diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 12 | ||||
| -rw-r--r-- | g10/OPTIONS | 6 | ||||
| -rw-r--r-- | g10/build-packet.c | 2 | ||||
| -rw-r--r-- | g10/free-packet.c | 24 | ||||
| -rw-r--r-- | g10/g10.c | 3 | ||||
| -rw-r--r-- | g10/getkey.c | 4 | ||||
| -rw-r--r-- | g10/keyedit.c | 125 | ||||
| -rw-r--r-- | g10/keygen.c | 12 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/packet.h | 1 | ||||
| -rw-r--r-- | g10/parse-packet.c | 120 | ||||
| -rw-r--r-- | g10/ringedit.c | 3 | ||||
| -rw-r--r-- | g10/sign.c | 7 | ||||
| -rw-r--r-- | g10/tdbio.c | 5 | ||||
| -rw-r--r-- | g10/tdbio.h | 3 | ||||
| -rw-r--r-- | g10/trustdb.c | 49 |
17 files changed, 321 insertions, 59 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 4c3b01101..72e0244e4 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +Sun Oct 18 11:49:03 1998 Werner Koch ([email protected]) + + * sign.c (only_old_style): Add option force_v3_sigs + (sign_file): Fixed a bug in sig->version + (clearsign_file): Ditto. + + * parse-packet.c (dump_sig_subpkt): New + + * keyedit.c (menu_expire): New. + * free-packet.c (cmp_signatures): New + + Sat Oct 17 10:22:39 1998 Werner Koch ([email protected]) * armor.c: changed output line length from 72 to 64. diff --git a/g10/OPTIONS b/g10/OPTIONS index 4ec4192e3..59da5cd2a 100644 --- a/g10/OPTIONS +++ b/g10/OPTIONS @@ -51,10 +51,4 @@ run-as-shm-coprocess [request-locked-shm-size] # You will have to use "--status-fd" too # Note: This option dioes only work if given on the command line. -set-filename <name> -# Set <name> as the filename into the plaintext packet - -comment <string> -# Add <string> as comment to the output - diff --git a/g10/build-packet.c b/g10/build-packet.c index 11edb33e6..d83568328 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -215,7 +215,7 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk ) ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L); else ndays = 0; - write_16(a, 0 ); + write_16(a, ndays ); } iobuf_put(a, pk->pubkey_algo ); n = pubkey_get_npkey( pk->pubkey_algo ); diff --git a/g10/free-packet.c b/g10/free-packet.c index c3b516dbd..ed8f25db8 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -395,6 +395,30 @@ cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk ) return 0; } + + +int +cmp_signatures( PKT_signature *a, PKT_signature *b ) +{ + int n, i; + + if( a->keyid[0] != b->keyid[0] ) + return -1; + if( a->keyid[1] != b->keyid[1] ) + return -1; + if( a->pubkey_algo != b->pubkey_algo ) + return -1; + + n = pubkey_get_nsig( a->pubkey_algo ); + if( !n ) + return -1; /* can't compare due to unknown algorithm */ + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->data[i] , b->data[i] ) ) + return -1; + } + return 0; +} + int cmp_user_ids( PKT_user_id *a, PKT_user_id *b ) { @@ -137,6 +137,7 @@ enum cmd_and_opt_values { aNull = 0, oSetFilename, oComment, oThrowKeyid, + oForceV3Sigs, oS2KMode, oS2KDigest, oS2KCipher, @@ -205,6 +206,7 @@ static ARGPARSE_OPTS opts[] = { #endif { oOutput, "output", 2, N_("use as output file")}, { oVerbose, "verbose", 0, N_("verbose") }, + { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") }, /* { oDryRun, "dry-run", 0, N_("do not make any changes") }, */ { oBatch, "batch", 0, N_("batch mode: never ask")}, { oAnswerYes, "yes", 0, N_("assume yes on most questions")}, @@ -714,6 +716,7 @@ main( int argc, char **argv ) case oSetFilename: opt.set_filename = pargs.r.ret_str; break; case oComment: opt.comment_string = pargs.r.ret_str; break; case oThrowKeyid: opt.throw_keyid = 1; break; + case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break; case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break; diff --git a/g10/getkey.c