aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Shaw <[email protected]>2003-07-21 23:19:15 +0000
committerDavid Shaw <[email protected]>2003-07-21 23:19:15 +0000
commitfbdee01db968d501d26cf5c2ea21c803815ce1ef (patch)
tree96422839217e179100ec53c2acc34c6ad187252c
parent* keyedit.c (show_key_with_all_names): Use list-option show-validity in (diff)
downloadgnupg-fbdee01db968d501d26cf5c2ea21c803815ce1ef.tar.gz
gnupg-fbdee01db968d501d26cf5c2ea21c803815ce1ef.zip
* keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys. (generate_keypair): Provide key flags for the default DSA/Elgamal keys. * sig-check.c (signature_check, signature_check2, check_key_signature, check_key_signature2): Allow passing NULLs for unused parameters in the x2 form of each function to avoid the need for dummy variables. getkey.c, mainproc.c: Change all callers. * trustdb.h, trustdb.c (read_trust_options): New. Returns items from the trustdb version record. * keylist.c (public_key_list): Use it here for the new "tru" record. * gpgv.c (read_trust_options): Stub.
Diffstat
-rw-r--r--g10/ChangeLog23
-rw-r--r--g10/getkey.c4
-rw-r--r--g10/gpgv.c3
-rw-r--r--g10/keygen.c20
-rw-r--r--g10/keylist.c48
-rw-r--r--g10/mainproc.c5
-rw-r--r--g10/sig-check.c27
-rw-r--r--g10/trustdb.c25
-rw-r--r--g10/trustdb.h3
9 files changed, 129 insertions, 29 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index add119054..cb1ece74b 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,26 @@
+2003-07-21 David Shaw <[email protected]>
+
+ * keygen.c (do_add_key_flags): Don't set the certify flag for
+ subkeys.
+ (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal
+ subkeys.
+ (generate_keypair): Provide key flags for the default DSA/Elgamal
+ keys.
+
+ * sig-check.c (signature_check, signature_check2,
+ check_key_signature, check_key_signature2): Allow passing NULLs
+ for unused parameters in the x2 form of each function to avoid the
+ need for dummy variables. getkey.c, mainproc.c: Change all
+ callers.
+
+ * trustdb.h, trustdb.c (read_trust_options): New. Returns items
+ from the trustdb version record.
+
+ * keylist.c (public_key_list): Use it here for the new "tru"
+ record.
+
+ * gpgv.c (read_trust_options): Stub.
+
2003-07-20 David Shaw <[email protected]>
* keyedit.c (show_key_with_all_names): Use list-option
diff --git a/g10/getkey.c b/g10/getkey.c
index f488eb04a..e2d2f3446 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1587,8 +1587,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
{
PKT_signature *sig = k->pkt->pkt.signature;
- u32 dummy;
- int dum2;
if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
{
@@ -1604,7 +1602,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
ultimate trust flag. */
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
&& check_key_signature2(keyblock,k,ultimate_pk,
- NULL,NULL,&dummy,&dum2)==0
+ NULL,NULL,NULL,NULL)==0
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
{
free_public_key(ultimate_pk);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 67ecceabf..f06b92a6a 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -227,6 +227,9 @@ check_signatures_trust( PKT_signature *sig )
return 0;
}
+void
+read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
+ byte *marginals,byte *completes,byte *cert_depth) {};
/* Stub:
* We don't have the trustdb , so we have to provide some stub functions
diff --git a/g10/keygen.c b/g10/keygen.c
index 10f1f033d..edf9badce 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -137,7 +137,12 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
buf[0] = 0;
if (use & PUBKEY_USAGE_SIG)
- buf[0] |= 0x01 | 0x02;
+ {
+ if(sig->sig_class==0x18)
+ buf[0] |= 0x02; /* Don't set the certify flag for subkeys */
