gpg: If possible TRUST values now depend on signer's UID or --sender.

* g10/mainproc.c (check_sig_and_print): Add failsafe check for PK. Pass KEYBLOCK down do check_signatures_trust. Protect existsing error ocde in case the signature expired. * g10/pkclist.c (is_in_sender_list): New. (check_signatures_trust): Add args keyblock and pk. Add new uid based checking code. * g10/test-stubs.c, g10/gpgv.c: Adjust stubs. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2020-06-08 18:13:25 +0000
committer: Werner Koch <[email protected]> 2020-06-08 18:13:25 +0000
commit: 5c2080f4670a768787f5cb4ed5c32e0946837883 (patch)
tree: a633de37837b03fc1169bf51ba7abeb93266c335 /g10/mainproc.c
parent: build: Fix recent commit for SOURCE_DATE_EPOCH. (diff)
download: gnupg-5c2080f4670a768787f5cb4ed5c32e0946837883.tar.gz
gnupg-5c2080f4670a768787f5cb4ed5c32e0946837883.zip
1 files changed, 30 insertions, 7 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 7d8520c6c..1d48d574c 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1848,7 +1848,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 {
   PKT_signature *sig = node->pkt->pkt.signature;
   const char *astr;
-  int rc;
+  gpg_error_t rc;
   int is_expkey = 0;
   int is_revkey = 0;
   char *issuer_fpr = NULL;
@@ -2031,8 +2031,9 @@ check_sig_and_print (CTX c, kbnode_t node)
         {
           rc = do_check_sig (c, node, extrahash, extrahashlen, included_pk,
                              NULL, &is_expkey, &is_revkey, &pk);
-          log_debug ("checked signature using included key block: %s\n",
-                     gpg_strerror (rc));
+          if (opt.verbose)
+            log_debug ("checked signature using included key block: %s\n",
+                       gpg_strerror (rc));
           if (!rc)
             {
               /* The keyblock has been verified, we now import it.  */
@@ -2202,10 +2203,14 @@ check_sig_and_print (CTX c, kbnode_t node)
         }
     }
 
+  /* Do do something with the result of the signature checking.  */
   if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
     {
+      /* We have checked the signature and the result is either a good
+       * signature or a bad signature.  Further examination follows.  */
       kbnode_t un, keyblock;
       int count = 0;
+      int keyblock_has_pk = 0;  /* For failsafe check.  */
       int statno;
       char keyid_str[50];
       PKT_public_key *mainpk = NULL;
@@ -2242,7 +2247,14 @@ check_sig_and_print (CTX c, kbnode_t node)
         {
           int valid;
 
-          if (un->pkt->pkttype==PKT_PUBLIC_KEY)
+          if (!keyblock_has_pk
+              && (un->pkt->pkttype == PKT_PUBLIC_KEY
+                  || un->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+              && !cmp_public_keys (un->pkt->pkt.public_key, pk))
+            {
+              keyblock_has_pk = 1;
+            }
+          if (un->pkt->pkttype == PKT_PUBLIC_KEY)
             {
               mainpk = un->pkt->pkt.public_key;
               continue;
@@ -2284,9 +2296,19 @@ check_sig_and_print (CTX c, kbnode_t node)
             log_printf ("\n");
 
           count++;
+          /* At this point we could in theory stop because the primary
+           * UID flag is never set for more than one User ID per
+           * keyblock.  However, we use this loop also for a failsafe
+           * check that the public key used to create the signature is
+           * contained in the keyring.*/
 	}
 
       log_assert (mainpk);
+      if (!keyblock_has_pk)
+        {
+          log_error ("signature key lost from keyblock\n");
+          rc = gpg_error (GPG_ERR_INTERNAL);
+        }
 
       /* In case we did not found a valid textual userid above
          we print the first user id packet or a "[?]" instead along
@@ -2442,14 +2464,15 @@ check_sig_and_print (CTX c, kbnode_t node)
         {
           if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
             pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
-          rc = check_signatures_trust (c->ctrl, sig);
+          rc = check_signatures_trust (c->ctrl, keyblock, pk, sig);
         }
 
       /* Print extra information about the signature.  */
       if (sig->flags.expired)
         {
           log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
-          rc = GPG_ERR_GENERAL; /* Need a better error here?  */
+          if (!rc)
+            rc = gpg_error (GPG_ERR_GENERAL); /* Need a better error here?  */
         }
       else if (sig->expiredate)
         log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
@@ -2526,7 +2549,7 @@ check_sig_and_print (CTX c, kbnode_t node)
       if (opt.batch && rc)
         g10_exit (1);
     }
-  else
+  else  /* Error checking the signature. (neither Good nor Bad).  */
     {
       write_status_printf (STATUS_ERRSIG, "%08lX%08lX %d %d %02x %lu %d %s",
                            (ulong)sig->keyid[0], (ulong)sig->keyid[1],
author	Werner Koch <[email protected]>	2020-06-08 18:13:25 +0000
committer	Werner Koch <[email protected]>	2020-06-08 18:13:25 +0000
commit	5c2080f4670a768787f5cb4ed5c32e0946837883 (patch)
tree	a633de37837b03fc1169bf51ba7abeb93266c335 /g10/mainproc.c
parent	build: Fix recent commit for SOURCE_DATE_EPOCH. (diff)
download	gnupg-5c2080f4670a768787f5cb4ed5c32e0946837883.tar.gz gnupg-5c2080f4670a768787f5cb4ed5c32e0946837883.zip