]> the.earth.li Git - onak.git/commitdiff
projects / onak.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b04b23d)
Switch to passing the key packet in when checking a hash signature
authorJonathan McDowell <noodles@earth.li>
Sat, 16 Sep 2023 06:29:39 +0000 (11:59 +0530)
committerJonathan McDowell <noodles@earth.li>
Sat, 16 Sep 2023 09:33:46 +0000 (15:03 +0530)
Rather than passing the whole key in for verifying a hash signature,
explicitly pass in the key packet. This opens the way to being able to
verify signatures from subkeys.

cleankey.c patch | blob | history
sigcheck.c patch | blob | history
sigcheck.h patch | blob | history

diff --git a/cleankey.c b/cleankey.c
index 10fb661bca71b9dd3918e5ffdc83d69bb50aa6dc..95636c000306050c911b4e0b8b3470c655b761b8 100644 (file)
--- a/cleankey.c
+++ b/cleankey.c
@@ -183,7 +183,8 @@ int clean_sighashes(struct onak_dbctx *dbctx,
 
                        remove = true;
                        if (sigid == keyid) {
-                               ret = onak_check_hash_sig(key, (*sigs)->packet,
+                               ret = onak_check_hash_sig(key->publickey,
+                                               (*sigs)->packet,
                                                hash, hashtype);
 
                                /* We have a valid self signature */
@@ -208,7 +209,7 @@ int clean_sighashes(struct onak_dbctx *dbctx,
                        for (curkey = sigkeys; curkey != NULL;
                                        curkey = curkey->next) {
 
-                               ret = onak_check_hash_sig(curkey,
+                               ret = onak_check_hash_sig(curkey->publickey,
                                                (*sigs)->packet,
                                                hash, hashtype);
 
diff --git a/sigcheck.c b/sigcheck.c
index 74c2e2bf295cd24ceca0b98ba7c6f54a2c28d0cc..963eeffe4beb3ef19f81eed1e5cb756c5d16ca4f 100644 (file)
--- a/sigcheck.c
+++ b/sigcheck.c
@@ -278,7 +278,7 @@ static onak_status_t onak_parse_key_material(struct openpgp_packet *pk,
        return ret;
 }
 
-onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
+onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey,
                struct openpgp_packet *sig,
                uint8_t *hash,
                uint8_t hashtype)
@@ -291,7 +291,7 @@ onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
        int len, ofs;
        mpz_t s;
 
-       ret = onak_parse_key_material(sigkey->publickey, &pubkey);
+       ret = onak_parse_key_material(sigkey, &pubkey);
        if (ret != ONAK_E_OK) {
                return ret;
        }
diff --git a/sigcheck.h b/sigcheck.h
index 20dcb13951257b6344a870e7e26feeec2fb7bb2a..c0173af2b4a760153abd740f128ab3d117cb6909 100644 (file)
--- a/sigcheck.h
+++ b/sigcheck.h
@@ -16,7 +16,7 @@ onak_status_t calculate_packet_sighash(struct openpgp_publickey *key,
  * @hash: Hash digest the signature is over
  * @hashtype: Type of hash (OPENPGP_HASH_*)
  */
-onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
+onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey,
                struct openpgp_packet *sig,
                uint8_t *hash,
                uint8_t hashtype);
OpenPGP key server