From: Jonathan McDowell Date: Sat, 16 Sep 2023 06:29:39 +0000 (+0530) Subject: Switch to passing the key packet in when checking a hash signature X-Git-Tag: onak-0.6.3~6 X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=commitdiff_plain;h=a8825da931cb70c760202bfc3dd2da56193f47b2 Switch to passing the key packet in when checking a hash signature Rather than passing the whole key in for verifying a hash signature, explicitly pass in the key packet. This opens the way to being able to verify signatures from subkeys. --- diff --git a/cleankey.c b/cleankey.c index 10fb661..95636c0 100644 --- a/cleankey.c +++ b/cleankey.c @@ -183,7 +183,8 @@ int clean_sighashes(struct onak_dbctx *dbctx, remove = true; if (sigid == keyid) { - ret = onak_check_hash_sig(key, (*sigs)->packet, + ret = onak_check_hash_sig(key->publickey, + (*sigs)->packet, hash, hashtype); /* We have a valid self signature */ @@ -208,7 +209,7 @@ int clean_sighashes(struct onak_dbctx *dbctx, for (curkey = sigkeys; curkey != NULL; curkey = curkey->next) { - ret = onak_check_hash_sig(curkey, + ret = onak_check_hash_sig(curkey->publickey, (*sigs)->packet, hash, hashtype); diff --git a/sigcheck.c b/sigcheck.c index 74c2e2b..963eeff 100644 --- a/sigcheck.c +++ b/sigcheck.c @@ -278,7 +278,7 @@ static onak_status_t onak_parse_key_material(struct openpgp_packet *pk, return ret; } -onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey, +onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey, struct openpgp_packet *sig, uint8_t *hash, uint8_t hashtype) @@ -291,7 +291,7 @@ onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey, int len, ofs; mpz_t s; - ret = onak_parse_key_material(sigkey->publickey, &pubkey); + ret = onak_parse_key_material(sigkey, &pubkey); if (ret != ONAK_E_OK) { return ret; } diff --git a/sigcheck.h b/sigcheck.h index 20dcb13..c0173af 100644 --- a/sigcheck.h +++ b/sigcheck.h @@ -16,7 +16,7 @@ onak_status_t calculate_packet_sighash(struct openpgp_publickey *key, * @hash: Hash digest the signature is over * @hashtype: Type of hash (OPENPGP_HASH_*) */ -onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey, +onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey, struct openpgp_packet *sig, uint8_t *hash, uint8_t hashtype);