From 037f9de09298a31026ea2ab5fbd4a599b11cc34f Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Mon, 21 Nov 2016 22:47:30 +0100 Subject: g10: Cache the effective policy. Recompute it when required. * g10/tofu.c (initdb): Add column effective_policy to the bindings table. (record_binding): New parameters effective_policy and set_conflict. Save the effective policy. If SET_CONFLICT is set, then set conflict according to CONFLICT. Otherwise, preserve the current value of conflict. Update callers. (get_trust): Don't compute the effective policy here... (get_policy): ... do it here, if it was not cached. Take new parameters, PK, the public key, and NOW, the time that the operation started. Update callers. (show_statistics): New parameter PK. Pass it to get_policy. Update callers. (tofu_notice_key_changed): New function. * g10/gpgv.c (tofu_notice_key_changed): New stub. * g10/import.c (import_revoke_cert): Take additional argument CTRL. Pass it to keydb_update_keyblock. * g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL. Update callers. [USE_TOFU]: Call tofu_notice_key_changed. * g10/test-stubs.c (tofu_notice_key_changed): New stub. * tests/openpgp/tofu.scm: Assume that manually setting a binding's policy to auto does not cause the tofu engine to forget about any conflict. -- Signed-off-by: Neal H. Walfield We now store the computed policy in the tofu DB (in the effective_policy column of the bindings table) to avoid computing it every time, which is expensive. Further, policy is never overridden in case of a conflict. Instead, we detect a conflict if CONFLICT is not empty. This change is backwards compatible to existing DBs. The only minor incompatibility is that unresolved conflicts won't be automatically resolved in case we import a direct signature, or cross signatures. --- tests/openpgp/tofu.scm | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'tests') diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 91c9e78ea..2a04d13a2 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -20,7 +20,7 @@ (load (with-path "defs.scm")) (setup-environment) - ;; Redefine GPG without --always-trust and a fixed time. +;; Redefine GPG without --always-trust and a fixed time. (define GPG `(,(tool 'gpg) --no-permission-warning --faked-system-time=1466684990)) (define GNUPGHOME (getenv "GNUPGHOME")) @@ -141,20 +141,23 @@ '("auto" "good" "unknown" "bad" "ask")))) '("good" "unknown" "bad")) -;; BC15C85A conflicts with 2183839A. On conflict, this will set -;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then -;; it will be set to ask. -(call-check `(,@GPG --trust-model=tofu - --verify ,(in-srcdir "tofu-BC15C85A-1.txt"))) +;; At the end, 2183839A's policy should be bad. +(checkpolicy "2183839A" "bad") + +;; BC15C85A and 2183839A conflict. A policy setting of "auto" +;; (BC15C85A's state) will result in an effective policy of ask. But, +;; a policy setting of "bad" will result in an effective policy of +;; bad. +(setpolicy "BC15C85A" "auto") (checkpolicy "BC15C85A" "ask") (checkpolicy "2183839A" "bad") -;; EE37CF96 conflicts with 2183839A and BC15C85A. We change -;; BC15C85A's policy to auto and leave 2183839A's policy at bad. -;; This conflict should cause BC15C85A's policy to be changed to -;; ask (since it is auto), but not affect 2183839A's policy. +;; EE37CF96, 2183839A, and BC15C85A conflict. We change BC15C85A's +;; policy to auto and leave 2183839A's policy at bad. This conflict +;; should cause BC15C85A's policy to be changed to ask (since it is +;; auto), but not affect 2183839A's policy. (setpolicy "BC15C85A" "auto") -(checkpolicy "BC15C85A" "auto") +(checkpolicy "BC15C85A" "ask") (call-check `(,@GPG --trust-model=tofu --verify ,(in-srcdir "tofu-EE37CF96-1.txt"))) (checkpolicy "BC15C85A" "ask") @@ -225,7 +228,8 @@ (checkpolicy KEYA "ask") (checkpolicy KEYB "ask") -;; Import Alice's signature on the conflicting user id. +;; Import Alice's signature on the conflicting user id. Since there +;; is now a cross signature, we should revert to the default policy. (display " > Adding cross signature on user id. ") (call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-4.gpg")))) (verify-messages) -- cgit v1.2.3