b/g10/getkey.c index 90bd09a25..3aa12033d 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -610,7 +610,7 @@ merge_one_pk_and_selfsig( KBNODE keyblock, KBNODE knode ) for(k=keyblock; k; k = k->next ) { if( k->pkt->pkttype == PKT_SIGNATURE && (sig=k->pkt->pkt.signature)->sig_class >= 0x10 - && sig->sig_class <= 0x13 + && sig->sig_class <= 0x30 && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] && sig->version > 3 ) { @@ -660,7 +660,7 @@ merge_keys_and_selfsig( KBNODE keyblock ) } else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE && (sig=k->pkt->pkt.signature)->sig_class >= 0x10 - && sig->sig_class <= 0x13 && sig->version > 3 + && sig->sig_class <= 0x30 && sig->version > 3 && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) { /* okay this is (the first) self-signature which can be used * FIXME: We should only use this if the signature is valid diff --git a/g10/keyedit.c b/g10/keyedit.c index 4cc5a257e..a504d06c7 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -48,6 +48,7 @@ static void show_fingerprint( PKT_public_key *pk ); static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock ); static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock ); static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock ); +static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ); static int menu_select_uid( KBNODE keyblock, int index ); static int menu_select_key( KBNODE keyblock, int index ); static int count_uids( KBNODE keyblock ); @@ -478,7 +479,7 @@ keyedit_menu( const char *username, STRLIST locusr ) enum cmdids { cmdNONE = 0, cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN, cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY, - cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, + cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdNOP }; static struct { const char *name; enum cmdids id; @@ -504,6 +505,7 @@ keyedit_menu( const char *username, STRLIST locusr ) { N_("deluid") , cmdDELUID , 0, N_("delete user id") }, { N_("addkey") , cmdADDKEY , 1, N_("add a secondary key") }, { N_("delkey") , cmdDELKEY , 0, N_("delete a secondary key") }, + { N_("expire") , cmdEXPIRE , 1, N_("change the expire date") }, { N_("toggle") , cmdTOGGLE , 1, N_("toggle between secret " "and public key listing") }, { N_("t" ) , cmdTOGGLE , 1, NULL }, @@ -761,6 +763,16 @@ keyedit_menu( const char *username, STRLIST locusr ) } break; + case cmdEXPIRE: + if( menu_expire( keyblock, sec_keyblock ) ) { + merge_keys_and_selfsig( sec_keyblock ); + merge_keys_and_selfsig( keyblock ); + sec_modified = 1; + modified = 1; + redisplay = 1; + } + break; + case cmdPASSWD: if( change_passphrase( sec_keyblock ) ) sec_modified = 1; @@ -1149,6 +1161,117 @@ menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock ) } + +static int +menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) +{ + int n1, rc; + u32 expiredate; + int mainkey=0; + PKT_secret_key *sk; /* copy of the main sk */ + PKT_public_key *main_pk, *sub_pk; + PKT_user_id *uid; + KBNODE node; + u32 keyid[2]; + + if( count_selected_keys( sec_keyblock ) ) { + tty_printf(_("Please remove selections from the secret keys.\n")); + return 0; + } + + n1 = count_selected_keys( pub_keyblock ); + if( n1 > 1 ) { + tty_printf(_("Please select at most one secondary key.\n")); + return 0; + } + else if( n1 ) + tty_printf(_("Changing exiration time for a secondary key.\n")); + else { + tty_printf(_("Changing exiration time for the primary key.