* Pretty print a MAX_FINGERPRINT_LEN-byte binary fingerprint into a
malloc'd string. */
@ -2543,8 +2534,8 @@ email_from_user_id (const char *user_id)
return email;
}
/* Register the signature with the binding <FINGERPRINT_BIN, USER_ID>.
FINGERPRINT must be MAX_FINGERPRINT_LEN bytes long.
/* Register the signature with the binding <fingerprint, USER_ID>.
The fingerprint is taken from the primary key packet PK.
SIG_DIGEST_BIN is the binary representation of the message's
digest. SIG_DIGEST_BIN_LEN is its length.
@ -2563,7 +2554,7 @@ email_from_user_id (const char *user_id)
This function returns the binding's trust level on return. If an
error occurs, this function returns TRUST_UNKNOWN. */
int
tofu_register (const byte *fingerprint_bin, const char *user_id,
tofu_register (PKT_public_key *pk, const char *user_id,
const byte *sig_digest_bin, int sig_digest_bin_len,
time_t sig_time, const char *origin, int may_ask)
{
@ -2588,7 +2579,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
goto die;
}
fingerprint = fingerprint_str (fingerprint_bin);
fingerprint = hexfingerprint (pk);
fingerprint_pp = fingerprint_format (fingerprint);
if (! *user_id)
@ -2780,7 +2771,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
/* Return the validity (TRUST_NEVER, etc.) of the binding
<FINGERPRINT, USER_ID>.
FINGERPRINT must be a MAX_FINGERPRINT_LEN-byte fingerprint.
PK is the primary key packet.
If MAY_ASK is 1 and the policy is TOFU_POLICY_ASK, then the user
will be prompted to choose a different policy. If MAY_ASK is 0 and
@ -2788,7 +2779,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
Returns TRUST_UNDEFINED if an error occurs. */
int
tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
tofu_get_validity (PKT_public_key *pk, const char *user_id,
int may_ask)
{
struct dbs *dbs;
@ -2803,7 +2794,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
goto die;
}
fingerprint = fingerprint_str (fingerprint_bin);
fingerprint = hexfingerprint (pk);
if (! *user_id)
{
@ -2843,8 +2834,6 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy)
{
struct dbs *dbs;
PKT_public_key *pk;
char fingerprint_bin[MAX_FINGERPRINT_LEN];
size_t fingerprint_bin_len = sizeof (fingerprint_bin);
char *fingerprint = NULL;
assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
@ -2864,10 +2853,7 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy)
&& pk->main_keyid[1] == pk->keyid[1]))
log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__);
fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
assert (fingerprint_bin_len == sizeof (fingerprint_bin));
fingerprint = fingerprint_str (fingerprint_bin);
fingerprint = hexfingerprint (pk);
for (; kb; kb = kb->next)
{
@ -2925,8 +2911,6 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
enum tofu_policy *policy)
{
struct dbs *dbs;
char fingerprint_bin[MAX_FINGERPRINT_LEN];
size_t fingerprint_bin_len = sizeof (fingerprint_bin);
char *fingerprint;
char *email;
@ -2941,10 +2925,7 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
return gpg_error (GPG_ERR_GENERAL);
}
fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
assert (fingerprint_bin_len == sizeof (fingerprint_bin));
fingerprint = fingerprint_str (fingerprint_bin);
fingerprint = hexfingerprint (pk);
email = email_from_user_id (user_id->name);

9
g10/tofu.h
View File

@ -71,14 +71,14 @@ const char *tofu_policy_str (enum tofu_policy policy);
(e.g., TRUST_BAD) in light of the current configuration. */
int tofu_policy_to_trust_level (enum tofu_policy policy);
/* Register the binding <FINGERPRINT, USER_ID> and the signature
/* Register the binding <PK, USER_ID> and the signature
described by SIGS_DIGEST and SIG_TIME, which it generated. Origin
describes where the signed data came from, e.g., "email:claws"
(default: "unknown"). If MAY_ASK is 1, then this function may
interact with the user in the case of a conflict or if the
binding's policy is ask. This function returns the binding's trust
level. If an error occurs, it returns TRUST_UNKNOWN. */
int tofu_register (const byte *fingerprint, const char *user_id,
int tofu_register (PKT_public_key *pk, const char *user_id,
const byte *sigs_digest, int sigs_digest_len,
time_t sig_time, const char *origin, int may_ask);
@ -88,11 +88,10 @@ int tofu_register (const byte *fingerprint, const char *user_id,
int tofu_wot_trust_combine (int tofu, int wot);
/* Determine the validity (TRUST_NEVER, etc.) of the binding
<FINGERPRINT, USER_ID>. If MAY_ASK is 1, then this function may
<PK, USER_ID>. If MAY_ASK is 1, then this function may
interact with the user. If not, TRUST_UNKNOWN is returned. If an
error occurs, TRUST_UNDEFINED is returned. */
int tofu_get_validity (const byte *fingerprint, const char *user_id,
int may_ask);
int tofu_get_validity (PKT_public_key *pk, const char *user_id, int may_ask);
/* Set the policy for all non-revoked user ids in the keyblock KB to
POLICY. */

10
g10/trustdb.c
View File

@ -1021,12 +1021,6 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
int user_ids = 0;
int user_ids_expired = 0;
char fingerprint[MAX_FINGERPRINT_LEN];
size_t fingerprint_len = sizeof (fingerprint);
fingerprint_from_pk (main_pk, fingerprint, &fingerprint_len);
assert (fingerprint_len == sizeof (fingerprint));
/* If the caller didn't supply a user id then iterate over all
uids. */
if (! uid)
@ -1062,12 +1056,12 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
user_ids ++;
if (sig)
tl = tofu_register (fingerprint, user_id->name,
tl = tofu_register (main_pk, user_id->name,
sig->digest, sig->digest_len,
sig->timestamp, "unknown",
may_ask);
else
tl = tofu_get_validity (fingerprint, user_id->name, may_ask);
tl = tofu_get_validity (main_pk, user_id->name, may_ask);
if (tl == TRUST_EXPIRED)
user_ids_expired ++;