gpg: Simplify the tofu interface by using the public key packet.

* g10/tofu.c (fingerprint_str): Remove. (tofu_register): Take a public key instead of a fingerprint as arg. Use hexfingerprint() to get a fpr from the PK. (tofu_get_validity): Ditto. (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint. * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to instead of the fingerprint to the tofu functions. -- This change has the advantage that we are not bound to a specific fingerprint length and will thus helps us to implement rfc4880bis. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-03-27 22:39:59 +01:00 · 2015-11-13 16:42:59 +01:00 · 2015-11-13 16:42:59 +01:00 · e7d7160ab7
commit e7d7160ab7
parent 7de8376430
4 changed files with 18 additions and 42 deletions
--- a/g10/gpg.h
+++ b/g10/gpg.h
@ -37,7 +37,9 @@
 /* Number of bits we accept when reading or writing MPIs. */
 #define MAX_EXTERN_MPI_BITS 16384
-/* The maximum length of a binary fingerprints.
+/* The maximum length of a binary fingerprints.  This is used to
   provide a static buffer and will be increased if we need to support
   longer fingerprints.
   Warning: At some places we still use 20 instead of this macro. */
 #define MAX_FINGERPRINT_LEN 20
--- a/g10/tofu.c
+++ b/g10/tofu.c
@ -168,15 +168,6 @@ tofu_cache_dump (struct db *db)
 #  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months")
 #endif
 static char *
 fingerprint_str (const byte *fingerprint_bin)
 {
  char *fingerprint = bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, NULL);
  if (! fingerprint)
    log_fatal ("bin2hex failed: %s\n",
               gpg_strerror (gpg_error_from_syserror()));
  return fingerprint;
 }
 /* Pretty print a MAX_FINGERPRINT_LEN-byte binary fingerprint into a
   malloc'd string.  */
@ -2543,8 +2534,8 @@ email_from_user_id (const char *user_id)
  return email;
 }
-/* Register the signature with the binding <FINGERPRINT_BIN, USER_ID>.
+/* Register the signature with the binding <fingerprint, USER_ID>.
-   FINGERPRINT must be MAX_FINGERPRINT_LEN bytes long.
+   The fingerprint is taken from the primary key packet PK.
   SIG_DIGEST_BIN is the binary representation of the message's
   digest.  SIG_DIGEST_BIN_LEN is its length.
@ -2563,7 +2554,7 @@ email_from_user_id (const char *user_id)
   This function returns the binding's trust level on return.  If an
   error occurs, this function returns TRUST_UNKNOWN.  */
 int
-tofu_register (const byte *fingerprint_bin, const char *user_id,
+tofu_register (PKT_public_key *pk, const char *user_id,
 	       const byte *sig_digest_bin, int sig_digest_bin_len,
 	       time_t sig_time, const char *origin, int may_ask)
 {
@ -2588,7 +2579,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
      goto die;
    }
-  fingerprint = fingerprint_str (fingerprint_bin);
+  fingerprint = hexfingerprint (pk);
  fingerprint_pp = fingerprint_format (fingerprint);
  if (! *user_id)
@ -2780,7 +2771,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
 /* Return the validity (TRUST_NEVER, etc.) of the binding
   <FINGERPRINT, USER_ID>.
-   FINGERPRINT must be a MAX_FINGERPRINT_LEN-byte fingerprint.
+   PK is the primary key packet.