\n")); + mainkey=1; + } + + expiredate = ask_expiredate(); + /* fixme: check that expiredate is > key creation date */ + + /* get the secret key , make a copy and set the expiration time into + * that key (because keygen_add-key-expire expects it there) + */ + node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); + sk = copy_secret_key( NULL, node->pkt->pkt.secret_key); + sk->expiredate = expiredate; + + /* Now we can actually change the self signature(s) */ + main_pk = sub_pk = NULL; + uid = NULL; + for( node=pub_keyblock; node; node = node->next ) { + if( node->pkt->pkttype == PKT_PUBLIC_KEY ) { + main_pk = node->pkt->pkt.public_key; + keyid_from_pk( main_pk, keyid ); + } + else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY + && (node->flag & NODFLG_SELKEY ) ) + sub_pk = node->pkt->pkt.public_key; + else if( node->pkt->pkttype == PKT_USER_ID ) + uid = node->pkt->pkt.user_id; + else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE ) { + PKT_signature *sig = node->pkt->pkt.signature; + if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] + && ( (mainkey && uid && (sig->sig_class&~3) == 0x10) + || (!mainkey && sig->sig_class == 0x18) ) ) { + /* this is a selfsignature which should be replaced */ + PKT_signature *newsig; + PACKET *newpkt; + KBNODE sn; + + /* find the corresponding secret self-signature */ + for( sn=sec_keyblock; sn; sn = sn->next ) { + if( sn->pkt->pkttype == PKT_SIGNATURE + && !cmp_signatures( sn->pkt->pkt.signature, sig ) ) + break; + } + if( !sn ) + log_info(_("No corresponding signature in secret ring\n")); + + /* create new self signature */ + if( mainkey ) + rc = make_keysig_packet( &newsig, main_pk, uid, NULL, + sk, 0x13, 0, + keygen_add_std_prefs, sk ); + else + rc = make_keysig_packet( &newsig, main_pk, NULL, sub_pk, + sk, 0x18, 0, + keygen_add_key_expire, sk ); + if( rc ) { + log_error("make_keysig_packet failed: %s\n", + g10_errstr(rc)); + free_secret_key( sk ); + return 0; + } + /* replace the packet */ + newpkt = m_alloc_clear( sizeof *newpkt ); + newpkt->pkttype = PKT_SIGNATURE; + newpkt->pkt.signature = newsig; + free_packet( node->pkt ); + m_free( node->pkt ); + node->pkt = newpkt; + if( sn ) { + newpkt = m_alloc_clear( sizeof *newpkt ); + newpkt->pkttype = PKT_SIGNATURE; + newpkt->pkt.signature = copy_signature( NULL, newsig ); + free_packet( sn->pkt ); + m_free( sn->pkt ); + sn->pkt = newpkt; + } + } + } + } + + free_secret_key( sk ); + return 1; +} + + /**************** * Select one user id or remove all selection if index is 0. * Returns: True if the selection changed; diff --git a/g10/keygen.c b/g10/keygen.c index 9f1d8df9f..1aac84fa4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -51,8 +51,8 @@ write_uid( KBNODE root, const char *s ) -static int -add_key_expire( PKT_signature *sig, void *opaque ) +int +keygen_add_key_expire( PKT_signature *sig, void *opaque ) { PKT_secret_key *sk = opaque; byte buf[8]; @@ -80,7 +80,7 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque ) { byte buf[8]; - add_key_expire( sig, opaque ); + keygen_add_key_expire( sig, opaque ); buf[0] = CIPHER_ALGO_BLOWFISH; buf[1] = CIPHER_ALGO_CAST5; @@ -176,7 +176,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk ) /* and make the signature */ rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, - add_key_expire, sk ); + keygen_add_key_expire, sk ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); return rc; @@ -481,7 +481,7 @@ ask_keysize( int algo ) } -static u32 +u32 ask_expiredate() { char *answer; @@ -495,7 +495,7 @@ ask_expiredate() " <n>m = key expires in n months\n" " <n>y = key expires in n years\n")); /* Note: The elgamal subkey for DSA has no exiration date because - * is must be signed with the DSA key and this one has the expiration + * it must be signed with the DSA key and this one has the expiration * date */ answer = NULL; diff --git a/g10/main.h b/g10/main.h index a8132fa74..7cde3c58a 