+ else
+ buf[0] |= 0x01 | 0x02;
+ }
if (use & PUBKEY_USAGE_ENC)
buf[0] |= 0x04 | 0x08;
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
@@ -1074,15 +1079,18 @@ ask_algo (int addmode, unsigned int *r_usage)
_("Create anyway? ")))
{
algo = PUBKEY_ALGO_ELGAMAL;
+ *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
break;
}
}
else if( algo == 3 && addmode ) {
algo = PUBKEY_ALGO_ELGAMAL_E;
+ *r_usage = PUBKEY_USAGE_ENC;
break;
}
else if( algo == 2 ) {
algo = PUBKEY_ALGO_DSA;
+ *r_usage = PUBKEY_USAGE_SIG;
break;
}
else
@@ -2082,6 +2090,11 @@ generate_keypair( const char *fname )
strcpy( r->u.value, "1024" );
r->next = para;
para = r;
+ r = m_alloc_clear( sizeof *r + 20 );
+ r->key = pKEYUSAGE;
+ strcpy( r->u.value, "sign" );
+ r->next = para;
+ para = r;
algo = PUBKEY_ALGO_ELGAMAL_E;
r = m_alloc_clear( sizeof *r + 20 );
@@ -2089,6 +2102,11 @@ generate_keypair( const char *fname )
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
+ r = m_alloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYUSAGE;
+ strcpy( r->u.value, "encrypt" );
+ r->next = para;
+ para = r;
}
else {
r = m_alloc_clear( sizeof *r + 20 );
diff --git a/g10/keylist.c b/g10/keylist.c
index 181a622d2..12cf4e573 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -58,10 +58,46 @@ static FILE *attrib_fp=NULL;
void
public_key_list( STRLIST list )
{
- if( !list )
- list_all(0);
- else
- list_one( list, 0 );
+ if(opt.with_colons)
+ {
+ byte trust_model,marginals,completes,cert_depth;
+ ulong created,nextcheck;
+
+ read_trust_options(&trust_model,&created,&nextcheck,
+ &marginals,&completes,&cert_depth);
+
+ printf("tru:");
+
+ if(nextcheck && nextcheck <= make_timestamp())
+ printf("o");
+ if(trust_model!=opt.trust_model)
+ printf("t");
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ {
+ if(marginals!=opt.marginals_needed)
+ printf("m");
+ if(completes!=opt.completes_needed)
+ printf("c");
+ if(cert_depth!=opt.max_cert_depth)
+ printf("d");
+ }
+
+ printf(":%d:%lu:%lu",trust_model,created,nextcheck);
+
+ /* Only show marginals, completes, and cert_depth in the classic
+ or PGP trust models since they are not meaningful
+ otherwise. */
+
+ if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
+ printf(":%d:%d:%d",marginals,completes,cert_depth);
+
+ printf("\n");
+ }
+
+ if( !list )
+ list_all(0);
+ else
+ list_one( list, 0 );
}
void
@@ -1070,15 +1106,13 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
}
if( opt.check_sigs ) {
PKT_public_key *signer_pk=NULL;
- u32 dummy;
- int dum2;
fflush(stdout);
if(opt.no_sig_cache)
signer_pk=m_alloc_clear(sizeof(PKT_public_key));
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
- NULL, &dummy, &dum2);
+ NULL, NULL, NULL );
switch( rc ) {
case 0: sigrc = '!'; break;
case G10ERR_BAD_SIGN: sigrc = '-'; break;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index ea3b82db5..e9a658ead 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -665,7 +665,6 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
PKT_signature *sig;
MD_HANDLE md = NULL, md2 = NULL;
int algo, rc, dum2;
- u32 dummy;
if(!is_expkey)
is_expkey=&dum2;
@@ -722,9 +721,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
}
else
return G10ERR_SIG_CLASS;
- rc = signature_check2( sig, md, &dummy, is_expkey, NULL );
+ rc = signature_check2( sig, md, NULL, is_expkey, NULL );
if( rc == G10ERR_BAD_SIGN && md2 )
- rc = signature_check2( sig, md2, &dummy, is_expkey, NULL );
+ rc = signature_check2( sig, md2, NULL, is_expkey, NULL );
md_close(md);
md_close(md2);
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 53363f8f9..c2add6174 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -50,9 +50,7 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int
