From a8825da931cb70c760202bfc3dd2da56193f47b2 Mon Sep 17 00:00:00 2001 From: Jonathan McDowell Date: Sat, 16 Sep 2023 11:59:39 +0530 Subject: [PATCH] Switch to passing the key packet in when checking a hash signature Rather than passing the whole key in for verifying a hash signature, explicitly pass in the key packet. This opens the way to being able to verify signatures from subkeys. --- cleankey.c | 5 +++-- sigcheck.c | 4 ++-- sigcheck.h | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/cleankey.c b/cleankey.c index 10fb661..95636c0 100644 --- a/cleankey.c +++ b/cleankey.c @@ -183,7 +183,8 @@ int clean_sighashes(struct onak_dbctx *dbctx, remove = true; if (sigid == keyid) { - ret = onak_check_hash_sig(key, (*sigs)->packet, + ret = onak_check_hash_sig(key->publickey, + (*sigs)->packet, hash, hashtype); /* We have a valid self signature */ @@ -208,7 +209,7 @@ int clean_sighashes(struct onak_dbctx *dbctx, for (curkey = sigkeys; curkey != NULL; curkey = curkey->next) { - ret = onak_check_hash_sig(curkey, + ret = onak_check_hash_sig(curkey->publickey, (*sigs)->packet, hash, hashtype); diff --git a/sigcheck.c b/sigcheck.c index 74c2e2b..963eeff 100644 --- a/sigcheck.c +++ b/sigcheck.c @@ -278,7 +278,7 @@ static onak_status_t onak_parse_key_material(struct openpgp_packet *pk, return ret; } -onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey, +onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey, struct openpgp_packet *sig, uint8_t *hash, uint8_t hashtype) @@ -291,7 +291,7 @@ onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey, int len, ofs; mpz_t s; - ret = onak_parse_key_material(sigkey->publickey, &pubkey); + ret = onak_parse_key_material(sigkey, &pubkey); if (ret != ONAK_E_OK) { return ret; } diff --git a/sigcheck.h b/sigcheck.h index 20dcb13..c0173af 100644 --- a/sigcheck.h +++ b/sigcheck.h @@ -16,7 +16,7 @@ onak_status_t calculate_packet_sighash(struct openpgp_publickey *key, * @hash: Hash digest the signature is over * @hashtype: Type of hash (OPENPGP_HASH_*) */ -onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey, +onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey, struct openpgp_packet *sig, uint8_t *hash, uint8_t hashtype); -- 2.39.2