100644 --- a/g10/main.h +++ b/g10/main.h @@ -78,7 +78,9 @@ int delete_key( const char *username, int secure ); void keyedit_menu( const char *username, STRLIST locusr ); /*-- keygen.c --*/ +u32 ask_expiredate(void); void generate_keypair(void); +int keygen_add_key_expire( PKT_signature *sig, void *opaque ); int keygen_add_std_prefs( PKT_signature *sig, void *opaque ); int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ); diff --git a/g10/options.h b/g10/options.h index ac7629631..09a33016c 100644 --- a/g10/options.h +++ b/g10/options.h @@ -41,7 +41,7 @@ struct { int no_armor; int list_packets; /* list-packets mode */ int def_cipher_algo; - int reserved1; + int force_v3_sigs; int def_digest_algo; int def_compress_algo; const char *def_secret_key; diff --git a/g10/packet.h b/g10/packet.h index 4898027a2..fa26a334a 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -273,6 +273,7 @@ PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s ); PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s ); PKT_user_id *copy_user_id( PKT_user_id *d, PKT_user_id *s ); int cmp_public_keys( PKT_public_key *d, PKT_public_key *s ); +int cmp_signatures( PKT_signature *a, PKT_signature *b ); int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk ); int cmp_user_ids( PKT_user_id *a, PKT_user_id *b ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c17f2c5c9..542676ccd 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -608,6 +608,97 @@ parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) } +static void +dump_sig_subpkt( int hashed, int type, int critical, + const char * buffer, size_t buflen, size_t length ) +{ + const char *p=NULL; + + printf("\t%s%ssubpkt %d len %u (", /*)*/ + critical ? "critical ":"", + hashed ? "hashed ":"", type, (unsigned)length ); + buffer++; + length--; + if( length > buflen ) { + printf("too short: buffer is only %u)\n", (unsigned)buflen ); + return; + } + switch( type ) { + case SIGSUBPKT_SIG_CREATED: + if( length >= 4 ) + printf("sig created %s", strtimestamp( buffer_to_u32(buffer) ) ); + break; + case SIGSUBPKT_SIG_EXPIRE: + if( length >= 4 ) + printf("sig expires %s", strtimestamp( buffer_to_u32(buffer) ) ); + break; + case SIGSUBPKT_EXPORTABLE: + p = "exportable"; + break; + case SIGSUBPKT_TRUST: + p = "trust signature"; + break; + case SIGSUBPKT_REGEXP: + p = "regular expression"; + break; + case SIGSUBPKT_REVOCABLE: + p = "revocable"; + break; + case SIGSUBPKT_KEY_EXPIRE: + if( length >= 4 ) + printf("key expires %s", strtimestamp( buffer_to_u32(buffer) ) ); + break; + case SIGSUBPKT_ARR: + p = "additional recipient request"; + break; + case SIGSUBPKT_PREF_SYM: + p = "preferred symmetric algorithms"; + break; + case SIGSUBPKT_REV_KEY: + p = "revocation key"; + break; + case SIGSUBPKT_ISSUER: + if( length >= 8 ) + printf("issuer key ID %08lX%08lX", + (ulong)buffer_to_u32(buffer), + (ulong)buffer_to_u32(buffer+4) ); + break; + case SIGSUBPKT_NOTATION: + p = "notation data"; + break; + case SIGSUBPKT_PREF_HASH: + p = "preferred hash algorithms"; + break; + case SIGSUBPKT_PREF_COMPR: + p = "preferred compression algorithms"; + break; + case SIGSUBPKT_KS_FLAGS: + p = "key server preferences"; + break; + case SIGSUBPKT_PREF_KS: + p = "preferred key server"; + break; + case SIGSUBPKT_PRIMARY_UID: + p = "primary user id"; + break; + case SIGSUBPKT_POLICY: + p = "policy URL"; + break; + case SIGSUBPKT_KEY_FLAGS: + p = "key flags"; + break; + case SIGSUBPKT_SIGNERS_UID: + p = "signer's user id"; + break; + case SIGSUBPKT_PRIV_ADD_SIG: + p = "signs additional user id"; + break; + default: p = "?"; break; + } + + printf("%s)\n", p? p: ""); +} + const byte * parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n ) { @@ -648,32 +739,9 @@ parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n ) } else critical = 0; - if( reqtype < 0 ) { /* list packets */ - printf("\t%ssubpacket %d of length %u (%s)\n", - reqtype == SIGSUBPKT_LIST_HASHED ? "hashed ":"", type, (unsigned)n, - type == SIGSUBPKT_SIG_CREATED ? "signature creation time" - : type == SIGSUBPKT_SIG_EXPIRE ? "signature expiration time" - : type == SIGSUBPKT_EXPORTABLE ? "exportable" - : type == SIGSUBPKT_TRUST ? "trust signature" - : type == SIGSUBPKT_REGEXP ? "regular expression" - : type == SIGSUBPKT_REVOCABLE ? "revocable" - : type == SIGSUBPKT_KEY_EXPIRE ? "key expiration time" - : type == SIGSUBPKT_ARR ? "additional recipient request" - : type == SIGSUBPKT_PREF_SYM ? "preferred symmetric algorithms" - : type == SIGSUBPKT_REV_KEY ? "revocation key" - : type == SIGSUBPKT_ISSUER ? "issuer key ID" - : type == SIGSUBPKT_NOTATION ? "notation data" - : type == SIGSUBPKT_PREF_HASH ? "preferred hash algorithms" - : type == SIGSUBPKT_PREF_COMPR ? "preferred compression algorithms" - : type == SIGSUBPKT_KS_FLAGS ? "key server preferences" - : type == SIGSUBPKT_PREF_KS ? "preferred key server" - : type == SIGSUBPKT_PRIMARY_UID ? "primary user id" - : type == SIGSUBPKT_POLICY ? "policy URL" - : type == SIGSUBPKT_KEY_FLAGS ? "key flags" - : type == SIGSUBPKT_SIGNERS_UID ? "signer's user id" - : type == SIGSUBPKT_PRIV_ADD_SIG? "signs additional user id" - : "?"); - } + if( reqtype < 0 ) /* list packets */ + dump_sig_subpkt( reqtype == SIGSUBPKT_LIST_HASHED, + type, critical, buffer, buflen, n ); else if( type == reqtype ) break; /* found */ buffer += n; buflen -=n; diff --git a/g10/ringedit.c b/g10/ringedit.c index bf058f01e..119cd67d0 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -62,6 +62,8 @@ #include "options.h" #include "i18n.h" +#undef HAVE_LIBGDBM /* <--- not ready */ + struct resource_table_struct { int used; int secret; /* this is a secret keyring */ @@ -275,6 +277,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) if( !filename || !strcmp( resource_table[i].fname, filename ) ) { memset( kbpos, 0, sizeof *kbpos ); kbpos->resno = i; + kbpos->rt = resource_table[i].rt; return 0; } } diff --git a/g10/sign.c b/g10/sign.c index 304843f59..7404cac5d 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -108,6 +108,9 @@ only_old_style( SK_LIST sk_list ) SK_LIST sk_rover = NULL; int old_style = 0; + if( opt.force_v3_sigs ) + return 1; + /* if there are only old style capable key we use the old sytle */ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; @@ -369,7 +372,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, /* build the signature packet */ /* fixme: this code is partly duplicated in make_keysig_packet */ sig = m_alloc_clear( sizeof *sig ); - sig->version = sk->version; + sig->version = old_style? 3 : sk->version; keyid_from_sk( sk, sig->keyid ); sig->digest_algo = hash_for(sk->pubkey_algo); sig->pubkey_algo = sk->pubkey_algo; @@ -605,7 +608,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) /* build the signature packet */ /* fixme: this code is duplicated above */ sig = m_alloc_clear( sizeof *sig ); - sig->version = sk->version; + sig->version = old_style? 