diff --git a/g10/ChangeLog b/g10/ChangeLog index add119054..cb1ece74b 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,26 @@ +2003-07-21 David Shaw + + * keygen.c (do_add_key_flags): Don't set the certify flag for + subkeys. + (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal + subkeys. + (generate_keypair): Provide key flags for the default DSA/Elgamal + keys. + + * sig-check.c (signature_check, signature_check2, + check_key_signature, check_key_signature2): Allow passing NULLs + for unused parameters in the x2 form of each function to avoid the + need for dummy variables. getkey.c, mainproc.c: Change all + callers. + + * trustdb.h, trustdb.c (read_trust_options): New. Returns items + from the trustdb version record. + + * keylist.c (public_key_list): Use it here for the new "tru" + record. + + * gpgv.c (read_trust_options): Stub. + 2003-07-20 David Shaw * keyedit.c (show_key_with_all_names): Use list-option diff --git a/g10/getkey.c b/g10/getkey.c index f488eb04a..e2d2f3446 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1587,8 +1587,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) { PKT_signature *sig = k->pkt->pkt.signature; - u32 dummy; - int dum2; if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1]) { @@ -1604,7 +1602,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) ultimate trust flag. */ if(get_pubkey_fast(ultimate_pk,sig->keyid)==0 && check_key_signature2(keyblock,k,ultimate_pk, - NULL,NULL,&dummy,&dum2)==0 + NULL,NULL,NULL,NULL)==0 && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE) { free_public_key(ultimate_pk); diff --git a/g10/gpgv.c b/g10/gpgv.c index 67ecceabf..f06b92a6a 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -227,6 +227,9 @@ check_signatures_trust( PKT_signature *sig ) return 0; } +void +read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, + byte *marginals,byte *completes,byte *cert_depth) {}; /* Stub: * We don't have the trustdb , so we have to provide some stub functions diff --git a/g10/keygen.c b/g10/keygen.c index 10f1f033d..edf9badce 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -137,7 +137,12 @@ do_add_key_flags (PKT_signature *sig, unsigned int use) buf[0] = 0; if (use & PUBKEY_USAGE_SIG) - buf[0] |= 0x01 | 0x02; + { + if(sig->sig_class==0x18) + buf[0] |= 0x02; /* Don't set the certify flag for subkeys */ + else + buf[0] |= 0x01 | 0x02; + } if (use & PUBKEY_USAGE_ENC) buf[0] |= 0x04 | 0x08; build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); @@ -1074,15 +1079,18 @@ ask_algo (int addmode, unsigned int *r_usage) _("Create anyway? "))) { algo = PUBKEY_ALGO_ELGAMAL; + *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG; break; } } else if( algo == 3 && addmode ) { algo = PUBKEY_ALGO_ELGAMAL_E; + *r_usage = PUBKEY_USAGE_ENC; break; } else if( algo == 2 ) { algo = PUBKEY_ALGO_DSA; + *r_usage = PUBKEY_USAGE_SIG; break; } else @@ -2082,6 +2090,11 @@ generate_keypair( const char *fname ) strcpy( r->u.value, "1024" ); r->next = para; para = r; + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pKEYUSAGE; + strcpy( r->u.value, "sign" ); + r->next = para; + para = r; algo = PUBKEY_ALGO_ELGAMAL_E; r = m_alloc_clear( sizeof *r + 20 ); @@ -2089,6 +2102,11 @@ generate_keypair( const char *fname ) sprintf( r->u.value, "%d", algo ); r->next = para; para = r; + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYUSAGE; + strcpy( r->u.value, "encrypt" ); + r->next = para; + para = r; } else { r = m_alloc_clear( sizeof *r + 20 ); diff --git a/g10/keylist.c b/g10/keylist.c index 181a622d2..12cf4e573 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -58,10 +58,46 @@ static FILE *attrib_fp=NULL; void public_key_list( STRLIST list ) { - if( !list ) - list_all(0); - else - list_one( list, 0 ); + if(opt.with_colons) + { + byte trust_model,marginals,completes,cert_depth; + ulong created,nextcheck; + + read_trust_options(&trust_model,&created,&nextcheck, + &marginals,&completes,&cert_depth); + + printf("tru:"); + + if(nextcheck && nextcheck <= make_timestamp()) + printf("o"); + if(trust_model!=opt.trust_model) + printf("t"); + if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) + { + if(marginals!=opt.marginals_needed) + printf("m"); + if(completes!=opt.completes_needed) + printf("c"); + if(cert_depth!