   If MAY_ASK is 1 and the policy is TOFU_POLICY_ASK, then the user
   will be prompted to choose a different policy.  If MAY_ASK is 0 and
@ -2788,7 +2779,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
   Returns TRUST_UNDEFINED if an error occurs.  */
 int
-tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
+tofu_get_validity (PKT_public_key *pk, const char *user_id,
 		   int may_ask)
 {
  struct dbs *dbs;
@ -2803,7 +2794,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
      goto die;
    }
-  fingerprint = fingerprint_str (fingerprint_bin);
+  fingerprint = hexfingerprint (pk);
  if (! *user_id)
    {
@ -2843,8 +2834,6 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy)
 {
  struct dbs *dbs;
  PKT_public_key *pk;
  char fingerprint_bin[MAX_FINGERPRINT_LEN];
  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
  char *fingerprint = NULL;
  assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
@ -2864,10 +2853,7 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy)
 	 && pk->main_keyid[1] == pk->keyid[1]))
    log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__);
-  fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+  fingerprint = hexfingerprint (pk);
  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
  fingerprint = fingerprint_str (fingerprint_bin);
  for (; kb; kb = kb->next)
    {
@ -2925,8 +2911,6 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
 		 enum tofu_policy *policy)
 {
  struct dbs *dbs;
  char fingerprint_bin[MAX_FINGERPRINT_LEN];
  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
  char *fingerprint;
  char *email;
@ -2941,10 +2925,7 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
      return gpg_error (GPG_ERR_GENERAL);
    }
-  fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+  fingerprint = hexfingerprint (pk);
  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
  fingerprint = fingerprint_str (fingerprint_bin);
  email = email_from_user_id (user_id->name);
--- a/g10/tofu.h
+++ b/g10/tofu.h
@ -71,14 +71,14 @@ const char *tofu_policy_str (enum tofu_policy policy);
   (e.g., TRUST_BAD) in light of the current configuration.  */
 int tofu_policy_to_trust_level (enum tofu_policy policy);
-/* Register the binding <FINGERPRINT, USER_ID> and the signature
+/* Register the binding <PK, USER_ID> and the signature
   described by SIGS_DIGEST and SIG_TIME, which it generated.  Origin
   describes where the signed data came from, e.g., "email:claws"
   (default: "unknown").  If MAY_ASK is 1, then this function may
   interact with the user in the case of a conflict or if the
   binding's policy is ask.  This function returns the binding's trust
   level.  If an error occurs, it returns TRUST_UNKNOWN.  */
-int tofu_register (const byte *fingerprint, const char *user_id,
+int tofu_register (PKT_public_key *pk, const char *user_id,
 		   const byte *sigs_digest, int sigs_digest_len,
 		   time_t sig_time, const char *origin, int may_ask);
@ -88,11 +88,10 @@ int tofu_register (const byte *fingerprint, const char *user_id,
 int tofu_wot_trust_combine (int tofu, int wot);
 /* Determine the validity (TRUST_NEVER, etc.) of the binding
-   <FINGERPRINT, USER_ID>.  If MAY_ASK is 1, then this function may
+   <PK, USER_ID>.  If MAY_ASK is 1, then this function may
   interact with the user.  If not, TRUST_UNKNOWN is returned.  If an
   error occurs, TRUST_UNDEFINED is returned.  */
-int tofu_get_validity (const byte *fingerprint, const char *user_id,
+int tofu_get_validity (PKT_public_key *pk, const char *user_id, int may_ask);
 		       int may_ask);
 /* Set the policy for all non-revoked user ids in the keyblock KB to
   POLICY.  */
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -1021,12 +1021,6 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
      int user_ids = 0;
      int user_ids_expired = 0;
      char fingerprint[MAX_FINGERPRINT_LEN];
      size_t fingerprint_len = sizeof (fingerprint);
      fingerprint_from_pk (main_pk, fingerprint, &fingerprint_len);
      assert (fingerprint_len == sizeof (fingerprint));
      /* If the caller didn't supply a user id then iterate over all
 	 uids.  */
      if (! uid)
@ -1062,12 +1056,12 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
 	  user_ids ++;
 	  if (sig)
-	    tl = tofu_register (fingerprint, user_id->name,
+	    tl = tofu_register (main_pk, user_id->name,
 				sig->digest, sig->digest_len,
 				sig->timestamp, "unknown",
 				may_ask);
 	  else
-	    tl = tofu_get_validity (fingerprint, user_id->name, may_ask);
+	    tl = tofu_get_validity (main_pk, user_id->name, may_ask);
 	  if (tl == TRUST_EXPIRED)
 	    user_ids_expired ++;