signature_check( PKT_signature *sig, MD_HANDLE digest )
{
- u32 dummy;
- int dum2;
- return signature_check2( sig, digest, &dummy, &dum2, NULL );
+ return signature_check2( sig, digest, NULL, NULL, NULL );
}
int
@@ -62,8 +60,6 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
- *r_expiredate = 0;
-
/* Sanity check that the md has a context for the hash that the
sig is expecting. This can happen if a onepass sig header does
not match the actual sig, and also if the clearsign "Hash:"
@@ -79,7 +75,8 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
invalid subkey */
else {
- *r_expiredate = pk->expiredate;
+ if(r_expiredate)
+ *r_expiredate = pk->expiredate;
rc = do_check( pk, sig, digest, r_expired, ret_pk );
}
@@ -208,7 +205,8 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
{
u32 cur_time;
- *r_expired = 0;
+ if(r_expired)
+ *r_expired = 0;
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info(_("key %08lX: this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n"),
@@ -251,7 +249,8 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
sprintf(buf,"%lu",(ulong)pk->expiredate);
write_status_text(STATUS_KEYEXPIRED,buf);
write_status(STATUS_SIGEXPIRED);
- *r_expired = 1;
+ if(r_expired)
+ *r_expired = 1;
}
return 0;
@@ -476,10 +475,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
int
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{
- u32 dummy;
- int dum2;
- return check_key_signature2(root, node, NULL, NULL,
- is_selfsig, &dummy, &dum2 );
+ return check_key_signature2(root, node, NULL, NULL, is_selfsig, NULL, NULL );
}
/* If check_pk is set, then use it to check the signature in node
@@ -499,8 +495,10 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
if( is_selfsig )
*is_selfsig = 0;
- *r_expiredate = 0;
- *r_expired = 0;
+ if( r_expiredate )
+ *r_expiredate = 0;
+ if( r_expired )
+ *r_expired = 0;
assert( node->pkt->pkttype == PKT_SIGNATURE );
assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
@@ -518,6 +516,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
+ /* TODO: should set r_expiredate here as well */
if((rc=do_check_messages(pk,sig,r_expired)))
return rc;
return sig->flags.valid? 0 : G10ERR_BAD_SIGN;
diff --git a/g10/trustdb.c b/g10/trustdb.c
index d9b09063d..289af8d29 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -590,7 +590,30 @@ trustdb_pending_check(void)
return pending_check_trustdb;
}
-
+void
+read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
+ byte *marginals,byte *completes,byte *cert_depth)
+{
+ TRUSTREC opts;
+
+ init_trustdb();
+
+ read_record(0,&opts,RECTYPE_VER);
+
+ if(trust_model)
+ *trust_model=opts.r.ver.trust_model;
+ if(created)
+ *created=opts.r.ver.created;
+ if(nextcheck)
+ *nextcheck=opts.r.ver.nextcheck;
+ if(marginals)
+ *marginals=opts.r.ver.marginals;
+ if(completes)
+ *completes=opts.r.ver.completes;
+ if(cert_depth)
+ *cert_depth=opts.r.ver.cert_depth;
+}
+
/***********************************************
*********** Ownertrust et al. ****************
***********************************************/
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 720385a06..414c37702 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -64,6 +64,9 @@ int enum_cert_paths( void **context, ulong *lid,
void enum_cert_paths_print( void **context, FILE *fp,
int refresh, ulong selected_lid );
+void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
+ byte *marginals,byte *completes,byte *cert_depth);
+
unsigned int get_ownertrust (PKT_public_key *pk);
unsigned int get_min_ownertrust (PKT_public_key *pk);
int get_ownertrust_info (PKT_public_key *pk);
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 16:16:43 +0000