=opt.max_cert_depth) + printf("d"); + } + + printf(":%d:%lu:%lu",trust_model,created,nextcheck); + + /* Only show marginals, completes, and cert_depth in the classic + or PGP trust models since they are not meaningful + otherwise. */ + + if(trust_model==TM_PGP || trust_model==TM_CLASSIC) + printf(":%d:%d:%d",marginals,completes,cert_depth); + + printf("\n"); + } + + if( !list ) + list_all(0); + else + list_one( list, 0 ); } void @@ -1070,15 +1106,13 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) } if( opt.check_sigs ) { PKT_public_key *signer_pk=NULL; - u32 dummy; - int dum2; fflush(stdout); if(opt.no_sig_cache) signer_pk=m_alloc_clear(sizeof(PKT_public_key)); rc = check_key_signature2( keyblock, node, NULL, signer_pk, - NULL, &dummy, &dum2); + NULL, NULL, NULL ); switch( rc ) { case 0: sigrc = '!'; break; case G10ERR_BAD_SIGN: sigrc = '-'; break; diff --git a/g10/mainproc.c b/g10/mainproc.c index ea3b82db5..e9a658ead 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -665,7 +665,6 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey ) PKT_signature *sig; MD_HANDLE md = NULL, md2 = NULL; int algo, rc, dum2; - u32 dummy; if(!is_expkey) is_expkey=&dum2; @@ -722,9 +721,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey ) } else return G10ERR_SIG_CLASS; - rc = signature_check2( sig, md, &dummy, is_expkey, NULL ); + rc = signature_check2( sig, md, NULL, is_expkey, NULL ); if( rc == G10ERR_BAD_SIGN && md2 ) - rc = signature_check2( sig, md2, &dummy, is_expkey, NULL ); + rc = signature_check2( sig, md2, NULL, is_expkey, NULL ); md_close(md); md_close(md2); diff --git a/g10/sig-check.c b/g10/sig-check.c index 53363f8f9..c2add6174 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -50,9 +50,7 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, int signature_check( PKT_signature *sig, MD_HANDLE digest ) { - u32 dummy; - int dum2; - return signature_check2( sig, digest, &dummy, &dum2, NULL ); + return signature_check2( sig, digest, NULL, NULL, NULL ); } int @@ -62,8 +60,6 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc=0; - *r_expiredate = 0; - /* Sanity check that the md has a context for the hash that the sig is expecting. This can happen if a onepass sig header does not match the actual sig, and also if the clearsign "Hash:" @@ -79,7 +75,8 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an invalid subkey */ else { - *r_expiredate = pk->expiredate; + if(r_expiredate) + *r_expiredate = pk->expiredate; rc = do_check( pk, sig, digest, r_expired, ret_pk ); } @@ -208,7 +205,8 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired ) { u32 cur_time; - *r_expired = 0; + if(r_expired) + *r_expired = 0; if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_info(_("key %08lX: this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n"), @@ -251,7 +249,8 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired ) sprintf(buf,"%lu",(ulong)pk->expiredate); write_status_text(STATUS_KEYEXPIRED,buf); write_status(STATUS_SIGEXPIRED); - *r_expired = 1; + if(r_expired) + *r_expired = 1; } return 0; @@ -476,10 +475,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig) int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) { - u32 dummy; - int dum2; - return check_key_signature2(root, node, NULL, NULL, - is_selfsig, &dummy, &dum2 ); + return check_key_signature2(root, node, NULL, NULL, is_selfsig, NULL, NULL ); } /* If check_pk is set, then use it to check the signature in node @@ -499,8 +495,10 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, if( is_selfsig ) *is_selfsig = 0; - *r_expiredate = 0; - *r_expired = 0; + if( r_expiredate ) + *r_expiredate = 0; + if( r_expired ) + *r_expired = 0; assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( root->pkt->pkttype == PKT_PUBLIC_KEY ); @@ -518,6 +516,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) *is_selfsig = 1; } + /* TODO: should set r_expiredate here as well */ if((rc=do_check_messages(pk,sig,r_expired))) return rc; return sig->flags.valid? 0 : G10ERR_BAD_SIGN; diff --git a/g10/trustdb.c b/g10/trustdb.c index d9b09063d..289af8d29 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -590,7 +590,30 @@ trustdb_pending_check(void) return pending_check_trustdb; } - +void +read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, + byte *marginals,byte *completes,byte *cert_depth) +{ + TRUSTREC opts; + + init_trustdb(); + + read_record(0,&opts,RECTYPE_VER); + + if(trust_model) + *trust_model=opts.r.ver.trust_model; + if(created) + *created=opts.r.ver.created; + if(nextcheck) + *nextcheck=opts.r.ver.nextcheck; + if(marginals) + *marginals=opts.r.ver.marginals; + if(completes) + *completes=opts.r.ver.completes; + if(cert_depth) + *cert_depth=opts.r.ver.cert_depth; +} + /*********************************************** *********** Ownertrust et al. **************** ***********************************************/ diff --git a/g10/trustdb.h b/g10/trustdb.h index 720385a06..414c37702 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -64,6 +64,9 @@ int enum_cert_paths( void **context, ulong *lid, void enum_cert_paths_print( void **context, FILE *fp, int refresh, ulong selected_lid ); +void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, + byte *marginals,byte *completes,byte *cert_depth); + unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_min_ownertrust (PKT_public_key *pk); int get_ownertrust_info (PKT_public_key *pk);