struct openpgp_packet_list **sigs)
{
struct openpgp_packet_list *tmpsig;
+ onak_status_t ret;
+ uint8_t hashtype;
+ uint8_t hash[64];
+ uint8_t *sighash;
int removed = 0;
+ uint64_t keyid;
while (*sigs != NULL) {
- if (check_packet_sighash(key, sigdata, (*sigs)->packet) == 0) {
+ ret = calculate_packet_sighash(key, sigdata, (*sigs)->packet,
+ &hashtype, hash, &sighash);
+
+ if (ret == ONAK_E_UNSUPPORTED_FEATURE) {
+ get_keyid(key, &keyid);
+ logthing(LOGTHING_ERROR,
+ "Unsupported signature hash type %d on 0x%016"
+ PRIX64,
+ hashtype,
+ keyid);
+ sigs = &(*sigs)->next;
+ } else if (ret != ONAK_E_OK ||
+ !(hash[0] == sighash[0] &&
+ hash[1] == sighash[1])) {
tmpsig = *sigs;
*sigs = (*sigs)->next;
tmpsig->next = NULL;
* made, otherwise the number of keys cleaned. Note that some options
* may result in keys being removed entirely from the list.
*/
-int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
+int cleankeys(struct onak_dbctx *dbctx, struct openpgp_publickey **keys,
+ uint64_t policies)
{
- struct openpgp_publickey *curkey;
+ struct openpgp_publickey **curkey, *tmp;
int changed = 0, count = 0;
if (keys == NULL)
return 0;
- curkey = *keys;
- while (curkey != NULL) {
+ curkey = keys;
+ while (*curkey != NULL) {
+ if (policies & ONAK_CLEAN_DROP_V3_KEYS) {
+ if ((*curkey)->publickey->data[0] < 4) {
+ /* Remove the key from the list */
+ tmp = *curkey;
+ *curkey = tmp->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
+ changed++;
+ continue;
+ }
+ }
if (policies & ONAK_CLEAN_LARGE_PACKETS) {
- count += clean_large_packets(curkey);
+ count += clean_large_packets(*curkey);
}
- count += dedupuids(curkey);
- count += dedupsubkeys(curkey);
+ count += dedupuids(*curkey);
+ count += dedupsubkeys(*curkey);
if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
- count += clean_key_sighashes(curkey);
+ count += clean_key_sighashes(*curkey);
}
if (count > 0) {
changed++;
}
- curkey = curkey->next;
+ curkey = &(*curkey)->next;
}
return changed;