aboutsummaryrefslogtreecommitdiffstats
path: root/kbx
diff options
context:
space:
mode:
Diffstat (limited to 'kbx')
-rw-r--r--kbx/kbxutil.c3
-rw-r--r--kbx/keybox-blob.c13
-rw-r--r--kbx/keybox-defs.h1
-rw-r--r--kbx/keybox-search.c34
-rw-r--r--kbx/keybox-update.c9
-rw-r--r--kbx/keybox.h9
6 files changed, 55 insertions, 14 deletions
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
index cd9d120ff..8b2b9000d 100644
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@@ -411,7 +411,8 @@ import_openpgp (const char *filename, int dryrun)
dump_openpgp_key (&info, p);
else
{
- err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, 0);
+ err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed,
+ NULL, 0);
if (err)
{
fflush (stdout);
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index c4a89820b..855deaf13 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -408,13 +408,13 @@ pgp_create_uid_part (KEYBOXBLOB blob, keybox_openpgp_info_t info)
static void
-pgp_create_sig_part (KEYBOXBLOB blob)
+pgp_create_sig_part (KEYBOXBLOB blob, u32 *sigstatus)
{
int n;
for (n=0; n < blob->nsigs; n++)
{
- blob->sigs[n] = 0; /* FIXME: check the signature here */
+ blob->sigs[n] = sigstatus? sigstatus[n+1] : 0;
}
}
@@ -658,12 +658,14 @@ create_blob_finish (KEYBOXBLOB blob)
return 0;
}
+
gpg_error_t
_keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
keybox_openpgp_info_t info,
const unsigned char *image,
size_t imagelen,
+ u32 *sigstatus,
int as_ephemeral)
{
gpg_error_t err;
@@ -674,6 +676,11 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
if (!info->nuids || !info->nsigs)
return gpg_error (GPG_ERR_BAD_PUBKEY);
+ /* If we have a signature status vector, check that the number of
+ elements matches the actual number of signatures. */
+ if (sigstatus && sigstatus[0] != info->nsigs)
+ return gpg_error (GPG_ERR_INTERNAL);
+
blob = xtrycalloc (1, sizeof *blob);
if (!blob)
return gpg_error_from_syserror ();
@@ -704,7 +711,7 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
if (err)
goto leave;
pgp_create_uid_part (blob, info);
- pgp_create_sig_part (blob);
+ pgp_create_sig_part (blob, sigstatus);
init_membuf (&blob->bufbuf, 1024);
blob->buf = &blob->bufbuf;
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index 8fdc54d61..ad8e49d3f 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -160,6 +160,7 @@ gpg_error_t _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
keybox_openpgp_info_t info,
const unsigned char *image,
size_t imagelen,
+ u32 *sigstatus,
int as_ephemeral);
#ifdef KEYBOX_WITH_X509
int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 1e36be968..d683e14f0 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -102,7 +102,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
size_t nkeys, keyinfolen;
size_t nuids, uidinfolen;
size_t nserial;
- size_t nsigs, siginfolen;
+ size_t nsigs, siginfolen, siginfooff;
switch (what)
{
@@ -116,6 +116,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
case KEYBOX_FLAG_OWNERTRUST:
case KEYBOX_FLAG_VALIDITY:
case KEYBOX_FLAG_CREATED_AT:
+ case KEYBOX_FLAG_SIG_INFO:
if (length < 20)
return GPG_ERR_INV_OBJ;
/* Key info. */
@@ -140,6 +141,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
if (pos+4 > length)
return GPG_ERR_INV_OBJ ; /* Out of bounds. */
/* Signature info. */
+ siginfooff = pos;
nsigs = get16 (buffer + pos); pos += 2;
siginfolen = get16 (buffer + pos); pos += 2;
if (siginfolen < 4 )
@@ -158,6 +160,10 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
*flag_size = 4;
*flag_off += 1+2+4+4+4;
break;
+ case KEYBOX_FLAG_SIG_INFO:
+ *flag_size = siginfolen * nsigs;
+ *flag_off = siginfooff;
+ break;
default:
break;
}
@@ -961,15 +967,20 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
/* Return the last found keyblock. Returns 0 on success and stores a
- new iobuf at R_IOBUF in that case. */
+ new iobuf at R_IOBUF and a signature status vector at R_SIGSTATUS
+ in that case. */
gpg_error_t
-keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf)
+keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, u32 **r_sigstatus)
{
- const unsigned char *buffer;
+ gpg_error_t err;
+ const unsigned char *buffer, *p;
size_t length;
size_t image_off, image_len;
+ size_t siginfo_off, siginfo_len;
+ u32 *sigstatus, n, n_sigs, sigilen;
*r_iobuf = NULL;
+ *r_sigstatus = NULL;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -987,6 +998,21 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf)
if (image_off+image_len > length)
return gpg_error (GPG_ERR_TOO_SHORT);
+ err = _keybox_get_flag_location (buffer, length, KEYBOX_FLAG_SIG_INFO,
+ &siginfo_off, &siginfo_len);
+ if (err)
+ return err;
+ n_sigs = get16 (buffer + siginfo_off);
+ sigilen = get16 (buffer + siginfo_off + 2);
+ p = buffer + siginfo_off + 4;
+ sigstatus = xtrymalloc ((1+n_sigs) * sizeof *sigstatus);
+ if (!sigstatus)
+ return gpg_error_from_syserror ();
+ sigstatus[0] = n_sigs;
+ for (n=1; n <= n_sigs; n++, p += sigilen)
+ sigstatus[n] = get32 (p);
+
+ *r_sigstatus = sigstatus;
*r_iobuf = iobuf_temp_with_content (buffer+image_off, image_len);
return 0;
}
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index a4eedeb6a..6428bb20a 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -371,9 +371,12 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
}
-/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. */
+/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. SIGSTATUS is
+ a vector describing the status of the signatures; its first element
+ gives the number of following elements. */
gpg_error_t
-keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
+keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
+ u32 *sigstatus)
{
gpg_error_t err;
const char *fname;
@@ -400,7 +403,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
return err;
assert (nparsed <= imagelen);
err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen,
- hd->ephemeral);
+ sigstatus, hd->ephemeral);
_keybox_destroy_openpgp_info (&info);
if (!err)
{
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 15f05ed81..03a9245a3 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -54,7 +54,8 @@ typedef enum
KEYBOX_FLAG_UID, /* The user ID flags; requires an uid index. */
KEYBOX_FLAG_UID_VALIDITY,/* The validity of a specific uid, requires
an uid index. */
- KEYBOX_FLAG_CREATED_AT /* The date the block was created. */
+ KEYBOX_FLAG_CREATED_AT, /* The date the block was created. */
+ KEYBOX_FLAG_SIG_INFO, /* The signature info block. */
} keybox_flag_t;
/* Flag values used with KEYBOX_FLAG_BLOB. */
@@ -80,7 +81,8 @@ int keybox_lock (KEYBOX_HANDLE hd, int yes);
int _keybox_write_header_blob (FILE *fp);
/*-- keybox-search.c --*/
-gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf);
+gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd,
+ iobuf_t *r_iobuf, u32 **sigstatus);
#ifdef KEYBOX_WITH_X509
int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
#endif /*KEYBOX_WITH_X509*/
@@ -92,7 +94,8 @@ int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc);
/*-- keybox-update.c --*/
gpg_error_t keybox_insert_keyblock (KEYBOX_HANDLE hd,
- const void *image, size_t imagelen);
+ const void *image, size_t imagelen,
+ u32 *sigstatus);
gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd,
const void *image, size_t imagelen);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 22:32:17 +0000