3 : sk->version; keyid_from_sk( sk, sig->keyid ); sig->digest_algo = hash_for(sk->pubkey_algo); sig->pubkey_algo = sk->pubkey_algo; diff --git a/g10/tdbio.c b/g10/tdbio.c index 425919338..5c1b7f427 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -962,7 +962,7 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) rc = G10ERR_TRUSTDB; } break; - case RECTYPE_CACH: /* cache record (FIXME)*/ + case RECTYPE_CACH: /* cache record */ rec->r.cache.lid = buftoulong(p); p += 4; memcpy(rec->r.cache.blockhash, p, 20); p += 20; rec->r.cache.trustlevel = *p++; @@ -990,7 +990,6 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) /**************** * Write the record at RECNUM - * FIXME: create/update keyhash record. */ int tdbio_write_record( TRUSTREC *rec ) @@ -1081,7 +1080,7 @@ tdbio_write_record( TRUSTREC *rec ) ulongtobuf( p, rec->r.sdir.hintlist ); break; - case RECTYPE_CACH: /* FIXME*/ + case RECTYPE_CACH: ulongtobuf(p, rec->r.cache.lid); p += 4; memcpy(p, rec->r.cache.blockhash, 20); p += 20; *p++ = rec->r.cache.trustlevel; diff --git a/g10/tdbio.h b/g10/tdbio.h index 42bb4aa48..2c52b22b6 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -55,7 +55,8 @@ but we mark it to avoid duplicate checks */ #define DIRF_REVOKED 8 /* the complete key has been revoked */ -#define KEYF_REVOKED 8 /* this key has been revoked (only useful on subkeys)*/ +#define KEYF_EXPIRED 4 /* this key is expired */ +#define KEYF_REVOKED 8 /* this key has been revoked */ #define UIDF_CHECKED 1 /* user id has been checked - other bits are valid */ #define UIDF_VALID 2 /* this is a valid user id */ diff --git a/g10/trustdb.c b/g10/trustdb.c index eb6ea3ca6..e4a447826 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -2054,7 +2054,7 @@ upd_pref_record( PKT_signature *sig, TRUSTREC *drec, /**************** - * Note: A signature made with a secondayr key is not considered a + * Note: A signature made with a secondary key is not considered a * self-signature. */ static void @@ -2067,11 +2067,21 @@ upd_sig_record( PKT_signature *sig, TRUSTREC *drec, ulong lid = drec->recnum; if( !*uidrecno ) { - /* fixme: handle direct key signatures */ - log_error("key %08lX: signature without user id\n", (ulong)keyid[1] ); - return; + switch( sig->sig_class ) { + case 0x20: + case 0x28: /* We do not need uids for [sub]key revications */ + case 0x18: /* or subkey binding */ + memset( &urec, 0, sizeof urec ); /* to catch errors */ + break; + + default: + log_error("key %08lX: signature (class %02x) without user id\n", + (ulong)keyid[1], sig->sig_class ); + return; + } } - read_record( *uidrecno, &urec, RECTYPE_UID ); + else + read_record( *uidrecno, &urec, RECTYPE_UID ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { if( (sig->sig_class&~3) == 0x10 ) { @@ -2099,12 +2109,19 @@ upd_sig_record( PKT_signature *sig, TRUSTREC *drec, urec.dirty = 1; } } - else {/* is revocation sig etc */ + else if( sig->sig_class == 0x18 ) { /* key binding */ + /* FIXME */ + } + else if( sig->sig_class == 0x20 ) { /* key revocation */ + /* FIXME */ + } + else if( sig->sig_class == 0x28 ) { /* subkey revocation */ + /* FIXME */ + } + else if( sig->sig_class == 0x30 ) { /* cert revocation */ /* FIXME */ } } - else if( !*uidrecno ) - ; /* skip record with direct key signatures here */ else if( (sig->sig_class&~3) == 0x10 ) { /* We simply insert the signature into the sig records but * avoid duplicate ones. We do not check them here because @@ -2365,8 +2382,20 @@ upd_sig_record( PKT_signature *sig, TRUSTREC *drec, } } - else { - /* handle other sig classes */ + else if( sig->sig_class == 0x18 ) { /* key binding */ + log_info(_("key %08lX: bogus key binding by %08lX\n"), + (ulong)keyid[1], (ulong)sig->keyid[1] ); + } + else if( sig->sig_class == 0x20 ) { /* key revocation */ + log_info(_("key %08lX: bogus key revocation by %08lX\n"), + (ulong)keyid[1], (ulong)sig->keyid[1] ); + } + else if( sig->sig_class == 0x28 ) { /* subkey revocation */ + log_info(_("key %08lX: bogus subkey revocation by %08lX\n"), + (ulong)keyid[1], (ulong)sig->keyid[1] ); + } + else if( sig->sig_class == 0x30 ) { /* cert revocation */ + /* FIXME: a signator wants to revoke his certification signature */ } leave: |